News & Events

Spring Open House 2018

Exciting Expansion Celebrated at Spring Open House

From all of us at The Electronic Office, thank you for celebrating with us at our open house this week! On Tuesday evening, we hosted more than 130 clients, partners, and friends at our new South Asheville headquarters to introduce everyone to our incredible staff, expanded capabilities, and new facility.

Chief Executive Officer Kemper W. Brown Jr. said, “It was really special having so many members of our community join us at the open house. Our new state-of-the-art headquarters represents the next chapter in our 37-year history as it will allow us to expand critical services and add new technologies that are essential to protecting the digital assets of organizations in WNC.”

Our new location is a far cry from our small space in 1981; that’s the year Kemper Brown Sr. opened Electronic Office in the South Forest Shopping Center on Hendersonville Road as a retail store selling and servicing typewriters, word processors, and microcomputers. Much has changed since then. What hasn’t changed is our commitment to provide small and medium-sized businesses in our region with the reliable information technology services they need to grow and succeed.

The move to our new building has already proven to be a success. The building is a highly secure structure consistent with the significant and uninterruptible work we do for clients 24/7. As one client Tuesday night told us, “We couldn’t imagine doing business without Electronic Office!”

We are grateful to have spent such a fun evening mingling with folks from all over the region. Each day, we are proud to provide IT support and management to so many businesses and organizations who have helped shape Western North Carolina into the thriving and renowned destination that it is today.

Share this post

Fun & Philanthropy: Electronic Office Supports ABCCM’s Transformational Programs Through Annual Golf Tournament

One of our core values at The Electronic Office is giving back to our community of Western North Carolina. In April, we were honored to sponsor and participate in Asheville Buncombe Community Christian Ministry (ABCCM)’s 34th annual Golf Tournament at the Etowah Valley Golf & Resort. ABCCM is a nonprofit organization that addresses poverty, hunger, homelessness, and access to health care for the underserved in Buncombe County. We joined 30 other four-person teams and several sponsors in this fundraiser to help raise $75,095 to support ABCCM’s programs!

We enjoyed our afternoon of golf and conversation, and feel so fortunate to be able to give back to ABCCM, which does so much for those served. ABCCM is a family of 284 congregations organized to provide ministry in the areas of crisis, jail, transitional housing (for homeless veterans, men, women, and children), veterans employment and training, homeless prevention & rapid re-housing, a veterans call center and a free clinic offering medical, dental, and pharmacy through more than 6,000 volunteers.

ABCCM has a dedicated group of business and church leaders who are committed to impacting lives during this critical time of the year. Rusty Pulliam, Chair of the Golf Committee, said it best: “I love that ABCCM not only touches about one in five persons in need, but that they do more than put on a band-aid, or pass out food and clothes; they work on long-term solutions to short-term needs. When you understand that they remove the shame of homelessness for veterans, and have an 85% success rate with men, women and children (who are homeless), then you want to be a part of that success. I am committed to raising more each year and plan to be over $100,000 next year.”

The relationship we’ve fostered with ABCCM dates back to 1982 when Reverend Scott Rogers, ABCCM executive director, and Kemper Brown, EO founder, first met.

Both organizations were pioneers in the computer industry from two very different perspectives. The Electronic Office was equipping and training businesses on how to unleash the power of computing in both a high tech but very personable way. ABCCM was seeking to build the first human service network of public and private providers in North Carolina. ABCCM built a coalition that received approval from the NC Attorney General’s Office to become the first to share information in an confidential network and with informed consent. The coalition included community leaders with county health and human services, United Way agencies, and faith based organizations. EO provided the technical capacity and expertise that designed and installed the network with 12 agencies and 22 computers; thanks to a grant from the JANIRVE Foundation.

These two organizations have grown together, continued to break new ground, and are committed to this day to build a strong community by demonstrating that strong relationships with integrity are the backbone of great businesses. We are both dedicated to understanding the need, finding solutions, and never giving up until we produce the outcomes that are a win/win for everyone.

Share this post

World Backup Day is March 31: Have You Taken the Pledge?

When was the last time you backed up your computer files? If the answer is more than a couple days (or you can’t even recall the last time), you are at risk of losing more than you may expect. Hard drive failure or data corruption can cause more than a headache—it can mean the end of your business, the loss of the next Great American Novel, or the deletion of irreplaceable photos. Making an exact copy of your files and data, known as a backup, is so critical for everyone that there’s even an international awareness day on the topic, World Backup Day.

According to WorldBackupDay.com, only one in four people make regular backups of their data and more than 60,000,000 computers will fail worldwide this year. Avoid becoming a statistic. Take the pledge: “I solemnly swear to back up my important documents and precious memories on March 31st.”

In the event you lose all the data on your computer, are you prepared to seamlessly restore everything? Here’s a quick breakdown of what we recommend to our clients at Electronic Office and how we can help.

Why Would You Need a Computer Backup?

In the IT world, we talk to our clients about the importance of good patching, antivirus software, and firewalling. All of these are important prevention measures, but even when you are doing everything necessary to prevent problems, backing up your data is still crucial. If you’re struck by ransomware, but have good backup, the hackers have little leverage over you. If everything else goes haywire, at least you can roll with the punches and restore your information.

You may wonder What could go wrong if I don’t backup? The simple answer is everything.

Imagine if everyone in your office or business lost access to their computers. This would be a disaster, right? This is basically what happens when a computer loses its data without good backup. It becomes virtually useless. The most severe cases result in business failure. If you no longer have your invoice tracking and lack a good backup, then how can you prove your vendors owe you money? How can you replicate records that are gone forever? It can be devastating.

It’s not only ransomware (like the WannaCry outbreak we have written about in our blog) that can result in data loss. Hard drives almost inevitably crash and human errors are common. Have you ever accidentally deleted a file from your trash? We’ve all been there! If you had a proper copy of it, it could have been easily restored.

Let’s avoid all that. Saving your data in at least two different places (on different devices) can be easy.

What Does it Mean to Backup Your Computer?

Generally speaking, there are two kinds of data backup locations: onsite (physical, such as an external hard drive) and offsite (the cloud, a web-based service). Onsite backup is quicker than cloud when it comes to restoring. The cloud-based server is there as an added layer of protection.

In a nutshell, there are two types of backups: Full Image/Mirror Backups (an exact replica that includes settings, operating system, etc.) and File and Folder Backup (selected files and folders are replicated). The former is usually a more complex process that requires a more technical understanding to get it installed and running, and the latter is more common among consumers (think Carbonite or Time Machine). The downside to File and Folder Backups is that if your operating system gets corrupted, for instance, it would be very time consuming to get your hardware components back, settings and preferences restored, and your operating system up to date.

At Electronic Office, we use a hybrid approach with both offsite and onsite solutions. We take full image backups to an onsite device at our client’s location. Copies of this are sent to the cloud. With our backup solutions, if a server fails, for example, we are able to boot up the copy of that server on our backup appliance so you can keep on moving. If your office building is destroyed by fire (along with your computers and all onsite backups), we can get your business working again quickly by importing your old data into your new computers by connecting to our cloud-based backup servers. It’s a business continuance as well as a disaster recovery solution—all-in-one.

Where to Start

We’ve heard too many stories of people regularly backing up their data only to find that when they needed it, nothing was recorded. It’s one thing to back it up, but you should also do periodic testing to make sure your data is there and usable. We recommend that people test their solutions at least once every quarter (monthly is really the best).

To gauge where you are in your loss prevention plan, ask yourself:

  • What is your organization’s data backup plan?
  • When was the last time you tested it?
  • How long would it take to recover data from your current backup solution?
  • What is the financial cost of downtime for your business?

By self-evaluating where you stand today, you can help safeguard your data against the risks of tomorrow.

We Can Help!

At Electronic Office, we can make the backup process easy. One way in which we do this is by working with your organization’s internal IT staff so they can play a part in the process. Or, we can handle everything. Since backups are far from “set it and forget it” systems, we are able to check them every day to ensure they’re running successfully.

We perform regular, automatic backups for our clients so they don’t have to give the issue another thought. Contact us today and learn how we can give you peace of mind. Celebrate World Backup Day by ensuring your data can be easily retrieved whenever you need it, wherever you are.

Share this post

wannacry security attack

WannaCry IT Security Protection Case Study: What You Should Know

The far-reaching WannaCry ransomware attack made international headlines last year when unidentified hackers encrypted the data of more than 200,000 computers in over 150 countries between May 12–14, 2017. Large corporations or tech giants weren’t the only ones targeted. The attack affected an assortment of entities, from financial institutions and hospitals to banks and individuals. Although it only lasted a couple of days, the effects were long lasting—and so were the lessons learned.

Once a computer was infected and its data became encrypted, the WannaCry perpetrators demanded a $300 ransom payment in bitcoin in exchange for restoring these files. They increased the price until the end of the countdown when the data would be ultimately deleted if the ransom was still unpaid. The attack finally ended when someone discovered a kill switch (just one of the clues that WannaCry was an amateur attack).

The scariest part? All of this could have easily been prevented. It all boils down to the importance of updating systems and backing up files.

The Challenge

The reason WannaCry successfully and quickly encrypted the data of so many systems worldwide had to do with the enormous number of people who did not update their computers right away. It all started with an online leak that exposed a vulnerability in the Microsoft system. EternalBlue is a tool developed by the US National Security Agency that exploited a vulnerability in the server message block (SMB) protocol for network file sharing. Basically, the NSA found out that in some versions of Windows, the SMB protocol could accidentally accept information from remote attackers. The NSA could use this for surveillance purposes. In short, this tool took advantage of a security weakness in Microsoft software. A group of hackers called the Shadow Brokers stole this information from the NSA and leaked EternalBlue online last April.

Fortunately, once the exploit was published (and before WannaCry occurred), Microsoft acted quickly and released a patch for their supported operating systems, Windows 7 and 10. Note that this did not include XP, as Microsoft announced years ago (with plenty of notice to users) that support for XP would discontinue on April 8, 2014. Even as other variants of WannaCry came out in the following days, Microsoft continued to release new patches to protect the systems.

The reason WannaCry was successful (despite all of these patches) is that many people failed to update their systems. WannaCry spread like wildfire because, unlike phishing emails, this computer worm wiggled from one infected computer to a healthy computer.

The Solution

it security is important

Once the kill switch was found, the attack finally came to an end. Microsoft released an emergency patch for XP and Server 2003, although they were under no obligation to do so since they were no longer supporting those systems. Many people learned the hard way that regularly updating your computer systems is vitally important.

Some systems that were infected had backed up their data, so it was more easily recovered without having to pay a ransom.

Avoid Becoming a Victim

As a company, Electronic Office operates in a proactive (and not reactive) way. None of our clients were affected by WannaCry because of the precautions we have in place. As soon as we sensed this threat, we assembled an Incident Response Team and communicated this security alert to our clients. We evaluated all of our clients’ systems, advised them not to turn their computers off, and pushed out any patches that were missing, which we can manage remotely.

What could have prevented this ransomware attack? Everyone must regularly update their computer systems and back up their data.

We’re Here to Help

Following IT news and protecting your data properly can be a lot to keep up with. An IT company like Electronic Office can take care of this for you. We’re always staying on top of the latest threats and trends. Additionally, we constantly evaluate new and emerging technologies to offer our clients. We currently have the most robust data backup platform in the world.

We regularly patch our client’s systems through a triage policy. We evaluate at what is needed and what is not needed. We manage and understand where our thousands of end points are in their state of patching.

EO offers Security Awareness Training to better prepare users for real-world situations. This training can take many forms including fake phishing emails, training videos, and even alerting our clients to real malicious emails that have been sent.

Even if you don’t have confidential information and think nobody is trying to hack your system, you still need a firewall to protect your networks. Purchasing and installing a best-in-breed firewall appliance is just the start and is not a “plug in and forget it” situation. The key is configuring the firewall to the current threat landscape and consistently maintaining it to make sure that networks are protected from new and emerging threats. Other maintenance includes keeping the firewall current from a support, warranty, and software perspective.

IT Assessments are critical for knowing your current state of weakness, strengths, and vulnerabilities. It’s much easier (and stress-free) to have measures in place so that when the next big cyberattack happens, your systems are safe.

Don’t fall victim to ransomware: The work you do and clients you serve are too important. Avoid downtime and the risk of data loss. Get better protection starting today. Contact us for more information.

Share this post

Cybersecurity 101: Protecting the Medical Practice in an Evolving Threat Landscape

By Kemper W. Brown, Jr., CISSP

I recently gave an IT security presentation at a fall conference for medical managers of physician practices in Western North Carolina. As the only speaker on the topic of technology, my goal was to help medical managers stay on top of IT security best practices and the current threat landscape.

View My Cybersecurity 101 Presentation Slides

The Malware Menace

Today, it’s not just large corporations (and infamous breach victims) like Target and Sony who are at risk of breaches or cyber attacks; it’s everyone. The perpetrators aren’t so much setting their sights on one company and trying to get in as they are automating their systems to find and exploit vulnerabilities and execute phishing schemes. What’s so scary is that small practices and organizations now also find themselves in the crosshairs. Security measures have had to catch up to the growth of ransomware, yet every company can be at risk. Taking preventative action and following up with 24/7/365 support by experts is key to ensuring your clients’ information doesn’t fall into the wrong hands.

Over the last year and a half, for example, many small to medium-sized clinics and surgery centers have found themselves victims to breaches, ransomware, or crypto type attacks. A group of hackers known as TheDarkOverlord has pirated hundreds of thousands of digital medical and dental records across the country. These ransomware schemes encrypt or lock medical records or other critical files, and demand a ransom in bitcoin for regained access. Medical records are highly valuable on what is known as the “dark web,” and crime groups pay top dollar for hacked personal identifiable information.

How Do You Avoid Becoming a Victim?

We recommend that you protect your practice through:

  • Annual HIPAA Security Assessments
  • Layered Security
  • Robust Data Backup Solution
  • Security Awareness Training

An annual HIPAA Security Assessment is not only a requirements of HIPAA/HITECH compliance, but is also a best practice for protecting systems and evaluating vulnerabilities.

Layered security is also recommended because you want to have multiple defenses in place (e.g. firewalls, updated patching, consistent antivirus across all endpoints). This approach includes perimeter defense, which can call for a firewall with deep-inspection capability (protecting the outside of your network), as well as internal defenses such as intelligent spam filtering, vulnerability patching, password policies, and antivirus/antimalware support.

Robust data backup solutions with onsite and offsite copies are also critical to a strong data protection plan. If something happens to the servers, you have it backed up on your site; if something happens to the building, you have it stored off site. When you need to restore something, having confidence that your files are there and usable is key. Data backup is also the best protection against ransomware and crypto type threats.

Security Awareness Training

Yet, in today’s world, having a strong firewall, backup, and antivirus software is no longer enough. Unfortunately, the majority of breaches that occur today are the result of social engineering or unsuspecting employees opening a malicious email or clicking a harmful link.

Do you think this could happen to someone on your team? If you set up a simulated attack, would anyone fall for it?

In the weeks after an actual cyber theft of customer assets in 2015, financial institution JPMorgan sent a fake phishing email to their employees to test their reaction. According to the Wall Street Journal, 20% of staff opened it. If this had been real, it would’ve been disastrous for the bank’s networks. Remember, it only takes one person opening that email for the entire system to become infected.

Phishing emails have gotten more sophisticated over time. It may be less obvious that these emails are malware. The idea is that we can train users to identify malicious and phishing emails.

I recommend that your entire team undergo security awareness training (we do it for our own organization). This training can take many forms including fake phishing emails, training videos, and even alerting our clients to real malicious emails that have been sent. The idea is to better prepare users for real-world situations.

What to do After a Data Breach

Experiencing a data breach can be an extremely scary scenario and like in any emergency how an organization responds is critical. First off, document, document, document. Next, contact critical IT personnel and isolate affected systems from the network, do NOT power off breached systems. At this point, begin analysis, and respond according to organization WISP (Written Information Security Policy).

As any practice manager or organizational stakeholder in a breach scenario, you need to be able to answer these questions:

  • Who is responsible for the breach?
  • External hackers?
  • Internal personnel?
  • When did the breach occur?
  • How did the breach occur?
  • Were servers or systems hacked?
  • Did an employee unlawfully access the information?
  • Was protected health information compromised?

There will also be a point when it may be advisable to engage legal counsel and IT security professionals to help with response and prevention of further harm.

How Do I Report a Data Breach?

There are laws (state and federal) that dictate the responsibilities of businesses whose data has been breached, whether it was employee data, or client/patient data. Contact professional legal counsel who can assist with a notification plan and provide proper communication and documentation related to the breach.

They’ll be Back

A breach or even a close call (like opening a phishing email) can attract other attacks. Post-breach it’s important to:

  • Conduct a thorough security audit to identify any additional risks
  • Remediate all identified risks
  • Establish proper protections and protocols for future threats

Moving Forward: The IT Assessment & Beyond

You’re likely wondering, Are we really protected? Do we have layered security posture? Do we have enough training for our staff?

One solution for peace of mind includes an IT assessment to establish baseline knowledge of your technology infrastructure and uncover any potential vulnerabilities. The Electronic Office will develop a comprehensive overview of your current systems and prepare recommendations based on industry best practices.

The Electronic Office delivers worry-free, trouble-free security for your organization’s network. We offer installation, configuration, monitoring, patch management, and continuous updates to ensure robust protection against today’s advanced IT threats. We provide around-­the-­clock monitoring, management, and remediation. Our knowledgeable security support team is available 24/7/365 to address problems quickly. As business needs change, our team will work to fine­-tune your security plan. With our expertise and support, you can rest easy knowing your network systems—and your business—are secure.

Share this post