You’ve no doubt heard the advice the Police offer to households on reducing the risk of burglary. We all want to keep our homes and belongings safe and sound.

Consider then for a moment – what types of feelings do you think you would experience if somebody gained unauthorised access to your businesses computer systems?

At JamesCash.co.uk we recently helped one of our clients migrate their systems from a peer-to-peer network to a Windows Small Business Server 2008 (SBS 2008) network with central file storage, e-mail and strong security.

Before the new system, security was very minimal. Users shared the same simple passwords, and these passwords rarely changed. Everyone within the business had access to all the files on the network.

After we had installed the new system, we helped our client implement a new way of working – a strong password policy, and a file system that only allowed users access to the files they needed.

So what is a strong password policy?

We know that weak passwords provide unauthorised or malicious users with very easy access to your computer system. A strong password policy ensures that passwords are considerably harder or impossible to crack (or break) – and that’s even with the extremely powerful password-cracking software that is available via the Internet today.

Here are examples of weak passwords:

• Is no password at all.
• Contains your user name, real name, or company name.
• Contains a complete dictionary word. For example, Password is a weak password.

In contrast, a strong password…

• Is at least seven characters long.
• Does not contain your user name, real name, or company name.
• Does not contain a complete dictionary word.
• Is significantly different from previous passwords. Passwords that increment (Password1, Password2, Password3 …) are not strong.
• Contains characters from each of the following four groups – Uppercase letters, Lowercase letters, Numerals.

As part of the 24×7 Health Checks we provide as part of our IT Support services to clients, we see very regular hacker attacks on *all* our client systems. The security systems we help our clients put in place, including strong password policies, ensure they remain safe.

If your company has not got a Strong Password policy in place – then why not? Are you ignoring that advice from the Police and leaving the windows and doors to your home wide open? Or are you being realistic, realising that external threats really do exist and you can mitigate this risk by taking reasonable steps?

Earlier this week, one of our team managed to lose his iPhone during a holiday.  This raised the issue of data security because the phone, like many others out there, contained both confidential company information and personal details.

If you’re the owner of an iPhone, there are some simple steps that you can take to secure your data.  For starters, regularly backing up your iPhone through iTunes will make sure you have a copy of any data on the phone.

Next, you can enable the Passcode Lock feature.  You can set this to activate right away, after one minute or after five minutes.  Included is an option to automatically wipe the device after ten failed passcode attempts.  You can access the feature through Settings > General > Passcode Lock:

Once you have enabled the Passcode Lock feature, you’ll have to enter the passcode when bringing your iPhone out of standby:

If you use your iPhone with Microsoft Exchange, then it may be possible, in the event of your iPhone being lost or stolen, to remotely wipe the device.  With Small Business Server 2008 (Exchange 2007) this can be done through Outlook Web Access by the end user.  You access this functionality through Options > Mobile Devices > Wipe All Data from Device:

Remote wipe is also available in Small Business Server 2003 (Exchange 2003) but will require some prior configuration on the server from your IT support team.

When a member of staff leaves your company do you let them keep a set of keys to the office? Do you keep the security code to the front door the same so they can still get in? Do you let them keep company property?

The answer to all of the above will certainly be no, but if you don’t update your computer systems when an employee leaves then this is exactly what you are doing.

Windows Small Business Server allows users to access their email account anywhere in the world at any time, so even though they’ve left the company, they could still be sending and receiving emails as if they were in the office. It’s also very simple to set up remote access to enable users to continue creating and deleting documents, along with having access to your company applications such as Sage.

All too often an employee leaves acrimoniously and attempts to cause damage to the IT infrastructure such as copying or deleting files or emails; if this is not spotted and dealt with quickly the damage can be irreversible.

Fortunately all of this can be stopped from happening very easily, and all it takes is for remote access to be secured when an employee leaves. Within seconds their passwords can be changed and their ability to access your network remotely removed. Emails can also be re-routed to someone else, and their documents made available to view.

JamesCash clients of our IT support services should let us know immediately as soon as an employee ceases employment.  The sooner we are made aware, the less likely someone is to cause any problems, so please include informing us into any employee leavers process you have, and help us keep your IT infrastructure safe and secure.

There’s no doubt about it.  If your business uses a server, sooner or later, something will go wrong. At this point, you’ll discover one of the real costs of IT – the cost of downtime. With staff sitting around unable to work, unable to send or receive email, unable to access the Internet, unable use business applications – you’ll be giving top priority to getting your systems back up and running as soon as possible.

Consider the following two examples:

Company A

A heavyweight PR company based in Birmingham.  Not a current JamesCash client.

On 16th March 2010 they report via Twitter they have their email and server back after five days of downtime, asking people to call if they still have problems getting email through.

On 22nd March 2010 Company A again reports via Twitter that they are still having problems receiving email.

By our calculations, this is 10 days of business disruption and counting…

How do you think this affected one of premier PR companies in Birmingham? How much did this cost them?

Company B

An award winning Birmingham based video production and media company.  A client of JamesCash.co.uk.

At 11:00 on Thursday 18th March 2010, their four-year-old server fails due to a catastrophic hardware fault.

By 15:00 on the same day, a JamesCash engineer had taken a replacement server to site and restored their most recent backup to the new hardware, to get their team back up and running within four hours.

The Choice is Yours

You can wait for disaster to strike and lose thousands, or you can take steps now to protect your business by calling the JamesCash team (IT Support Birmingham) on 01384 880660.

I’m writing this blog post from the comfort of my own home.  I’ve been working from here for most of the week, due to the snow and icy weather we’ve been having.  With many schools and businesses closed and transport widely disrupted, I’m glad to say that JamesCash.co.uk has been largely unaffected in providing IT support to our clients.  This is in no small part due to the technology that we’ve implemented , which frees our team from the constraints of the office.

Using our VOIP telephone system, we have been able to work from home, whilst still being able to answer calls, see who is on the phone and transfer calls between extensions, as if we were all sat in the office.  And our VPN, Citrix server, and other remote working tools have meant we’ve been able to access all of our systems to continue working as normal.

Remote working technology is now within the reach of all small businesses and basic systems can be implemented for little or no cost.  For further information please call James Cash on 01384 880660 or submit an enquiry here.