Get Your Business Back In The Game!

Takeaway: If your business can’t be found on the Internet, it doesn’t exist.  Even if your established business is 100 years old it needs to be on the Internet to have credibility with today’s potential new customers.

The Internet has changed nearly everything in our lives. In less than a generation the way we socialize, get our news, do business, relax and learn have all changed.  In all but the most provincial areas of North America the local phone directory has clearly lost it’s standing as the “go to” body to find products and services.  This goes for local searches as well.  When looking for new companies, products, or services why browse a book that is only updated every twelve months when you can complete an up-to-the-minute online search in almost no time at all?  Today the Internet and “social networking” are the global town square and if your business isn’t part of the new marketplace it most certainly will be left behind!

I’m always amazed at companies that refuse to establish at least a simple web presence (a domain name, a basic web site, and company-branded email) and then bemoan the fact that new business is passing them by.  According to Internetworldstats.com (IWS), today 78% of the North American population use the Internet. That’s an increase of 152% between 2000 and 2010!  And yet, this statistic pales in comparison to other parts of the world like Latin America, Europe and even Africa.  Not having some sort of Internet presence sends a clear message to potential consumers (if they can find you in the first place) that your business has no idea what time it is, doesn’t care what time it is, and has no plans for the future—not a great strategy for winning new customers.  Even if your established business is 100 years old it needs to be on the Internet to have credibility with potential new customers these days.

Having your own domain name, branded email, and web site is quite easy these days.  While a business can spend thousands of dollars on their web presence each month (and many of the big players do) a small business can still own real estate on the Internet for as little  as $10/month.

In addition to establishing your own web-presence, a lot of good information can be found on social networking sites these days. Twitter, Facebook, YouTube and LinkedIn all provide cost-effective business and marketing avenues to connect companies with potential customers.  Lanyard Technical Services would be happy to show you how!

Visit Lanyard Technical Services at:  www.lanyardtechnical.net

How Much is Your Company and Business Reputation Worth?

Takeaway: On any given day businesses can (and do) leak sensitive or proprietary information—often without even knowing it.

In an increasingly connected world where private data systems are connected to global networks, it’s more important than ever to pay attention to the health and security posture of your company’s network, data flow, and critical systems.  This is true regardless of the size or volume of your business.   In the movies, online criminals seek to capture large corporate bank accounts or divert  illicit sources of capital for their own use.  This leaves many small and medium sized business owners to mistakenly believe they can utilize the Internet, yet “fly under the radar” because of their relatively small size.  However, in the real world, online thieves most often seek to capture personal or proprietary data in order to extort money from the custodians and owners of that data.  Small businesses are actually much more heavily targeted since cyber criminals know their security resources are generally less sophisticated than those of the major players. This means even non-profit and not-for-profit organizations are equally at risk.  As alarming as this may sound, there’s yet another truth all organizations must take into account.  While the dangers outside your network are very real, the bigger and more exploited risks often come from inside employees who purposely (or not) fail to handle sensitive data correctly.  On any given day businesses, large and small, can (and do) leak sensitive or proprietary information—often without knowing it— due to not having effective policies, controls, training, or logging in place.  With all of the cost-effective ICSA certified firewalls and security appliances available today, business owners and managers who fail to take the dangers of the Internet seriously are putting their organizations at undue risk, often for a savings of only a few hundred dollars.  How much is your company and business reputation worth?

Visit Lanyard Technical Services at:  www.lanyardtechnical.net

World IPv6 Day Report Card

Takeaway: We now know that the new IPv6 Internet can co-exist peacefully with the fading IPv4 Internet, but there’s still more  work to be done!

As mentioned previously, the near future will see the Internet will move from one basic network addressing protocol, IPv4, to two protocols, IPv4 and IPv6. This move is necessary because IPv4 cannot provide sufficient addresses for all the devices that connect to the Internet. Please refer to my previous blog post for a non-technical explanation of the present situation.

Because it’s not feasible for everyone connected to the Internet to move from IPv4 to IPv6 simultaneously, the Internet will, by necessity, need to use both IPv4 and IPv6 for a considerable amount time. Some experts estimate this intermediate state could last as long as 10 years. One step in preparing for this intermediate state (known as “dual-stack” addressing) was designated “World IPv6 Day,” a worldwide, 24-hour live test of the Internet’s ability to route and process IPv6 traffic along with IPv4 traffic.

Almost no prior details of this worldwide event appeared in the major news media outlets.  I checked the MSN and CNN web sites this morning (even CNN’s Tech news) to find absolutely nothing reported of the event itself, nor any mention of preliminary results.  However, I did spend time scouring the Internet for news and results of this event and here’s what the major Internet players had to report.

As reported by ZDNet, by noon time (Eastern USA), every dual-stacked IPv4 – IPv6 site listed on the Réseaux IP Européens’ (French for “European IP Networks”) IPv6 Eye Chart were green lighted, meaning that pages requested from these sites were able to deliver fetched content in 10 seconds or less. This affirmed these major sites as working correctly for people using the traditional Internet Protocol (IPv4) and users working with IPv6. This was one of the project’s major goals and it appears to have been a success—on the surface anyway.

Now here’s the rub. IPv4 users were able to connect as usual 100% of the time. Things weren’t so good for IPv6 (only)  users though. For people using IPv6 (only) from their home or office, 94% of requested sites didn’t show up correctly, or at all. Most of the misbehaving sites were minor sites, but it still points out the need for more work to be done before these sites are ready for IPv6 prime time.  The biggest issue with these sites was improperly formatted, or non-existent,  IPv6 DNS entries (a subject for another article).

So what did the Internet community learn from this 24 hour test event? Well, we now know that the new IPv6 Internet can co-exist peacefully with the fading IPv4 Internet. That’s good news—especially if the current projection of  more than a decade holds true for the two IP stacks to coexist on the Internet. We also learned that as the older IPv4 Internet fades away there’s more work that needs to be done.  Count on future test dates to take place as this massive undertaking continues.  There’s no going back and complacency is simply not an option if the Internet is`to survive and grow as needed in the coming decades.

Visit Lanyard Technical Services at:  www.lanyardtechnical.net

June 8, 2011 is World IPv6 Day

Takeaway:  On June 8, 2011 many major Internet companies will enable IPv6 on their networks and websites for 24 hours in order to test their ability to handle IPv6 traffic.

On June 8, 2011, along with some of the Internet’s largest players, Lanyard Technical Services will be taking part in “World IPv6 Day,” organized by the Internet Society (www.ISOC.org).  This 24-hour period will allow the Internet at large to test its readiness for the relatively new addressing protocol known as Internet Protocol ver.6, or simply IPv6. The additional goal of World IPv6 Day is threefold – “to Promote Awareness, Test Connectivity, and Encourage Implementation of IPv6.”

Here’s my brief, non-technical explanation of the current situation and why such test days are needed….

Every piece of equipment connected to the Internet (computers, servers, routers, managed switches, cable or DSL modems, firewalls, VoIP phones, mobile phones, and a slew of other devices) must be  associated with at least one unique ID number known as an IP address.  The need for a unique IP address is similar to the need of a telephone number for every phone in service today.  In the same way a telephone needs a unique number in order for the phone company to route calls to and from it, every device connected to the Internet needs a unique address number in order to be accessible via the web and to make use of the many services the Internet has to offer. Currently most of the Internet uses IPv4, an address numbering scheme which came into use as far back as 1981—long before the Internet as we know it today came into widespread use.  In a nutshell, the current IPv4 addressing scheme simply doesn’t provide enough unique addresses to accommodate the explosion of the Internet and the many new devices and services that have come into existence over the years. Current estimates hold that the world could run out of unique web addresses as soon as November, 2011, unless it adopts the newer IPv6 protocol, which provides trillions more new web addresses.

Most small and mid-sized businesses use IPv4 on their private internal networks and will likely continue this use for some time to come.  However, connectivity between businesses, vendor partners, web content providers, and cloud service providers over the public Internet will be severely impacted once the currently available pool of unique IPv4 addresses has been exhausted.  Without additional unique IP addresses, the Internet will not be able to grow as it has over the years. In preparation for this inevitability, many large networks like Google and Microsoft have already implemented IPv6 to varying degrees.  June 8, 2011, will be the first opportunity to see IPv6 in action on a global scale.  The majority of Internet users should be unaffected during the June 8^th trial.  However, it’s estimated that a small percentage (perhaps .05% of all users) may experience difficulties accessing sites that are participating in World IPv6 Day testing—mostly due to misconfigured network equipment or other unforeseen glitches. The only way the Internet community can be certain how successful their conversion work has been will be to coordinate a number of test dates, June 8^th, 2011, being the first of these dates.  During this testing period, network operators will be standing by to observe, support, and learn from the challenges that will inevitably surface throughout the day. By working together, ISPs, web site operators, operating system manufacturers, and equipment vendors will be able to diagnose and address these problems. If global issues are discovered, vendors and ISPs will then have an expanded dataset they can use to cooperatively work together toward a global resolution.

Some of the more familiar content providers taking part are Google, Yahoo!, Akamai, Microsoft Bing, Facebook, Cisco, Juniper, Vonage, and more than 300 other companies around the globe.  A complete list of participating organizations can be found at http://www.worldipv6day.org/participants/index.html.

Organizations and individuals interested in taking part in World IPv6 Day testing can obtain more information at: http://isoc.org/wp/worldipv6day.

Visit Lanyard Technical Services at:  www.lanyardtechnical.net

“The Lanyard Connection” So What’s In a Name?

Takeaway: “that which we call a rose, by any other name would smell as sweet…”

I’m often asked about the meaning of my company’s name, Lanyard Technical Services, LLC.  I didn’t choose the name lightly.  In fact, I put a great deal of thought into it.  The technical services part is easy enough.  These are service offerings such as technology management, network design and security, IT compliance solutions, etc.  But what about the Lanyard connection?  Well, here you have it (inasmuch as you can trust anything you read on the Internet these days)…

Sometime during the 15^th century, large riggings known as “laniards” first came into use aboard sailing ships.  These riggings were used to lash down valuable cargo while navigating rough seas.  Sailors also made use of personal lanyards (decorative straps or cords) to secure smaller items such as knives and whistles against accidental loss.  By the early 1900’s soldiers made use of lanyards to secure important items on the battlefield and ensure their readiness at a moment’s notice.  While their size and appearance has evolved over time, lanyards are still used today to keep essential items close and available (keys, flashlights, cameras, cell phones, USB drives, etc.).

Extending this concept to the modern digital realm, Lanyard Technical Services LLC supplies small and mid-sized businesses (1-500 employees) with a variety of standard and specialized information technology management, support, and security services designed to keep an organization’s valuable technology assets and data secure and available to the right people at the right time.

Now you know!

Visit Lanyard Technical Services at:  www.lanyardtechnical.net

Track, Organize, and Document Your Software Installations

Takeaway: Software audits are becoming more common. Accurate and updated records will help keep your software legal and your business free of fines if an unforeseen event triggers an audit.

Many businesses have a variety of desktop operating systems in service.  Often employees have multiple versions of Microsoft Office products installed, as well as applications like accounting programs, anti-virus software, email software, and a host of others.  If audited, could your business prove its software was properly licensed?  Fact is, many otherwise “honest” companies could not prove proper software licensing if they had to. Often companies are simply unaware of the need to track their software assets.

Software audits are becoming more common as displaced employees report abuses to the Business and Software Alliance.  As an IT consultant, I can’t remember how many times I’ve been asked (or simply expected) by a client to install improperly licensed software.  Of course, I would never report one of my clients on a licensing issue, but I do my best to educate ALL of my clients on the importance of keeping themselves legal.

Accurate records will help keep your software legal and your business free of fines if an unforeseen event triggers a software audit.

Have a related question or comment to share?  Feel free to “ping” me or post your comments here!

Visit Lanyard Technical Services at:  www.lanyardtechnical.net

Like Cybercrime, PCI DSS Compliance is Here to Stay

Takeaway: Businesses that accept credit cards (regardless of size, method, or sales volume) are subject to new PCI DSS 2.0  requirements. If your business is content to blow off compliance you should also get comfortable with the threat of a six-figure fine in the event of a data breach.

Many businesses face increasingly stringent regulatory compliance issues.  The banking, financial services, and medical service  industries have been dealing with increasing regulation for quite some time.  Today, any business that accepts credit cards (Visa, MasterCard, American Express, Discover, and JCB) is subject to PCI DSS requirements.  In the past, only businesses with volumes in excess of 20,000 annual transactions were required to comply.  However, as of  July 1, 2010 all businesses became subject to PCI DSS.  A gap analysis and signed proof of actual compliance (not just on paper) is required annually.  In the case of leaked or breached customer credit data, fines for non-compliance can be as much as $100,000 per incident.  Online breaches are common and real.  Your compliance should be real as well.

Many small and mid-sized businesses regard PCI compliance as costly and burdensome–and truth be told, it can be.  However the cost of non-compliance and/or a data breach can be far more costly in terms of fines and collateral damage to a businesses’ reputation.  Like it or not, cyber-crime is not going away.  Neither is the responsibility of maintaining annual PCI compliance.

Got a PCI experience to tell?  Maybe a PCI question to ask?  Feel free to bring it here!

Visit Lanyard Technical Services at:  www.lanyardtechnical.net

How’s Your Company’s Current Security Stance?

Takeaway: Your company may be small, but if it’s connected to the Internet your data is as much at risk as any large corporation.  It’s up you to you (not your ISP) to make sure your data and company secrets remain secure online.

In an increasingly connected world where high-value data systems are connected to global networks, it’s more important than ever to pay attention to the security posture of your organization’s networks, data, and critical systems.  Your company may be small, but if it’s connected to the Internet its data is as much at risk as any large corporation.  Online criminals are typically interested in obtaining the private data of your business or the personal data of your customer base.  Holding this data hostage is how most cyber-thieves make their money–and a breach could cost your business everything in terms of dollars and loss of reputation.

If you’re still depending on old solutions (a router, a Cisco PIX, or worse yet, sheer luck) to keep your company information safe there’s no better time than now to access your security stance and harden your business against online criminals. If your current firewall solution is more than 3-4 years old it’s very likely your technology is outdated.  Working with Lanyard Technical Services to secure your network, data, or critical systems is more cost-efficient than you may think!

Tip:  The FTC published a brief guide for businesses called Protecting Personal Information, A Guide for Business. The PDF version is now out of print but you can click here to anonymously download a cached version from our web site.

Visit Lanyard Technical Services at:  www.lanyardtechnical.net

Review Your Hardware /Software Maintenance and Vendor Contracts

Takeaway:  Nearly all companies can save BIG by proactively reviewing their contracts and agreements.

It’s good practice to periodically head to the file cabinet to make sure your maintenance agreements and contracts are in order. This includes not just the big ones, like Microsoft licensing, but also smaller ones such as Internet access or IT support agreements.   Many IT support agreements have deadlines in which to use service hours—even though you paid for them!    Aside from support, many agreements entitle customers to free updates and version upgrades.  Often these upgrades are long overdue and may include needed security or regulatory compliance fixes.

Many times companies continue to pay for maintenance or support contracts years after a covered hardware or software application has been taken out of service.  If possible, audit every item your organization is being billed for and make sure your contracts are still relevant.

And don’t forget insurance policies—general liability, errors and omissions insurance, bonds, etc.  Do your current coverage levels still make sense?  Are you still getting the best rates you can?  You may be able to save your organization hundreds or even thousands of dollars by reviewing service agreements and insurance policies before they self renew.  Once an insurance company or other service provider is made aware someone at your company is reviewing contracts, your organization is likely to be classified as an “at risk” account with that vendor.  Companies viewed as at risk clients generally receive better pricing and other concessions when contracts are renewed.

Visit Lanyard Technical Services at:  www.lanyardtechnical.net

Replace Strategy “De Jour” With Strategic Planning

Takeaway:  Business entities, large and small, need to adopt a balanced approach to their decision making processes.

As a tech consultant I witness many businesses caught up in “analysis paralysis” –the inability of an organization to move ahead on a project or business decision due to over analyzing their situation.  In my experience, this scenario seems to happen more often in older, more established companies. The opposite problem of analysis paralysis is to overreact to a single data point and declare a new direction without giving that new direction enough consideration.  This seems to happen more often in newer start-up companies.

Developing an effective strategic planning process helps successful companies steer clear of either scenario and enables them advance their agenda with greater control and confidence.  This holds true whether talking about business, marketing, or technology planning decisions.

Share your experience–which end(s) of the spectrum have you witnessed, and how did your company work through it?

Visit Lanyard Technical Services at:  www.lanyardtechnical.net