• Of course, keep your own backups of your data in case the cloud provider ever loses your data and they cannot restore your data.
• Establish your own business continuity plan. This plan, which you may practice implementing one or more times a year, is what to do if your cloud provider fails.
• Have your legal advisor help you with your contract such that the contract includes clauses for both a service level agreement and a quality of service. The former specifies how much of the time the provider will be up and running for you to use their services. The latter specifies how quickly the service will perform. You want a rapid response as opposed to applications that function so slowly that your user productivity suffers.

Handled correctly the cloud can be very helpful. In case you missed them, the past 3 blog entries discussed the benefits of, cautions for, and dangers of moving to the cloud. Click the links below to read each of those blog posts:

• Big benefits of using the cloud
• Be cautious about using the cloud
• Dangers of using the cloud

Please post your comments on this blog.

Your IT professionals have a great deal of control over what is, and is not, allowed into your computers. Furthermore, there is a great deal of control over what information is allowed out of a machine. These advanced settings can make the difference between your network being infected or not.

In case you wonder, your IT professionals can keep those users from modifying the firewall settings on their own. And, because of robust support for something IT professionals call GPOs, your IT professionals can configure all or even a subset of the computers in your organization rapidly and with just a moment’s notice.

As an executive, unless you already have a robust firewall in place, the “already included with Windows 7″ firewall is worth serious consideration.

Please post your comments on this blog.

You may hear this referred to as SAAS Software as a service anti-virus. So far, at least three vendors are offering this service to business (not personal) customers including Symantec’s hosted End Point Protection, McAfee SaaS Endpoint Protection, and Web Sense’s Triton Technology.

One of the benefits of this technology is that your computers no longer need to have the latest “signature updates” installed. The latest signatures are, in theory, available in the cloud the instant your anti-virus vendor creates the signature.

Someday your anti-virus may be provided from the cloud too!

Please post your comments on this blog.

Please post your comments on this blog.

There are easy to access tools that allow even unsophisticated criminals to monitor your traffic if you go through a hotel’s network. When you use one of the 3G services, this equipment doesn’t work anymore. Not to say that the 3G connection is totally secure, but all things being equal, it is almost always more secure than a WiFi or plug-in Ethernet port at a hotel.

Then there is speed. So many hotels have very limited bandwidth, and when the hotel is full of hotel guests using the Internet service, everything slows to a crawl. When your traveler whips out their 3G card, they may find that the access is much faster—especially if they are not in a fringe coverage area, and not in a very congested city.

Please share your experiences and post your comments on this blog.

In reality, an additional computer can be expensive and the chances are, at some point, some user will use that computer to access the Internet anyway and now the “banking only” computer is infected too.

There are other solutions, such as using VMware Desktop, to launch a “clean” browser to use for online banking, however VMware desktop is a little technical to set up and use for most senior executives. As time goes on, browsers are starting to run in their own isolated space that helps, too.

Another option is to use a product such as Faronics Deep Freeze that makes your home computer “go back to brand new” every time you reboot. That’s like having a new computer every time you sit down!

I feel the most probable solution is to make your home computers really secure and then use them for banking. This includes patches, anti-virus, a robust firewall, etc. If you want to take the extra step to get a separate computer, and make it super secure too, then you may decide that is best for you.

Please post your comments on this blog.

Executives often want to know what steps to take when they purchase a new computer.

1. You may want to have a qualified IT professional help you reinstall the Windows 7 operating system without all the extra programs that come installed with the computer these days. Often, those programs are only for a 30 day free trial and the extra bloat just bogs down your whole computer. I like having a clean computer from the beginning.
2. Install a quality anti-virus program. If you are going to connect to the office, let a qualified IT professional from the office set up your client to the enterprise anti-virus / anti-malware / software firewall package they use.

   If the machine is strictly for your own personal use, you may choose to use Kaspersky, McAfee, Symantec, Trend Micro, or whatever your qualified IT professional is most familiar with using.

   Caution—there are many “download” programs on the internet that are really viruses so purchasing the boxed copy if often your best bet.

   Additionally, get the whole suite including the software firewall—not just anti-virus. Be sure to choose “update” before installing when prompted during the installation process since the CD will be older than the current version.

   You may need to edit settings for specific programs you “know are ok” if the firewall marks them as suspicious and restricts their activity. Just make sure you don’t accidentally enable a “bad” program to damage your computer.Schedule automatic full system scans daily—or at least weekly. They can happen during the night if you don’t want the scan to slow your computer down.

   Keep an eye on the automatic updates to be sure they are being applied as soon as they are released.

3. Backup. If you take time to understand it, image backup is the “way to go” for primary backups. Be sure to apply the updates regularly. Products include Ghost, True Image from www.acronis.com and ShadowProtect Desktop.

   As with any backup software, it is important to enable encryption of the media. That way, if anyone ever gets your backup drive, they won’t be able to read any of the private information without your password.

   After installing your image backup software on your new computer, always perform a backup and restore. This is “less dangerous to test” on a new computer since you do not have lots of your important data on the machine yet.

   I like the “Lights out Restore” option that works with many computers so you don’t need the product CD to boot if your computer crashes as long as the primary part of the hard drive still functions. Be sure to test Lights Out Restore before you actually need it since this feature does not always work with every computer.

   You may have at least 2 backup drives and alternate using them each time you backup.

   Additionally, you may also choose to augment your image backups to your USB drives with an online service such as www.sosonlinebackup.com in case you lose your laptop and your backup drives.

4. If you plan to give away your old computer, you will want to erase all of your data from the hard drive. It is best for a qualified IT professional to do this for you. Please read these helpful tips if you would rather do it yourself.
5. I also strongly encourage you to enable the full disk encryption on the laptop—hopefully it comes with that capability—Most computers do these days. You may want the help of a qualified IT professional to help you configure this option.
6. Regularly apply your Microsoft Patches—just be sure to use the “Check for Updates” option in Windows 7 instead of ever responding to an e-mail telling you to “get this update.” The e-mail is bogus and the “update” it refers to is most likely a virus.

   Microsoft normally releases patches on the second Tuesday of every month—and sometimes during the middle of the month. Note that the “automatic updates” setting is not always reliable—so checking manually is a good idea.

   Always have a good image backup before installing patches You always have a good backup anyway—right?

7. Computer manufacturers offer a way to get updates to their utilities and drivers too. The main computer manufacturer patches to get are the ones that say they are a “critical security update.”
   Be sure to make backups before installing the patches – I’ve had manufacturer patches mess up my computer but was always able to restore back to where I was before. Applications need to be up to date as well.

The care and feeding of a new computer these days can be involved, and the more solid a foundation you start with, the longer your computer will serve you well.

Please post your comments on this blog.

Will viruses and other malware contribute to injuries and deaths? Imagine diagnostic imaging machines, like X-rays and CAT Scanners, exposing patients to too much radiation due to a virus. Traffic lights not functioning properly, especially on a highway with high speed limits, could lead to a horrible crash.  Emergency services may already be delayed in their response due to computer malfunctions. The airline industry has plenty to worry about. What if trains fail to stop and crash into another train or the end of the line?

Apparently the Spanair diagnostic computer does not connect to the Internet so the infection likely came from an infected USB device, CD-ROM, or some other form of removable media.

Just last month, control systems manufacturer Siemens, who manufactures control systems, warned that malware called Stuxnet is spreading through infected USB devices to penetrate industrial control systems. I wonder if there are any control systems at nuclear power plants infected yet.

More and more regulations and laws are forcing organizations to wake up to the fact that IT security is very important.

Business executives and IT professionals alike must realize:Viruses and other malware do not necessarily make themselves obvious for the simple reason that, if you know a computer is infected, you are likely to have a qualified IT professional fix the problem.

• Anti-virus programs do not always catch all viruses
• Firewalls are not perfect either
• End users can, accidentally or on purpose, bypass some of the best security you set up

How many more people will need to die, how much more money will be lost, before people become aware of the importance of IT security?

Please post your comments on this blog.

One effective way to disable USB ports is to fill them with epoxy glue—although this ruins the port. New ports can be purchased and added in the future unless the machine is a laptop.

Or, your qualified IT professional may be able to disable the USB ports in the system BIOS of the computer and then set a password for the BIOS so the user cannot re-enable the ports.

Using Windows, it is fairly simple in Group Policy Objects (GPO) to disable the “autoplay / autorun” feature. If you want to stop the USB from working completely, your qualified IT professional will use GPO settings to disable USB devices already installed and prevent users from installing more. For more information your qualified IT professional can visit  http://support.microsoft.com/kb/823732

Also, many anti-virus suites and even VPN clients offer some form of endpoint security that include the ability to lock down your USB ports. Your anti-virus or VPN solution may have that capability.

There are also third party tools that allow you to control USB devices such as Device Lock or ScriptLogic Desktop Authority.

Another method is using shared published desktops, application virtualization and streaming, or virtual desktops to deploy applications and then users cannot access the drives while using the applications you provide. Combined with GPO’s, your qualified IT professional can really lock users down.

Then, to allow users to use USB and reduce the chances of a lasting infection, and especially for public access terminals, these tools can reset the computer back to “square one” every time it is rebooted: Microsoft Steady State can be difficult to set up but it is free. There is also Returnil, which is free for some users, and Faronics Deep Freeze.

Please post your comments on this blog.

Let’s see—the only way I can think of is to never share any client data with your employees—ever. Even without computers, if an employee is privy to client data, they may “steal” that and use it for other purposes.

The goal is to protect private client data—and you may choose to never enter that into a computer system your employees can access—or never enter it into a computer at all.

If your employees do want to access client data, and you just do not want the employees to be able to easily take large amounts of information, the challenges increase dramatically. Even so, the possibilities are closer than you may realize. Thanks to application delivery and virtualization technologies, you can allow employees to work from home, or the office, without having information stay resident on their computer. You can also restrict them from being able to:

• Save to a local drive
• Print information
• Copy and paste outside your protected space
• Or otherwise retain any information

However, there is little to stop an e-savvy employee from using a digital camera to take a screenshot, or using a yellow sticky note to write down someone’s credit card information or social security number. At least these kinds of activities take “time,” so you are restricting the speed of stealing data.

For what technology cannot solve, your corporate legal advisors can step in. They can help you with non-disclosure agreements, acceptable usage policies, and other agreements for your workers to sign. The key point here is that these do not necessarily prevent the theft, but they do provide you some recourse if the employee is ever caught.

There is even IT data security insurance. If your insurance provider does not offer this service, or if you want to shop around, I know someone who does offer IT security insurance.

In some organizations, prevention is crucial. Once the data gets out, the organization may be damaged beyond repair.

To prevent an employee from e-mailing themselves a client list, there are Data Loss Prevention DLP tools available in the world. They watch for suspicious behavior and can quarantine such messages before sending them out. That delay gives the responsible person in your organization the opportunity to stop the data before it leaves.

There are other strategies as well:

• Provide people with only the information they need to know. A good book full of these examples is Blind Man’s Bluff: The Untold Story of American Submarine Espionage by Sherry Sontag and Christopher Drew.
• Rotate employees through specific duties so their time to do harm is limited.
• Force employees to take mandatory vacations during which time illegal behaviors may be detected.
• Have a separation of duties such that it would be difficult for one employee to commit fraud all by themselves.

While “total protection” may result in your employees not being able to function, there are strategies that can provide you with both productivity and security.

Please post your comments on the blog.