Something that many people are not aware of, especially fellow small business owners, is that BUSINESS accounts often have little or NO protection from fraud or criminal activity. This is especially true for business debit cards and wire transfers, as discussed in this article from NPR:

NPR Article about dangers of business banking

As long as banks are not required by law to do something (like provide fraud/criminal liability protection), they will resist doing so. They’re in business to make money, not spend it on nonsense like protecting their clients’ funds. Someone, through means unknown to you, can use your business debit card info (without even having possession of your card) and wipe out your account– and the bank will shrug their shoulders and point to the “agreement” you supposedly signed accepting that they provide no relief in these situations. As I myself have learned, even the simplest of expected protections for your account may not even exist– i.e. the bank may not even verify the NAME on the transaction matches the name on the account. Besides suing banks, (a class action would probably be a good thing here), there’s not much you’ll be able to do to attempt recovery. Lobbying a banker friendly government doesn’t seem to help much either, in terms of getting laws changed. So perhaps you should “vote with your money”– check to see what liability and fraud protection are available on your accounts. If your bank doesn’t provide satisfactory protections, bank elsewhere. You can spend some time checking various bank websites to see if they offer “zero liability protection” on business accounts, or call/visit banks for more details. Be aware though that banks may make a distinction between “small business” and other businesses…a small business may be afforded protections that a larger business may not. Yep, they’ll be glad to take alot more of your money, and give you even less in return.

HANG UP on unsolicited “tech support” calls! It’s that simple!

Scam Computer Keys Showing Swindles And FraudIf someone calls you, emails you, texts you, or some how contacts you and claims to be some sort of support person who needs remote access to your computer… either string them along for fun, or just hang up… it’s that simple.  If your computer has a problem, call a real support company yourself.

Cryptolocker Prevention Kit…

UPDATE: 2018 Anit-ransomeware tool, if your anti-virus doesn’t already have something like this built-in:

You may have heard about the hideous and insidious “malware” going around now called “ransomware”– it gets on your machine and encrypts files, then pops up a message telling you how to get the files unencrypted for a fee…  here is some great info put together by folks at ThirdTier (a group of IT Pros who help other IT people)…



Another email SCAMpaign…

Beware of emails with links, purporting to be for order confirmations or receipts– especially when you didn’t order anything from the supposed emailer!


Hackers Using Fake ‘Order Confirmation’ Emails to Hijack Computers


Update, May 5, 2015:  Here’s another new one… a “malware” that will wipe out everything on your hide drive– just to help hide ITSELF…   ” It gets installed when people click on attachments included in malicious e-mails. “…

Super secretive malware wipes hard drive to prevent analysis


Speed boost for Windows?

Greetings… here’s something interesting I stumbled across recently.  I had a client who was experiencing issues with slow performance in Microsoft Outlook (there’s a surprise)… so while researching his particular issue, I came across this Windows registry change that made a noticeable improvement in not just his Outlook performance, but on pretty much everything he was using on his PC… I’ve now tried this on a bunch of machines, and it has worked on all of them to improve performance of all MS Office applications as well as Internet browsers (including Opera).

This article talks about doing this for Windows 8.x and Office 2013, but I have been using it with Windows 7 and Office 2010…

Note that in these instructions, it shows making the registry change under “office\15.0\common”… you may need to do the change in “office\14.0\common”.

If you have never modified the Windows registry, or are not clear on these instructions, give us a call– we can make the change via remote desktop within 5 minutes.  And if it doesn’t work for you, or causes issues (some people complain that graphics become “fuzzy” or blurry), the change can be undone.

Strike! Missed again…

I’ve never really understood how people pick “their” sports teams… I can understand picking your “hometown” team based on some emotional or sentimental values, just like rooting for the “underdog”… but really, as a technical person, I would tend to be like Mr. Spock, and just pick the team whose players are most likely to win based on their skills and abilities. I guess it’s kind of the same when it comes to “fanboys”- people who seemingly blindly cheer for a particular company’s products or services regardless of pros and cons weighed against another company’s pros and cons.

So it goes with computer/IT products and services– and although Small Office Systems is in partnerships with various vendors and manufacturers, I prefer to recommend products and services that actually fit a particular customers needs appropriately. And when it comes to outfitting a new small business, I find that providing “hosted” or “managed” (essentially what years ago we called “mainframe”, then “client/server”, then “software as a service”, and now, “cloud”) services are often the best fit- i.e. instead of having a client buy, rack, and maintain in-house Microsoft Exchange email servers and/or a phone system (PBX), I recommend services like hosted Exchange and hosted VoIP. There are, of course, pros and cons to either way of doing things (in-house vs. hosted).

I’ve been providing both hosted email and hosted phone services for a number of years. I’ve tried and examined various providers as well. The only way to know what service is best for a particular situation is to of course try that service. Sometimes the most promising service turned out to be not-so-good in implementation– poor menus, poor service, poor customer support, etc. Or maybe the fear that some new “unknown” hosted service provider might suddenly just go under one day, and take your email or phone system away is enough to keep me from recommending someone. So I tend to work more with the “big boys”- the companies who have proven track records.

Now we’d like to think Microsoft is amongst the biggest of the big boys. When Microsoft comes along and says “we provide hosted services”, which include email and web-based Office applications, the MS fanboys get excited. Of course all of us who are Microsoft certified and/or partners get a little excited when Microsoft announces something new– we want it to be good, and we want to check it out. And Microsoft has actually come up with some good stuff over the years (especially in the hardware field), but unfortunately seems to have a weird disconnect between their developers and their marketing people…some of their better products have never made much of a splash, and may have even disappeared quietly in the night…

One of Microsofts biggest problems, from a technical point of view, is what appears to us service providers as a complete disconnect between development teams on the same product (!)… for example, it often seems that the team developing the latest version of Microsoft Exchange never bothered to work with the team that developed the previous version… I don’t know, it might actually be the same people, but it seems like too often they completely ignore what was for what will be… this has the misfortune of manifesting in the unmitigated PITA’s (and occasional disasters) of what MS would like us to call “upgrades”. Although MS has foisted the simplicity of “point and click” on us for about 30 years, when it comes time to install and configure the “back end” or “behind-the-scenes” stuff like server operating systems or software applications, they forgot to bother with silly stuff like “KISS”– which in turn often has the result of making IT people look like black holes for time and money… too often when it comes to upgrading some MS product, we IT people see the freight train about to jump the tracks, but have no ability whatsoever to prevent that crash- so we head to the impending scene with all of our rescue and cleanup tools.

So it goes with my experience with Microsoft Exchange Online. In an almost surreal experience of just trying this thing out, I felt at times that maybe Microsoft doesn’t really want to sell this thing… it was that frustrating. Now I’m not talking about the relatively simplistic business of setting up a brand new client with a brand new never-had-email-before hosted email service. That indeed, for the most part, is click-click-click-here-you-go. If you are setting up a new business and need email for, say, 10 employees, we could have that up and running in minutes.

No, what I’m on about now is the process of migrating an existing in-house email setup to a hosted (“online/cloud”) email. For some companies, the economies of such a move are worthwhile- they just don’t want to have to think about maintaining mail servers and worrying about spam filters and anti-virus and all that. So you think a company like Microsoft would want to move as many companies as possible to their cloud services, which are like subscriptions (i.e. a continuous revenue stream). But they sure as heck don’t make it easy. Here’s my experience with trying to get a demo evaluation going for a client:

1) As a Microsoft partner, I started the process of trying to find out how I could indeed provide a demo setup for a client. They actually have the ability to provide a demo- but it is a canned scenario provided by Microsoft– with no detail of how a client’s actual situation would work. So I tried to find out about some real, live trial of online Exchange… turns out, they don’t offer such a thing- EXCEPT if you agree to a trial of Office365 Enterprise E3 (which is the only Office365 product which allows for a “hybrid” Exchange setup- allowing on-site Exchange servers to continue running while migrating a few test mailboxes to “the cloud”). This is a $20/month/user offering– and my client is of course interested in the $4/month/user Exchange only. OK, so if this is the only way to show Exchange Online, no problem- I’ll sign up for an Office365 trial.

2) Sign up for the trial– no big deal…at first…

3) Now comes the fun– start trying to figure out how to setup a trial of the “hybrid” mode.  I start trying to follow initial installation and setup guides on-screen (in the latest version of Internet Explorer, just-in-case)… clicking on a step brings me away from the instructions (i.e. instead of opening in a new browser tab, opens in the same tab).  So?  Ok, what happens is i can’t go back now and try to re-do…or even pick the same item again even if I didn’t complete that step… and I see messages telling me I will get emails when things are “ready” for me to continue… I never get any emails telling me that things are “ready” for me to proceed.  I get emails about logging in to my “new” Office365 trial and domain etc… which don’t help, because these are long confusing strings of text combining my  name with a Microsoft domain… and apparently, I have several different login’s now, both these new  ones, and the info I used when I first signed up for the trial.

4) I get contacted (repeatedly) by someone from Microsoft asking about the trial.  I tell them I am having difficulty, and their response is “I don’t work with hybrid scenarios… you’ll have to contact someone else”.  But wait- I say… YOU contacted ME!  Can you at least provide some phone number/email/web link?  Nope.  Sorry.

5) I get to the point where I am asked to install software for integrating my Active Directory with the online 365 system for the hybrid.  But no instructions, notes, tips, etc. whatsoever about where exactly I should install this software.  The web page telling me to install this wants me to install it on the PC I am currently using… really?  I should install critical active directory sync software on my office desktop PC, instead of on a company domain controller or server???  So I try to find info on this software– good luck.  And the system also wants me to redirect my DNS records for my domain.  Without telling me what affect that will have on other services, like my current in-house mail server.  It never asks for my current DNS info… so again, I need a lot more detailed technical info on how this is going to work and what possible effect it will have on my current systems- and I get nothing, in terms of this info or a manual or document…

Anyway, to cut the long disaster short, I’m certain this is one of those things, where when I successfully complete it once, I will have no problem doing it again in the future.  But really, why couldn’t some MS engineers as well as a decent manual writer sit down together, go through all the steps for migrating users, and create a comprehensive, step-by-step set of instructions for the rest of us?  And maybe along the way they could have identified steps that could be automated better on the MS side too…you know, like, with computers?

So what’s the end result?  If you want to move your in-house Exchange email to a hosted server, it’s not a problem…as an “all-at-once” solution.  If you want to try a “hybrid”mix  of in-house and hosted mailboxes… well, that’s a whole ‘nother story.  It can be done, and I will certainly be digging into the various documents and web pages I find discussing how to do this.  Just giving you a glimpse into the life of the IT guy… it’s not always like this:

How to avoid scam emails…


I am working on a presentation showing how you can avoid getting infected via scam emails.  I’ll show you various examples of how scammers attempt to trick you into opening attachments and clicking on links.  Just remember- if it seems suspicious, delete it.  If you don’t have an American Express card, an email with a subject like “Your American Express Account Compromised” with a link to login  is OBVIOUSLY a fake, isn’t it?


Some quick tips:  If you use Outlook for email, you can move your mouse pointer over links in emails, and even over the “From” email address in emails you receive– and you will then see a “hover tip” box appear that shows the real, underlying data for that link… i.e.   say you get an email that says something like “Log onto your Paypal account by clicking here…” … hover your mouse over the link (i.e. the word “here”), and you will see something that is not even close to (this little example should show you somewhere a URL “Dont_actually_click_this” with a hover tip of “Some evil place”)… then you know absolutely that this is a fake email.  Or if you hover over a “From” or “Reply” or “Sender” email address and the actual address comes up as something other than “”, you know it’s fake.  There’s a lot more to look out for… stay tuned for our video…


UPDATE: THE video is here:


Yet more info of a “ransomware” scam:

Carbonite Appliance…hmmm….



Carbonite appliance web site

We have placed our first Carbonite HT-10 backup appliance with a client.  It is working exactly as expected in terms of backups– once the appliance (a small re-branded Dell PC actually) was connected to the client’s network, we installed the small “agent” on the servers and PC’s we wanted to backup, created a “schedule” for the backups, and let it fly.

Some things to be aware of with this device:  it currently does IMAGE backups… i.e., the “full” backup is a “clone” or “image” of the hard drive you select to backup.  This is ideal if the machine being backed up has a failure, gets stolen, bursts into flames, etc.  You can get a new machine in place and restore the image from the Carbonite appliance, and the new machine will be exactly like the old one.  Scheduled “incremental” backups are backups of only the data that has changed since the last backup (whether a full or incremental).  So the full backups can take a while, but the incrementals are usually quick and small.  As we have scheduled our client’s backups to run at night, no impact on LAN or machine performance has been noted.  What we HAVE noticed is that the cloud transfer is taking a while…  see, the Carbonite Appliance is a “hybrid” device– it first takes backups from your PC’s and Servers and stores those backups LOCALLY, in it’s own hard drive.  Then it COPIES those backups to Carbonite “cloud storage”, in protected off-site data centers.

We currently see a couple of “quirks”…  one is that a couple of machines we set to backup have still not completed their initial cloud backup after a few weeks…  we are looking into this to see what the deal is.  The second is that the storage within this device is 1 TB (for local backups), with 500GB of “cloud” storage.  Backing up 3 or 4 machines nowadays can easily surpass those limits.  Carbonite has already stated they will be offering different models, with different capacities of internal storage, and cloud storage can be increased in 500GB chunks for $10/chunk/month.  If we can overcome the slow cloud transfer time, the Carbonite Appliance is a nice deal… it is now offered on yearly subscriptions (with multi-year discounts, of course).

THE BOTTOM LINE: This device has its uses.  If you need a good local backup as well as an off-site backup, with HIPAA compliance, this box can do it…as long as you have less than 500GB to back up.  Significantly less would be best, as it could take quite a while to send several hundred gigabytes to “the cloud” via your internet connection, especially if you only allow backup transfers to occur at night/after hours (as this thing could be a bandwidth hog).  This appliance, as mentioned, does a full “image” backup, along with daily incrementals (i.e. only things that have changed since the last full)…which allows a restore to brand new “bare metal” box in case of hardware failure of a machine that is being backed up.  With the local backup, this kind of restore is much faster than trying to restore an entire machine from a “cloud” only backup.  Sure, you can get “cloud only” backup’s for as little as $5/month, but with very little control over what gets backed up– and it could take weeks to complete a full backup to cloud only.  And cloud only often doesn’t allow for “bare metal” restore.  Please contact SOS to discuss your particular situation and the options available.

UPDATE 10/23/2014:  Carbonite pushed an update to the appliance software, which includes a “retention” feature… this allows us to specify how many iterations of any particular backups are saved, allowing the box to overwrite old backups, and save space.  A feature we still want is the ability to have the box email status reports.  As for cloud backups, they have all worked well now, and all 189GB of a user’s local backup is successfully stored in the “cloud”.  Carbonite plans to offer machines with larger local storage capacity, but no release dates have been set.

UPDATE 11/20/2014: Carbonite pushed another update to the appliance.  It is working pretty well now, except for 2 things: the machine still does not have the ability to send status updates (i.e. emails saying “backup successful” or “backup failed”, so I still have to regularly remote into the client site, and then access the machine’s web page– and the login credentials for the machine are “reseller login” info, so not a good idea to give to the end client (YOU!), as my login credentials will access information for all of my Carbonite clients…  Carbonite says lots of these changes and improvements are already planned and being worked on… the thing still has promise, as there is no other device like this that I know of at this price point that will do both local and cloud backups.

UPDATE 12/18/2014: After some more updates, Carbonite now sends me alert emails when the storage capacity is over 75% full.  Still not as comprehensive as I’d like, but still an improvement.

UPDATE 11/17/2015:  I have placed the brand-new 4TB Carbonite unit with a client about 2 weeks ago, and so far it is working perfectly.  Carbonite has done an exceptional job listening to comments and incorporating changes into the software for the appliances… the new appliance is much faster than the previous 1TB units, and has incorporated changes such as daily bandwidth usage scheduling (i.e. you can schedule the machine to do cloud backups Monday through Thursday from 7PM to 8AM, and then for the weekend it can be set to allow cloud backups from Friday night 7PM until Monday morning 8AM, allowing the entire weekend for shipping cloud backups off site.  Previously the machine only allowed a single “window” setting for cloud backups (i.e. every day of the week, 7PM to 8AM), which meant cloud backups would not occur on Saturday or Sunday during the day, even if the office is closed.  At this point I have no problem giving the Carbonite appliance a thumbs up.  The new appliances are now available as both a small cube like mini-tower, or a rack-mountable unit.

UPDATE MARCH 2018:   Carbonite has completely revamped and changed the former “appliance” line of devices…  they now use “powered by eVault”… check it out here:


carbonite appl-rack-mount carbonite appl-mini-tower