One of the hottest buzz words currently in enterprise tech isn't a word at all but an acronym. BYOD stands for "Bring Your Own Device" and it is a policy that many companies are struggling to decide whether or not to endorse as permissible. Like most things in life, BYOD has its pros and cons. Keep reading to learn more about the basics of BYOD and what you need to know before implementing a BYOD culture in your organization.

There is no debate that we are in the midst of a new era of productivity. Phones are now ubiquitously used as productivity devices. Tablets are now being purchased in lieu of PCs with great frequency. Most of the basic daily business related tasks we perform on a daily basis are easily accomplished with a mobile device. Email, web browsing, document editing and more can be done with even the most inexpensive handset these days.  Most companies have recognized the necessity to keep their employees connected while on the go and many are purchasing smart phones and tablets for their staff. The problem is that these employees already have devices of their own. This means these employees will have to carry two devices at all times. Hence the trend toward a BYOB workplace.

When considering the negatives of implementing a BYOD policy the biggest of them is security. When asked, most C-level executives site security concerns as the #1 reason why they are hesitant to go to a BYOD culture within their organizations. The threats are many. Malware is a common one but the most common is human error. Every day in the U.S. 160,000 phones are lost or stolen. Take a moment to read that again. 160,000 lost phones. Every day. To put this in perspective, if you gathered all the lost phones at the end of the week, that would enough to issue one to every citizen of Dallas, TX. The obvious concern for companies is the economic impact of having to replace lost or broken devices on a regular basis. The bigger concern is that if the devices are not properly secured, they can lead to critical corporate data leaks. This is where having an effective IT security policy in place before implementing a BYOD plan is critical. There is nothing that can be done to prevent employees from losing their device or dropping it in a swimming pool. There are many things that can be done to mitigate the damage of a lost device.

Companies that have embraced a BYOD culture do enjoy some significant benefits. The first and most obvious is cost. Once the infrastructure is in place, the savings realized from not having to spend $500 or more on smart phones for every employee can be significant. Additionally, employees tend to be much more careful with devices they have paid for themselves. Another positive is that there is generally a small learning curve.  Employees tend to be familiar with their own devices and adding an email account or enterprise app is usually a pretty easy transition requiring limited training. 


Over time, we will start to see a stronger divide between companies that issue devices to employees and those that embrace the BYOD culture. In both cases, proper security and planning are integral in achieving a successful mobile IT infrastructure. We invite you to contact us if you are trying to decide which direction is best for your company. BDCon manages thousands of mobile devices for our clients and we'd be happy to relate what we've seen and what we think might be best for your company.

A recent ArsTechnica Article discusses an update Microsoft release to fix a long-time, nagging hole in internet explorer. The hole allowed hackers to install malicious software onto users computers in order to take control of their machines to perform all sorts of nefarious tasks. Still, many people that use IE as their primary browser will ignore warnings from Microsoft to update their PC's because they're to busy to worry about that sort of thing right now. What these people don't understand, is that a short upgrade process is going to be the least of their worries if they become victim to a hacker that utilizes the exploit.

The important point to understand is that when that little bubble in the taskbar pops up to notify you that updates are available, it should be treated as an urgent message. Imagine for a second, you come home from work to find a note in you mailbox from the manufacturer of your oven. The note states that the model you own has a 50% chances of spontaneously bursting into flames and you should schedule a repairman to come fix the problem right away. How long are you going to wait? Obviously, the ramifications of your oven exploding are a bit more dire than having your PC hacked but the latter can cause a nightmare for you or your business.

Malware programmers are very talented people. They have the ability to create software that can  wreak havoc on your life and tuck all that code into a very small package. On an individual basis, they can access all of your online activity by activating a keylogger that tracks every keystroke you type and sends that back to someone to sift through to find your bank and credit card information, social media logins, email accounts and anything else they can take advantage of. On a corporate level, they can do the same thing but now they've accessed not only the end-users information, but potentially that of your clients as well. Think it can't happen to you? It can. To get an idea of just how common it is for companies to suffer a data breach, check out this site to see how many have affected the residents of New Hampshire alone.

So what's the best way to avoid this? The foremost and easiest way to protect yourself and your network is to keep Windows updated. Those updates that Microsoft pushes out should be considered a top priority in your company. Is it convenient? No. Look, we know it's a pain to have to reboot when you're working on something and have 3 documents open and a browser with 9 tabs that have all of your sources up. Is looking all that up again worse than having to cancel all your credit cards or having to send out a notification to your clients that they have to cancel their cards? You know the answer. 

The good news is, we're happy to help you make the whole process easier. We can arrange for the updates to download and install automatically at off-peak hours. All of the machines on your network can be consistently updated to the latest version of windows. Including the oft-overlooked servers. Give us a call, and we'll walk you through how it works. You'll be thankful you did. If you choose not to, some guy in a country ending in "-stan" will be thankful you didn't.

If many of the technology industry insiders are to be believed, email is all but dead. 99% of all email messages circulated through the internet are spam. Here are BDCon, we spend a considerable amount of time ensuring our customers are seeing only relevant messages in their inbox and protecting them from phishing and malware attacks. The amount of email messages being sent to each other is rapidly decreasing in favor of things like text messaging, Skype and Face Time calls, and online video conferencing services such as GoTo Meeting. However, there is one aspect to enterprise email that continues to be a struggle for end users. The problem of sharing files, specifically large files, has been a thorn in the side of business for years. Here are some thoughts on what you can do to help deal with what is inevitably going to be more and more prevalent in the coming years.

The problem of how to securely share files has been a plague among business for years. So much so that there are dozens of ways that business have solved the problem for themselves. The problem with having so many solutions is that they either: A. Require others to sign up for services to be able to participate in file sharing or B. Depend upon other methods of delivery that seem to kill the idea of productively sharing files all together.  

An example of the latter is the system of dropping files onto a form of portable media such as a USB drive or writable disc and then manually delivering the media to the recipient. This method has several obvious weaknesses. Speed is the first that comes to mind. If the recipient happens to be located a considerable distance away, than shipping the media involves additional costs and a considerable amount of time. Need to get those files to someone today? The "Sneaker Net" method is not going to get it done in most cases.  There are also considerable security concerns with this method. If the files being transported are sensitive in nature, how do you insure that they are delivered and viewed only by the intended recipient?

As far as cloud based file sharing services are concerned, there are dozens, maybe even hundreds, of choices. It can be overwhelming trying to determine which is the best option for your business but there are some things you should consider first when evaluating a provider. First, it's important to determine if the service you're looking at is designed for business. Many services are built around sharing photos of the kids and not 30 megabytes of medical records. It really all comes down to two factors: Security and Collaboration.

A top quality enterprise cloud storage service should have top notch security. DropBox, one of the most popular services, has been plagued by security issues. Most of these stem from the fact that the service was built on a platform designed for consumers. Another issue with services like DropBox and Drive is that accounts are individualized for the most part. It is very difficult to administer the use of these services since many users are using individually created accounts. There is virtually no difference between allowing this, and allowing employees to put their files onto their personal computers. IT security has no way of tracking what files are where, and who has accessed them. When an employee leaves the company, they still have access to any company files that are stored there. These problems face nearly all of the cloud file sharing services out there. 

There is one service that we highly recommend for use in an enterprise environment. The system is called Soonr and the reason you've probably never heard of it is because they originally only marketed their system as a private, cloud based service to Fortune 500 companies. Soonr allows companies to  manage their cloud file sharing in any number of ways that make it much safer. The platform utilized very robust permissions to restrict file access. Users can make files read only, downloadable, editable all within the Soonr environment. And since it's managed at the enterprise level, when an employee leaves, their access to anything in the system is revoked with a few mouse clicks. Sharing files with clients is as easy as email them a link. Soonr users can even email a special link to clients to enable uploading into their Soonr workspace. 

If you're working with larger files that need to be shared with others outside or even inside your organization, you owe it to yourself and your clients to take a look at Soonr. Feel free to contact us for more information and we'll help you.

Let’s be honest. When it comes to installing a backup system, you probably just want to know that it works. I mean, you hardly ever need to use the thing anyway. How many times a year do you really need to restore your servers from a backup? Once? Twice in a bad year? In the event that you do have to restore the data, you’re going to be more concerned with why you have restore rather than what you’re restoring. Here’s the thing: You’re paying for a backup solution. Why wouldn’t you want your backup to pull its weight around the office? Keep reading and you’ll learn how more modern backup solutions are offering to do much more around the office than they do now.

Typically, companies backup their data by following the 3-2-1 rule. This means keeping 3 copies of your data on 2 different types of media and keeping one copy offsite. It used to be that someone would take the tapes home at the end of the day and this was considered ‘offsite’ storage. The only difference today is that the tapes have been replaced by an external hard drive. This worked fine until the person responsible either forgot, or had their car stolen, or towed or worse. In case you haven’t noticed, people are getting pretty sensitive about where their data is begin stored. Placing thousands of client files and documents in the hands of an employee is risky and downright unacceptable these days.

There’s another problem. The best case scenario in the event of a massive data loss is that your firm can go back 24 hours. You’ve still lost an entire day’s worth of production. That’s still thousands of dollars in lost revenue, not to mention the hassle of letting your clients know that the work you were doing for them is now going to be delayed further. And if it’s a malware problem that caused the data loss, there is no guarantee that your latest backup doesn’t have the offending program sitting on it. Restoring an older backup from the cloud can take many hours. Many firms have had to wait 12 hours or more just for the backup data to download, let alone be restored.

There is a better way to go about all this. Firms in the know are converting to an active backup solution that offers a much higher level of flexibility in backup schedule and recovery speed. Here’s how they work:

Software is installed on a server that automatically backs up all your data to both and external drive, and a cloud storage site. Once the initial backup is complete, the software backs up only the changes to the server at a regular interval, say, every 15 minutes. At the end of each day, those daily changes are then sent to the cloud so the last day’s work is always kept offsite. If you’re thinking “Wait, we have each day’s backup offsite already. Why do we need an active solution like this?”, keep reading.

The reason some of the more robust backup software programs are way better than past generations is the way they handle their incremental backups. By marking only the changes in the data they are able to pinpoint specific changes at the individual file level. You know that brief you spent 5 hours on before your word processor crashed and corrupted it? With an active backup solution, you can get it all back in no time.  Did one of your in-house IT staff members accidentally delete a critical .dll file when they were upgrading your case management system? No worries. That can be easily restored with a few clicks.

Additionally, when combined with the right cloud storage provider, an active backup solution can get your firm back to business in minutes in the event of a major catastrophe. Modern solutions allow you to spin up a virtual image of the server hard drive from the cloud. This means that with just an internet connection, the entire staff can be up and running as if nothing is wrong while the server is being restored. All of this is done using secure encryption to ensure compliance with just about any standardization.

If your firm is using an older more traditional backup solution, it may time to consider changing things up a bit. Storage has never been cheaper so there is no better time than the present to put a solution in place that actually proves itself a little more useful than you’re used to. 

Much has been made recently of a bug in a critical internet security protocol called OpenSSL. The bug, known as Heartbleed, allows hackers to access the memory of a web server and potentially acquire the server’s security key. This would enable hackers to do all sorts of nefarious things to the website itself as well as its’ users. While the worst of the Heartbleed storm passed without incident, it is still important to know what it really meant to internet users and what effect it should have on our habits and how it will affect the internet in the future.

The first thing to understand about Heartbleed is that the potential for disaster was very, very high. OpenSSL, the protocol that Heartbleed affected, is used by a full 2/3 of the top 5000 websites on the internet. Fortunately, it was discovered by the good guys long before the bad guys had a chance to exploit the bug. This means that most of the really important websites were offered the opportunity to patch the vulnerability before the bug was made public. Common sites like Facebook, Twitter, Gmail, banks and such had already been made aware of the exploit and had fixed it before most of us knew it existed. By the time the hacking community was aware of the bug, they weren’t really able to do much with it. However, that didn’t keep them from trying. That brings us to the next important point to understand about Heartbleed.

Many of the World’s top internet security experts analyzed data from thousands of servers and discovered that nearly all of the attempts to take advantage of Heartbleed were made after the bug was made public. Since most of those affected had patched the bug, the exploit returned no information to the hackers. It seems highly unlikely that there are many, if any, hackers that were able to acquire valuable information from the servers they attempted to exploit. So, what if they did manage to use Heartbleed to access a server’s memory? What would they have been able to acquire? Odds are, not much. The way the bug worked, it pulled the data that remained resident on the server’s physical memory and only 64kb at a time. This dramatically reduces the chances that hackers would grab both your user name and/or password.

So does this mean that there is nothing to worry about and to just ignore the Heartbleed hype? Not exactly. The problem is that while it looks as if everything is going to be OK, there are no guarantees. And since the threat of what this bug was capable of or the potential for it to be expanded still exists, it’s best that users take some action. Namely, change your passwords on everything. Obviously, this is a huge pain in the neck. However, this is always a good habit to get into anyway. It’s not a bad idea generally to change all your passwords once a quarter at minimum anyway. If that seems like too much work for you, consider a password manager such as LastPass or KeePass or RoboForm. These servers enable you to store randomly generated, long passwords for all your websites in a secure, encrypted vault that no one (not even the company itself) has access to. You simply enter one password into the service and it will automatically log you in to any password-protected sites you visit. If you want to change your password to any site, the service can do it for you and you still won’t be required to remember it.  These services can also work at an enterprises level. This means that employees that need to have access to say, the company Facebook page, will login using their password manager and will never actually know the password. If that employee leaves, you simply deactivate their LastPass or KeePass account and they lose access to all corporate internet accounts.

The important thing to keep in mind with all of this is that there are always going to be vulnerabilities that are exposed. There are also always going to be vulnerabilities that aren’t exposed. The best way to keep yourself safe is to be smart about where you go and what you do when you get there. The same rules always apply: Don’t click links you can’t absolutely trust, and don’t download or open files or attachments you can’t absolutely trust. YOU are the best malware program there is. If you want more information about how you can put the right procedures in place to protect you or your company, feel free to contact us. We’ll be happy to help any way we can.