News From the Edge

Tech Tips and Advice from the Experts at Dynamic Edge

Will Your Off-Shored Programming Jobs Cost More?

April 26, 2017 • 10:21 am

With the new administration’s intended border tax proposals, many companies of all sizes have been focused on re-planning their moves abroad. Special attention of late have gone to manufacturing companies like Toyota, Ford and Carrier. But outsourced technical work will likely be hit hard too! Among those listening the closest have been off-shored IT services and programming.

Major Hi-Tech Companies Meet To Discuss Impact on Off-shored IT

President Trump’s proposed border tax will assuredly impact the IT industry heavily. Relying both on H-1B visa holders as well as off-shored workers to fulfill IT support and customized programming demands, new border taxes will hit your bottom line if you offshore your IT in any capacity. In a meeting attended by leading business leaders in technology, including the founder of Dell Computers, Michael Dell, President Trump underscored that “if you go to another country, we are going to be imposing a very major border tax”. The actual numbers are expected to be seen in the coming months.

Programming shops in Ireland, India and the Philippines have been bracing for effects of the new administration’s protectionism since President Trump’s inaugural speech in January. In fact, the Economic Times of India that while India’s 150 billion dollar outsourced industry has been “a punching bag for over a decade, things are getting more serious to be dismissed as just election rhetoric”. Offshoring companies headquartered in developing nations—particularly ones that have large technical workforces—have seen the looming American taxation efforts as a cut to their bread and butter.

The reason offshore programming companies are worried about American taxation on their services is that their main competitive edge on American programming shops is price. When it comes to cheap software design and database implementation, India is one of the cheapest places to get work filled. American businesses have turned to outsourcing their programming projects to developing countries like India primarily because American software design is frankly more expensive.

Outside of price, while offshored companies have many programmers and technical workers, their work for American businesses is riddled with hidden problems:

They don’t understand American business models— frankly, the majority of programmers abroad get training in a specific programming language—and may be very proficient with their code, but a major issue with them writing and implementing code for American businesses is that they don’t understand how an American business runs. You will end up babysitting your offshore programmers throughout the development of your software.

They don’t understand American work culture— one critical piece to software design—especially for customized business software—is understanding how your office works. Knowing the ‘ins’ and ‘outs’ of your work place is essential to getting workable software that will actually help you resolve issues with your operations. Since offshored workers are completely removed from a normal American work environment, they often overlook subtleties in the software design that make life easier for your workers. The end result will be wasted time and additional meetings to test, correct and re-test programming nuances that expert American programmers are well-versed.

They don’t document their work well— I’d say the biggest long term problem with offshored programming solutions is that foreign programmers tend to be poor communicators. The biggest problem with poor communication is their inability to document what their code is doing. That means a month or year down the road, you may encounter a bug in the code (i.e., the software stops working!) and no one on their end (or even within your IT support team) will be able to easily resolve the issue. Having a trusted American programming team that documents and communicates changes to your software will make it much easier to resolve.

They don’t abide by US security standards— most developing nations lack sophisticated security standards that American IT companies are required to follow. That means that if your programming team needs to work with protected data, they may not have adequate security measures to keep it safe.

Meetings will lead to “lost in translation” work product— in my experience having to clean up messes that offshore programmers leave for my clients, I’ve found that their team simply doesn’t implement the software requirements that you are looking for. They simply misinterpret what your expectations are. The result is an end product that never quite fits what you’re looking for.

It’s Hard To Find Quality Programming Shops

With more restrictions on H-1B visas and growing costs to offshoring, your options for skilled programmers is becoming harder. Hi-Tech companies are faced with a shortage of skilled workers to fulfill projects.

Have you been considering offshoring a software development project?

Your growing demand to make your team’s work less redundant and to automate menial tasks to ultimately cut un-needed costs, may be best served using programmers that understand your business environment, culture and workforce. For Dynamic Edge customers, we offer discounted programming projects tailored to your business environment.

Interested in getting a programming project started but not sure how to get it done right the first time? Contact us TODAY for a free design consultation.

If You Had To Choose Between Running Water And Electricity, Could You?

April 18, 2017 • 8:54 am

Perhaps a hundred years ago, you’d not expect running water or think electricity as a complete luxury. But nowadays could you imagine having to pump a well, then heating your bath water (probably no quick shower!) daily to get ready for work instead of having running water at the turn of a faucet? And could you live by candle light without lights, toasters, microwaves? Likely anyone reading this blog (on a computer or smart phone) couldn’t imagine life without either electricity or water.

My next question: could you choose between protecting your business, its data, staff and future? Could your business live without technology (and much needed support that comes with ever changing technology)?

The nuts and bolts of your business in our modern economy is completely different from what was the norm even 20 years ago. Today, if your business lacks IT infrastructure, you’re likely not going to even keep your current loyal customers. Without email, good website design and functionality, client management systems, credit card handling, wifi access points, your business likely won’t have the level of technical sophistication your clients expect. Even if you’d prefer to convert everything to paper—avoiding the latest cyber scam—you’re making process less efficient and eventually will frustrate customers and vendors alike.

The bottom line: your business needs technology to compete in the modern workplace. Without it and without keeping up with updated systems leads makes you even more likely to become irrelevant and, eventually, extinct.

Now, could you choose between having your data secure (and your business compliant to PCI, HIPAA or NCUA standards) or saving a few bucks and letting the door open to cyber criminals?

20 years ago, if I asked you whether a bank should have a security guard protecting its money, or whether you would keep your most precious valuables locked up in immobile safes, I’m sure the majority of you would have unquestionably said ‘of course’. So, why is keeping your data (client, staff and business data) secure from criminals not a big worry or concern?

A recent report on cyber security trends shows that aspiring criminals are entering the ransomware racket with little training and at no cost whatsoever. Growing cyber criminal communities are partnering with budding criminals. For a 50/50 split from sales of your hacked data (two common data are protected health or credit card data), these novice criminals are becoming successful modern pick pockets. But instead of stealing rings or wallets, they’re stealing information that could cost your business tens to hundreds of thousands of dollars. And the consequences aren’t simply getting new credit cards—many recent attacks on small to medium sized business with little to no protection (preventative maintenance and smart firewalls) have led to bankruptcies, slowed growth and even closings! In fact, nearly 60% of small to medium businesses close within 6 months after a cyber attack!

Think about all the ways cyber criminals can easily get into your network (these are just a few of the common ploys!):

Spear Phishing— a sophisticated phishing attack—one that appears to be from your secretary or accountant—personalized to your business written in fluent English—makes email an easy door into your systems. You need IT that (1) monitors traffic and isolates suspicious email from entering your mailbox, (2) detects suspicious activity on your network and isolates problems before they spread and (3) educates your team to recognize to question clicking on links and opening attachments that may be carrying a virus that will compromise your entire network if not caught.

Overflow Buffering— some of the more sophisticated hackers actually get into your customer data from online submission forms. The hacker goes to your form and then submits a lot of data into each of the form fields. The hacker actually submits code in your form that is designed to steal data from your database. You need IT that monitors your network and website and prevents traffic from getting into your databases—using unified threat management technology—that identifies and stops attacks before they can even attempt to get in.

Password Hacking— because many businesses fail to change passwords (especially default passwords on routers) or keep simple or shared passwords to admin access to your network, hackers often will not have to try very hard to break through your systems. For a review on creating passwords, see a recent post. Businesses need IT that identifies password vulnerabilities, lock down admin credentials and institutes a strict password policy to ensure your (and your client) data is constantly secure.

Downloading Free Software—more often than not, team members download software riddled with viruses that may shut down your entire network. Whether looking for freeware or a plugin for Excel, the free download route leave room for malware, viruses or “buggy software” to plague your system—leading to ransomed data or stolen data. When it comes to your business, there’s no free lunch. Period. If you expect to run your operations on free software, realize that there may be hidden costs. When it comes to free downloadable software, that risk is likely malicious and more costly than you’d ever imagine. Remember: software comes at a cost for a reason—you have guaranteed supported software after tens to hundreds of hours of testing from computer programming teams. Anything free will come with no guarantee. Good IT Support will limit or prevent users from freely downloading anything from the web, especially if a website is not trusted (i.e., unsecure sites, websites hosted in locations notorious for cyberattacks).

Fault Injections— one of the most complicated hacks, a fault injection requires the criminal to research ways into your source code. They essentially inject code into your website or database to see if they can crash your system. Website code injections are quite common—the code injection often does little to effect the actual site, but delivers a worm or vector to users when they visit your site. Many web hosting companies will actually remove your website when this happens (and often with little or no warning!). Good IT Support will test your site for code injections before they become major problems.

Note: each of these tactics is currently being used on American businesses—large and small! No matter your vertical, you can’t simply keep thinking that nothing will ever happen to you. Very least, letting hackers have the opportunity to get into your network (or into your poorly maintained website) will lead to clients’ data by your negligence. The average attack costs businesses $300,000!

Is your business secure from cyber-criminals—their growing community and more sophisticated methods of attack? If a criminal crashed your system, is your data at least backed up? If you’re concerned about not having adequate IT support that protects your data, contact us TODAY for a free network assessment!

Are You Taking IT Security Seriously?

April 12, 2017 • 9:10 am

Check out Bruce Giving Expert Advice To Michigan CPAs. Bruce will be hashing through the security fundamentals that every business need to have in place to (1) avoid compliance risks and (2) protect sensitive data from hackers’ eyes.

Bruce’s talk entitled “HIPAA, Third-Party Vendor Management and Cybersecurity: Side Effects Include” is aimed at CPAs to ensure they know steps to take to protect their healthcare clients from being susceptible to undue risk.

Bruce’s message is clear—cyber threat are getting worse. Both in magnitude and scope, hackers are targeting more and more local businesses. It doesn’t matter your size, if you’re ‘easy pickings’ (i.e., don’t have your IT security ducks in a row), you’re increasingly gambling your business’ future in the hands of cyber criminals that have been getting sneakier and more sophisticated. Day after day, attacks are getting directed at well-known vulnerabilities in enterprise systems and phishing attacks are getting more targeted where the emails actually sound like you (thanks minimal research from social media outlets like LinkedIn and Facebook). BUT Bruce’s biggest concern is that over 80% of businesses aren’t even protecting the basics like patches and updates that completely open the door to attacks.

EVEN MORE: Healthcare is a growing target to cyber attackers because personal health information can have high returns on the black market. Cybercriminals are specifically directing their attacks to specific vulnerabilities plaguing healthcare systems (medical offices, insurance companies, hospitals) because stealing health data has become as easy as stealing candy from a baby. Healthcare offices just don’t follow very simple steps to control data access.

AND COSTS ARE GOING UP: You might expect that costs to remediate the effects of an attack have gone up. Cleaning up a cyberattack is much more involved than cleaning up a broken window and re-shelving your merchandise!

AND THE FINES ARE WATERFALLING DOWN: Health and Human Services (HHS) has started vigorously auditing any business that handles health data! Increased auditing pressures. HHS is in dire straits with massive budget deficits. Expect to find more ‘speeding tickets’ to come if you’re at fault for even minor infractions!

Interested in Learning How You and Your Staff Can Be Secure?

Not Sure How Your Accounting Firm Can Help Your Healthcare Clients Stay HIPAA Compliant?

Consider joining us for a discussion on accountant cyber security and HIPAA protection for clients.

Title of Talk: “HIPAA, Third-Party Vendor Management and Cybersecurity: Side Effects Include”

DescriptionDo you suffer from HIPAA-chondria? This condition of over-anxiety is caused by the Health Insurance Portability and Accountability Act’s (HIPAA) evolving requirements for vendor risk management and integration made more potent by ongoing cyberattacks. Assess the risks for healthcare organizations seeking to protect patient data from an evolving cybersecurity nightmare while working with third-party vendors to provide needed services. Our experts address the overall outlook of the HIPAA, vendor and cybersecurity puzzle for 2017 and beyond.”

Date: April 26th, 2017

Location: MICPA Healthcare Conference

Laurel Manor

39000 Schoolcraft Rd

Livonia MI, 48150-1036

Can’t make the MICPA event, but still concerned with keeping your office secure and compliant? Let us know and we’ll send you a link to the meeting and some specific worksheets to make sure your business is secure for HIPAA, PCI or just cyber secure.

It’s National Backups Day. Is Your Critical Data Backed Up?

March 31, 2017 • 11:54 am

Pixar’s Toy Story 2 was deleted twice. Each instance, they had to rebuild the movie.

backup-recovery

Two months and hundreds of man-hours of work vanished

It all innocently started with a fix to Woody’s hat. Woody needed a slight wardrobe upgrade—that’s all. Just a hat reposition. While one of the editors was tinkering in the file system, trying to install a new and improved Woody, something much unexpected happened.

THE folder containing the Toy Story 2 movie—that at one point had 40 files— suddenly had four then none. What Oren Jacob, former Chief Technology Officer (CTO) for Pixar recounted was an entire movie deleted off the company’s servers.

Pixar was only able recover parts of the vanished movie

After a streak of luck after a tens of thousands of dollars, hundreds of man hours and some bright engineers, Pixar was able to recover parts of the movie. With much relief to the producers, there was hope to still complete the movie on time, though over budget. The silver lining is that the 150 hard work by dedicated animators with drive and commitment to quality movies had been recovered!

Don’t worry- the story thickens. Ever heard of ‘/bin/rm-r –f*’ ?

A few weeks after the first recovery had revived the Pixar movie, Jacob was looking through the directory where all the assets for Woody were stored. What he noticed, when refreshing he noticed less and less files in Woody’s folder. Eventually, seeing this exact message:

“Directory no longer valid”.

The reason for the error—the folder no longer existed.

Moving up in the directory, he saw Hamm, Potato Head and Rex (other characters in the movie) vanishing in plain sight.

The command that Jacob had accidentally typed: ‘rm –r –f*’. In plain English, this command tells the system to remove every file within the current directory. What this meant for Pixar’s Toy Story 2? Everything was deleted—nothing remained.

At that point, panic struck in for the Toy Story team—someone had even given instructions to yank the power cord and network connection of the server holding the movie’s files. When the machine was rebooted, only 10% of files remained. That means nearly 90% of the movie had been deleted!

Normally, deletions wouldn’t be a problem. In fact, for Pixar (and most businesses actually) files get erroneously deleted all the time. What Pixar expect—as your business should as well—were backups of the movie that actually worked. Unfortunately for Pixar, their tape backups were corrupted. These backups were NOT continuously tested—leaving the company with a bunch of incomplete tapes. The backups could not get the Toy Story production back on track.

Lesson learned: backups are only as good as their testing. With no testing, who knows if anything actually got backed up (Note: Dynamic Edge performs DAILY TESTED backups of your systems to avoid a Pixar devastation).

On this National Backups Day, I want to think about what should you be doing to be safe…

The general IT golden rule is always the rule of 3—to lower your risk of a karmic event, always have 3 copies of your important data. The original, a backup of the original and an archive of the backup. Each of these backups should be kept in different locations. If you’re using drives, that means a lot of realty—especially if you’re backing up a lot of data!

You should be replacing backup drives at least every other year. That means someone not only needs to be responsible for swapping drives daily, but someone has to make sure to change out drives in the rotation often! And then keeping these backups in a safe place for that just in case instance where you need to recover that really important file.

Isn’t there anything better?

While disk backups were the standard for the last decade, our cloud technologies have become much more reliable than any disk backup process. Our cloud has built in triplicate replication and eliminates the need for someone to manually swap out disks.

But benefits of cloud backups just keep coming:

Get you back online faster— cloud backups are continually working—and if a problem exists, you are back online within a couple hours. Rather, to restore from disk, you would need to first get access to the backup drives, then transport it to the office, then start the restore process. That means hours of additional wait time!

Backups that last longer— as we mentioned, your disk backups only last about two years. BUT cloud backups last in duplicate or triplicate forever (well as long as you pay for the space J) and you don’t have to worry about the backups failing- they are constantly being tested and maintained. That means that even if you have to restore from a backup, you have it at your fingertips with no worries or what if’s.

Backups that cost less—costs associated with disk backups are multi-fold. Think of cost of storage space, labor costs to regularly replace drives, cost of the drives themselves. With cloud, you just pay for the space you use—no more!

I’m worried about your networks, your data, your systems. I think about them day in and day out. I think about the ‘what if’s’. If something were to happen, is everything safe. The reason why I’ve moved my company’s backups completely to the fitCloud and encourage all of my clients to use our cloud solution is that we know it works better—safer—faster – and cheaper than any disk or physical backup. And on top of all of that, you are working directly with us—people that have been and continue to be dedicated to getting your business the right technology to fit your needs.

A final note on Pixar’s Toy Story: An employee had a copy of the movie on her home computer. After another grueling week of non-stop recovery (sleeping bags, coffee and pizza-filled nights and days), the team was able to recreate the movie as best they could. The entire 100 Million dollar project weighed on one computer.

Doing some backups soul searching? Confident that your systems are backed up AND tested? Are you sure your tapes are even working? Contact us TODAY to learn how to set up proper backups for your data.

Do you really know what your team is up to during the work day?

March 29, 2017 • 11:50 am

Studies find employees waste over half of their work day on personal time.

Alarming findings from several recent studies on Cyberslacking show that your staff is likely using their work day to partake in personal activities. And even more shocking is that many of these activities could compromise your business.

The internet has definitely altered the way work is performed. We are much more connected to our clients and colleagues than ever before. But we’re also closer to criminals as well. Despite the positive impact the internet has had on communication, it comes with a cost. Wasted work days online are now not so uncommon. Games, videos, social media all contribute to over 35% in productivity of your workers (on average). Depending on how connected your staff is, those numbers could be as great as 70%!

In fact, the U.S. Treasury Department has found that cyber-slacking— the act of avoiding work by performing personal online activities–  accounts for nearly 51% of employees time online and includes activities like answering personal emails, participating in chat rooms, on-line banking, on-line shopping, or even viewing pornography.

What’s startling is that over 75 % of visitors to pornographic websites, 45% of gambling, and 40% of online auction bid come from workplaces during business hours! That’s not to mention that over 80% of surveyed workers admit to playing online games, watching YouTube videos and reading various newspapers online while at their desks. Even if you don’t mind a little distraction in your office, I’m sure you can agree that half of the work day is way too much. Even one out of an eight hour work day seems excessive!

While some personal activities seem alarmingly bad to take place at your workplace, many other activities might not (at least at face value) seem that harmful. But what you’re not considering is the fact that nearly 70% of cyberattacks, network infections and hacks result from personal use in the workplace!

Take a look at this list of activities that more than 50% of workers report doing during working hours at their desks (And what’s alarming is that many of these folks don’t really think anything of it!

Personal Activity Perceived Acceptability (1 = low, 6 = high)
Watch YouTube video clips 6
Read the newspaper online 5.5
Send and open personal email 4.78
View and print personal documents 3
Play games online 2.2
Visit pornographic websites 1.1

 

What’s startling from the above table is that someone thinks any personal activity is appropriate for your workplace!

 

ALL of the activities above can lead to a compromised network. Why? If you let your staff peruse the web, open and download files from untrusted sources online, you’re opening your back door to cyber security vulnerabilities. And what’s worse, is they don’t necessarily think they’re doing anything wrong!

Let’s break down each of these seemingly harmless activities into costs and threats to your business:

Watch YouTube video clips—while YouTube may seem harmless, 30% of surveyed workers reported to spending over an hour a day online watching videos. And often one worker shares videos with other office colleagues during the work day. One innocent video view can snow ball into tens of hours of your workforce partaking in non-work entertainment during their billable hours! AND they’re influencing others in the office to be distracted (at minimum!).

Read newspaper online—while an article here or there might not be a big deal, with 24-hour news cycle, news feeds, tweets and posts, many workers have gotten worse at focusing on their jobs. In fact, in the current political climate, online news often feeds un-productive discussions that consume large portions of the work day.

Send and open personal emails—answering a few personal emails during the workday (even on the lunch hour) seems harmless. But what most employers aren’t considering is personal email addresses are not filtered through your email filter. That means emails (and any attachments or links associated with them!) are NOT safe for your network. Over 40% of phishing attacks that have led to network-wide infections of ransomware (think Cryptowall) have been from personal emails! Unless you’re dedicating your limited resources to screening personal email addresses, I’d recommend eliminating personal emails on your network.

View and print personal documents—similar to sending personal emails, you never know if personal documents don’t come with unexpected strings (viruses or attack vectors). Allowing staff to use your network for personal use increase the risks and have given an open door to sneaky cyberattacks (not to mention waste of time and resources on non-work related stuff).

Play games online— there are far too many games to choose from online. If your staff are less than motivated to work, they can always search for the millions of games to play online. Many of these gaming websites are not secure and many have links to compromised webpages that are hosting viruses. When your secretary decides to zone out for the day and play Candy Crush on her computer, she’s likely not just costing you her day’s wages, but also giving cybercriminals a way into your systems.

Visiting pornographic websites—too many wrongs here to even discuss. First, pornographic websites are notorious for harboring viruses (including Cryptowall derivatives). Second, if you’re unknowingly permitting these activities to occur in your workplace, you could be unknowingly creating a hostile work environment for others. Given that work places are the easiest ways for folks to visit these websites, there’s no doubt why pornographic websites are commonly visited during working hours from business IP addresses!

The hard truth is that the average employee will try to get away with even more nefarious activities at work while on your network! Some experts that study cyberslacking activities have found that workers often try to steal on the job time.

Do you think your business is any different? If someone was given carte blanche access to whatever personal vice might be—online gaming, gambling, sports, pornography— where you don’t regularly monitor online activity or restrict visitation to untrusted website, you likely (1) already have a problem with employees going to untrusted websites with questionable content or (2) will eventually run into the problem!

And it doesn’t matter if they’re on a company-owned computer at work or at home. That computer is inherently apart of your network and an infection can move across the entirety of your network if you’re not careful.

If you’ve locked down work computers, don’t think you’re safe. Use of personal devices at work—that connect to your network—can still cause serious problems. Just because you don’t own that device doesn’t mean it might not be a vector for the latest virus. And don’t for a minute don’t think that hackers aren’t smart enough to get into your systems through a personal device.

Are you concerned that your staff might be partaking in personal activities online during the workday? And are you certain that they aren’t opening doors to hackers, while leaving your business in violation of PCI, HIPAA or NCUA compliance? Contact me TODAY to discuss some affordable solutions to eliminate ‘personal time’ risks and costs to your business!