• The provider accidentally deleting your important data. This has happened before—even at some of the major cloud providers.
• The provider failing, leaving you unable to use the application until you find a replacement.
• Not being sure your cloud provider is actually keeping your data secure. History demonstrates your data may not be as secure as you think.
• The expensive cost to convert to the cloud; have you considered how expensive it would be to move from the cloud back into your own network?

In the next blog post I’ll discuss some ways you can mitigates some of the dangers.

Please post your comments on this blog.

It is imperative that all of your users learn about common dangers and follow best practices. Require them all to attend the training courses you provide. Next time we’ll focus on the best delivery methods.

Please post your comments on this blog.

These days, some viruses can “morph” at regular intervals—keeping their same dangerous functionality and avoiding the signature matching. An analogy would be someone being able to change their thumbprint one or more times each day.

Over the years anti-virus has evolved to include new ways to stop viruses. One way is to watch for dangerous behavior. The problem here is for the anti-virus tool to be able to discern if the dangerous behavior is being performed by a legitimate process or a virus.

Anti-virus vendors are constantly playing the “cat and mouse” game of keeping up with new virus strategies. This is one more reason to always stay current with the latest anti-virus offerings available.

Please post your comments on this blog.

There are easy to access tools that allow even unsophisticated criminals to monitor your traffic if you go through a hotel’s network. When you use one of the 3G services, this equipment doesn’t work anymore. Not to say that the 3G connection is totally secure, but all things being equal, it is almost always more secure than a WiFi or plug-in Ethernet port at a hotel.

Then there is speed. So many hotels have very limited bandwidth, and when the hotel is full of hotel guests using the Internet service, everything slows to a crawl. When your traveler whips out their 3G card, they may find that the access is much faster—especially if they are not in a fringe coverage area, and not in a very congested city.

Please share your experiences and post your comments on this blog.

In reality, an additional computer can be expensive and the chances are, at some point, some user will use that computer to access the Internet anyway and now the “banking only” computer is infected too.

There are other solutions, such as using VMware Desktop, to launch a “clean” browser to use for online banking, however VMware desktop is a little technical to set up and use for most senior executives. As time goes on, browsers are starting to run in their own isolated space that helps, too.

Another option is to use a product such as Faronics Deep Freeze that makes your home computer “go back to brand new” every time you reboot. That’s like having a new computer every time you sit down!

I feel the most probable solution is to make your home computers really secure and then use them for banking. This includes patches, anti-virus, a robust firewall, etc. If you want to take the extra step to get a separate computer, and make it super secure too, then you may decide that is best for you.

Please post your comments on this blog.

• A snapshot image of your servers every 15 minutes so, if a server crashes, you are able to quickly restore to 15 minutes before.
• The ability to, during the night, use available bandwidth to copy your data offsite to a secure data center in case something devastating happens at your site.
• In some cases, the capability to actually perform as a “crashed server” so your users can keep working even if a server crashes.

Generally, the business continuity appliances are sold and maintained by IT consultant firms in your area. The Barracuda is an example of an appliance you can get directly. Some examples of devices can be found at www.connectwise.net and www.barracudanetworks.com.

I encourage you to contact your local IT consultants to see what business continuity appliances they offer. Please post your comments on this blog.

Executives often want to know what steps to take when they purchase a new computer.

1. You may want to have a qualified IT professional help you reinstall the Windows 7 operating system without all the extra programs that come installed with the computer these days. Often, those programs are only for a 30 day free trial and the extra bloat just bogs down your whole computer. I like having a clean computer from the beginning.
2. Install a quality anti-virus program. If you are going to connect to the office, let a qualified IT professional from the office set up your client to the enterprise anti-virus / anti-malware / software firewall package they use.

   If the machine is strictly for your own personal use, you may choose to use Kaspersky, McAfee, Symantec, Trend Micro, or whatever your qualified IT professional is most familiar with using.

   Caution—there are many “download” programs on the internet that are really viruses so purchasing the boxed copy if often your best bet.

   Additionally, get the whole suite including the software firewall—not just anti-virus. Be sure to choose “update” before installing when prompted during the installation process since the CD will be older than the current version.

   You may need to edit settings for specific programs you “know are ok” if the firewall marks them as suspicious and restricts their activity. Just make sure you don’t accidentally enable a “bad” program to damage your computer.Schedule automatic full system scans daily—or at least weekly. They can happen during the night if you don’t want the scan to slow your computer down.

   Keep an eye on the automatic updates to be sure they are being applied as soon as they are released.

3. Backup. If you take time to understand it, image backup is the “way to go” for primary backups. Be sure to apply the updates regularly. Products include Ghost, True Image from www.acronis.com and ShadowProtect Desktop.

   As with any backup software, it is important to enable encryption of the media. That way, if anyone ever gets your backup drive, they won’t be able to read any of the private information without your password.

   After installing your image backup software on your new computer, always perform a backup and restore. This is “less dangerous to test” on a new computer since you do not have lots of your important data on the machine yet.

   I like the “Lights out Restore” option that works with many computers so you don’t need the product CD to boot if your computer crashes as long as the primary part of the hard drive still functions. Be sure to test Lights Out Restore before you actually need it since this feature does not always work with every computer.

   You may have at least 2 backup drives and alternate using them each time you backup.

   Additionally, you may also choose to augment your image backups to your USB drives with an online service such as www.sosonlinebackup.com in case you lose your laptop and your backup drives.

4. If you plan to give away your old computer, you will want to erase all of your data from the hard drive. It is best for a qualified IT professional to do this for you. Please read these helpful tips if you would rather do it yourself.
5. I also strongly encourage you to enable the full disk encryption on the laptop—hopefully it comes with that capability—Most computers do these days. You may want the help of a qualified IT professional to help you configure this option.
6. Regularly apply your Microsoft Patches—just be sure to use the “Check for Updates” option in Windows 7 instead of ever responding to an e-mail telling you to “get this update.” The e-mail is bogus and the “update” it refers to is most likely a virus.

   Microsoft normally releases patches on the second Tuesday of every month—and sometimes during the middle of the month. Note that the “automatic updates” setting is not always reliable—so checking manually is a good idea.

   Always have a good image backup before installing patches You always have a good backup anyway—right?

7. Computer manufacturers offer a way to get updates to their utilities and drivers too. The main computer manufacturer patches to get are the ones that say they are a “critical security update.”
   Be sure to make backups before installing the patches – I’ve had manufacturer patches mess up my computer but was always able to restore back to where I was before. Applications need to be up to date as well.

The care and feeding of a new computer these days can be involved, and the more solid a foundation you start with, the longer your computer will serve you well.

Please post your comments on this blog.

One effective way to disable USB ports is to fill them with epoxy glue—although this ruins the port. New ports can be purchased and added in the future unless the machine is a laptop.

Or, your qualified IT professional may be able to disable the USB ports in the system BIOS of the computer and then set a password for the BIOS so the user cannot re-enable the ports.

Using Windows, it is fairly simple in Group Policy Objects (GPO) to disable the “autoplay / autorun” feature. If you want to stop the USB from working completely, your qualified IT professional will use GPO settings to disable USB devices already installed and prevent users from installing more. For more information your qualified IT professional can visit  http://support.microsoft.com/kb/823732

Also, many anti-virus suites and even VPN clients offer some form of endpoint security that include the ability to lock down your USB ports. Your anti-virus or VPN solution may have that capability.

There are also third party tools that allow you to control USB devices such as Device Lock or ScriptLogic Desktop Authority.

Another method is using shared published desktops, application virtualization and streaming, or virtual desktops to deploy applications and then users cannot access the drives while using the applications you provide. Combined with GPO’s, your qualified IT professional can really lock users down.

Then, to allow users to use USB and reduce the chances of a lasting infection, and especially for public access terminals, these tools can reset the computer back to “square one” every time it is rebooted: Microsoft Steady State can be difficult to set up but it is free. There is also Returnil, which is free for some users, and Faronics Deep Freeze.

Please post your comments on this blog.

This company, like many, had separate networks for e-commerce and for administration. The IT professional had been telling his CEO that the organization was “compliant” based on the security of the office administration network—not the IT systems that actually process, store, and transmit credit card information.  He pretended to be shocked that he needed to secure the computers and network that actually handle the credit card data.

As IT professionals, it is important to know what we are talking about when we answer a CEO’s question. Especially if a wrong answer could lead to the CEO facing fines, lawsuits, and even the failure of a business. If we don’t know, the proper response is, “I do not know but I will find out.”

As a C-level executive, business owner, and as a manager, it is important to understand that, unfortunately, some IT professionals will tell you that you are compliant with specific regulations when they really don’t know.

I want to extend my gratitude to the IT professionals who do act responsibly!

Please post your comments on this blog.

IT security is frustrating and gets in the way of productivity. IT security can be expensive—but less now thanks to all of the competition in the marketplace for IT security products and services. Heck—lots of IT security is built into the Microsoft Server operating systems—and even Windows 7 for that matter. One just has to “turn it on.”

To me, the key concept relating IT security and productivity is to get away from the “either, or” way of thinking. In other words, you CAN have BOTH security and productivity! If you feel you have to give up productivity to be secure, I feel confident there is a solution that will let you have lots of both.

Granted, almost always, there will be some compromise. You may have to choose between being:

• 90% secure and 100% productive, or
• 100% secure and 90% productive

The choice is up to whoever will be held responsible for a data breach—probably the owner, CEO, board etc for the organization. I generally lean to the first option in many cases.

Key point: This decision is NOT and I repeat NOT up to IT. I feel it is IT’s responsibility to alert executives to any such trade-offs so that the executives can make an informed decision since they have to live with the consequences of their choices.

I wonder just how much money in the purchase price of a new car has to do with the door locks and the key used to start the car? How much added frustration do we experience in our lifetimes due to having to lock, unlock, and start our cars with a key throughout our lives? Yet, our vehicles are productive and secure without having major conflicts between those two attributes.

On a tangent: If users could “see” someone stealing their data or borrowing their computer the way they could see someone borrowing their car, users would be more attentive to IT security.

Please post your comments on the blog.