We hope our blog will help you with your IT questions


  • Home
    Home This is where you can find all the blog posts throughout the site.
  • Categories
    Categories Displays a list of categories from this blog.
  • Tags
    Tags Displays a list of tags that have been used in the blog.
  • Bloggers
    Bloggers Search for your favorite blogger from this site.

Posted by on in Information Security

Most of us have dozens of credentials which we use unconsciously…to log into our business network, to check Facebook, payroll, accounting, encrypted email, Dropbox…the list seems endless. But we log in so automatically that we tend to forget what those credentials are protecting. 


Access credentials are a critically important piece of information infrastructure, and in many cases they are one of the ONLY things which separate our critical data from the Internet (and unwanted access by third parties). So let’s play a little game…we’ll ask you for a list of the things you would do with credentials IF YOU ABSOLUTELY WANTED SOMEONE ELSE TO GAIN ACCESS TO YOUR SENSITIVE INFORMATION. 

  • Use a simple password such as password123 
  • Use a short password 
  • Never change your password 
  • Use a password with your name, a child’s name, your address, or your phone number 
  • Place your password on a sticky note and tape it to your monitor, or to be really secure, tape it under your keyboard 
  • Use the same password for Facebook and your accounting, payroll, or tax accounts…or for that matter use the same password for 30 or 40 different accounts 
  • Keep your password in a note on your phone (which is probably not encrypted, nor is it set with a passcode) 


You get the point. So let’s start to fix this… 

  • Assemble a written list of all your credentials – it will need to go in your safe between uses 
  • Mark the credentials which are business critical…these are the ones that if a malicious outsider carefully used them, they could make your life miserable. Think accounting, banking, payroll, taxes, sensitive cloud storage, backups, etc. Make sure that these are changed at least 2-3 times per year, minimum. Make sure that they are changed in the event of any significant staffing change 
  • Try the habit of using a passphrase which is complex, i.e. upper case, lower case, numbers, and special characters, and which is strong (over 8 characters) 



If I love my dog:  iL0V3MyD0G 

If I hunt:  iLiKe2BL@$TPeskyW@bb1t$ 


The key is to use multiple words, associate them with something important to you (to make it easy to remember), and substitute special characters or change letter case in a consistent way (consonants can be caps, vowels lower-case for example). 

  • For unimportant accounts such as Instagram or Facebook usually credentials are not as big an issue 
  • Change your passwords on a regular basis 
  • Remember to NOT use consistent credentials for important accounts. If your Facebook account is the same as your payroll account, if FB is compromised, so are you. 
  • Protect your credentials list carefully, ensure that others cannot access it electronically.
Continue reading
Hits: 308

Ransomware has grown exponentially during 2017, and the trend seems likely to continue in 2018 as well. There are few options available once a ransomware virus has taken over your system. The time to act against ransomware is now. It is important to protect yourself before your system is affected.


Alarming Numbers and Trends 

Ransomware attacks on business increased 36 percent in 2017, with small businesses presenting the biggest targets. Keep in mind this is a 300 percent increase over 2015. Some of the most concerning trends in ransomware attacks were attacks on healthcare related organizations being the fastest growing targets, and that mobile devices are showing signs of being the next channel that attackers zero in on. The odds that your system will be hit with a ransomware attack at some point is almost certain. 


Responding to an Attack 

Once your system is hit, your options for responding are limited, and many Americans simply pay the ransom. Just like cooperating any blackmailer, however, paying the ransom makes it more likely that you will be targeted again in the future. In some cases, it may be possible to decrypt a system that’s been hit by a ransomware attack, but even in cases where the decryption is known, you may still lose some data. The best hope for recovering from a ransomware attack is to have a quality backup system in place beforehand. 


Take Action Now

Most ransomware attacks are not brand-new threats. Hackers recycle old attacks hoping to catch systems that have not updated their software with the latest security patches. Close the known vulnerabilities in your system by staying on top of software updates and keeping your system current.


Emphasize the importance of not opening suspicious emails. Infected emails remain the number one gateway to your system. Make regular reminders a part of life to avoid those emails and forward anything remotely suspicious to the IT department.


Have a backup system in place to recover data from before the infection occurred. Once your system is compromised, having a backup is the only good option for recovery.


By being proactive, your system may weather the crisis of a ransomware attack. The odds are you will take action against ransomware. The only question is whether this action will take place before or after an attack.

Continue reading
Hits: 475

What used to be a simple inconvenience is now a fatal blow to a lot of companies. Data loss has become a critical problem in an age that revolves around information technology. One large data loss could be enough to stop a budding company in its tracks. Luckily, there are ways to reduce the risk of serious data losses. Learn the best practices for data backup and recovery your company needs to be using, including having a written recovery plan, backing up to the cloud, relying on automation, and using the right technologies. Dolce Vita IT Solution offers Sempreon DATTO as a comprehensive data recovery solution perfect for any company.

1.     Have a Recovery Plan


Dolce Vita recommends making a written plan to prepare for emergencies. Everyone should know the plan and take ownership of both their day-to-day role and their role in an emergency. Establish different layers of redundancy, as well as what to do when data loss happens. Review the plan regularly to keep it up to date.


2.     Vary Storage Methods


Using multiple methods of data storage provides flexibility and redundancy. The cloud offers cost-friendly protection free from on-site risks and allows for quick recovery of information. Dolce Vita makes image-based backups, not files/folders only, tests the backups daily to make sure they restore correctly, and provides virtual machines on your network as backups, getting you back online in minutes, not hours.


3.     Capitalize on Automation


Automation provides constant protection that avoids such circumstances. People forget to back up their data; automated processes remove that from the equation. Manual processes can miss steps, while correctly configured automated backup will complete each step before going on. Sempreon DATTO automates the process for you, giving your administrator real-time oversight on backups both on-site and off.


4.     Have the Right Technology


Make sure you have the right technology for your company before you need it. Self-Monitoring Analysis Reporting Technology (SMART), for example, monitors storage drives to spot potential failures before they happen. SMART allows IT staff to back up data before the drive dies. 


Having a plan helps everyone feel confident regarding the security and integrity of their data. Sempreon DATTO provides the solution your company needs to protect your data, keep you aware of its status, and be ready for whatever happens. Contact Dolce Vita for more information.

Continue reading
Hits: 473

The business impacts of ransomware

Most business users have heard of "malware" - malicious software designed to disrupt a business, cause an alteration of processes, etc.  "Ransomware" is a variant of malware which in accordance with the name, is designed to infect a user's system (and potentially any connected networked systems) with code which either locks out access to the data, or which is capable of encrypting the subject data.  The perpetrator will attempt to blackmail the company into payment of a "ransom" to regain access to the affected data.  Ransomware is more widely known now, both because of the damage done to organizations, but also because these organizations were generally doing a reasonable job of protecting their systems.  Ransomware is truly an attack which relies primarily upon 1) untrained or unwary users and 2) poor information technology defenses

Some useful links are noted below with good synopsis regarding ransomware and methods such as CryptoLocker and CryptoWall:






It is worth noting that some of the recommended steps to avoid ransomware focus on software and hardware solutions...but in our experience, the most advanced defenses must be used IN CONJUNCTION WITH proper user training, awareness, and discipline.  Some of the most current advice regarding prevention is offered by Trend Micro, CERT, Sophos, and the FBI.  Interestingly, the FBI has counselled victims in the past to pay the ransom...for the most part, these companies were not going to recover their encrypted data any other way.

To prevent ransomware we strongly recommend the following:

  1. Business' must train users about the risks of ransomware, what vectors are used to distribute it, and how to respond
  2. Critical systems must be backed up using image-based backups on an hourly or multi-hourly basis
  3. Windows Updates on servers and workstations must be centrally managed and as up-to-date as possible...weekly reporting should reflect any deficiencies
  4. Businesses should use at least one type of content filtering to filter (and report on) web usage of all types, and be set to block malicious content consistent with best practices
  5. Anti-SPAM should be configured consistent with manufacturers best practices...these change and should be reviewed at least monthly for configuration changes
  6. Antivirus must be up-to-date, cover ALL devices which are capable of accessing server-based data or other shared data of any type, and configured according to the latest best practices
  7. An organization's IT group must have DR design which accounts for the response scenarios involved with ransomware
  8. Be flexible and understand this threat is changing continuously...adjustments to configurations will be required
Continue reading
Hits: 1794

Malware can be a problem for any business...causing slow workstations and slow access to data for users. 

Dolce Vita has worked with organizations from small non-profits to mid-sized banks and hospitals to reduce their risk and susceptibility to malware and SPAM.  Through an understanding of key risk factors for a client business DVITS designs and manages the means to reduce these risk factors.

User education is the most effective means to reduce risks...if users gain an appreciation of the costs of malware to the organization, and if they are encouraged to accept some ownership and responsibility this is a key step.  Using a firewall which is capable of real-time website filtering based upon organizational policy is effective as is weekly reporting of all website traffic trends for the organization.

DVITS is a strong proponent of cloud-based anti-SPAM filtering and uses this technology to minimize the processing load on mail servers.  This also reduces risk to the organization by keeping malicious emails from ever reaching the mail server.

As with all security measures the network admin should be able to see a console or receive detailed reports on centralized results of these measure.  Detailed reports allow the admin to take specific actions to eliminate problems before they impact the organization.

Continue reading
Hits: 3439