Start Planning Today and Avoid the Heartbreak of Downtime

How to minimize downtime

In the modern business world, even a few minutes of downtime could cost your business big time, and an extended outage could leave the very survival of your company in doubt. The heartbreak of downtime is real, but there are solid ways to protect a business and reduce the risk of downtime.

Even if you do everything right – backing up your data, patching your servers and training employees, Mother Nature could still put your business at risk. Every part of the country faces its own weather challenges, including the state of Wisconsin.

Wisconsin businesses may not have to worry about mudslides or hurricanes, but power outages, tornadoes, or flooding could strike at any time without warning. Without a disaster recovery plan in place, just think of the hardship your company would face if the local electric grid went down or water invaded your server room.

Timing is Everything

In the cutthroat world of online commerce, there is never a good time for downtime, but Black Friday is arguably the worst possible day for a website outage. Yet that is exactly what happened to retail giants Lowes and Wal-Mart; when both companies experienced significant downtime on the biggest shopping day of the year.

Even online behemoth is not immune to unexpected downtime, and once again the outage happened at the worst possible time. After weeks of promoting its Prime Day shopping extravaganza, saw its website crash just as the fun was getting started. No one knows for sure how much money was lost, but it’s almost certain that some shoppers took their business elsewhere during the extended online outage.

Avoid Downtime with Proactive Planning

You may not be able to predict a disaster, but you can prepare for the worst. Proactive planning is the best way to avoid downtime, and now is the time to start.

Both data backup solutions and disaster recovery planning are important, and these two measures can work together to reduce downtime and prepare your business for the unexpected. Backing up your data to the cloud is a good place to start, but even the best data backup plan is no substitute for a comprehensive disaster recovery plan.

Disaster recovery involves the creation of a comprehensive plan of action, one that can be put in place the minute a disaster strikes. Whether that disaster is a fire, flood, tornado or something else, the process is pretty much the same.

The exact process of a disaster recovery plan will vary from one network to the next, so at Ontech Systems, we always customize the plan to the unique needs of your business.

The Cost of Downtime

The cost of downtime is enormous, and a significant percentage of businesses that close during a disaster never reopen.

“If you would like to calculate the potential damage for your own business, this popular downtime calculator can help.”

The direct cost of downtime is only the beginning – the indirect damage can be far more severe. A business that suffers from an extended period of downtime or data loss could lose the confidence of its customers, and that lost confidence may never be restored.

Other indirect costs of downtime include, but are not limited to:

  • Lost sales.
  • Fines from governmental agencies and private organizations.
  • Loss of productivity.
  • Significant recovery costs.
  • Higher costs for overtime and wages for members of the IT team.
  • For publicly traded companies, loss of shareholder value and investor confidence. As a result of downtime, many companies experienced stock market losses, and while some have recovered, others have seen a long-term decline in share prices.

What Are the Causes of Downtime?

Aside from natural disasters, other common causes of downtime include hardware failure, software glitches, and attacks by hackers such as ransomware assaults. Disaster recovery for small businesses is of particular importance since cyber criminals target smaller businesses, given their track record for weaker network security.

Insider sabotage is another common cause of downtime, and this threat often goes undetected. It’s easy to overlook the threat of an insider attack, especially given the current focus on hackers and other forms of cyber-attacks. Solid employee screening, access restrictions and ongoing monitoring can reduce these internal threats.

How to Prevent Downtime

While it’s not always possible to avoid downtime entirely, there are things you can do to reduce the risks and mitigate the damage.

  • Maintain Functional Backups: Making sure your backups are actually working as intended is a great step in the right direction – and it’s one that is often overlooked.
  • Define a Disaster Recovery Plan: A well-rehearsed and comprehensive disaster recovery plan is a necessary step to prepare for a disaster. Practicing this disaster recovery plan at least once a year and making sure all IT staff are fully trained can make the plan more effective should a true disaster strike.
  • Plan Ahead: As the saying goes, “fail to plan, plan to fail”. Businesses today face a variety of threats, and many security experts agree it’s not a matter of if, but when your business will face a cyber-attack. Unfortunately, in the volatile digital world we live in, planning is no longer optional.

The good news is that you are not alone in your struggle to maintain a secure, stable network. Help is just a phone call – 262-522-8560 or click away. Ontech Systems works with small to mid-sized businesses throughout the southeast Wisconsin area to create reliable, stable, and customized data backup and recovery solutions.

To get started, you can request a Free Network Discovery where Ontech will evaluate your network and offer data recovery solutions to secure your network and minimize downtime.

Have You Fallen Victim to These Social Media Scams?

Facebook, Twitter, Instagram, and other social media sites are great for reconnecting with old friends and making new ones, but these networks also present a massive security risk for users.

Over the past few years, social media sites have become a hot spot for nefarious criminals, bent on wreaking havoc and separating innocent victims from their hard-earned money.

If you’re not careful, you could find yourself the next victim of these social media scam artists. In an effort to spread awareness about this reprehensible activity, we’re sharing some of the most common social media scams – and how to protect yourself against them.

Scam 1 – The Hoax Hack

This scam notifies victims that their Facebook accounts have been hacked, but it is all a hoax. Responding to the warnings could put your real account at risk, and your personal information with it.

How It Works

The hoax hack appears as a warning from a Facebook friend. The message claims that their account has been hacked, and warns you not to accept any of their friend requests. In some cases, the message will come in the form of a private message notifying you that your account has been compromised.  

What to Look For

This particular hack report is a hoax, and it has a number of distinguishing characteristics.

The biggest giveaway is a sudden message from a friend, warning that their own account has been hacked and cautioning against accepting new friend requests. If you are concerned about the legitimacy of the message, contact the friend in question – off the Facebook platform.

Scam 2 – The Catfishing Scheme

Catfish may be a fun TV show, but it is much less entertaining in real life. The catfishing scheme was very popular on Facebook this year, and it’s rapidly spreading to other social media sites.

How It Works

Catfishing happens when someone creates a fake profile on social media or other online sites. The goal of the catfishing scheme is to prey on the good nature, naiveté or loneliness of the intended victim, and the results can be personally, emotionally and financially devastating.

What to Look For

Catfishing scams are rampant on social media and dating sites, and they often follow a familiar pattern. The scam artist may reach out in search of a romantic relationship or pose as a long-lost friend. They may express feelings of love and affection after just a few days in an attempt to foster an emotional connection.

As time goes by, the perpetrator of the catfish scam may ask for money or spin tales of sudden financial woes. Those who respond could lose thousands of dollars, or even their life savings.

Scam 3 – The Hijacked Profile

The hijacked profile scam also uses a fake profile, posting real photos and authentic details to pose as legitimate social media users. Once they have been accepted as legitimate users, the hijackers may try to extort money from their victims – or obtain sensitive personal information that could aid a future identity theft.

How It Works

In some cases, the profile hijacker will make up an account, swiping legitimate photographs and personal information gleaned from existing Facebook or other social media accounts. In other cases, the hijacker will take over an authentic account by guessing the password or scraping it using black-market software.

What to Look For

A request for money or stories of financial distress are some of the warning signs of this scam. Even if your heartstrings have been tugged, take a step back and add a healthy dose of skepticism. Taking the time to make sure the request is legitimate could protect your pocketbook – and your privacy.

Scam 4 – The Lottery Win

Everyone would love to win the lottery, and the scammers know that. The fake lottery scam is always a popular one, and it has already ensnared lots of victims.

How It Works

In this common scam, Facebook users are notified that they have won the lottery, but there is a catch. In order to claim their winnings, the victim will have to pay a fee, purportedly for taxes. Once the money changes hands, the lottery official disappears, along with the victim’s funds.

What to Look For

An unexpected lottery windfall may be enticing, but if it comes out of the blue, it is most likely a scam. If you bought a lottery ticket, you can check it yourself, without the social media outreach.

A request for up-front payment of taxes or other fees is a dead giveaway; legitimate lotteries do not operate in this manner. If you receive such a message, just ignore it – your wallet will thank you.

Scam 5 – The Online Quiz Fishing Expedition

If you have ever clicked on an online quiz in your Facebook newsfeed, you may be a victim of this scam. The quizzes are real, with real results, but their purpose is to mine information, not reveal your personality or tell you which Star Wars character you are.

How it Works

Information is a valuable commodity, and scammers will go to great lengths to get it. The perpetrators of this common scam create quizzes designed to spark curiosity and a sense of fun, but those who click can have their personal information gathered, often for nefarious purposes.

What to Look For

The presence of an innocent-sounding quiz in your newsfeed is the thing to look for, so watch your Facebook feed carefully and resist the urge to click. If you do decide to participate, know that the quiz could be fishing for your personal information, and the information of your Facebook friends.

Scam 6 – The Short URL

Facebook and other social media sites have become popular venues for sharing news and information, and the posters often include links to the original news sources. The shortened URL scam takes advantage of this trend, using the shortened version of the URL to mask a malicious website.

How it Works

In this scam, social media users see a shortened URL, a common sight on the internet. What makes this scam so dangerous is that the shortened URL actually points to a malicious website, one that could harbor malware or download and install a key logging program that captures user IDs and passwords.

What to Look For

The sudden appearance of a shortened URL in your Facebook feed or private messaging system is the most obvious thing to look for. If you have any doubts about the legitimacy or usefulness of a linked site, just don’t click.

Scam 7 – Chain Messages

Chain letters used to be a popular snail mail scam, and now they are migrating to social media. Facebook and Snapchat are the most common venues for this scam, but chain messages can show up anywhere.

How It Works

Chain messages can take many forms, from warnings that your memories and photos are about to be deleted to promises that a charitable donation will be made in your name if you pass the message along.

What to Look For

The writers of these chain messages often use urgency to their advantage, encouraging victims to act now or forever lose their data. This urgency can be frightening, but it pays to wait a minute before acting. Research the chain message by Googling a block of text – you may encounter a warning that the social media chain letter is really a scam.

Social media scams are not going away, so it is important for you to protect yourself. Even if you have not fallen victim to one of the scams listed above, it’s only a matter of time before the next attempt lands in your news feed.

A little skepticism goes a long way online, so always think before you click.

Windows Server 2008 End of Life: What to Do Now

windows server 2008Despite some gains from Linux and other alternatives, Microsoft remains the undisputed leader in the operating systems marketplace, and their flagship Windows Server line is the gold standard for companies worldwide. From early stage startups to Fortune 500 corporations, Windows Server is widely used and relied upon.

If your business is running Windows Server 2008, you have some important decisions to make. After more than a decade of faithful service and reliability, this old workhorse is finally being put to rest.

Microsoft had previously announced end of life for Windows Server 2008, but that date is rapidly approaching. So what should you do now that support is coming to an end?

Is now a good time to upgrade? What does the upgrade path look like? Here’s what you need to know to maintain a secure, stable network in light of these upcoming changes.

When Does Windows Server 2008 Expire?

Windows Server 2008 is set to expire on January 14, 2020, less than a year away at this time of writing. As of this date, Microsoft will officially cease support for its flagship Windows Server 2008 R2 product.

Mainstream support for Windows Server 2008 ended some time ago, and many companies have already upgraded, while others have not yet taken the necessary steps to do so. If your company falls into the latter category, there are risks and consequences of running outdated software, so you won’t want to put this off much longer.

Consequences of Not Upgrading

After January 14th, 2020, Windows Server 2008 will continue to function, but relying on outdated software could have serious implications for your business and customers. The most obvious problem is that updates will no longer be available, including vital security patches, but that’s not the only drawback.

Failing to upgrade to a newer version of Windows Server could slow down your network and hinder productivity. Relying on an outdated operating system is always a dicey proposition, but the dangers are even greater when the hardware involved is a critical server and not a generic desktop.

What Are the Windows Server 2008 Upgrade Options?

Fortunately, there are a number of upgrade paths available, and there is still time to choose the one that works best for your company. For some businesses, the most viable option will be migrating to the cloud. Many companies have already made this choice and never looked back.

Move to the Cloud

Migrating to the cloud can free your businesses from constant hardware maintenance issues and the cost of replacement servers while ensuring a steady stream of updates and security patches. Moving to the cloud also makes remote work easier and simplifies file storage, file sharing, and other business-critical activities.

Upgrade to Windows Server 2016

Upgrading to the newest server operating system is another option to consider. While Windows Server 2008 is rapidly reaching the end of the road, Windows Server 2016 is still in its prime. By upgrading to the newest server operating system, you can keep your server hardware onsite while enhancing your existing IT infrastructure.

Assess, Migrate, Optimize

No matter which option you choose, you’ll want to take stock of your existing software products and other applications. Ensuring compatibility is a critical step in any upgrade path, whether you choose the simplicity of the cloud or the security of an in-house server migration.

As the Windows Server 2008 end of life grows near, the sooner you map out your upgrade path, the better. There are a variety of factors to consider before making a definitive decision:

  • The number of third-party and in-house software products your company uses
  • Which custom processes your company relies upon
  • The extent of initial training and retraining that will be required

While Microsoft is generally quite good about determining software compatibility and testing server operating system upgrades, when critical business operations are at stake, you need an expert in your corner.

Ontech Systems can be your partner throughout the entire upgrade process, from assessing your current software installation and hardware infrastructure to developing a stable, secure path forward.

Whether you choose an on-site upgrade to Windows Server 2016 or a move to the cloud, Ontech is here to help you every step of the way. Just give our support team a call today at 262-522-8560 to discuss your upgrade needs or contact us online and let us know how we can help.

What is the Emotet Trojan?

What is the Emotet trojan?It’s an unfortunate reality that today, we’re faced many vulnerabilities and cyber security threats in the online world, from losing file access due to a ransomware attack or falling victim to the latest phishing scam.

In this new digital world, the best defense is eternal vigilance, user training, and a comprehensive layered security approach.

The Emotet Trojan is the latest in a long list of digital threats, but it is already one of the most serious. Here’s what you need to know about the Emotet Trojan and its impact.

For many in the IT security field, the reemergence of the Emotet Trojan is nothing new.

While this particular Trojan is typically targeted at the banking industry, that doesn’t mean businesses in other sectors can let their guard down.

Get steps to protect yourself against Emotet from Sophos Global Malware Specialist Peter Mackenzie. Find out what he’s learned from dealing with Emotet outbreaks.

How Does Emotet Spread?

Emotet is spread through spam, and it is important for all businesses, no matter what their niche, to take part in effective cyber defenses.

One of the major dangers of the Emotet Trojan is how it spreads. Unlike other spam generators, which spread via infected links, Emotet hides out in legitimate looking files – often Word or PDF files. Even the most cautious employees can be tricked, making Emotet particularly dangerous.

The Emotet Trojan has a long history in the business world. In the wild, this destructive email-based threat has created damages in excess of $1 million per incident.

The Emotet Trojan hides out in infected files, which can take a variety of forms. In recent attacks, Emotet has disguised itself as PayPal invoices, PDF documents, and Word files among others. Since these are some of the most commonly used formats in the business world, detection is often difficult.

Emotet Detection and Prevention

To make matters worse, Emotet is known to evade certain signature-based antivirus programs. For this reason, at Ontech Systems, we encourage all businesses to deploy a multilayered approach to security and implement managed IT support as a first line of defense.

Since no single security approach is effective against every type of threat, a combination approach to cyber defense is often the best strategy. That multilayered approach begins with timely software updates, continuous network monitoring, and smart detection of emerging threats as they surface – or in this case re-emerge.

How Does Emotet Infiltrate a Network?

Once a user clicks on an infected attachment, this malicious Trojan seeks to spread itself, looking for additional network nodes. This network spread is built into the Trojan, and that propagation is what makes Emotet so uniquely dangerous.

The damage done by the Emotet Trojan can be widespread, but prevention is always the best defense. If your company network is compromised, Emotet could capture passwords stored on company servers, leaving your business vulnerable to future attacks.

Emotet has also been known to scrape both usernames and email passwords from Outlook address books, leaving users vulnerable to attack on a number of different fronts. In addition, the persistence of this infection can make Emotet difficult to fight, and those affected should seek professional IT support as soon as possible.

Protect Your Network from the Emotet Trojan

Ontech Systems can assist with a wide range of solutions to strengthen the network security in your organization. If you need help with your multilayered defense against this latest threat or any other, just give our support team a call at 262-522-8560 or reach out to us online.

The 4 Best (and Most Secure) Password Managers

Best password managers

Security experts and IT managers have long warned against using the same password on multiple sites, yet many users continue to do just that. And while it’s easy to dismiss this practice as mere habit, there is more to it than that.

The sheer complexity of managing so many passwords and keeping track of multiple usernames is enough to make even the most dedicated techie swear off the internet forever, but there’s a better way to secure your data and keep the bad guys at bay.

If the benefits of convenience outweigh security for you, the recent Facebook breach, which exposed the data of an untold number of users, should serve as a wake-up call – and one more reason to use a password manager program.

Password managers are designed to keep your data secure in an innovative way. By seamlessly keeping track of usernames and passwords, these valuable pieces of software make it possible to mix things up, all without sacrificing your safety or convenience.

But which password managers are worth the price? Here are four of the best and most secure password managers on the market today.


LastPass is one of the most popular, secure, and widely used password managers on the market today. The creators of LastPass bring more than three decades of relevant experience to the table, offering millions of customers in over 100 countries extra confidence in the product.

Key advantages of LastPass:

  • Data remains on the device – no data is sent to the LastPass servers, providing an extra layer of security.
  • Built-in two-factor authentication – the gold standard in security.
  • Includes an automatic password generator – If you don’t feel like creating your own secure passwords, LastPass can do it for you.
  • Works on mobile devices – LastPass works on both mobile devices and traditional laptop and desktop computers.

Possible drawbacks:

  • Past security vulnerabilities – As one of the most popular password managers, LastPass is no doubt a target for hackers. LastPass suffered from well publicized security vulnerability as recently as March of 2017. While those issues have been addressed, it’s something to keep in mind.
  • Refund issues – Some LastPass users have complained that getting a refund has been difficult.


Keepass is another popular and widely used password manager to consider. Keepass is free to use, but it’s also open source and resource light, giving it a leg up on several other password managers. This award winning password manager has been a hit with both individuals and business users, and its security is well known in the industry.

Key advantages of Keepass:

  • Exceptional design and usability – Keepass users can create master passwords that are unique, secure, and accessible only to themselves.
  • Credibility in the industry – The creators of Keepass are widely respected throughout the computer industry.
  • Open source and totally free – the fact that it is free and open source makes it flexible and easy to use.

Possible drawbacks:

  • Antiquated website – The design of the Keepass website is anything but modern, and many would-be users may be turned off by its dated appearance.


Dashlane is one of the most popular password managers for business use, and one of the most versatile on our list. Dashlane keeps your passwords available online, so you can log on from any device while keeping your credentials safe and secure.

Key advantages of Dashlane:

  • Exceptional security – Dashlane meets or exceeds not one but many security standards, making it one of the most secure in the industry.
  • Automatically generates strong passwords – You don’t have to make up your own high-security passwords; Dashlane does it for you.
  • Security alerts – Dashlane users are automatically notified of data breaches and other issues on websites where they have accounts.
  • Easy payments – When you use Dashlane, online shopping is a snap; users can pay online in a matter of seconds, speeding the checkout process and enhancing the convenience of those late-night shopping sprees.

Possible drawbacks:

  • Some features only work with Android – If you are an iPhone or Apple user, be aware that some key features, including auto filling forms, may not work with your devices.
  • Designed for business use – Dashlane is a popular choice for business use, and some users feel the software is not geared toward personal users.


1Password includes a number of unique features not found in other password managers, earning it a spot on our list.

Key advantages of 1Password:

  • Automatic password generation – 1Password will create strong passwords for you.
  • Security checks – Known as Watchtower, these automatic security checks are one of the biggest advantages of 1Password. This popular password manager automatically scans for known security vulnerabilities, giving you a heads up on any issues.
  • Multiple platform support – Provided that you don’t use a Windows Phone or Blackberry, chances are 1Password is compatible with it. With support for Windows, Mac and Android, 1Password is one of the most versatile password management programs around.

Possible drawbacks:

  • No Windows Phone or Blackberry support – If you are using a Blackberry or Windows Phone, this solution is not for you.
  • No multi-factor authentication – This could be a serious drawback in terms of usability and security.

Bonus Tip – How to Password Protect Your Word Documents

Using a password manager is a good first step, but encrypting Microsoft Word documents allows you to take things one step further.

Whether you’re using Microsoft Word for business or pleasure, encrypting your documents is the best way to protect them from prying eyes. Here are the step-by-step instructions you need to secure your Word documents.

  1. Click on the Review tab.
  2. Choose the Protect Document option.
  3. Wait for Protect Document to be highlighted.
  4. Choose the appropriate security options, i.e. password needed to open and/or modify the document.

Keep in mind that Microsoft will not be able to help you if you forget the password you assign to the document, so be sure to record your password in a safe place.

In addition to general password protection, there are additional security features when sharing documents with colleagues and coworkers. Here’s how it works:

  1. Click the Review tab.
  2. Choose Protect Document.
  3. Click Tracked Changes to keep tracked changes on during the review process.
  4. Click Comments to prevent others from making changes to your document.
  5. Click Read Only to allow readers to review the document but not make changes.
  6. Click OK when done.

Protecting yourself and your data has never been more important. Password managers allow you to create your own secure passwords, keep track of passwords, and even get notified of security breaches.

No matter what type of devices you use, we encourage you to review each of these password manager programs in greater detail and select the one that best fits your needs. If you need assistance, we can help you select the best password manager for your business, so feel free to contact Ontech’s support team at 262-522-8560.

Do You Have What It Takes to Avoid a Phishing Attack?

How to spot a phishing email

If you use a computer for work or business, you’re constantly at risk.

Cyber-attacks are coming faster than ever, and hackers have learned from their past mistakes. Modern phishing attempts are more sophisticated, and therefore more dangerous than those just a few years back.

Why are phishing attacks so prevalent?

Consider this statistic; according to a recent cyber security report by Verizon, a hacker who sends out 10 phishing emails has a 90% chance that at least one person will fall for it. 

Cyber criminals are playing the odds, and the odds are very much in their favor.

So how do you protect yourself now that phishing attempts have become ubiquitous and increasingly successful?

While some phishing attempts are painfully obvious – we all know a Nigerian prince does not have millions of dollars with your name on it – others are more difficult to spot.

You’ve likely received a phishing attempt from PayPal, your banking institution or even Microsoft and had to give it a second look to confirm whether it was legit. If you have a PayPal account or use Office 365, you are a prime target for this type of sophisticated phishing attack.

How to Spot a Phishing Email

In the old days, spotting a phishing email required nothing more than a basic grasp of the English language. Back then, emails were filled with broken English, spelling errors and grammatical mistakes, but modern attempts are more sophisticated, and far more difficult to spot.

If you want to avoid becoming the next victim, you need to stay vigilant. Here are some key things to look for as you work your way through your inbox. If you spot any of these warning signs, the email in question definitely warrants a second look.

  1. The email is unexpected and unsolicited. Did you receive a confirmation email for a shipping notice, an order you did not place, or a notice from the bank you were not expecting. If so, proceed with caution.
  2. Your name is not included. Hackers send out bulk messages in hopes of scoring a few hits. They do not have the time, nor the inclination, to personalize their messages. Red flags should start flying if the sender does not address you by name.
  3. The sender makes veiled (or open) threats. That threatening tone has become a hallmark of modern phishing attempts. From IRS threats to imminent arrests by the FBI, hackers are pulling out all the stops to scare people out of their hard-earned money.
  4. The email includes links. Infected links are the prime source of danger from phishing emails, so think before you click. If you have any doubts at all about the legitimacy of the email or sender, call for verification before clicking on any link.

Test Your Skills

phishing alertYou might think you have what it takes to avoid a phishing attack, but how can you really be sure?

With a 90% success rate, those hackers are catching new victims every day.

Each time you receive an unexpected email, ask yourself the following questions.

Or better yet, take this handy quiz and pass it along to family members, friends, and co-workers.

  • Did you check the sender’s email address? If the phishing email is coming from a hacked personal account, the address may not match the purported sender. (i.e. vs
  • Did you verify the link? Clicking on an infected link could have devastating consequences. To see where a link goes, just hover your mouse over it, or right click and paste the link into a plain text document (not your browser). A mismatch between the purported sender and the link should be a dead giveaway.
  • Is there a strong sense of urgency? As mentioned earlier, many phishing emails use threats or an impending deadline to urge victims to take action quickly.
  • Does the email include complete contact information? If the email is vague on contact details and instead includes a general sign-off such as “Regards, IT Help Desk”, definitely give it a second look.

Above all else, engage in phishing attack prevention techniques, stay vigilant, and always err on the side of caution.

If you believe you have already fallen for a phishing attack, just give Ontech Systems a call at 262-522-8560. We can help you recover from the attack and provide you with the information you need to guard against phishing attacks in the future.

Google Rating