Up your Security in 2012 to defeat Hackers and Identity Thieves
This article originally appeared on my SMB Tech Advice Blog...
Now that we are a little over a week into 2012, it is time to discuss a few things that I usually have all of my clients revisit every year - at least. It is no secret that the number of hacking attempts and identity theft in general are on the rise. There are a handful of things that you can do to help protect yourself from both of these, and most of them require little more than your time and attention.
The single most important thing I advise my clients to do in order to prevent being hacked or otherwise digitally frauded is to change your passwords often (at least once a year) and make them complex. Making a complex password is actually a simple thing. Remembering that password, however, is the challenging part. There are numerous utilities and applications out there that help with this as well. A good rule of thumb for password complexity is to use more than 6 characters, both upper and lower case letters, a few symbols, and make sure your password is not something that can be found in a dictionary. I will slide in a small recommendation here that I believe will help everyone in huge ways. Use words or phrases that are motivational as part of the password so that every time you type it, you are reminded of something positive. For instance, DoubleS@1es!! could remind you of your yearly goal to double sales from last year. AlwaysBN3tw0rk1ng!! could remind you to network at every opportunity you get.
Since it is 2012, make this year's passwords especially motivating since this could be our last year on the planet! If we happen to roll on past December 21, 2012, at least you spent the year working in a super positive mode, and that may pay off huge in 2013.
With passwords taken care of, the next two most important things on the list are to make sure your system updates (Windows Updates, Apple Software Updates) are all current and that your anti-virus is also updated. These two things close many holes that hackers can use to get into your systems and steal confidential information.
My last recommendation does actually cost some money, but it is vitally important and also frequently overlooked: the technologically advanced paper shredder. I can't tell you how many people do not have a paper shredder or use a paper shredding service. Make sure you get one that does cross-cut or confetti shredding, not just the strips. You want to make it as hard as possible for someone to reconstruct the documents you are attempting to destroy. More expensive shredders can also shred credit cards and CDs/DVDs that may contain sensitive information. I shred everything as I am semi-paranoid about these types of things, but at the very least, you should shred all personal, financial and business documents that you would otherwise throw away. You can also shred anything that has your name and address on it for that extra layer of security.
I hope these tips help you in 2012, and if you have any questions, please leave them in the comments section. Feel free to share this with anyone you think may benefit.
GSA Becomes First Federal Agency to Move E-mail to the Google Cloud Agencywide
According to a recent news release, the GSA has become the first Federal Agency to move e-mail to the Google Cloud agency wide. The subheading on this news release reads "Cloud-based e-mail to save $15 million over five years." This is an amazing bit of news on several levels.
First of all, the GSA has identified that cloud based solutions save a ton of money. This isn't news to the commercial world, but we all know things move a little slower in the government space. As a U.S. tax payer, I'm elated to see that the GSA will be cutting cost (e.g. waste.) and streamlining their operations with a cloud based offering. It's also great to see that they went to Google instead of flushing more money down the proverbial toilet with Microsoft. “Cloud computing has a demonstrated track record of cost savings and efficiencies,” said Casey Coleman, GSA Chief Information Officer. “With this award, GSA employees will have a modern, robust e-mail and collaboration platform that better supports our mission and our mobile work force, and costs half as much.”
Second, at some level, the fears about cloud security have been allayed. I won't speculate on how they were allayed or even if they were allayed totally, but someone decided that the cloud was safe enough for a government agency's email. I'm sure a security officer did due diligence and ensured that the data was safely segregated from any other tenants in the cloud and encrypted in some form. I really hope that there were requirements that all data must reside within the continental U.S. and not be accessed by anyone outside the U.S. other than GSA employees who may be traveling on business. (This is something that I think all companies should absolutely demand from a cloud provider: all data and services should be 100% U.S. based and not be accessible to any foreign entity.)
“GSA’s cloud e-mail award is in step with the Administration’s ‘cloud first’ strategy and demonstrates that agile, secure, reliable, and cost effective cloud options exist to rapidly improve agency operations and services,” said Dave McClure, GSA Associate Administrator of the Office of Citizen Services and Innovative Technologies.
I assume that over time the agency will train users on the use of Google Docs (Documents, Spreadsheet, Presentation, Form & Drawing) so that they can also drop the licensing costs for Microsoft Office on the Desktop. I'm sure that Docs covers 99% of the usage cases within the agency and that 1% can be met with a single license for the person who may use something Docs doesn't offer. I would also venture to say that if the agency put in a feature request, Google would be glad to oblige. Couple this with the ability of agency workers to chat and collaborate in real time on documents and you have a powerful platform to drive operational efficiency. I would also be willing to venture a large sum on the fact that the younger 'tech savvy' workers will be very happy to work in this modern environment as opposed to the archaic way of doing things on the desktop.
I applaud the decision by the GSA to move to the cloud, especially to Google's Cloud, and wish them the best of luck as they transition over. I would also be glad to offer my services if needed to ease the transition or help leverage their new platform.
How to manage social media usage in the enterprise.
Social media has made its mark on modern business, and I think it is safe to say that social media isn't going away anytime soon. Over time, employees have become more technically savvy and they have become hooked into social media as well. Mobile devices have overtaken PCs as the preferred method to interact with social media services. This presents a two-fold problem for companies seeking to maintain some semblance of order in a world where the end user now has many options to circumvent traditional IT controls.
The core issue revolves around private company data and how to protect it. Private information can include anything from legal documents to trade secrets that are key to a company's success. How do you protect this information when there are so many avenues opening up through which it can pass? It was hard enough to manage sensitive data when IT had almost total control of desktop PCs and laptops, but with the proliferation of mobile phones, tablets (like the iPad) and other mobile devices, this task has become just about impossible.
The social media world hasn't made this task any easier as it is data that they are after. The more user data they can pull in, the more money they can make. Most social media services are opening up all sorts of ways to import and share content. Many social media services have also been very sly about telling users exactly what it is they are sharing and with whom. Their privacy policies are horrendous and mostly allow them to get away with the equivalent of digital murder. Privacy defaults are usually set to gather and expose as much user data as possible. Some of that data could very well be your private company information. The worst part of all of this is that most of these scenarios take place outside of the company's control.
Social media, on the other hand, can be huge in terms of marketing and networking. To ban social media outright or severely limit the use of it would not only anger employees, it would exclude your company from interacting with a much larger potential customer base. In order to strike the right balance between leveraging social media and keeping certain information private, a two-fold method must be implemented.
The first method involves shaping a social media policy that will address the core issue of what remains private and what is able to be shared. Employees must clearly understand where the line between the two is. It is vital to train employees (on a regular basis) on what can and can't be said through social media channels.
Once that is clearly defined and understood, the policy must then explain how social media is to be used and how it is not to be used. Employees need to understand that although your company may allow social media within the work environment, it must be used in a way that reflects positively on the company and it must not negatively impact employee performance.
The second method involves company data controls and compliance. Limit the amount of company data that is flowing outside of the data center on laptops and other mobile devices. Look to technology like virtual desktops which reside within the security perimeter of your data center but allow employees to work remotely as needed. Ideally, the more you are able to keep company information in a centralized secure location, the less the possibility of an accidental (or intentional) exposure.
Lastly, have a policy in place to deal with information leaks and employees who do not comply with social media policies. This will position you to better respond (proactively) to incidents that will rise with the increased use of social media.
Need help with your social media initiative? We can help you! Contact us for more information.
My Twitter Stream
- Takin it back to the old days...cosmic bowling. http://t.co/KUo7CJZk 1 hour ago
- “@rackerhacker: I'm not sure what's more difficult: swimming with sharks while covered in raw beef or installing Spacewalk with Oracle."nice 5 hours ago
- haha... http://t.co/5TvhNSCD 5 hours ago
- “@Scobleizer: FAVORITE QUOTE OF THE DAY: "Any good product leads to porn," by @shl https://t.co/ZQYnNb3w” wow that's a stretch...lol 5 hours ago
- Its interesting how most of my discussions around #Private #Cloud are now centered around SCALE. Its about time. Next stop: #Hybrid Cloud. 8 hours ago