Blog

0 comments on “DSM Winter Seminar”

DSM Winter Seminar

Mark Your Calendar!

Soon you will see this invite arrive in the mail. We are very excited this year as we have some new applications to show and we also have a new Client Portal to introduce you to.  As always, the sessions will be in the morning and we will feed you a good hot meal.  We will be available to answer any questions you may have.  We always like to sit and visit with our clients and hear your feedback on ways we can improve our software.  This year we have two dates, December 5 or December 12, so be sure to send your invite back with the date you will attend.  You can email me at awalker@datasysmgt.com, or contact me by phone at 601-573-6130.  We look forward to seeing each of you there!

0 comments on “Dude… it’s me!”

Dude… it’s me!

Years ago during a military training mission, we had two guys guarding an entry point. Around 4am a man walked toward the post. “Halt! Who goes there?” one of the guards asked. The stranger said, “Dude… it’s me!” The two guards were, like, “sure… come on in.” The perpetrator quickly left instructions with the guards that they were now considered “deceased” and were no longer permitted to participate in the exercise. They got the rest of the night off and we all learned a valuable lesson, i.e., sometimes the bad guys don’t look or act like bad guys!

Social Engineering

Social engineering attempts are increasing. By some estimates, over 90% of email attacks are social engineering attacks. Only around 10% are malware attacks. With the improvements to anti-virus software, the attackers have found the perfect weak point – the employee!

So what is social engineering?  Social engineering is the art of tricking people into giving up information.  No amount of software or hardware will protect your network or data if your employees give an attacker information or access to your equipment or data.  Sometimes it’s intentional.  There are disgruntled employees out there.  Most of the time employees are duped into releasing information or access to a skilled social engineer.

In this series we’ll look at some of the ways social engineers do what they do and, more importantly, how you can avoid falling victim to their evil ways.  So… how do theses masters of social engineering do it?

Tools of the Trade

Humans are curious and generally want to be helpful.  And these are the two factors that social engineers exploit.  In many situations you don’t even see the attacker.  Many attacks come in the form of an email.

Phishing – An email containing links to fake websites that tries to get the user to click on the link and log in to their account.

That seems innocent enough, but the link actually goes to the attacker’s website where he will, at that point, have your username and password.  They’ll pretend to be banks, credit card companies, social media accounts, etc.  The hook is they will tell you that there is some sort of problem and you need to log in to check it out or fix it.

You may have heard in 2016 the DNC was hacked.  It all started when a high-ranking DNC staffer responded to a phishing email by typing in his username and password into what he thought was his email account.  Instantly the attackers had access to all his emails!  And they also had access to his account which allowed them to set all sorts of configurations without his knowledge.

The best way to keep from falling prey to this attack is to simply go directly to your account’s website and don’t use the link provided in the email.  Another way to check the legitimacy of the email is to hover your mouse over the link.  If it’s an email for your account at yourcitybank.com, then you’ll see xxx@yourcitybank.com displayed on the bottom left of your screen when you hover over the link.  If it’s a different address, it’s probably a phishing attempt.

Even if it’s the same email address, that still doesn’t necessarily mean it’s legit.  Generally speaking, no company is going to send you an email requesting you to log in using the links provided.  If you have a legitimate concern about your account, simply call the company or go to their website directly and log in without using the links from the email.

Baiting – Leaving a USB drive in a public location with the expectation that a person will pick it up and stick in into their computer just to see what’s on it.  You’ve heard the phrase “curiosity killed the cat.”  That applies here.

Recently, the Pentagon suffered a huge security breach when agents from a hostile country drove through the parking lot tossing out infected USB drives knowing people going to work would pick them up and try to see what was on them.

When they inserted the USB drives into their computer, key loggers were installed that recorded every key stroke the user made and sent that information to the hacker.  Key loggers have a way of hiding from detection so users will most likely not even know they’re infected.

But this type of attack can also install ransomware that encrypts your data so that you can’t access it and holds it for ransom… hence the name “ransomware.”  It could also install trojans that steal your information like social security and bank account numbers and open back doors into your system for hackers.  And once they’re in your system they have access to every system on your network.

How do you avoid this?  If you find a USB drive on the ground, open it using someone else’s computer!  NOOOO!  Just kidding.  If you find a USB drive on the ground, then pick it up and hand it over to lost and found, if you have one, or keep it and see if someone lost theirs.  Resist the temptation to pop it in.

Next Time

In my next installment I’ll discuss some of the ways social engineers interact face-to-face with the user to gain access to equipment and data.

0 comments on “Who Goes There?”

Who Goes There?

Physical Security

Cybersecurity has always been important.  Now, it seems, it’s becoming the new buzzword.  Everyone is concerned about it.  And they should be.  Although cypersecurity brings up thoughts of computers, networks, and data, there is another practical aspect that you might not think about.  And it starts with a simple lock.

Physical security as part of your complete data protection plan is easily overlooked.  But think of it this way… if a person can touch your equipment then that person can change your equipment!  He can cut cables, power down, damage, or even steal equipment, whatever he wants to do.  Physical security is the first step in your overall cybersecurity plan.

Perimeter Security

So, how do we keep those scoundrels out?  The first step is to consider locking the entrance to your building.  Yeah, I know many times that isn’t practical.  But if you can practically and legally lock your outside doors, then that’s the first best step in preventing unauthorized access to your equipment.

Motion-activated perimeter lighting will let a potential intruder know that he/she has been spotted.  The light, in itself, certainly won’t stop anyone bent on accessing your building, but it will illuminate the area.  And the last thing an intruder wants is to be bathed in a sea of bright white light!

ICU

Perimeter lighting is a good deterrence.  Couple that with a video surveillance system and you have a perimeter defense system that lights up your would be intruder while it makes a lovely HD video of his face that local law enforcement will want to look at.

Now, I know the first inclination is to run out to some big box store and get the latest, greatest, all-in-one, 16-camera video system for $500.  Trust me… it’s not going to work.  Oh, it will take video and maybe pictures, but you get what you pay for… in both equipment AND installation.  Installing a video surveillance system is like sword swallowing… it’s a job best left to the professionals!  A video surveillance system isn’t necessarily an inexpensive investment, but having the ability to let the intruders know you see them AND capture evidence for law enforcement justifies the cost of installation.

Inside Man

Like I mentioned earlier, many times it’s just not feasible to lock your outside doors.  But inside, well that’s a different story!  Inside your facility there really isn’t any excuse to not have an equipment room for… well… your equipment.  Routers, phone systems, firewalls, switches, servers, and DVRs all love living in equipment rooms.

Being that your equipment room door will be closed, it’s going to get hot in there real quick with all that equipment running.  Check with your favorite HVAC guy to determine the proper cooling unit size you would need for the room.  It’s good to have it independent of the building heating/cooling.  That 80 degree heating feels good in your office during the winter, but it will make your equipment room temperature soar.

Your equipment room should be centrally located inside the building, if possible.  And it goes without saying that it should be locked, so I’m going to say it… you’re equipment room should be locked.  Key locks are good, but cypher locks are better.  Cypher locks require the entrant to input a combination of numbers or letters to open the door.  You have passwords for you computer.  Think of this as a password for your equipment room!

You see?  Providing physical security for your equipment isn’t that hard, but it’s not necessarily inexpensive.  It all comes down to doing everything possible to protect your data and equipment.  And beefing up the ability to access to your data and equipment is the first line of defense in securing your network.

0 comments on “Chancery Clerk Summer Conference 2018”

Chancery Clerk Summer Conference 2018

Well it’s that time again and Data Systems Management could not be more excited about the upcoming Chancery Clerk Conference!  We have a lot of new and exciting applications to show you and we are confident they will be beneficial to you.  Please stop by our booth during the conference to say hello and to meet with the DSM team.  We are here to help move your county into an easier working environment while keeping you up to date on the latest and best software in the business.  We have over thirty years of experience with county governments and municipalities.  Our development, install, and support teams are always as simple as a phone call away.  Our sales team will be available in Biloxi at the Golden Nugget Casino on July 24 through July 26.  Again, we are super excited about the possibilities that await you!  When you visit ask about any upgrades or changes that we’ve made to our Land Redemption Package, Time and Attendance, Payroll, and Scanning options.

 

 

0 comments on “You’ve Been Scanned”

You’ve Been Scanned

Image result for images of scanning documents

By now most everyone is scanning. Nothing new there, but did you know that Data Systems Management offers you a way to scan all your old records and there is no indexing involved!

Index Free Scanning

Data Systems Management offers to you an index free scanning system for your old land deeds. This saves you untold amounts of time on the front end as well as on the back end. You will never have to remember how something was indexed or what file it was saved in while making an effort to retrieve it.  Data Systems will even take your previously scanned items and convert those to index free scanned images.

By using the Scanning option with Data Systems Management, your scanned records can be searched just like using the internet. This scanning application is so easy to use you can even utilize interns, or  young people looking for part time work to get all of your records scanned.

Data Systems Management is committed to bringing you quality products that improve your daily workflow.  Give me a call, I would love to come by and speak with you regarding our latest scanning option! You can reach me at awalker@datasysmgt.com  I look forward to hearing from you very soon!

 

 

 

 

0 comments on “How’s your network security?”

How’s your network security?

Creating, upgrading, and maintaining you network is a full time job.  But are you doing everything available to secure your network against cyber threats?  Maintaining your network is the easy part.  Securing it takes a little more thought.

Let’s start with your OS.

Legacy software can be described as any program that uses older technology.  Generally speaking, not only is it hard to update legacy software, that software typically must use older hardware to run.  And the combination of old software that hasn’t been updated and old hardware is a recipe that hackers love to exploit.

If you’re still using Windows XP… stop it, already.  Windows XP is no longer supported and hackers know that there’s still a huge installed base out there.  1 + 1 = you’re increasing your chances of getting infected or hacked if you don’t upgrade to the latest OS.

Yeah, Windows 10 has its quirky bits, but what Windows OS doesn’t?  Going to Windows 10 will improve your PC security and it looks and acts enough like XP that there really is no learning curve. (Don’t even get me started on Windows 8!)  Saying that, one of the easiest ways to minimize your chances of bad stuff happening to your network is to ensure that you’re using the latest fully updated operating system and your applications are also up to date.

So, you have the latest OS and you’re running everything on newer hardware.  What happens if, even in spite of your best attempts at securing your network, one of your computers becomes infected with a virus, or worse… ransomware?

Save Early Save Often

Three words… backups, backups, backups.  If the data is mission critical, then not backing it up is just asking for something bad to happen.  If you have to re-image a computer on your network because it has been hacked or infected, then having a recent backup can mean the difference between success and getting eternally ridiculed from everyone at the office.

Just backing up is not enough.  Once the data is backed up, it should be taken off site.

If you’re backing up your data on a USB drive, ensure that the drives are disconnected from the computer after the backup completes.  That way, if the computer becomes infected, the backups will be safe.  Even more, once the backup is complete the backup media (of any type) should be removed from the current location.  If your office experiences a catastrophic event, then your backups will still be intact.

The most efficient way to do this is to have a cloud-based backup solution.  That way, all of your backed up data is stored at another site, usually in a geographically different location.  Cloud-based backup solutions are, obviously, fee-based solutions.  But the ability to quickly restore your data and get up and running is priceless.

The Human Factor

Network security is also as simple as educating your employees.  A well designed and implemented acceptable use policy would explain what employees can and cannot do regarding the hardware and software in your office.  It’s also a good tool to use to make your employees aware of what they should (and should not) do in the event of a suspected hack, breach, or infection.

Even the best anti-virus, anti-exploit, anti-malware, and anti-ransomware is only as good as the person using the PC.  Social engineering can defeat security software.  Employees should be educated in how to recognize phishing attempts, suspicious looking websites, etc. that can be used to gain unauthorized access to your data.

And don’t forget about face-to-face and telephone conversations.  People who engage in social engineering are good at making you feel at ease.  They’re pros at making you think the questions they’re asking or the access they’re requesting is legitimate.  They may drop names of your supervisors, or act as though there’s a sense of urgency.  But an employee education program can train users on how to spot attempts at social engineering being used to gain access to your data.

The Non-Human Factor

Now, here’s the difficult and (probably) expensive part… securing access to your network with network-wide hardware/software solutions.  Obviously, the firewall is the gateway to your network.  Having a robust firewall that also provides content filtering, anti-virus/anti-malware, and intrusion prevention goes a long way toward securing your network environment.

Of course, the newer firewalls that provide these services are pricey.  I’ve seen it first hand that many managers are unwilling, or unable, to spend a few thousand for a piece of equipment that they never see.  And if people don’t see a piece of equipment at work, they generally don’t realize the benefit of having it… until it’s too late.

Along with the next generation firewalls, an enterprise-level anti-virus is essential.  Many companies will put free anti-virus software on their computers.  They’re free, so there is that.  And they do detect incoming viruses.  But that’s about the only benefit.

The problem with using free anti-virus titles is that they act as though they’re independent installations.  And they are!  It comes down to simplifying your administration.  If you have 20 PCs running stand-alone anti-virus software, then you have to constantly check 20 different computers to ensure that the software is fully updated and that you have no viruses.

With an enterprise-level anti-virus solution, you’ll commonly have a dashboard from which you can check connected systems, software update status, infection status across ALL computers on the network, etc.  Having this solution will ensure anti-virus consistency across your network.  And that means less work for you!

But with today’s threat environment, just having one approach to network security not be enough.  You’ll need to address physical access to your network equipment, monitor the types of traffic entering your network, deal with viruses, ransomware, and other forms of malware, keep your PCs fully updated, and ensure that your employees aren’t inadvertently allowing unauthorized access to your data. A multi-factor approach to security is always the better option.

For help assessing your network security, developing your policies, or PC installation/support, contact Tracy Reynolds @ 601-925-6279 or email him at treynolds@dsmhospital.com today!

0 comments on “Maintenance”

Maintenance

Image result for images of washing your computer

Maintenance.  Just the very word itself brings up dreary thoughts of things like home improvement, home maintenance, vehicle maintenance etc. etc. etc.  The list seems never ending!

With the help of Data Systems Management, your system maintenance can be a breeze!  We are here to offer our help along with IBM and are here to keep your systems covered under a maintenance contract.

Let’s be clear here,  There are actually several different maintenance contracts that need to be reviewed annually to ensure you are not left without coverage.

Image result for images of software maintenance

 

 

 

So let us begin with the most important one.

 

Hardware Maintenance:

What is it and how does it benefit me?

To begin with hardware maintenance is the coverage you need should anything go wrong with your server.  You will need an IBM representative to show up and help diagnose the problem your machine is having.  Not having the maintenance coverage is not an option.  this coverage can pay for itself in one on site visit.

 

Software Maintenance:

What is it and how does it benefit me?

Software maintenance is critical in the event there is an update that is done and requires a tad more expertise than your office has or should there be a bug in the update etc.  Again, the maintenance contract can pay for itself in one on site visit.

 

DSM Software Maintenance:

Again, any update done by DSM on our software may contain an element that does not work properly with your exact system.  Even though we extensively look at each client’s system and take all things into consideration, an older server can create a problem with an update that is totally unexpected.  so just like in the above statement, signing a software maintenance contract with DSM on an annual basis is an absolute must.  With laws that constantly change, programming has to constantly change.  Any of these changes could create a problem with your server and that is not the goal we are trying to reach.

Wrapping things up:

DSM Software Maintenance:

In essence, the moral of the story is to keep your maintenance contracts under close supervision.  I know its just one more thing on your plate to think about so the changes I have made here at DSM promise to make this as easy as possible on the client.  Annually DSM sends out a letter asking for your DSM software renewal.    We ask that you read and sign the contract.  This will only take a few minutes of your time and it will increase your level of security in the event of a problem.  This is the software you work on everyday.  The software that operates your programs like payroll, tax, justice court, and your financial packages.  Think of your DSM software renewal as your daily insurance program.

Server Maintenance:

This one gets a bit trickier to keep up with, so I have created a system by which I track who has coverage and when that coverage expires.  It even tells me if the coverage is for 1 year, 3 years or 5 years.  It lets me know if you have 9×5, M-F coverage or if your coverage is 24×7 coverage.  As I stated it gets a bit trickier so I decided to take the bull by the horns and create a system for keeping you up to date on your coverage.  You will see a letter from me 90 days prior to your coverage expiring and each 30 days thereafter you will receive additional notifications letting you know that your maintenance is up for renewal.    This maintenance includes your actual hardware and your software.  The software I am speaking of here is the actual operating system software.  Think of this as a type of car insurance.  Just like your auto coverage, this contract covers your car and the engine so to speak.  the seen and unseen parts of your computer.

Now that your understanding has been refreshed on the value of maintenance coverage, please feel free to contact me at 601-573-6130 or awalker@datasysmgt.com to find out when your particular coverage expires.

I look forward to hearing form each of you very soon!

 

0 comments on “Louisiana Clerk of Court Conference”

Louisiana Clerk of Court Conference

LA-img-0694-jpg

Data Systems Management will be attending the 73rd Annual Clerk of Court Conference being hosted by the French Acadian Clerks on May 8-11, 2018  and would like to extend an invitation for you to stop by our booth and meet with our sales associates, Alan Smith and Al Theriot of Harahan, LA.  While visiting our booth, please pick up your free gift, register for our door prize drawing, and ask about our LRMS Pronto-Rec.

0 comments on “Mississippi Justice Court Conference”

Mississippi Justice Court Conference

MS Bridge

Data Systems Management will be attending the Mississippi Justice Court Clerk Conference May 10-11, 2018 and would like to extend an invitation for you to stop by our booth and meet with Tommy Davis.  While visiting our booth, please pick up your free gift, register for our door prize drawing, and ask about our new forms for your office.

0 comments on “Ransomware is all the craze!”

Ransomware is all the craze!

Ransomware is a type of malicious software that’s designed to encrypt your data and then hold it for ransom until you pay the hackers to get the decryption key.  There are several reasons to be concerned.

1. You’re data is encrypted and you’re not getting it back unless you pay the ransom or you reload your data from a recent backup. (big concern there!)  Depending on the type of backups you do and the number of infections you have in your organization, it could conceivably take anywhere from a few hours to upwards to a month to get fully restored.

2. If you pay the ransom (which can range from a few hundred dollars to a few hundred thousand dollars), there is no guarantee you’re going to get the decryption key.  Think about it.  Paying the ransom is basically saying that you trust the people that hacked your computers in the first place.  That’s just crazy, yeah?

What can you do to make your computers and local network more secure against hackers and malicious software?

While ransomware is not new, a new wave is sweeping over computer networks around the globe.  The most recent breakout infected over 300,000 systems in 150 countries across all industries.  However, there is a way you can dramatically reduce your chances of getting a ransomware infection.

It starts with updates.  Keeping your operating system (OS) updated is the first line of defense against any kind of malicious software attack.  It goes without saying (so I’ll say it), at this point you should not be using Windows XP or earlier OS.  They are not being supported anymore.

So using the latest OS and keeping that OS fully updated is the first, and easiest, way to minimize your risk of infection.  Apple and Linux get viruses, too.  So even if you’re not using Windows, keep your system updated.  That will go along way in protecting you.

Along with keeping your system updated, backups are important.  People generally don’t think about backups.  But, if the data on your system is vitally important, say, payroll, inventory, time sheets, AR, or any mission critical data, you should be doing nightly backups of that data.

If you become infected with a virus, or more specifically with ransomware, then you can recover your data by restoring the backups.  Problem solved!  No ransom payment!  The boss thinks you’re a genius and everything is right with the world!  Assuming your backups are good backups, you will be able to completely recover from a ransomware attack using them.

You should also have anti-virus software installed and running.  These days, ransomeware and other malicious software attacks usually start with clicking on an email attachment.  Just clicking the infected attachment will install the malicious code.  A good anti-virus will scan your emails when they appear in your inbox and alert you to possible infections.

The anti-virus program for your organization should be a business-class, i.e., an enterprise-level, version as opposed to the free stand-alone versions you can download from the Internet.

An enterprise-level anti-virus program can be a little pricey.  It depends on the vendor, which anti-virus you choose, and how many computers you want to put it on.  There is nothing wrong with the free versions on your home computer mainly because… well… they’re FREE!  But, free shouldn’t a consideration for your business, in this case.

So, to recap…

1.    Keep your operating system updated.
2.    Have an anti-virus running and keep it updated.
3.    Save early and save often.  Make backups!
4.    Don’t open email attachments.