Have any questions? Call us at 503.517.2008          Click here to log into the Upward Client portal

September 15, 2017

No Comments

Our key takeaways from the massive Equifax breach

Most of you have probably seen the recent headlines that the credit reporting agency Equifax had a massive breach earlier this year, that was made public in the past few weeks and reportedly affects at least 143 million people. We believe that Equifax has done an atrocious job of handling this enormous catastrophe, providing little and wish-washy messaging, contradicting itself and offering unimpressive resources for those affected.

And while this event may have negative consequences for many of us, there are lessons to be learned.

Here is a rundown of the missteps made so far by Equifax, as reported on CNN Money:

  • Equifax waited six weeks before it announced its massive breach that compromised the data of 143 million Americans.
  • Three Equifax executives sold shares days after the company found out about the hack.
  • Equifax chose not to notify people who were affected; instead it set up a website.
  • The website wasn’t ready for days. People who entered their information were told to come back later.
  • Equifax offered free credit monitoring, but it initially required enrollees to waive their right to sue the company.
  • It later backtracked, allowing people to sue — if they send Equifax written notice within 30 days. Equifax has not removed the opt-out language from its general terms of service, but later assured customers that it won’t be applied to use of the credit-monitoring service.
  • A customer service representative tweeted “Happy Friday!” from the ‘Ask Equifax’ Twitter account last week.
  • Freezing credit is the best way for victims to protect themselves, but Equifax charges for freezes and has not made it easier to accomplish. On Monday, Equifax said in a tweet that “in response to consumer feedback, Equifax will waive all Security Freeze fees for the next 30 days.”
  • Equifax assigned easy-to-guess PINs to people who froze their credit.
  • CEO Rick Smith stayed mum until a USA Today op-ed on Tuesday.
  • Equifax has still failed to say how many people in the United Kingdom and Canada were affected.

You might read this list and shake your head, asking how a huge company with armies of resources might have struggled so much with steps that seem like common sense? The answer is simple, they didn’t have a clearly defined plan before it happened.

In situations like this, the variables are overwhelming:

  • How do we know when we know enough to make this public?
  • What customers do we tell?
  • How do we handle PR, Legal, IT?
  • Who will handle PR, Legal, IT?

These are tough questions, but there are some questions you can have answers for prior to the event:

  1. Decide who in your business will be first chair, second chair in an event.
  2. Decide what money you would be willing to spend? This doesn’t mean you have to spend it, nor does it mean that is all you might spend in the heat of battle, but it ensures that you have decided what you are prepared to part with.
  3. Buy an insurance policy. Consult a professional who has expertise in the data breaches and make sure you have a policy that appropriately covers your risk profile.

While we don’t believe the risks to any of our customers who were affected will spill over to their professional lives, there is the possibility that the information that was hacked could be used to infiltrate users personal accounts, which could in turn compromise work systems if passwords are shared. Please use the following link to verify if you may have been compromised. We encourage you to check the following link: https://www.equifaxsecurity2017.com/potential-impact/

If you find your name, please attempt to verify if the password you use for Equifax may be similar or identical to the password used for any other systems and change them immediately. Changing key passwords is a good precautionary measure any time you have concerns.

Looking for a technology solution to this problem? Upward has several different options that can make your work environment significantly safer from security threats. Contact us today!

 

September 1, 2017

No Comments

We are now a Certified B Corporation!

After two years of working hard to meet the rigorous requirements of this great movement, we are proud to announce Upward Technology is the 1st B Corp in our industry in the great Northwest!

What does it mean to be B Certified? Certified B Corporations meet higher standards of social and environmental performance, transparency, and accountability. B Corporations are leaders of the global movement of people using business as a force for good.TM 

Unlike traditional corporations, Certified B Corporations are legally required to consider the impact of their decisions not only on their shareholders, but also on their stakeholders (e.g., workers, suppliers, community, consumers, and the environment).   

We really believe it’s the way business should be run these days and we’re happy to be leaders in our field. We hope more businesses will join us in this movement. Please let us know if you’d like hear more about our experience and how we did it!

Big Ups to SOLVE

We highlighted our work with SOLVE of Oregon in our application. A big contributor to our success! Pictured is our group volunteering for their annual litter cleanup!

Learn more about their great organization »

Thanks to Sparky!

Another win for us was the amount we were able to decrease our emissions thanks to our excellent electric vehicle (nicknamed Sparky). We use it for almost 95% of our clients visits at this point

 

August 29, 2017

No Comments

Never Miss a Post! Follow us on Social Media!

At Upward we’re constantly trying to make sure our customers and affiliates have the best information at their fingertips. This means that when it comes to an important alert about a major ransomware scam, or news of a hot new technology that we’re excited about, we try to reach as many of our clients as possible.

Which means we’re consistently posting important tips, alerts, and thought provoking content to Twitter, Facebook, and LinkedIn!

Make sure you don’t miss a thing and follow us today. Social Media is one of the best ways for Upward to get you all national, international, and hyper-local technology news!

We’re on Facebook

Twitter

 

And LinkedIn

 

And feel free to share info, ask questions, and comment. We’d love to interact with you more about all things tech!

August 9, 2017

No Comments

3 Reasons why you should fire your IT Support guy

For most small to mid-size businesses the question of whether your should stick to your in-house tech support employee or outsource your IT Management come up frequently. While the convenience and perceived safety of your in-house tech person is pretty obvious, what is not are the reasons why you should fire your IT Support guy…

This blog is not going to make me popular with IT Managers. However, it will define a more and more common reality for small to midsize companies with less than 150 employees. In companies of that size, there are numerous factors that make the full-time IT employee or 2-3 person department, less effective or even counter-productive to the strategic plans of the organization. But having an IT guy in-house is comforting, convenient and predictable, so why fire your IT guy? 3 big reasons:

  1. Expertise

Information Technology is dense, complex and very dynamic. Much like medical professionals, very smart individuals spend their entire careers on a single discipline (like security or networking) and still only cover a fraction of the whole topic. Companies who think “an IT guy is an IT guy” are dead wrong. The reality is, if you want an expert generalist, you may get most of the way there, but will be flat footed on anything requiring specific depth. For instance, your company is affected with a malware outbreak. Your IT person may be equipped to do the very basics like run scans or check firewall settings, but after that he or she will likely be Googling protocols for the next step, and deciding the correct path forward in a vacuum. There are simply not enough hours in the day to be excellent (or perhaps even decent) across the entire IT spectrum.

  1. Accountability

The fact of the matter is, IT is murky to most people. As a business owner or manager, you really don’t know if your IT guy or small support department is doing a good job in all facets of the position (system architecture, stability, risk management & security, strategy, training etc). IT is as important a function as accounting, payroll or sales, but can be more difficult to manage. Even with a team of three very smart IT people, how do you evaluate if the department is managed well? How do you fairly compensate for performance? What are the benchmarks you measure the department against? Do you call in an expensive independent auditor and destroy valuable tryst? You will likely not be able to come up with good, sustainable answers and will have to put too much blind-faith into the systems that make or break your business.

  1. Strategy

The most common place we see the single or small team of IT professionals fall the shortest is in long-term planning. Most engineers are very good at executing on complex tasks, but few are able to translate business goals of a company into a long-term strategic plan. Part of this challenge derives from the inherent and almost unavoidable bias internal IT guy has against pushing boundaries and taking risks. Why? Because there is never time for a tiny tech support department to do adequate R&D for new projects (if they have a life). And the downside of experimenting with a new solution and risking making an expensive, embarrassing or disruptive mistake is too great. As it becomes evident that this department is not strategically consistent with the overall direction of the company, the value of the department will slowly diminish and wither and your investment into technology will flat-line.

 

Statistically, the era of the solo IT practitioner, in-house or outsourced, is dwindling. IT is too complex for the “expert generalist”, and clients are beginning to understand that just because somebody knows computers, doesn’t make them the right fit to strategically guide a growing company.

As a managed service provider in Portland, we behave and utilize systems similar to an Enterprise IT department. We have depth in our bench, numerous certifications and areas of expertise, metrics, a robust R&D department, best-of-class management systems, decades of combined experience, strong strategy mapping processes, and we never take a sick day.

Call Upward today to evaluate a better way to manage your technology.

Subscribe to our blog/newsletter    Contact Us

 

August 4, 2017

No Comments

8 Tips to help you prevent a phishing scam

Are you worried about the influx of phishing scams and ransomware attempts that are being made these days? Here are 8 things you can do to prevent yourself from getting spoofed!

We are seeing it more and more everyday. In fact, there was a two week period this summer where we heard daily from our clients about potential phishing scams going around. Some were even over the phone! Spear-phishing is seemingly on an uptick with more and more regular attempts being made by cyber-criminals attempting to get your information and extort you. But there’s hope! You don’t have to become a victim! There are some pretty simple ways to spot these kinds of attempts and to take action to make sure your data and your identity is safe online. Here are 8 great tips to prevent a phishing scam from getting your information and your money:

  1. Pay attention to the email address, not the display name.

When you get the first initial contact from a scammer they will usually try and impersonate someone in your organization. Basically, they do this so you’ll see the display name as either someone you know and trust or from a vendor you work with. But don’t be fooled by that! Make sure you are looking at email addresses too. John.Barker5674@bogusdomain.com looks a lot more fishy than John.Barker@youractualdomain.com  doesn’t it? This is a first big sign that someone is attempting to phish you.

2. Peek at links in the email, but don’t click on them.

If you are getting an email with links and you’re not sure if they are legit, hover your mouse over them and you should see a preview of the URL. If it looks messy and is essentially gibberish that is a pretty sure-fire sign that it’s bogus and pointing you to a ransomware site. Don’t click on it. And a general rule of thumb: if the email looks unsolicited then do not click on anything within it.

3. Don’t give up your info.

Any vendor, partner, bank, or supplier you work with already has all the info they need from you. If they need to “confirm your credit card information” they are not going to try and get that done via email. They are going to call you or your accountant directly.

4. Check for spelling and grammar.

Spelling and grammar can say a lot about the legitimacy of an email. If it seems as though the sender doesn’t have a good grip on your common language or has misspelled words or phrases then you can bet they are not a legitimate source.

5. Take a hard look at the signature.

Not much info there? No phone numbers, logos, or sign-offs? Lack of details about who the signer of the email is points to phishing.

6. Don’t click or download attachments.

Attachments from senders you don’t recognize could contain viruses and malware that are meant to steal your passwords, your valuable information, and also leave your computer unusable.

7. Beware “urgent” language in the subject line.

How often do you actually get an email from a colleague, customer, or vendor that involves an urgent call to action in the subject line? This is a way for the phisher to illicit an emotional reaction from you so that you’ll act without fully diagnosing the phishing attempt. Beware of this tactic!

8. Don’t be fooled by common logos and branding.

In this digital age anyone can download an image of Microsoft’s logo and pretend to be a support rep that needs your financial info so that your Office 365 subscription isn’t cancelled. Make sure you are taking a good look at this kind of phishing attempt. If you’re a client of ours, you shouldn’t be seeing anything regarding your technology contracts that doesn’t come through us first! And again, if someone needs to update your billing info, they’ll do that with a phone call.

So there you have it: 8 easy tips to help prevent yourself from getting scammed via email phishing attempts. Want to know more about this topic or talk to an IT provider who makes it their everyday job to protect each and everyone of our clients? Then contact Upward today!

Subscribe to our blog/newsletter    Contact Us

 

July 28, 2017

No Comments

The 2 Indispensable Steps to Better Cyber-Security

There are 2 indispensable cyber-security steps that are available to you and you can take them today!

I had a recent discussion with my friend who is the Chief Technology Officer for a 500 person prescription management company about the new age of cyber security. One inevitable conclusion he pointed out is that clever Cyber-criminals will forever be formulating new strategies to surprise their intended victims, making it fallible (at the present) to rely on technology alone to protect your business from malicious threats. There are common-sense technologies that should be in place such as Enterprise-class anti-virus & anti-malware,  or a firewall that filters traffic and spam. If you work with Upward, you can rest assured that these are actively managed by default. But even with these measures in place, you cannot expect to be safe without an educated and savvy workforce. The bad news about cyber-security: it’s not a matter of if your business will face an event, but when your business will face the event. The good news: You can take some of the most effective steps towards protecting your business right now and with a small investment of time. The following are 2 indispensable cyber-security steps you can take today, with little to no investment:

Training for Users

Take time in an upcoming staff meeting to have an open-forum discussion with every staff member about the types of cyber-security risks that exist out there: spear phishing, ransomware and malware, etc. and the ways those threat vectors are introduced and appear in your environment.

If you don’t know how to facilitate this discussion, invite your IT provider to lead the meeting. This is perhaps the most meaningful information you can give your people to help protect your company. It is their common-sense vigilance that is your best line of defense against cyber-crime.

Policy for Disaster Response

You can prevent disaster to your heart’s content, but it will still be “when” not “if”. So the question becomes, what will you do if something bad happens? This is the simple question that should be thoughtfully considered, reviewed, documented and trained to. After malware is discovered and reported by your staff, and you determine that client data was compromised, will you call your clients to let them know something bad happened, or not tell them at all? Will you call in an outside forensics company, a PR company, a cyber-response firm? When will you make an insurance claim? This “who, what where, when, why” are critical questions. The ramifications if you get them wrong can be a PR nightmare, a devastating lost trust or even a lawsuit.

Just as with training, there is a huge amount of free information available online and your IT resources should be able to facilitate the creation of a clear plan that you can document and train your people to adhere to. If you need to talk more about how you can help you and your staff be better prepared when it comes to risks in cyber-security contact Upward Technology today!

Subscribe to our blog/newsletter    Contact Us

July 20, 2017

No Comments

The Three Philosophies of Information Technology Investment

There are a few schools of thought when it comes to how you spend your money on IT as a business owner. While it is becoming more and more apparent that spending on technology is a necessity for any business to survive, it’s how you spend it that ultimately matters. Here are the three philosophies of information technology investment, and what they mean for the future of your business.

The way a business manages technology has broad reaching implications for how their business will thrive. Technological investment is one of the few avenues where a business can inexpensively and measurably enable their employees to get more done in a day. Yet we see so many companies, most companies even, falling victim to the wrong mentality about how technology is managed and nurtured. We have outlined three philosophical categories that most business owners fall into, and what they mean for the future of your business.

Depreciating Asset-  You have a reactive approach to your investment in technology.  You strive to spend as little as needed in your infrastructure with a hope that these costly and completely discrete investments will get you by for as long as possible.  Your company’s infrastructure and productivity gradually erode as you continue to invest the same amount of money each year into your technology with no idea how to make things better.  Technology projects are continuously put on hold because management does not have the bandwidth to manage them AND the day to day operations to drive revenue.  You sit back and watch as stacks of clutter build up around you with no plan on how to dig yourself out of the technological hole you’ve created. 

These companies inevitably get pushed out of business because all they have focused on is surviving and they cannot compete with even the simplest of competitors that have figured out how to maintain their technology so it does not damage their overall productivity.  This behavior is the equivalent of going to your financial advisor and expecting a LOSS.  Not only expecting a loss but making it a goal NOT to make money on your investment. 

Cost Center-  You view your IT department as a cost center.  You are willing to make investments in technology as long as the direct result is that employees can do their work (without consideration to productivity) and that you are not at any major security risk.  While this seems to make sense, you have no real idea how these discrete investments are negatively affecting your overall infrastructure.  The reality of the situation is that you are continuing to dump money into your IT infrastructure, but only to PREVENT a loss in production or a major catastrophe with no real thought going to how you can improve your systems in order to drive company goals.  While you are not going to lose to the depreciating asset company, you are still fighting for scraps at the table with no real potential of ever truly competing outside of your current customer base.  This is the equivalent of going to your financial advisor and giving them your money and telling them that your goal is to cover the cost of inflation and fees and that is it. 

Appreciating Investment-  You have made the decision that you want your technology to help drive business.  You have a team in place that has provided you with a competitive advantage in the marketplace. The competitive advantage is that this team is efficient enough at performing the functions of your IT department (day to day support, security, stabilization) that it can help you focus on the revenue generating aspects of your business. They provide vital data about your technology to help drive better decision making and help prioritize the projects that will have the most impact across the company.  They have instituted a Project Management System that sets clear, tangible deliverables for each project and can be monitored by all stakeholders as projects move through each stage of the process.  If you can partner with the correct team and this relationship functions appropriately, you will knowingly be investing in your IT infrastructure in the exact way you intended, ultimately optimizing the productivity and profitability of your system.

These are the companies that grow.  These are the people that find the financial advisors that best suit their needs and risk tolerances, and ultimately appreciate their wealth.  These are the business owners that can effectively run a company with the focus of creating value in what they have and scaling that value to grow and succeed.

Which one of these business owners are you?  If you are a depreciating or cost-center owner, how do you begin the process of moving in the other direction?  These are challenges that every business owner faces every single day.  The first step towards moving in the right direction is seeking out a partner that understands the issues and can help create a path forward in an intelligent, informed and processed manner. And that’s Upward Technology. Contact us today!

Subscribe to our blog/newsletter    Contact Us

June 30, 2017

No Comments

Why you should be on Windows 10 if you’re not already…

The very top reason to be on the latest Windows Operating System is security. But there is a lot more to be gained as well. Here’s why you should be on Windows 10 if you’re not already…

We’ve been posting a lot about ransomware and cyber-crime lately. Specifically the two recent cases with #WannaCry and #NotPetya. And one of the biggest takeaways we’ve gained is that out dated operating systems are what are being targeted and should be upgraded asap.

We have a bias for being non-alarmist, but these events have concerned us a great deal as your trusted IT partner, and we want to alert you to new and critical risks you are facing. WannaCry and NotPetya targeted specific technologies in Windows XP, 7, and 8. This technology is no longer used in Windows 10. Windows 7 is now the oldest and least secure Windows Operating System. It was released on July 22, 2009. Mainstream support for it is already over as of January of 2015 and it’s currently in extended support. As a point of comparison, XP was released in 2001, and ended in 2014. Windows 7 is very nearly the same age as XP, and there was a security crisis when Microsoft eventually cutoff support for XP.

So given all of this, it is highly recommended you get all of your outdated workstations up to date and/or replaced asap. But it’s not just about cyber threats, there are other aspects to Windows 10 that make it a vital current operating system:

  • Not only is it much more secure, it also gets all the new engineering updates much more quickly than 7. So your system works better, and updates are easier to manage.
  • Fast, fast, fast – it is 50% faster than Windows 7 for common tasks like restarting, opening applications, and browsing the web.
  • It comes with the Microsoft Edge web browser standard.
    • According to Forbes (and researchers NSS labs) Edge is the top browser for security – “[The] best browser available when it comes to protecting Windows 10 users from phishing attempts and social engineering attacks”.
    • Edge is lightweight and much faster than anything else on the market, due to being totally integrated with the operating system.
    • It has an available touch interface and Cortana support. Essentially Microsoft’s way of competing with Apple and Google’s touch and voice command technologies, and they are surprisingly competitive.
  • It comes with an improved Secure Boot (UEFI)
    • Microsoft’s Secure Boot was introduced with Windows 8, and has been improved with the release of Windows 10. It has replaced traditional BIOS, and helps secure against Malware attacks and infection. And it improves computer wake up and log in time.
  • Windows 10 will save you space. Not only is the OS a smaller installation size, but it also incorporates a more efficient compression algorithm, meaning your files will be smaller so you’ll be able to store more and your hard drive won’t slow down as fast.

Also, looking ahead: Microsoft has let it be known that in order for your network environment to be compatible with Azure (their new cloud based server platform) all of your workstations have to be on Windows 10. Food for thought.

Our plan at Upward is to let you know how many Windows 7 machines you have in your company and work out a plan to upgrade or replace them. But please don’t hesitate to let us know if you want to get the upgrade process going RIGHT NOW! We believe that time is of the essence, as the exploitable risk factors are globally understood.

Subscribe to our blog/newsletter    Contact Us

June 28, 2017

No Comments

Another Ransomware Attack Threatens the West

Another high risk/high impact ransomware attack has hit Russia, Europe and the United States. Here’s what you need to know…

A major ransomware attack has crippled businesses in Europe and Russia. The infection is very similar to last month’s WannaCry attack. The worst reports are coming from Ukrainian businesses, with systems compromised at Ukraine’s central bank, state telecom, and Kiev’s Boryspil Airport.

The attack has even affected the Chernobyl nuclear power plant, which had to switch manual radiation monitoring (scary!). Infections have also been reported in more isolated devices like point-of-sale terminals and ATMs.

The virus has also spread internationally. The Danish shipping company Maersk has also reported systems down across multiple sites. The pattern and methodology is very similar here to Wannacry in that the attackers are targeting low tech networks that have invested only bare bones for their IT security making them easy victims.

First reports from a Kaspersky (whom Upward partners with for our clients security) identified the virus as a variant of the Petya ransomware, although the company later clarified that the virus is an entirely new strain of ransomware, which it dubbed “NotPetya.” Not great since this means that security groups have to find new ways to protect against it.

However, through our research we have found that Windows Defender, Microsoft Security Essentials, MalwareBytes and Kaspersky are all capable of detecting and preventing infection caused by this new attack.  Despite news articles comparing this attack to the recent “Wannacry” attacks, this is a NEW malware which requires user interaction to infect your machine and is not the same code as WCry32. So you as a user also can act as your own firewall. Basically, if you see something, say something, and contact us right away.

Petrwrap or “NotPetya” appears to be a run of the mill ransomware program. Once infected, the virus encrypts each computer to a private key, making it unusable until the system is decrypted by the attackers. The program then tells the user to pay $300 to a Bitcoin address.

As far as we know, the attack isn’t over but that it has mostly been held to Europe with few cases in the states. If you think for whatever reason you might be infected or you’re worried that your anti-virus is out of date, please contact Upward Technology asap. We’ll take care of you.

The big take away here is that outdated systems and security applications are what is being targeted. We’ve said it before but another reminder here doesn’t hurt: it is time to ditch any computer you have in your environment that’s older than Windows 8.1 Professional. The security risks in older operating systems have proven to be severe. Contact us today about making a plan to phase out the machines you own that are the most at risk!

If you’d like to know more about symptoms and what action needs to be taken please see this helpful article from Malwarefixes.com.

Subscribe to our blog/newsletter    Contact Us

June 14, 2017

No Comments

It’s time to ditch your Windows 7 machines

The WannaCry Global ransomware event showed us all how critical it is to have proper cyber-security infrastructure, but it also shed light on the fact that it’s high time to ditch your Windows 7 machines…

First off, if you haven’t read our detailed account of the WannaCry event, go here and brush up on what we’re talking about. It was easily the largest cyber-crime event known to the public.

Here at Upward, we have a bias to being non-alarmist, but WannaCry has concerned us a great deal as your trusted IT partner. And we want to alert you to new and critical risks you are facing.

  1. Security experts agree that that this sort of attack will happen again. And soon.
  2. The technology developed by the designers of WannaCry was apparently taken from a cache of documents periodically leaked by a group known as the ShadowBrokers, who presented them as being stolen from the NSA.
  3. WannaCry targeted specific technologies in Windows XP, 7, and 8. This technology is no longer used in Windows 10.
  4. Windows 7 is now the oldest and least secure Windows Operating System (see below).

We have been suggesting that our clients phase out or upgrade their Windows 7 boxes for some time now, but the point to do so is now critical.

And while it only seemed like yesterday, from a strictly technological perspective, Windows 7 is long in the tooth:

  • Win7 was released on July 22nd, 2009
  • Mainstream support for 7 is already over as of January of 2015. We are currently in extended support which means that support is limited and going away very soon.
  • As a point of comparison, XP was released in 2001, and ended in 2014. Windows 7 is very nearly the same age as XP, and there was a security crisis when Microsoft eventually cutoff support for XP.

So, the prudent course of action is to upgrade your PC’s to Windows 10 as soon as it feasible.

Do you still need more convincing? Here are some sobering numbers regarding the security risk of Windows 7:

  • Windows 7 is currently installed on 48.5% of all Windows computers. It also has the oldest and most outdated security. This means that it is the operating system that cyber criminals are focusing on most heavily when engineering attacks.

Our plan at Upward is to let you know how many Windows 7 machines you have in your company and work out a plan to upgrade or replace them.

We believe that time is of the essence, as the exploitable risk factors are globally understood and gaining traction.

If you’d like to get a jump on the process of replacing and upgrading your Windows 7 systems contact Upward today!

Subscribe to our blog/newsletter    Contact Us