Archive for the ‘IT Systems’ Category

Newer Entries »

The Love of the Game

Friday, January 16th, 2009
Mike Eruzione, Captain of the 1980 U.S. Olympic Hockey Team

Mike Eruzione, Captain of the 1980 U.S. Olympic Hockey Team

I recently attended a customer appreciation event hosted by Cisco at the Sports Museum of America in Lower Manhattan. The panel discussion featured a number of executives of both Cisco and financial services companies that use Cisco networking solutions discussing the evolution of social media. The eye-opener for me was research cited by Carlos Dominguez, SVP of Cisco, who reported that the Butler Group found that time spent searching for information wastes 10% of an employee’s salary. In Prepare for the Worst, Plan for the Best: Disaster Preparedness and Recovery for Small Businesses (Wiley, second edition, 2008), I reported that putting in place a version control and file naming system saved me from wasting significant time in search and retrieval exercises. In fact, I put the system in place to mitigate against everyday disasters, such as human errors, but it had an immediate payoff in terms of improved efficiency.

Cisco and Social Networking

Cisco and Social Networking

The highlight of the evening was the keynote address from Mike Eruzione, the Captain of the 1980 U.S. Olympic Hockey Team, often referred to as the “miracle on ice”.  His optimism and enthusiasm were infectious. He drew many parallels between the economic and political climate in 1980 and the one we are experiencing today. His remarks focused on the miracle of teamwork, of which social networking is a part, which surely represents our more positive future to build from our current difficulties. He noted that in sports, as in business, everyone judges you on the result, whether it is a gold medal or a profitable quarter.

Cisco Reception

Social Networking

You are not evaluated on the effort you put into achieving that result. Eruzione was an inspiring speaker and what I most appreciated about his remarks was his love of the game; he loved the intrinsic rewards of playing hockey, he did not appear to be motivated by the extrinsic rewards of gold medals or fame. So it is with entrepreneurs; it is an inner-directed game for the sheer joy of it.

Tags:
Posted in IT Systems | No Comments »

Let’s Avoid Complacency with IT Security

Sunday, November 16th, 2008

Under the headline “Angry, Angry IT Guy Goes to Jail”, Silicon Valley blog Valleywag reports that “IT contractor Steven Barnes will serve a year in prison and pay $54,000 in restitution after being convicted of logging into a client’s network and deleting the Exchange database, among other things. Barnes claimed he acted after coworkers from Blue Falcon Networks, now known as Akimbo Systems, came to his home and took away his personal computers by force. Barnes reconfigured Blue Falcon’s server as an open relay for spammers, causing the company to be automatically blacklisted from delivering real mail.” Add this to the recent reminder I had posted of what to do to ensure that your IT systems are secure. Reinstating your e-mail privileges once your company is blacklisted is a major undertaking that you want to avoid at all costs.

Tags:,
Posted in IT Systems, Sabotage | No Comments »

Private, but Not Anonymous

Wednesday, October 15th, 2008
Caught!

Caught!

I was encouraged by a recent report that a U.S. federal court shut down the world’s largest spam operator. Not that I believe that this action will slow the tide of spam; indeed, the last time that the federal government shut down a spam operator, other players stepped in to fill the void, increasing the overall volume of spam. What I found encouraging was that three million Americans took the time to file complaints against this particular spam operator. But given the economic payoff of spam – it costs nothing to send and only a miniscule proportion of responses is necessary to make it profitable – it is unlikely that government or regulatory action can stop it. Market mechanisms are needed to change the risk/reward ratio for the spam operators.

Seth Godin had an interesting insight: he questioned what would happen if Google were to charge $1 annually for its Gmail accounts, payable on a valid credit card, rather than allow free account access? And what if Google would fine violaters of their anti-spam rules? They could change the rules of the game for spammers, as Google e-mails would be more readily accepted for their anti-spam provisions. Journalists have also taken matters into their own hands to reduce spam volume by sanctioning public relations firms that abuse them with frivolous, irrelevant pitches. Some journalists will “out” the offenders in trade communications, while others will blacklist them such that the p.r. firm pays a penalty in that future communications are not accepted in the journalist’s e-mail inbox. One reporter from the New York Times even went so far as to publish a spam pitch from a named p.r. firm to embarrass them into stopping.

Of course, such measures that the journalists are undertaking divert their time from more productive pursuits. But they are an attempt to address the anonymity that allows spam abuse to continue, by changing the risk/reward ratios for the perpetrators. Ultimately it is this market action that will address this abuse; the Federal Trade Commission is impotent to stop the spam tsunami, its recent enforcement action notwithstanding.

Tags:
Posted in IT Systems | No Comments »

October is National Cyber Security Awareness Month

Saturday, October 11th, 2008

Beware of botsDid you know that 71% of Americans are unaware of the fastest growing security threat, which is, according to the National Cyber Security Alliance, bots? Bots, a term derived from the shorthand of Web robots, are malicious software codes that seize control of computers. Without the user’s knowledge, a bot can commandeer the computer to send spam, host phishing sites or infect other computers with mal-ware. The bot can also harvest personal data, such as social security information that can be used for malicious purposes. Stefan provided tech assistance to a small business owner, a jewelry designer and retailer whose computer network had been taken over by bots. The bots used her small business network as a platform to spam the world with the punitive consequence that many Internet service providers blacklisted her business. Indeed, it was not until her own legitimate e-mails were returned to her as undeliverable that she began to suspect a problem.  As her retailing operation depends on an e-commerce website, this was devastating to her business. Stefan helped her to not only free her network of the bots (and protect it against future invasion) but to reinstate the credibility of her company to conduct business online. It took some weeks of effort on his part to persuade ISP’s to let the jewelry retailer’s business resume delivery of e-mails to their clients!

What are some of the indications that bots may be operating under your radar screen? Be alert to unusual error messages suggesting that applications cannot launch or disk drives cannot be accessed, as these may indicate a bot infection.  Also be alert to unusual e-mail activity, such as messages to your e-mail in-box bouncing back from undelivered mail messages that you did not send, which suggests that a bot is using your system to send spam. Another clue is the appearance of additional e-mail addresses in your small business accounts that you did not create.  The National Cyber Security Alliance is using the month of October to advise consumers on the risks of bot infections, which you can minimize with current anti-virus and security software, consistent with the recommendations in Prepare for the Worst, Plan for the Best: Disaster Preparedness and Recovery for Small Businesses (Wiley, second edition, 2008).  Be wary of downloading software from unfamiliar sources and do not click through or open suspicious e-mails or attachments.

Tags:, ,
Posted in IT Systems | No Comments »

Hurricane Ike’s IT Lessons

Friday, October 3rd, 2008

A Houston business owner contributed a piece to Forbes.com, titled “Hurricane Ike’s IT Lessons”. Click here to read the linked article. The lessons are consistent with what we had written in the first edition of our book in 2002, just after our experience of 9-11, and in the second edition, Prepare for the Worst, Plan for the Best: Disaster Preparedness and Recovery for Small Businesses (Wiley, 2008): build in redundancy, disaster recovery is stressful, simple solutions are best, etc. I would hope that every small business owner would learn these lessons the easier, rather than the hard way, so please read another person’s view to take the message to heart!

Tags:,
Posted in Hurricane Ike, IT Systems | No Comments »

Critical Computer Systems Held Hostage

Thursday, September 11th, 2008

A recent incident that crippled the City of San Francisco teaches a lesson for small businesses

Recently, a network administrator employed by the City of San Francisco locked down the City’s computer network. By keeping a single password secret, Terry Childs (no relation to me!) denied access to IT administrators, thereby crippling important municipal functions, such as the City’s payroll and law enforcement records. After spending several days in jail and meeting in secret with San Francisco Mayor Gavin Newsom, he gave up the password and power has been restored. Subsequent investigation revealed that Mr. Childs was a disgruntled employee with a criminal record; he had been arrested for aggravated robbery 25 years ago in Kansas.

As we had advised in the first edition of our book,  “A good network administrator builds his or her reputation on trust that has been earned throughout their careers. But even with the best service administrator in your service, you must still protect against the risk of internal sabotage. These measures are not difficult to implement and should be welcomed by your network administrator as being in the best interest of the organization.” How can your small business avoid San Francisco’s experience of being held hostage by a disgruntled network administrator?

1.    Apply basic auditing methods. There are simple auditing methods that you can apply and review periodically, such as identifying who accessed which files, who generated which external network traffic and who sent a large number of e-mails or attachments to which addressee. You should, of course, inform your staff that activities on the IT network are monitored and the results of these activities are not matched with personal information unless there is a compelling reason to do so. Ask staff to refrain from storing personal information on company computers. These guidelines should be formalized in company policy.

2.    Automate independent backups. It is critical to back up your business data and certainly your network administrator needs to have access to the backups in the event it becomes necessary to retrieve data in the course of ordinary business or emergency. But always have one backup mirrored on a site to which the administrator does not have access. There are tools that can do this automatically at designated times during the day. This mitigates your risk of sabotage. If the City of San Francisco had such a system in place, the Mayor would not have been compelled to visit a saboteur in his jail cell.

3.    Outsource your e-mail service to a third-party provider. I always advise small businesses to outsource their e-mail service to a third-party provider, as it is generally not cost-effective for them to manage these services in-house. This approach offers an additional benefit: it makes the e-mail system independent of internal systems staff, both reducing their work burdens and the opportunities for internal sabotage.

4.    Do not use any built-in “Administrator” accounts, but instead give two users administrative rights on the system. This way, each week those two people can independently monitor and audit suspicious activities on your network and system administrator tasks can be traced to their user identifications.

One of the key messages of Prepare for the Worst, Plan for the Best: Disaster Preparedness and Recovery for Small Businesses (Wiley, second edition, 2008) is that by preparing for the everyday disaster, you automatically build resilience for the more serious threat. No one wants to think about internal sabotage; it is deeply upsetting to imagine that your trust could be betrayed in such a manner. Thankfully, few of us will have to deal with this possibility. But what if San Francisco’s IT administrator had suffered an accident or a medical emergency (a statistically more likely outcome than the perpetration of sabotage)? The City’s IT systems would still be brought to a stand-still, without the solution of a jailhouse visit by the Mayor to retrieve the password. Restricting access to a single individual, no matter how apparently trustworthy, is not a good policy. Let your small business learn from the experience of San Francisco.

Tags:,
Posted in IT Systems, Sabotage | No Comments »

Newer Entries »