As a well-equipped executive, there are four key topics that you should be fully educated on:
Security Backup and Recovery
Users and Networks
Data Access
Security Management
3. Data Access
Once upon a time, the perimeter of your network acted as the walls of your building. Today, however, networks are becoming more complex and with the increased mobility, remote/branch offices, home offices, etc. new dimensions have been created and boundaries have been extended. What do you know about the users of your network?
Mobile users: where have they been?
Do-it-yourself IT: Are your users trying to resolve technical issues themselves? You never know what door they will open on accident.
Guest Users: who are they really?
Although the consequences your network users may cause are most likely unintended, they can still be detrimental to your business. Some common issues pertaining to data access include users creating “work-arounds” – or finding quicker ways to resolve an issue other than the proper (and more time-consuming) way; they open holes in your network; ultimately, their actions expose you to risk. You may be asking yourself: “how has my system become so vulnerable to such risk?” Common causes of security risk are:
Systems are too easy
Systems are too complicated
IT administrators don’t know better
Executives aren’t security-minded
Is security a low priority within your organization? Certain factors relating to the way you run your business may contribute to your lack of concern regarding security and therefore, your increased risk of vulnerability. Such factors and commonly held misconceptions regarding security include:
Your organization lacks a culture of security
Security is complicated
Security is working when nothing happens
Security is considered wasting money, time and energy
Small “family” companies promote a false sense of security
“I’m not a target!” attitude
The problem is, these mindsets and beliefs can lead to a whole mess of issues for your business leading to complex issues beyond your scope, inconsistent rules throughout your organization, an insecure network and/or insecure communications. In order to avoid these problems, try these “data access to-dos:”
For more information on how to implement an effective backup policy, join SonicWALL and Vertical IT on October 6 for our RISK event. Click here to learn more.
As a well-equipped executive, there are four key topics that you should be fully educated on:
Security Backup and Recovery
Users and Networks
Data Access
Security Management
2. Users and Networks
Two of the biggest hurdles when running an organization is first, understanding that your employees do not have as much stake in the business as you do and therefore are not going to care as much, or be as careful, about keeping data secure. Second, is trying to get them to care. Users, or employees, often don’t understand the impact of their actions on the entire organization. Some of them may hold an “it’s not my data, it’s the company’s” attitude. Or, perhaps they are just busy and forget a step the in backup and security procedure.
Some issues to be aware of in relation to use of your network are:
Spyware (type of malware – malicious software – installed on computers, typically hidden, which collects bits of info about users at a time without users knowing it) is rampant.
Viruses are still circulating; and new ones are still being developed
Personal issues affect work life
Network resources are oversubscribe
- Personal files kept on work computer
- Bandwidth consumed by media use
User activities that can cause spyware to be installed include downloading files, surfing the Web, Facebook, etc. Activities that use large amounts of bandwidth, thus slowing the system and making it more vulnerable to attacks include YouTube, downloading files, instant messaging and Internet radio, which uses 25 percent of bandwidth. Some of the common reasons for misuse of company time and networks are that:
Users are careless
They don’t know what is ok or appropriate, and what isn’t
Networks aren’t self-defending
Business executives are not IT savvy
Network administrators are firefighters
Some potential solutions to these issues are:
Layer security systems
- Antivirus, anti-spyware, permissions
- Content filtering, access rules
- Anti-spam and ani-phishing
Implement centralized management
User education & training
Encourage users to take ownership of their work; make them feel like what they are working on is their data.
For more information on how to protect your network from user misuse, join SonicWALL and Vertical IT on October 6 for our RISK event. Click here to learn more.
As a well-equipped executive, there are four key topics that you should be fully educated on:
Security Backup and Recovery
Users and Networks
Data Access
Security Management
1. Security Backup and Recovery:
Your first question may be “what all do I need to backup?” Although the simplest answer is “everything” – some key components to consider are: file servers, email servers, database and application servers, desktops and laptops. Did you know that even though laptops are often times one of the most important assets to a business, they are often the least protected?
It is not uncommon for some to run across an issue here or there when initiating the data backup process. Examples of such issues are too many files; backup system not being adequate; user files on desktops; remote workers taking responsibility for backing up company data; and backing up only what is onsite, not remote. The cause of such issues is most commonly due to the monitoring process in place, or lack there of. Some questions to be raised when creating a security backup policy are:
Who decides what to backup?
Where do users store data?
Who’s watching the backups?
Where are the laptops being used for company business?
It is important that a company’s backup process is as seamless as possible. Running across issues such as those listed above can result in a number of losses for the business – loss of data, time, opportunity costs, business development or intellectual property. Fortunately, there are some preventative measures to take in order to avoid these losses. Here are our backup to-dos:
Redirect users’ My Documents folders
Agree on backup selections
Monitor backup jobs
Add laptops to backup system
Implement offsite backup rotation
Layer with Internet-based backup
For more information on how to implement an effective backup policy, join SonicWALL and Vertical IT on October 6 for our RISK event. Click here to learn more.
Vertical IT understands the importance of community involvement and the feeling of accomplishment associated with contributing to the community and supporting a good cause. Because VIT takes pride in its team members’ commitment to the community, every employee is given a “Giving Day” each year.
Vertical IT’s system engineer, Ben Ruggiero, has been the primary engineer for University Area Community Development Corporation for quite some time. UACDC is charitable organization whose mission is to obtain the necessary resources, support and direction to improve public safety and uphold a community where great social, financial, educational and health-related challenges exist. In addition, UACDC works to strengthen Hillsborough County’s socially and economically vulnerable communities through various activities and programs.
Ben shared with us his Giving Day experience at UACDC’s golf tournament:
“Each year, UACDC sponsors a golf tournament to raise money for such community challenges. Being onsite at UACDC bi-weekly, I see firsthand the lives that are touched and improved. Because of this, I felt moved to participate and donate to such a cause. This was my first year participating in the golf tournament and I look forward to upcoming years where I can be a part of such a great organization. ”
In the spirit of those that dedicate their time and hard work to bettering our society, Vertical IT and the Nonprofit Leadership Center of Tampa Bay have teamed up to present Wired for Good: Technology for Nonprofits this Thursday, August 26. Technology can help nonprofits improve services, decrease costs, increase clients and donors, and accomplish their mission. Implementing new technologies throughout a nonprofit is not easy. One must understand what they are asking of a given technology, budget for it, put a risk management plan in place and be prepared to evolve. Topics to be addressed include: protecting yourself from the risk of losing data, using Outlook to its potential and several inexpensive tools that are being used by organizations with big missions and small budgets. Learn more and register here.
Vertical IT understands the importance of community involvement and the feeling of accomplishment associated with contributing to the community and supporting a good cause. Because VIT takes pride in its team members’ commitment to the community, every employee is given a “Giving Day” each year.
Steve Shaw, Vertical IT’s director of service delivery, has recently spent his Giving Day supporting the JA (Junior Achievement) Worldwide’s See Program. The purpose of the program is to encourage 8th graders to stay in school by presenting JA’s Economics for Success program. Steve shared his Giving Day experience with us:
“I spend the day facilitating a program that helps students understand that they have choices and that these choices influence their future. The students are given opportunities to participate in several games that mimic real life decisions we all face. Hopefully, they see the correlation between education and increased earning potential, and the benefits that brings. I got involved with the program because I’m concerned about the dropout rate among high school students. Nearly one in four students in Florida don’t graduate from high school.
I first became involved with the JA program through the Saturday scholars program when I lived in Lewisville, Texas. I was involved in mentoring middle school children for more than seven years. Increasing the number of educated individuals in our society helps us to better compete in a global economy. Given our county’s $13 trillion debt, I believe that we can build a brighter future for our country if everyone learns to be self-sufficient and education is the first step in that process.”
August 10th, 2010 by Tim Coker Director of Technology
It’s hard for most of us to imagine how we got through the workday before smart phones arrived. These indispensable tools carry just about everything we need for us to stay productive anytime, anywhere. But should you lose that phone, privileged company information can be accessed by the wrong parties. If you’re unlucky enough for your phone to end up in the hands of someone intent on some serious malfeasance, the loss of that phone could end up severely compromising not only your company data but that of your clients as well.
When it comes to smart phones, the BlackBerry, Windows Mobile and iPhone devices all offer remote wipe capability. A BlackBerry can be programmed so that you can remotely wipe all information stored on the device as soon as you discover that it’s gone missing. Both Windows Mobile devices and iPhones can seamlessly connect to Exchange servers and can be cut off from the mail server just as easily in the event of a loss or theft.
The Droid phone, on the other hand, is the least secure option since it can’t be wiped remotely. However, you can still disconnect your Droid from the corporate mail servers if it’s set up to connect to a Microsoft server.
To add an extra layer of security to your device, you can also consider an add-on server-based application from Motorola, Good Mobile Messaging, to manage your company’s smartphones (sorry BlackBerry users; this does not apply for you). The app lets you both provision and remove services in just a few clicks. This is a highly effective way to manage multiple platforms centrally to make both the IT administrators’ and users’ lives easier. And more secure. If you have questions about your smartphone’s security, drop us a line at vitinfo@verticalit.com.
A network engineer, working for the city of San Francisco was sentenced to four years in prison this month for withholding network passwords. Although there is debate on the amount of harm the withholding of passwords was really capable of causing, the point is that the city did not have access to its own privacy information. The possibility of such an occurrence does not typically cross a CEO’s mind often enough. Such an event could cause serious problems for an organization.
This story is not only a prime example of why all network-related passwords should be documented and in the possession of executive leadership, but also why a proper information technology security policy should be in place for your organization. For more information on enforcing a thorough security policy, click here. For more information on monitoring your IT department, click here.
August 5th, 2010 by Tim Coker Director of Technology
As a CEO, you are a leader by nature. Although you hire those that you think are the best fit for each department of your company, you may not know exactly what is required for each department to run at peak performance. Even if you don’t currently understand, or have an interest in learning all that is involved with an IT leader’s job, you need to know how to verify that your IT department is doing its job. Our staff at Vertical IT has provided some tips to help you conquer the “land of the unknown,” and understand how to make sure your IT department is running at top performance:
1) Battery backups: Test regularly. If they are configured to power manage a server, test for proper shutdown/restart.
2) Backups being the most critical part of a disaster recovery plan are often one of the most overlooked and neglected parts of the IT world. Complacency tends to set in as the system reports that the backup was successful only to find out that when the rubber meets the road and you need to do a restore, you get a media error (bad tape) or you find that data you’re looking for is not included in the backup set. Every IT DR (data recovery) Strategy should include documented “test restores” of the data on a regular basis to verify the validity of the backups. If your systems are running server imaging (such as BESR or vRanger) as part of the backup, these systems should be fully restored to a test environment as well. This is so critical, Vertical IT includes this service as part of our Care4IT process to help ensure your organizations data is protected. With hurricane season knocking at our door, now is the time to make sure this process is in place for your organization. If you’re in doubt, contact your CAM (care4IT Manager) today to find out how Vertical IT can assist you with your organizations disaster recovery strategy.
3) I have one word for you…security…we all know that we have to have it and in the computer world this can be a very complex task not to be taken lightly. Just as at your home you have security, such as locks on the doors and windows, an alarm system, possibly a big (or at least a loud) dog, etc. In the computer world, we need to have layers of security as well. One of these layers is security updates from Microsoft that need to be applied to the servers and workstation on your network. This task can be centrally managed and audited via Windows Server Update Services (WSUS). WSUS is a free console from Microsoft that should be setup on a server in your network to manage these critical updates (don’t worry, if you are one of Vertical IT’s care4IT clients we already have this running for you). From the WSUS console, updates can be approved for the servers and workstations on your network and pushed out to them for install. The computer will then report back to the WSUS server to let us know if the updates were successfully applied or if there were errors during the install. To verify your systems are up to date these reports should be looked at on a regular basis. If you’re not sure how the update security is on your network call your CAM today to schedule one of our engineers to run an assessment on your network, in under an hour we can let you know if this “door is locked”.
4) UPS battery backups. It is a good idea to make sure that you have your servers on battery backup and that those are sufficient for safe shutdown during this stormy season.
5) I’ll tell you what I think is the most important thing a CEO needs to realize about IT. There needs to be a strategic plan for an organization’s IT spending in place. Does the CEO feel like every time he talks to the IT group they need to spend more money on an emergency? All systems should follow a planned existence, just like the trucks at a delivery company or heavy equipment at a manufacturing plant. Can you imagine a delivery manager buying a new truck and running it without any maintenance until it breaks? He might get 9-12 months of service from a truck that could last 8-10 years if maintained correctly yet, this is exactly how many companies treat their IT resources. A short-term and long-term plan define how much will be spent on upgrades, maintenance, growth and administration. Furthermore, the IT budget needs to be set aside and protected like any other critical asset’s budget. Any changes to the organizational structure also need to be considered from an IT perspective. Adding a new department of ten people means an immediate budgetary increase and should be included as part of the capital cost of the growth, not a burden on the currently projected IT budget. Vertical IT can help with this strategic planning through our CIO services.
6) Managing the size of your data. We often see servers or services like email shutting down because of a lack of disk space. The two most common problems are shared folders (including private user folders) and Exchange databases filling up available space. Both issues can be managed by implementing quotas on shared drives and mailbox sizes. Monitoring drive space and being proactive with users by having them delete or archive old data and emails.
August 5th, 2010 by Tim Perlewitz Systems Engineer
With the release of the new vSphere 4.1, the VMware virtual datacenter operating system continues to transform x86 IT infrastructure into the most efficient, shared, on-demand utility with built-in availability, scalability and security services for all applications, offering simple, proactive automated management.
Some other features and benefits of the new vShpere 4.1 include:
Performance and Scalability Improvements
Reduced Overhead Memory
DRS Virtual Machine Host Affinity Rules.
Memory Compression
vMotion Enhancements
ESX/ESXi Active Directory Integration
Configuring USB Device Passthrough from an ESX/ESXi Host to a Virtual Machine
Tech jargon can be confusing even for those who have a good working knowledge of technology. The only thing most non-techies want to know about technology is how it helps them meet strategic business goals or enables something to get done better, faster, or cheaper. Techies, on the other hand, may think they are discussing technology in layman’s terms because a term they’re using is just so common in their world that they can’t imagine anyone not knowing what it means. Take cloud computing and virtualization, for example. If you’re a techie, you’re probably sick of hearing and talking about these things – they’re old hat. Everyone knows what they’re all about and why they’re important. If you’re a non-techie, however, you may not have a clue what these things mean or why they are important to the business. Perhaps a techie tried to explain this to you once, and you were lost from the get go. If you’re a techie frustrated by the blank stares you’ve received from your less savvy colleagues, the following tips should help you communicate tech trends such as cloud computing and virtualization in simplified terms. Try them out at your next cocktail party.
Know your audience. If you’re unsure of their level of technical expertise, ask.
Avoid acronyms – non-tech people probably have no idea what you’re talking about. They will most likely either ask you to explain what every one of them is (which can be exhausting and makes using them in the first place pointless) or they will just smile and nod, not having a clue what you are referring to, and probably lose interest.
If you have to use jargon, pause to explain it immediately in as few words as possible.
Monitor your listener’s face. If he or she looks puzzled, glances off in the direction of the bar, checks the watch, etc., chances are that your explanation still baffles.
Venture capitalists often give this advice to startup companies: make sure your explanation of your company passes the Mom test. If you can explain the concept to your mother and she totally gets it, you’ve got a winner.
Have fun at that next cocktail party, and thanks in advance for not making us non-technical folks feel like dummies.
