• A secure lock code
• Keeping all Apple patches up-to-date
• Setting up the Find iPhone in iCloud (allows remote wipe. In mid-November, someone stole my iPad and I was able to pinpoint the location and have the iPad back with me safe and sound.)

Apple is, in my estimation, working hard to get the iPad accepted and implemented in offices. To that end, Apple has adopted some security measures. This blog is directed at senior executives, so some of these terms may not make sense—and that is okay:

• Support for WPA2 for Wi-Fi security (both PSK and Enterprise)
• Support for VPNs
• Password support including options for complexity, length, forced changes, lockout, etc.
• Integration with Exchange
• Ability for the IT department to enforce policies
• Remote data wipe
• PKI support including code signing requirements

If you, or IT, want to know more, check out Apple’s security overview. In particular, their iPad Security Overview and Microsoft Exchange ActiveSync document.

I expect lots of posts on this blog. This is such a hot topic—so many more of these devices are in the hands of executives, and especially after the holidays.

Please post your comments on this blog.

• Of course, keep your own backups of your data in case the cloud provider ever loses your data and they cannot restore your data.
• Establish your own business continuity plan. This plan, which you may practice implementing one or more times a year, is what to do if your cloud provider fails.
• Have your legal advisor help you with your contract such that the contract includes clauses for both a service level agreement and a quality of service. The former specifies how much of the time the provider will be up and running for you to use their services. The latter specifies how quickly the service will perform. You want a rapid response as opposed to applications that function so slowly that your user productivity suffers.

Handled correctly the cloud can be very helpful. In case you missed them, the past 3 blog entries discussed the benefits of, cautions for, and dangers of moving to the cloud. Click the links below to read each of those blog posts:

• Big benefits of using the cloud
• Be cautious about using the cloud
• Dangers of using the cloud

Please post your comments on this blog.

• The provider accidentally deleting your important data. This has happened before—even at some of the major cloud providers.
• The provider failing, leaving you unable to use the application until you find a replacement.
• Not being sure your cloud provider is actually keeping your data secure. History demonstrates your data may not be as secure as you think.
• The expensive cost to convert to the cloud; have you considered how expensive it would be to move from the cloud back into your own network?

In the next blog post I’ll discuss some ways you can mitigates some of the dangers.

Please post your comments on this blog.

1) Hackers find ways to attack computers, and patches can be your best defense. Application patches are as, if not more, important than patching your Operating System – but patch both! Even Apple computers are not necessarily immune.

Be sure to make backups before installing the patches. – I’ve had patches cause problems on my computer but was always able to restore to the original configuration. You always have a good backup anyway – right? Too many users decide, “patches messed up my computer” and choose to install their patches “tomorrow.” Only, every day, they decide “tomorrow.” Sounds like meetings for your local procrastinators club – they’ve not had their first meeting yet. Install patches ASAP – right after your backup – ASAP. The process of making backups is addressed below. If you are concerned that you won’t find an issue until days later, then start using a different drive for backup – and only backup onto that drive once a week. That way you can go back if you need to.

It is unusual these days to have any serious problems after installing a patch. In fact, you will probably notice that bugs go away and new features are available.

Really. I mean it. Adobe Acrobat, Flash, Java, iTunes, and Microsoft Office are some of the most important – though patching all applications are important.

And, NEVER click on a link in an email message – you know that already. Even if the email looks like it is from a valid source, such as Adobe. Always delete that email message and open your application itself and ask it to check for updates. The “check for updates” may take some searching the first time and it is often under the “Help” heading in the application’s toolbar. For Mac users, the process is often much easier.

As described in step two below, using Windows update and Mac update will generally patch all of that organization’s applications as well as the operating systems.

Executives, skip on to the next step unless you are still saying to yourself, “I’m not going to install those stinkin’ patches!”

I dare you to post a valid reason not to install patches. I’ll fire right back, gently, at you unless you are using a compensating control such as never, ever, plugging your computer into a network cable and never ever connecting to wireless networking of any kind. Fine, then you don’t need patches, or e-mail, or an internet browser – you are an island. Not a useful situation in most cases.

Other compensating controls, and you may need to talk to your IT Professional about these, would be to use a product such as Faronics Deep Freeze on your machine – and yes there is a Mac version of this product too. As of today, the link for personal version is www.faronics.com/solutions/small-office-home-office/ Another compensating control is to only use e-mail and browsing in a virtual machine that you “open fresh” each time you start the virtual machine, etc. A common tool for virtualization is the VMware player for Windows and VMware Fusion for Macs. For more plain English “executive level” tips about using your computer this way, sometimes called Kiosk mode, please see
www.fosterinstitute.com/blog/banking-computer/

2) Regularly click on your “start button” which is now round on the left of your task bar, and type “check for updates” in the open field at the bottom of your menu. On a Mac, click on the apple icon on your task bar. Keep using “check for updates” and install the patches – until there are no more patches. The main patches are the “important” patches, though you may want to install the “optional” patches as well. Even if, after installing patches, your system says “no (important) patches available,” go click the option to check for updates again. You’ll eventually see why – there may be more patches that show up that need to be installed.

Apple tends to release patches anytime during the month. Microsoft normally releases patches on the second Tuesday of every month – and sometimes during the middle of the month if the patch is very important. Note that the “automatic updates” setting is not always reliable – so checking manually is a good idea.

Again: Always have a good image backup before installing patches You always have a good backup anyway – right?

3) If you didn’t buy Windows 7 – 64bit with the laptop, you may want to go buy a copy and install Windows 7 instead. Keep in mind that Windows 7 requires faster hardware than your old XP machine.

4) Whichever Anti-Virus program you are accustomed to is likely the best one for you. Most of the tools today are similar. As of today, if you don’t have anything, consider Norton Anti-virus Suite. Be sure to get the Internet Security Suite – not just anti-virus. I suggest going to buy the boxed version in the store rather than downloading the program. This is for security and also for ease of installation if you ever need to install again. Be sure to choose “update” before installing when prompted during the installation process since the CD will be older than the current version.

If you want to, during the installation turn off the anti-spam and the parental controls unless you need them.

You may need to edit settings for specific programs you “know are OK” if the firewall marks them as suspicious and restricts their activity. Just make sure you don’t accidentally enable a “bad” program to damage your computer.

Keep an eye on the automatic updates to be sure they are being applied as soon as they are released.

Schedule automatic full system scans daily – or at least weekly. They can happen during the night if you don’t want the scan to slow your computer down. The reason is that, when a virus comes into your computer, your anti-virus may not recognize the program as a virus. Some viruses are so new that the anti-virus won’t recognize them. Then, as you perform the daily full scan, you may find that viruses are detected that the original “live scan” did not recognize when the file entered your computer.

5) Ghost is still an image backup tool. Image backup is the “way to go” for primary backups. Be sure to apply the updates regularly. There are other programs besides Ghost that work well such as True Image from www.acronis.com and ShadowProtect Desktop. Personally, I’ve moved to ShadowProtect. It is not as intuitive to use for beginners; however if you feel comfortable with your machine, there are some useful features – especially if you are using desktop virtualization on your personal machine using, for example, the VMware player for Windows and Fusion for the Mac. Virtualization is another one of those technologies you’ll likely want to have your IT Professional configure for you.

For my Mac, I use Carbon Copy Cloner. Be sure to donate.

As with any backup software, it is important to enable encryption of the media. That way, if anyone ever gets your backup drive, they won’t be able to read any of the private information without your password.

After installing your image backup software on your new computer, always perform a backup and restore. This is “less dangerous to test” on a new computer since you do not have lots of your important data on the machine yet.

I like the “Lights out Restore” option that works with many computers so you don’t need the Ghost CD to boot if your computer crashes. Be sure to test Lights Out Restore before you actually need it since this feature does not always work with every computer. Shadow protect always, for full drive restores, defaults to this mode.

You should have at least 2 backup external hard drives and alternate using them each time you backup. Look for USB 3.0 drives – they are significantly faster than USB 2.0 – and make sure your new computer has at least one USB 3.0 port. The USB ports can be added as expansion cards to computers without.

Important: When performing a “lights out restore” or a “full restore” of some kind, you may find that the USB hard drive you need to restore from needs to plug into one of your USB 2.0 ports. It is still fine to use a USB 3.0 drive for fast backups, and to restore using USB 3.0 as well. If you find, during your test, that your USB 3.0 drives do not work for the restore, just plug the USB 3.0 drive into one of your USB 2.0 ports. This problem, if you even experience it, will be resolved as time goes on. This is just another reason why you “test” your backup and restore process during your initial installation.

Additionally, you may also choose to augment your image backups, backed up to your hard drives, with an online backup service. Many of these services now offer a plethora of additional features – such as allowing you to access files from any device anywhere.

6) You still need to destroy the data on any media that you decide to “give away.” There is an explanation at www.fosterinstitute.com/blog/erase-hard-drive/

7) I also strongly encourage you to enable the full disk encryption on your computer – hopefully it comes with that capability – Most computers do these days. Even Macs. You may want the help of a qualified IT professional to help you configure this option. Some versions of Windows 7 – such as Ultimate – even come with this feature built in. Macs offer this feature as well.

Please post your comments on this blog.

Your IT professionals have a great deal of control over what is, and is not, allowed into your computers. Furthermore, there is a great deal of control over what information is allowed out of a machine. These advanced settings can make the difference between your network being infected or not.

In case you wonder, your IT professionals can keep those users from modifying the firewall settings on their own. And, because of robust support for something IT professionals call GPOs, your IT professionals can configure all or even a subset of the computers in your organization rapidly and with just a moment’s notice.

As an executive, unless you already have a robust firewall in place, the “already included with Windows 7″ firewall is worth serious consideration.

Please post your comments on this blog.

Sometimes it is even better to have a buffer zone in-between your local network and the DMZ. In other words, for traffic to get into your network, the traffic will have to get past at least three firewalls.

Since this blog post is directed towards an executive level audience, I’ll invite IT professionals to contact me for more details. And, for any of you who are interested, click here to download a diagram that provides both a clear visual and also the details you will find helpful.

Please post your comments on this blog.

• First of all, they’ve either qualified as a “Competent Toastmaster” (Competent Communicator) or have similar skills.
• Do you make the mistake of thinking the best person to present is the person who created a process? Or the person who is responsible for attendees to take action? You’d better make sure that person has excellent presentation skills if you expect for them to hold an audience’s attention.
• In my experience, 9 out of 10 presenters, especially from IT, use verbal crutches such as fillers constantly.
  • Sometimes 25% of their presentation is made up of “uh” fillers.
  • Qualified presenters know that using a pause is far better than using fillers such as: “Uh”, “Um,” “You know,” “ And,” “Well,” “ah,” “er,” “like,” “actually,” “basically,” “exactly,” etc.
  • Do you know what’s interesting? The presenter will often have no idea they are using fillers.
• Attendees generally gain more from a presentation when the presenter knows how to make regular eye contact—with everyone in the room—that is not too long or too brief.
• Qualified presenters—if they are using PowerPoint, Keynote, or some other presentation tool —know to never read, and preferably, not even use bullet points during a presentation. The bullet points can be on handouts before, during, or after the presentation.
• Qualified presenters know to speak in the affirmative so they avoid saying, “do not think of a green popsicle.”
  • What did you think of? Right… a green popsicle.
  • That’s why when a presenter says, “Do not use USB drives,” some of the attendees will swear they heard the presenter say to use USB drives.

There are many books on the basics of presentation. Just make sure your presenter is qualified via the presentation skills, has already presented at least 100 successful presentations, is able to take questions on the fly, knows how to end on time, and—perhaps most important of all—is intimately familiar with the topic on which they present.

Please post your comments on this blog.

• Live “in person” presentations by a qualified presenter capture attendees’ attention and will improve their security awareness dramatically more than attending a web meeting.
• It is easy for a qualified presenter to keep attendees’ undivided attention for 90 minutes and increase their security awareness significantly.
• Qualified presenters know how to “read” the audience to know when to speed up or slow down, to use specific people’s names if that person starts to doze off since they were up all night with their newborn baby, etc.
• Require your qualified presenter to use live demonstrations. Nothing can replace “seeing the process in action.”
• Live presentations provide a unique opportunity for attendees to experience the reactions of their peers—and especially the reactions of the mangers they report to.
• Live presentations make it easier for attendees to ask questions and have them answered immediately. Usually when one person asks a question, several other people had the question too, so they benefit from the answer as well.

I’ve presented both online and in person many times. Experience has shown that in almost every case you will have a higher ROI with live training. ROI is measured based on feedback from my clients who say the live presentations dramatically increase user retention and they feel that retention provides the organization with increased protection against social engineering attacks.

Please post your comments on this blog.

• Provide 60 minutes maximum to help avoid losing attention.
• You can lose attendees’ attention before the meeting even starts.
• Attendees may choose to multi-task during the presentation anyway.
• If you have a qualified presenter, then videotaping a live presentation is generally better than recording a web meeting. Viewers often feel the presenter’s recorded presentation is more interesting than a web meeting.
• Experience with other organizations strongly suggests that your ROI will be better via a live presentation. Users “get it.”
• If you do choose to present a web meeting and/or video recorded live presentation, I suggest you notify the remote attendees ahead of time that they will be required to fill out an answer form (basically a test) afterwards. This may encourage them to pay even more attention during the presentation.

Next time I will focus on using a live presenter as the delivery method.

Please post your comments on this blog.

It is imperative that all of your users learn about common dangers and follow best practices. Require them all to attend the training courses you provide. Next time we’ll focus on the best delivery methods.

Please post your comments on this blog.