How to Beat Phishing Attacks

Everyone needs to know about phishing emails and the serious impact that they can have on you and your company’s data.

Phishing is widely used term now and to make sure we’re all clear, it’s a form of social engineering in which cyber criminals will try to gain access to sensitive information and data by posing as a legitimate organization or person through email.

What types of emails should I look out for?

Please pay extra attention to the types of emails listed below as they are commonly used to take advantage of users.  These emails may try to manipulate a user’s emotions to make them feel a false sense of urgency or to spark their curiosity.

Emails relating to accounts and passwords: Password resets, account log in verifications, anything pertaining to banking, finances, credit cards, or account updates.

Emails that are offering or asking for money: You won money, claim this prize, special offers, ‘you got hacked, pay me’, or ‘send me money or else this will happen to you’.

Emails containing extra links or attachments: Social media messages with website links, LinkedIn invitations and profiles with website links, or emails with download links and attachments. 

What can I do to verify legitimacy of an email?

Cyber criminals will try to disguise themselves so they seem like a legitimate organization or person. Double check these areas of an email to validate legitimacy or to confirm the email is a phishing email.

From: Check to see if the sender’s email address is someone you recognize and that it is spelled correctly.  If the email seems suspicious, do not open attachments or click on links without first verifying with the sender that the email is valid.  If you have an internal IT department or an MSP, ask them to check it for you. Pay attention to the characters after the @ sign.  Common tactics that are used are to interchange characters that look identical or to use a similar website. where it should be

(There are two ‘V’s, not a ‘W’) (This is a lower case ‘L’, not an ‘i’),, (These may seem legitimate at a quick glance, but these email addresses are not from  

To: or CC: Check to see if this email has multiple recipients, or other recipients you do not recognize.

Links: Hover over any links and verify the link is to the website it indicates.  If you feel unsure or uncertain, do not open any attachments or click on any links.  Call, or otherwise contact, the sender to verify the email and any attachments or links are valid.

Verify any hyperlinks are spelled correctly:

www.bankofamerica.corn, (What looks like ‘m’ in .com, is lower case ‘RN’) (The ‘ll’ in Wells is two capital ‘i’s, not lowercase ‘L’s) (This is not correct, if searched the website for PayPal it is actually (This looks correct; however, when you hover over it you see

Date: Check if the email was sent during normal business hours.

Subject: Check if the subject irrelevant or if it is an unexpected reply.

Attachments: Check for attachments that were not expected.  Also confirm the file type is something that is expected (i.e. an attached voicemail is an audio file, not a PowerPoint file or Word document).  Be extra cautious with any attachments in an email. If you feel unsure or uncertain, do not open any attachments or click on any links. Call, or otherwise contact, the sender to verify the email and any attachments or links are valid. If you have an internal IT department or an MSP, ask them to check it for you.

Content: Check for grammar or incorrect spelling.  Read the email to confirm it is business related or regarding something that is being worked on. 

Spear Phishing attacks continually become more sophisticated

Spear phishing attacks are messages typically personalized based on public information the attacker has found on the recipient and organization.  This can include topics surrounding the recipient’s area of expertise, role in the organization, interests, residential and tax information, and any information that can be gleaned from your company website or social networks.  These specific details make the email appear more legitimate and more likely for the recipient to click any links or download attachments.

Links or attachments that are included often include malware that can compromise the credentials of the recipient or may include malware that will attempt to encrypt your data. These emails can be sent directly to a C level executive, IT Director or other individual that may have administrator permissions, or they may appear to be from one of these trusted sources in an attempt to convince you to open it.

Phishing and spear phishing email examples

Here are sites with examples of phishing emails:

7 Ways to Recognize a Phishing Email: Email Phishing Examples (

Here are a couple of online tests that you can use to test your knowledge of phishing emails:

Vermont Panurgy Solutions

Opening malicious attachments or links can expose you, your PC, your network and potentially your customer’s data to a possible attack. These attacks may include information disclosures, system viruses, data destruction or encryption resulting in loss of productive work time, loss of customer trust and lost company revenue.

As a managed service provider, we are ready to assist you with suspicious emails that you may encounter.  You are an important layer in the defense of your network and awareness of these tricks and how to spot them is key to preventing a successful attack.


Tel: 800-974-1115 or 802-658-7788

Imperial College London uses Teams to teach and connect in a time of COVID

A world top ten university, with an international reputation for excellence in teaching and research, Imperial College London now uses Microsoft Teams to teach and connect in a time of COVID-19. In this video, see how the college is now relying on Teams for the delivery of its lectures and its remote labs, as well as a “virtual common room” where students and faculty can interact. Staff now have the fluid integration of shared files, scheduled events, and the students’ use of the virtual learning environment, providing opportunities to respond to students in a way never done before.

Read More…

Save Your Business from Disaster with a BCDR Plan

You may have the pieces in place to recover from a ransomware attack or environmental disaster. If you’re like a lot of today’s businesses, though, you probably have little, if any, clue as to how you would actually perform that recovery or how it would impact your business. What kind of downtime are you looking at? How many partners are involved? How many users are impacted? How much will it cost? Answers to these questions are critical to a complete disaster recovery plan. Find out how to get those answers in today’s post from your friends at Vermont Panurgy.

In the IT Security world, we recommend all businesses have not only the components in place to recover from a disaster, but also what’s called a BCDR Plan, which stands for Business Continuity and Disaster Recovery. Basically, this plan lays out in detail the processes and timelines by which data and access would be restored in the event of a disruption or disaster. It gives a business perspective on how long it would take, what costs there would be, and what other expectations to hold when responding to a critical service or resource outage.

The first and most crucial part starts with a risk analysis, which helps the business and the security provider creating the document to understand the internal and external risks facing the business, and the likelihood they will occur. In tandem with a business impact analysis (BIA), your partner can quickly determine the level of risk your business faces, and how devastating it would be to your company.

With an understanding of risk and impact, you are then able to begin planning out how to respond when these issues occur. Each business is going to have a different BCDR Plan, because the amount of downtime, the impact of that downtime and the potential losses resulting from the downtime will be unique for each business. A children’s book author or artist collective, for example, is going to have a very different perspective on downtime from a 24-hour manufacturing plant or public utility.

To better understand the BCDR Plan, we can break it down into the two primary components: “Business Continuity” and “Disaster Recovery”. Business Continuity refers to the plan for how the business is going to continue to function during the recovery period. Whether this means breaking out the notepads and pens, rolling a filing cabinet up from storage and breaking out the adding machines, or having an entire parallel cloud infrastructure to quickly spin up a virtual replica of your existing network at a moment’s notice (also known as a failover), Business Continuity can mean many different things to different companies, and all depends on the impact of downtime on the business’s ability to continue functioning.

Once a plan is formed to keep the lights on, the second part, Disaster Recovery, determines how the business gets back to fully functional operation. Different disasters are going to require different types of recovery, so the risk analysis is important to help prioritize and identify the most likely disasters to occur. An attack by ransomware may not require hardware replacement (wiping the drives and restoring a backup usually does the trick), but a dead server may not necessarily require a lengthy data restoration process if the drives in the server are still good.

The interrelated nature of the two components also effects data recovery plans for each business and their existing configuration. A business with a high need for a quick Continuity plan (like the 24-hour manufacturing plant) may be able to continue functioning indefinitely under their contingency plan, thereby reducing the need for a quick-turnaround recovery plan. Business owners who don’t mind going back to the stone age for a bit, or whose budget is unable to maintain a robust failover infrastructure, on the other hand, may prefer to focus on a speedy recovery. It’s all a question of priority.

As you can see, BCDR plans depend not just on tangibles such as technology, warranties and failovers, they also depend very much on both the physical environments the business operates in as well as the intangible personal preferences and business needs of the company and its constituents. This is why BCDR Plans tend to be so expensive. It takes a lot of conversation and reflection to truly understand the needs of a business to the point where an appropriate and effective BCDR Plan can be created. If you encounter a company that purports to offer cheap or quick BCDR Plans, run away fast. These plans most likely will be very generic and not specific to your business or even industry, likely will contain unrealistic timelines and may even include technologies that your business doesn’t even have.

If budget is a concern (as it is to most businesses these days), I would encourage you to at least start with a Risk Analysis and BIA. This will help you understand how important a BCDR Plan would be in the event of a disaster and will help determine priority for future budgeting. Contact Vermont Panurgy today to discuss how we can help you make sure your business is safe from disaster.

Ransomware: The SMB’s Cybersecurity Boogeyman

you've been hacked image

“I’m just a small business,” “What would they do with my company’s data anyways?” “There are plenty of bigger fish in the sea.” I’ve heard many excuses from executives and managers dismissing the need for effective cybersecurity, and these are just a few of them. In 2021, though, small- to medium-size businesses (SMBs) have become some of the highest-risk targets for cyberattack and specifically, ransomware. This is primarily due to the dismissal of risk and corresponding lack of protection, which makes SMBs very low-hanging fruit. With the increase in standardized IT infrastructure models, automated attack processes and credentials availability on the dark web, hackers now have the capability to attack and potentially take hostage the business data of even hundreds of businesses an hour. The question is no longer if your business’s IT will be attacked, but when.

As if losing access to your company’s important and sensitive data weren’t bad enough, a potentially bigger threat from ransomware comes in what the security community calls doxing. When a hacker takes away access to your files, they can use those files and info as additional leverage to get you to pay the ransom by threatening to dox you, which means releasing the data publicly on the internet. Private personnel information, internal IP addresses, financials, all that data is valuable for the ransom, but is doubly valuable to resell or trade it with other bad actors. Furthermore, paying the ransom does not guarantee that the attacker will delete your data. After all, how many cinematic pirates have you seen that are true to their word? Once a hacker has access to your business data, all bets are off.

Remember the SolarWinds attack last year? And more recently, the Kaseya attack? These are called supply-chain attacks, because they don’t just directly attack the target businesses, they attack the infrastructure used to manage those businesses’ IT. When hackers were able to compromise the platform used to connect to endpoints, this allowed them access to endpoints at not just one business, but thousands of businesses whose devices were connected to these platforms. Once the hackers gained access to these endpoints, they were able to cut them off from the end users and hold the data stored on them hostage until the end user paid a ransom to regain access.

Managed Service Providers (MSPs) who are savvy, such as Vermont Panurgy, are able to mitigate against any potential supply chain attacks by monitoring for any such threats and then quickly responding to cut off the hackers’ access until vulnerabilities are patched. For our business, additional “hardening” configurations (additional protection of the platform from unauthorized access) further increase both the security of managed endpoints, as well as the reliability of our management platform.

That said, ransomware is still and will always be a potential threat to all MSP clients. Effective, up-to-date network security and end-user training are the most effective prevention steps to fight back against this threat. Thankfully, unlike more traditional hostage situations, data can be backed up and encrypted, so even if a business does get infected with ransomware, recovery options are available without necessarily having to pay the ransom. This is likely why the #1 function outsourced to MSPs in a recent 2021 survey on IT operations is backup management. Businesses want to know that if they lose their data, they have a path to recovery that won’t cost them their hides.

Business Continuity is another critical concept, especially for companies that strategically cannot handle more than a few hours of downtime in the event of a successful ransomware attack. Business Continuity refers in part to strategies and technologies that create redundant infrastructures that can be spun up at a moment’s notice if access to the primary infrastructure is denied. It can reduce hours or days of downtime to just minutes, which is extremely important for businesses in critical sectors, such as infrastructure delivery (water management, electrical providers, internet providers, etc.) and healthcare.

What to do to safeguard your business? Recognize the vulnerabilities inherent in your business, which may include: not training your employees about security protocols, not activating a firewall, or ignoring firmware and security updates. Implement strategies to train and test your employees, patch the security holes, and reduce the risk that an attack will cripple your company. Finally, make sure your backup/continuity strategy is effective and robust enough so that when your business does get hacked, you will be able to get back up and running with minimal cost and downtime. Contact Vermont Panurgy today to discuss these threats and your options to stay safe!

Call today to set up a free consultation:

The Power of Power Protection

lightning over city

I live in Vermont. This state is beautiful, but its glory comes at a cost: the weather. Up here we get all sorts of weather, and while it is rarely extreme, it is an unusual week if it doesn’t include some sort of meteorological variation. Thunderstorms, high winds, freezing rain, sleet, hail, and blizzards are just a few of the events we contend with regularly up here.

Personal effects aside, a major repercussion of this wild weather is frequent fluctuation in power supply. Fairly often when coming back after a spring or fall weekend, or sometimes after a prolonged hot spell that results in severe thunderstorms, office workers may find they have to turn on all their computers again. Sometimes the computers come back up with issues they didn’t have before, sometimes they don’t come back on at all. Servers and network devices, if set up correctly, will be connected to battery backups and usually are fine, but irregular line currents and abrupt voltage spikes can sometimes cause issues with the backup power systems too, which can quickly cascade into massive network failure.
Unless you live somewhere that never has fluctuations with power supply for any reason, it is of utter importance that you understand the various basic options for protection from these types of issues.
The topic of power protection is vast, and requires a high level of knowledge in electrical and networking concepts. This article is only scratching the surface, but for the average small business owner, this is what you need to know.

Workstation Protection

computer power indicator

If you’ve got all your desktop PCs hooked up to 6-outlet extension cords that have switches on them, but that’s all you know, you’ve taken a step in the right direction. You may, however, be surprised to learn that not all power strips are created equal. Some are nothing more than glorified extension cords, with no protection from surges or any power fluctuation. What you should be looking for are called “surge protectors” and they actually do what they claim, which is protect from power surges. Imagine that!

Have you ever been at home during a storm, and you saw the lights get brighter momentarily, or flicker erratically for a second? They’re often called “brown outs” because they don’t cut off power entirely or only for a few moments. These “brown outs” are often caused by power surges. While they don’t knock the power out enough to cause things to shut off, most electronics are much more sensitive to these kinds of things than your average light bulb and, without surge protection, that little jolt of extra electricity can cause unexpected failures in critical components of the machine.

To avoid this, use surge protectors to intermediate between the wall current and the connected devices. Surge protectors act to absorb any additional current before it hits your machine, stopping it in its tracks before it can damage anything. Surge protectors offer protection rated in joules: the higher the joules, the more protection it offers.

You’re probably looking at your power strip now, wondering if it is a surge protector or not. Thankfully, with most surge protectors it is pretty easy to tell. Look first for an indicator light that glows and often flickers when plugged in and turned on. If you see this light, then you likely have a surge protector and it is functional. Another way to check is to (carefully) look on the back of the strip for information about something along the lines of “suppressed voltage rating.” If you see details about “suppression” or “protection,” then you are looking at a bona fide surge protector.

But that’s not the end of what you need to do to keep all your equipment safe. That’s because a surge protector does not protect from power outages, which is when the power goes out unexpectedly and stays off for a period of time. If your desktop PC is on when the power goes out and it doesn’t have a battery backup, then it will shut off unexpectedly. This can cause its own share of problems, particularly with the potential for data corruption and loss. The best mitigation for these situations is to have at least one regularly occurring backup, storing critical information on a network device (see below), and potentially also employing a battery backup of some sort on the workstation itself.

Server and Network Device Protection: Battery Backup

uninterruptible power supply

Power surges can cause the same kinds of problems with network infrastructure as they can for workstations, but power outages can cause even more problems and significant damage. If all your office’s network switches, server, firewall and wireless access points lost power and shut off, then when the power comes back on your devices would not start back up in the proper order. When that happens, a seamlessly integrated network can quickly become like a bramble patch, with devices being unable to find their way to each other or to the internet.

For this reason, IT administrators will typically centralize the server and critical network infrastructure to a specific location so that they can connect them all to what is known as an “Uninterruptible Power Supply” or UPS. These devices contain batteries to provide power during an outage; they also can be set up to gracefully shut down servers and other network devices before the battery dies to prevent data corruption.
If you own a business that has a physical work location, multiple workstations, network devices and/or servers, you now know enough to at least have an idea of whether your business’s devices are protected or not. If not, then you now also have some critical keywords for further research and decision-making. If you need help securing your devices against the forces of nature, drop us a line. Vermont Panurgy is here to help you make sure you and your business stay up and running safely and securely, as consistently as possible.

Call today to set up a free consultation:

2FA/MFA: Multi-Factor Authentication, What Is It?

Password security is one of the most fundamental steps to effective end-user security policy. However, over the years, advice on how to keep passwords and access to them secure have undergone several revisions and updates, which has left people and businesses confused as to best practices. We are going to look at the latest recommendations and understand a core component of the new “password paradigm,” namely Two Factor Authentication (2FA) or Multi-Factor Authentication (MFA).

Back when I was in high school, around 20 years ago, everyone in the tech industry thought a good password was complicated, contained not only letters and numbers but also symbols, and didn’t spell anything obvious. Basically, the adage was to make your password so hard not even you can remember it.

How many times did this backfire on me? How many times did I have to hit that password reset button and force myself to come up with something else? How many of you have a spreadsheet on your desktop where you’ve pasted all these passwords in an effort to keep track of them? Do you have a secure password to unlock your computer? How about to open the spreadsheet to read your passwords?

With this situation of a single password for each log-in, your passwords are only as secure as the weakest link to get to them. It doesn’t matter how varied and complex the passwords are if the list of them is easy to find, or one can access that list on your PC, or even in your home. While experts always recommended having a separate, unique password for each login you create, most people ended up using the same password for pretty much everything. As you can imagine, the problem here is if someone found out that one password, they would be able to access everything. Not good.

There has been so much fear driven into people around the concept of password security; most of us ended up just sticking our heads in the sand and hoping no one stole our passwords. That was my parents, that was my coworkers, and, yes, that was me.

That was also in the day where we had only one internet-connected device: the computer. These days, almost everyone has at least two devices: a smartphone and another device (tablet, laptop, desktop, smart-TV, etc.). Some of these devices also have fancy biometric technology, such as face or fingerprint scanners built in.

As such, our ability to prove our identity has improved significantly, and experts have updated their password security recommendations. Authentication methods are now divided into three main categories: 1) Something you “know;” 2) something you “have;” and 3) something you “are.” Since it is highly unlikely that an attacker would have gained access to more than one of these, experts now recommend using at least two of these items to authenticate with; hence 2FA or Two Factor Authentication.

Multi-Factor Authentication (MFA) is the industry term that means just that, using more than one of these three categories to prove your identity. When you call your bank and they ask you for the last 4 of your Social Security number, they are taking what you “have,” which is the phone number you’re calling from, and testing it against what you “know” – the Social Security number you provided. If one of these two doesn’t match what they have on file, then it’s not enough for them to verify your identity (or at least it shouldn’t be).

What you “are” comes into play these days primarily with biometrics (fingerprints, face scans, etc). MFA in this instance is used mostly when setting up the biometric login function, in that you would use methods from the other two categories to prove that the face or fingerprint being presented does in fact belong to the person logging in. Once it’s set up, due to the level of uniqueness of the biometric, other factors typically are not necessary for passing authentication.

When it comes to web logins, MFA has developed into a fairly streamlined, if not obviously simple, process. You put in your password (what you “know”), then a box comes up asking for a code (what you “have”). Sometimes this code is sent to your phone in a text message or in an email, sometimes you have to download a specific app that connects with website login systems and auto-generates codes every 30 seconds or so.

Configuring these authentication apps can be somewhat confusing, but they generally break down into a few basic steps when you are logging onto a website that requires MFA: 1) Download the app onto your device, say your smartphone, and log in, if necessary; 2) Use the app to read a QR code displayed on the screen; and 3) Enter the code that appears on your phone onto the page on your computer. Once this is set up, the next time you sign into the website you just open the app on your phone and the code is there waiting for you.

The biggest pitfall of this authentication method is if something happens to your smartphone (i.e., it’s lost, stolen or just dies outright). If you suddenly don’t “have” the thing you had used to prove yourself, then your only option is to reach out to the support of the company that you’re trying to log into and see if they can reset your MFA settings on the back end so you can set up another device.

This happened to me earlier this year, when my phone fell and then refused to turn back on. I got a new phone quickly enough, got my phone number transferred over, restored my iCloud backup and got all my apps back. At first, all seemed good. Then I opened my authentication code app to get logged into work the next day and . . . it was empty. After a minor panic attack, I reached out to the necessary admins, and they were able to reset the system so I could create a new MFA link to my new phone. When this happens to you (and it will, especially considering how frequently people replace their phones these days), don’t panic! If you don’t know who to call, call us at Vermont Panurgy and we’ll help you get pointed in the right direction to get your new MFA setup complete.

Call today to set up a free consultation:

What is an MSP?

Before Vermont Panurgy, I managed a trade school in the Pittsburgh (PA) area with three physical locations. The school offered associates degrees in four disciplines: dental assisting, medical assisting, medical coding and billing and massage therapy.

With multiple locations, over 300 students and 100 employees, the school utilized a wide variety of computers, printers and software applications for operational, student and compliance needs. Each location also had a library offering access to computers and printers for all students. It was therefore critical that all school IT systems functioned properly and with virtually no downtime.

As with many small businesses, we did not have the budget for a dedicated technology department. To get by, I did what I could and tapped the semi-technical abilities of the company’s controller. This worked well in some situations, but it also took away from the controller’s and my time and resulted in partial fixes rather than a comprehensive, proactive monitoring of our technology systems.

Therefore, I began to look for a more comprehensive solution. My objective was to find a service provider that could support the school’s computers and printers as well as several applications (like SharePoint and QuickBooks) residing on the cloud; and obviously at a reasonable cost.

I began with what many people do when they don’t really know what they want … use Google.

I began to enter key words and terms in Google such as “desktop support”; “IT”; “computer repair”; “computer services”; “IT systems”; etc. I thought I was thorough in my selections; I was not. I should also have been looking up the terms “managed services”, “managed services provider”, “fixed fee IT support” or “set fee IT support.”

For sure, the search I did conduct yielded a variety of support providers and some looked to be right in line with the school’s needs. After several follow-ups, I thought I found the ideal match. Subsequently, I arranged for an in person meeting along with several senior school managers and me.

While the meeting went well, the subsequent engagement letter from the support provider was not close to what we wanted in terms of daily support and cost. The proposed terms started with a large, up-front retainer fee with support focusing on the development of a longer-term strategy of systems upgrades and conversions. Disappointing to say the least given the discussion at the in-person meeting.

We did not move forward with that proposal. In fact, we continued to limp along with the existing patchwork of internal IT support because of that experience and not being able to find what we needed.

Here is the irony: I left that position and about a year later acquired Vermont Panurgy … exactly the type of support provider we needed at the school; albeit in a different state.

So what is the lesson here? Actually, there are two lessons and my suggestion: 1) When searching for an IT support provider, thoroughly research applicable terms and nomenclature; and 2) think about what you need and want in a provider.  I suggest you contact Vermont Panurgy!

Oh, and lastly, MSP means Managed Service Provider, which is what we are. Vermont Panurgy delivers IT services such as network updates, application and infrastructure management and security measures via regular remote support and/or active administration on our customers’ premises. Our overarching goals are to ensure that our customers’ IT systems are always operational and secure.

Don’t Lose Your Files, Save Them Properly

Remember paperback books? Remember how you’d put it down somewhere, then have the hardest time remembering where you put it? Keeping track of stuff is tricky but keeping track of documents and files you’ve saved on your computer can often feel even more confusing. Recently, with the advent of cloud synced storage, yet another layer of complexity has been added. It’s nuts! This article will discuss some of the most important aspects of file saving on your computer and strategies to make sure you can not only find your stuff, but preserve it in case of catastrophe.

File organization on your PC or Mac starts when you click the “Save” button. Two main questions occur at this phase:  What are you going to call it? and Where are you going to put it? A name is often pre-filled, and there is always a default save location, so raise your hand if you usually just hit “Save” and move on. But where did you save it? What was that name? If you weren’t paying attention, things can get quite confusing fast.

Quick Access in Windows 10

Luckily, Windows File Explorer has an easy shortcut to find it. If you click on “Quick access” in the sidebar of a File Explorer window, you will see a list of the 20 most recent files on your PC. It also shows you where that file is saved, so you can remind yourself.

You now know where that file is, but how accessible is it? How protected is it? Is it on a flash drive? Do you run backups? Does it sync? All these questions need to be answered if you want to be confident that your files are safe and secure.

Accessibility. It’s all well and good to save files to flash drives, but don’t forget to eject it before you pull it from your PC, and don’t forget where you put it! I can’t tell you how many files I’ve lost because I couldn’t remember where I put that drive, or I forgot what was on it and reformatted it for another purpose.

Another “local” option is to save files to your business’s internal file server. Servers generally are more reliably backed up than workstations (though check with your boss on this if you’re not sure!), and you can access the file from any PC that is connected to the internal network (which includes over VPN). The main drawbacks to this option are that both the server and your workstation need access to the network, if one goes down then the file is not available. Furthermore, if you are out of the office or want to access the files using a device that cannot connect to the internal VPN, you can’t access the file.

A more modern option is to use a Cloud-based storage sync tool. Something like OneDrive, iCloud Drive, Google Drive or DropBox. All these programs allow you to create a folder on your PC that automatically syncs the contents up to the cloud, then you can access them from any device that has an internet connection using just your login credentials. Furthermore, you can’t lose “the cloud”, and it doesn’t burn down in a fire or other catastrophe.

Most of these options now can also sync your main user folders, such as Desktop, Documents and Pictures. With this option enabled, even if you continue saving things to Documents or Desktop, it will still be protected and accessible in the cloud, on demand. Coolest part? When you get a new computer and sign into your syncing platform, all your files from your old computer automatically appear in their correct locations on the new one!

Protection. You now have your file, you can get to it anywhere, but how protected is it? It is important to remember that in nearly every scenario, syncing files to the cloud does NOT constitute as a backup. First, if you delete a file from your computer, the sync then deletes that file from the cloud as well. Second, if your account with the cloud provider is somehow disabled, expired or revoked, you could lose access to the cloud storage altogether. Finally, a loss of internet connection renders cloud syncing moot. And let’s not forget cyber-attacks. Hackers can change the password on your cloud account and lock you out, they can delete files from the cloud, thus deleting them from your synced devices, they can hold files ransom, just to name a few. Synced files are STILL VULNERABLE!

A third-party backup solution is the best protection to ensure your files are safe. Whether that backup is a physical hard drive you connect to your computer, or a cloud-based backup solution, it is important to make sure it’s through a different provider, using a different password, than your main cloud syncing service. This way, if a hacker takes down your cloud, they can’t also take down your backup.

Make sure your files are safe and easily retrievable by paying attention to where and how they are saved. A little care now can go a long way later!

Personalized IT for Your Business: Know your Techie

The importance of a well-functioning IT infrastructure is critical to the health of any business.  These days it is impossible to imagine a successful business that does not rely on technology to keep it functioning.  Reliability is a must to keep any business efficient and competitive.

Your business has likely contracted with an IT support company or a Managed Services Provider (MSP) to manage its IT needs, keep things running smoothly and respond when support is needed.  Regular maintenance and upkeep are the foundation of IT support, but the critical part for your business comes with the quality and effectiveness of responses when unexpected support needs arise.

Ask yourself this: When you call in to get help with something from your IT support/MSP, how many people do you talk to before you get your issue resolved?  How many times do you have to explain your issue?  How many technicians have you interacted with more than once and how knowledgeable were they regarding the overall state of your business’s IT setup?

Large businesses may not have a choice but to use an IT support/MSP provider with rotating staff to efficiently respond to all their requests.  On the other hand, small- and medium-size businesses have the opportunity to have personalized IT support/MSP that fits the needs of their business.  They do not have to explain the entire setup of their business and the specific issue each time someone calls in with a problem.  They do not have added downtime or frustration as a result of dealing with someone different each time they contact their IT support/MSP.

The best IT support/MSP experience is not based on technical prowess alone, but on the ability to build and maintain relationships with the clients themselves.  If you really know your IT support/MSP, you know who you’re calling before you even dial the number.  You can trust that they know you and your business and will be able to help translate your issue into the technical jargon needed to isolate and resolve it.  You know exactly who to go to when you have a question and you can trust that their answer will take your personal needs into account.  It’s a huge difference from rolling the dice with a large or faceless IT company.

Here at Vermont Panurgy, our clients are known and dear to us.  We strive daily to fortify the trust placed in our care for each company’s IT.  In our weekly team meetings, we discuss each one of our clients in detail, where we share updates, plan preventative steps to keep each one running optimally, and overall make sure everyone on our team knows what is happening with that client, even for clients who may have had a quieter week.  When businesses have Vermont Panurgy for their IT support/MSP, they can rest assured that if they communicate something to one person, it is the same as if they had sent the message to the entire company.  We work well with each other to ensure that responses are quick, efficient, and personalized to each business.  

Are you feeling like your current IT support provider’s shoes are too big for you or not quite the fit or feel that you would like?  Do you wish you knew who was actually working on your IT system?  Give us a call today, and let’s chat about how we can work together so you know your techie!

Do You Remember the Time? Risks and Protections for Business Data Storage

Throughout history, the way we humans have stored memories has been fraught with unreliability. Before the written word, memories were passed down through stories, and each person retelling the story added their own flare, sometimes radically changing the substance of the story, until the line ran out and the stories were forgotten. Once scrolls, books and other archival documents were created, historians still had to deal with decomposing papyrus, fading ink, zealotry and the risk of disaster. Even recordings written in stone have worn down over time. Nature has this unfailing tendency to destroy everything in order to create everything anew.

When computers came along, many people believed the days of deteriorating memory storage were over. Once you write a bit of data into a hard drive, it’s there forever, right? The internet never forgets, right? Unfortunately, the same laws of entropy apply in the electronic storage of data as they did before. If I hadn’t downloaded all the code and assets from that GeoCities website I made back in high school, I would’ve lost it forever when GeoCities shut down. Most of my music library in iTunes would’ve been lost forever if I hadn’t uploaded it to Apple’s cloud before that hard drive stopped spinning. Of course, whenever I end up losing access to the Apple cloud, that’ll be the end of that, but at least I can access it for now.

The fact is, nothing material in this world is permanent. However, we still must operate under the assumption of continued business growth and perpetual operation. So how do we make sure we don’t lose all that important data, documentation, communication, history, that allows our businesses to keep flourishing and succeeding? How do we preserve the past so that we can learn from it?

By now, you’ve probably heard the word “backup” so many times it’s been driven into the ground. Whether or not you’ve heeded the warnings, whether or not you’ve experienced the calamity of data loss, the concept of backups has become a familiar one in our highly digital age. But despite its prevalence in our 21st century lexicon, a large portion of the population still doesn’t understand what it does, how it works, or why it’s important. Let’s take a look.

The Basics of Backups

At its most fundamental root, the term “backup” refers to a copy of your data saved elsewhere, so that if you lose access to the data, you can retrieve it from the other location. Backups are most commonly 1-to-1 copies of the data, preserved exactly as it was when it was copied over, making retrieval seamless and familiar. Backups are sometimes encrypted or compressed, which can alter the code, but as long as you are able to decrypt or decompress it, you shouldn’t notice any difference. This is a bigger IF though, so if you do encrypt your backups, make sure to store the decryption key somewhere safe, preferably offline, preferably in multiple locations, like on a piece of paper in your locked desk drawer, copied to another piece of paper in a safety deposit box at the bank. If your backup solution creates compressed backups or proprietary backup files, be aware that you will need that solution to retrieve content from that backup as well.

Depending on where your data is stored, different types of failures can affect your ability to access your data. Stored locally (i.e., on a hard drive connected to your PC, on a network-attached storage drive, on a server in your office), the integrity of your data relies mostly on physical considerations. Physical technology such as hard drives, fans, capacitors on circuit boards, cables, or connectors all wear out over time, it’s just a fact of physical reality. It is therefore important to have another, preferably newer hard drive connected onto which automatic backups of your data can be quickly copied and then retrieved in the event of a failure in your main device.

Then there’s the risk of catastrophic disaster: fires, floods, hurricanes, earthquakes, super volcanoes, continental drift…. Nature (and sometimes humanity) has a way of surprising us with all sorts of dramatic tragedy. In this event, none of your on-site hardware will likely be recoverable, so it is also important to have an offsite backup of your data. Some will elect to get a couple of identical hard drives, one to be connected to the machine for backups, one to be stored in the safety deposit box or some other secure offsite location, then regularly switching out the two devices to keep the offsite drive’s contents up to date. Others elect to use cloud-based offsite backup solutions. Either way, with a backup stored somewhere else, disaster doesn’t have to mean a loss of all your company’s important data.

Data in the Cloud

These days, more and more businesses are taking advantage of cloud-based storage, even cloud-based servers are becoming more and more popular. The benefits of moving your company data to the cloud are many: ease of access, always-on, low-maintenance, general reliability, not to mention the ability to blame someone else if your data gets corrupted or lost. However, the risks of keeping your data in the cloud can be much greater even than keeping it in your office, depending on your setup.

Anything connected to the internet runs the risk of being compromised, as we have seen from all the news lately about systems and networks being hacked and taken down. The security of your internet-connected data is only as secure as the methods you use to access it. If you don’t have Multi-Factor Authentication enabled, if you don’t enforce strong password policies, if you don’t restrict access to cloud data based on the roles and responsibilities of the individuals accessing it, you are the low hanging fruit that internet saboteurs froth at the mouth over. If you are considering using cloud-based storage, the first thing you must consider is security.

The other side of cloud-based data storage integrity relates to the company hosting the service itself. Even if all your internal security measures are locked down as tight as possible, what happens if the company hosting your data gets compromised? What happens if they go out of business? What happens if they decide to cancel your subscription without notice? With all the uncertainty in the air these days, these possibilities don’t seem so far fetched as they did even a year or two ago.

For these reasons, even if your data is in the cloud, it is of utmost importance to back it up. Local backup solutions are good, having a drive in your office to regularly copy the cloud-based data down. Cloud-to-cloud backup services from third party providers are good as well, as it is rather unlikely that both your storage provider and your backup provider will go down at the same time. Utilizing both of these solutions simultaneously gives you the best chances of preserving your company’s data in the event of nearly any potential threat.

In Conclusion

Here at Vermont Panurgy, we specialize in creating secure and reliable backup solutions for our clients. We can help you identify your storage locations, assess your risk-level, secure your network and connections, and configure your backups for optimal performance. We can even monitor those backups and catch any errors or failures before they cause the backup schedule to fall behind and put your newer data at risk. If you aren’t sure about the integrity of your company’s data, give us a call today and schedule a network assessment. We will provide you with the best recommendations to secure and preserve your systems and data, and we can help you set it all up and give you the peace of mind you need to focus on making your business the best that it can be. Call us today!