It's All About the Data, Baby

I’ve been in IT for a long time - perhaps you have too.  In the late 80’s, when this industry was in its infancy, there were mainframes, minis, PCs and ATs.  Forget laptops–they didn’t exist and these new desktop computers (PCs and ATs) were (in my opinion) the first models which could realistically handle business functions.  

As time went on, we saw the value in sharing the data we were working with, thus the concept of File Servers and Networking developed.  Along came the internet and we had access to a world-full of information.  We could share information with other companies and access their information too, faster than ever before.  Instead of measuring data amounts in MB, we now measure it in GB and TB.  Instead of waiting a couple of days for snail mail, we now are impatient if we don’t receive information in an hour.  Waiting 30 seconds for a program to load is intolerable!

When this industry began, companies knew they would have to invest in an IT infrastructure and that it would be expensive.  A normal life span for that File Server or desktop computer was typically 5-7 years:  the OS wasn’t frequently coming out with new (required) updated versions and any hardware issues were affordably fixed. Machines got faster and more sophisticated.  Software allowed us to work more productively.  The price of hardware dropped.  We began accessing large volumes of information faster than ever before.

Then, thieves discovered the truth about computers and data:  the real value to a company is not in the hardware that we show as an asset on our Balance Sheet.  The true treasure lies in all of that information we type into our laptops, phones, handhelds, desktops and other devices day after day.  Think about it – we spend our days entering information into all sorts of places – sometimes purposefully, sometimes without thoughts of possible consequences.  Hacking is now a vocation – well funded and supported by people who discovered they can extort and/or use your information for their purposes and profit.

We no longer can responsibly expect to invest in our company’s IT once every 5-7 years.  The speed of technological developments is now congruent with the advancement of vulnerabilities and threats. Whether you are a sole proprietor or a Fortune 500 company, your IT world requires a well thought out infrastructure plan and strategy – and a budget. The Asset to your company does not appear anywhere on your Balance Sheet – the new asset is YOUR DATA. 

Consider all the obvious (potential) components which are the Foundation of Business Technology (using a Traditional Workforce Model):

Computers Router/Firewall/Switch Security Backup/File Storage Wireless Access Email (Commercial Grade) Phones Modem Internet Service Provider (ISP) Printers (networked or standalone) Web Presence 

Any of these can be vulnerable to attack or intrusion. 

Let me make some of you squirm in your chair a bit:

  • Is the password to your phone system or networked printer the default from manufacturer?  
  • Do you know if any of your people are saving critical files to their desktop which are not a part of your backup set?
  • Do you have an annual IT Strategic Plan and budget in place?
  • Are the patches and updates to all the above-mentioned hardware and software current?
  • Do you provide email best practices or Acceptable Use training to your people?

Now for two alarming statistics:

 Alarming statistic No. 1: According to the University of Texas, 94% of companies suffering from a catastrophic data loss do not survive–43% never reopen and 51% close within two years.

Alarming statistic No. 2: Seven out of 10 small firms that experience a major data loss go out of business within a year, according to DTI/PricewaterhouseCoopers.

We work so hard to keep our businesses profitable and productive.  Why would we willingly give away the company’s greatest asset, its data?  

Patty Zinn is the CEO of MicroSystems Management.

Share
  • Email
  • Next up: Kansas City BBQ and Technology
  • More in Operations
  • Kansas City BBQ and Technology

    Seems like a pretty obvious connection, doesn’t it?  Well, if you’re having trouble connecting the dots, KC was the proud host of the recently held Technology Councils of North America (TecNA) summer conference.  Roughly 120 folks from tech associations around the US and Canada gathered to share best practices, discuss industry trends and take back great ideas to their constituents. OHTec is a long-standing member of the association and we’ve always been diligent about attending the conference, sharing our experiences and actively stealing ideas from our colleagues.

    Seems like a pretty obvious connection, doesn’t it?                                                          KC

    Well, if you’re having trouble connecting the dots, KC was the proud host of the recently held Technology Councils of North America(TecNA) summer conference.  Roughly 120 folks from tech associations around the US and Canada gathered to share best practices, discuss industry trends and take back great ideas to their constituents.

    OHTec is a long-standing member of the association and we’ve always been diligent about attending the conference, sharing our experiences and actively stealing ideas from our colleagues.

    Some key takeaways form this year’s conference: 

    Tech Talent - it’s a challenge for everyone!

    • Interestingly, folks from KC have the same lament as we do in CLE:  it’s tough to attract from OUTSIDE the region
    • We're a little ahead of the curve in some talent areas due to our collaborations with, and work of, Regional IT Engagement and others
    • Tactical recommendations:  flexible a work arrangements are gaining steam with millenials, large scale, in-market collaborations seem to be more successful, be open to candidates who aren’t “perfect”
    • Our very own Patrick Antos, Manager of Talent Services, was a panelist on a tech talent recruitment breakout, sharing our success stories with programming and higher ed engagement

    Public Policy

    CompTIA shared that the House passed the Internet Tax Freedom Act, which we’d advocated for at the 2015 DC Fly-In, but it was unlikely for the Senate to pass it.

    • Electronic Communications and Privacy Act is sorely out of date with current technology and currently under debate for updating; OHTec will have the opportunity to lend support at an appropriate time in the near future
    • The 2016 DC Fly-In is scheduled for February 9-10; OHTec will be there! Blog readers/members interested in attending:  email us.

    Tech Events   KC2

    • Golf outings are dying (which is fine, since OHTec has never done one)
    • Colorado created a tech tour of different parts of the state to engage elected officials, tech companies and others - a very interesting idea
    • OHTec’s Tech Week received a lot of interest from our colleagues, none are doing one to our scale, but we got some great ideas to help build out our Tech Week even more

    It’s a short conference, just a couple of days, but the connections we make with our peers and the ideas we bring back are incredibly valuable. 

    Oh, and Kansas City BBQ:  as good as its reputation!

     

    Share
  • Email
  • Next up: Keep the Bad Guys Out of Your Network
  • More in Operations
  • Keep the Bad Guys Out of Your Network

    It might seem like data hacks are a given in today’s business environment. A 2014 study by the Ponemon Institute found that up to 432 million accounts had been hacked during a 12-month period leading up to the study’s release. Small businesses are especially vulnerable to hacking, according to Steve Giordano, the GM/owner of computer and IT services company TeamLogic IT. Small businesses are often thought of by hackers as being easy targets because the businesses tend to have the least amount of cyber defense in place.

    It might seem like data hacks are a given in today’s business environment. A 2014 study by the Ponemon Institute found that up to 432 million accounts had been hacked during a 12-month period leading up to the study’s release.

    Small businesses are especially vulnerable to hacking, according to Steve Giordano, the GM/owner of computer and IT services company TeamLogic IT. Small businesses are often thought of by hackers as being easy targets because the businesses tend to have the least amount of cyber defense in place.

    “Hackers release the virus into the wild and they hope that the virus finds its way into the network,” he said during a recent COSE WebEd Series webinar titled “Security Tips for Small Businesses: How to Keep the Bad Guys Out of Your Network.”

    More often than not, it’s the employees themselves who unwittingly let the virus in, he said. This is often done via emails that mimic the look of official emails from companies such as AT&T or Twitter. Employees are told they have to click to look at an unopened message on the social network or that they have an unpaid bill to look at, but clicking the link in the email actually activates the virus that can cause a business to come grinding to a halt.

    Even a small company with just 20 employees could potentially face hundreds of thousands of emails every year, Giordano said. That represents a lot of ways inside the business. And viruses can cause a lot of unwanted damage, from pilfering sensitive financial information, to encrypting crucial files a company needs while the hacker asks for a ransom to be paid to unlock the files.

     

    Security steps

    So what can small businesses do to make sure they’re protected? First, educate employees, Giordano said. Make sure employees are aware of how they might be targeted and also put policies in place, such as a password policy, to help keep things secure.

    Also, businesses shouldn’t rely on free antivirus software as free versions of the software often lack critical systems that the paid, business versions of antivirus have. “There’s a reason why it’s free,” he said.

    The cost of vulnerability can be high, Giordano said. Prevention, and backing up data daily, is the key to minimizing any potential hack-related losses.

    You’re going to look at downtime,” he said. “You have to put a value on that amount of downtime. You could lose data. I’ve seen situations where if companies lose all of their data, they go out of business in six to nine months. It can be that traumatic.”


     

    Want more expert advice? Check out Linktunity, an online forum connecting business owners with creative solutions to the tough questions they face every day.

    This article originally appeared in the September 7, 2015, edition of Small Business Matters.

    Share
  • Email
  • Next up: Keeping Score With Your Carrier
  • More in Operations
  • Keeping Score With Your Carrier

    Tracking key performance indicators (KPI’s) will help you know which carriers are keeping you on course to profitability. Using a scorecard that measures carrier performance promotes better dialog and provides a quantifiable way to measure the success of the relationship between all parties involved. Shippers scoring carriers on timeliness gain an objective way to evaluate service. In an environment without a scorecard, customers can claim carriers aren't on time, while the shipper has no visibility into why customers are complaining. Depending on your company’s goal, the metrics a shipper should track will vary. Two of the most popular KPI’s are on-time pickup and on-time delivery, which comes to no surprise. 

    Tracking key performance indicators (KPI’s) will help you know which carriers are keeping you on course to profitability. Using a scorecard that measures carrier performance promotes better dialog and provides a quantifiable way to measure the success of the relationship between all parties involved.

    Shippers scoring carriers on timeliness gain an objective way to evaluate service. In an environment without a scorecard, customers can claim carriers aren't on time, while the shipper has no visibility into why customers are complaining.

    Depending on your company’s goal, the metrics a shipper should track will vary. Two of the most popular KPI’s are on-time pickup and on-time delivery, which comes to no surprise.

    On-time

    If you are looking to implement on-time metrics, just remember – you must define what “on-times” means to you. Requirements differ based upon your industry, your own distribution center setup, and that of the consignees. For example, one shipper might define on-time as within 24 hours, while you define on-time within three hours.

    Communication

    Besides being on-time, communication is another important metric. Most carriers are very good at providing electronic data interchange (EDI) message, but not all are good at timeliness. It's critical that shippers know as early as possible that the carrier will be late, so quick notifications are essential when an exception is about to occur.

    Accuracy, Safety, Capacity

    Metrics on accuracy can include how effectively is your carries participating in official freight bids and are they submitting accurate information. Accuracy in billing is also important especially whether the carrier applies assessorial charges accurately. If a carrier keeps mis-billing, the shipper gets charged for every time a bill comes through. It takes more time and more effort to resolve exception invoices.

    Rating carriers on safety can be scored from the Compliance Safety, Accountability (CSA) system operated by the Federal Motor Carrier Safety Administration (FMCSA). Some companies will even score carriers based on their claims and the time it took to resolve them as oppose to quantity.

    One important metric in scoring carriers is capacity especially the consistency in which your carrier accepts committed freight. If a carrier gives a commitment to pick up 20 loads per week, than hold them accountable for it.

    Despite the metrics a shippers chooses to track, the data, EDI platforms, auditing & billing systems and other transactional systems need to be processed, then presented in a format that is easy to understand. Shippers should clearly spell out their performance requirements in a carrier guide and use carrier metrics as the basis for regular performance reviews, so nothing is ever a surprise. The goal is to stimulate conversations that reinforce your transportation partnerships.

    Share
  • Email
  • Next up: Know Your Ransomware Attacks Part I: Locker Ransomware
  • More in Operations
  • Know Your Ransomware Attacks Part I: Locker Ransomware

    In the first of this two-part series, we take a closer look at how to recognize a Locker ransomware attack and, more importantly, how to defeat it.

    This is the first story in a two-part series dealing with the different types of ransomware impacting businesses. Today’s installment focuses on Locker ransomware.

    Presently, the Interent is seeing two types of ransomware attacks, Locker ransomware and Crypto ransomware. We’ll take a closer look at Crypto ransomware in a future piece, but today let’s focus on Locker ransomware, which is not as dangerous if you know how to handle the attack.

    • RELATED: Get educated on the increasingly sophisticated tricks hackers are using to enhance their ransomware attacks.

    How to recognize Locker ransomware

    Locker ransomware usually attacks an individual computer when the user visits a compromised website. The user will receive a screen pop up stating that Microsoft, Apple or some other support entity has detected viruses on the computer. The message also states the user should not shut down the computer as all data will be lost. The “Do not shut down” request is usually strongly suggested. It also provides a phone number, usually toll free, for the user to call in order to establish a support session with a service technician. If you attempt to cancel the pop up, it immediately returns. Your computer is virtually locked up and not usable. 

    If the phone number is called, a service technican will attempt to estabish a remote session into the supposed infected computer. They will ask for credit card information and other information in order to allow the service technician to open a service session, sell you anti-virus and clean up the situation. They may also load software on the computer.

    How to defeat Locker ransomware

    The solution to Locker ransomware is simple: Shut off the computer. Do not re-start, but rather perform a complete shut down. You may not be able to perform a Windows shut down using software commands and if that is the case, perform a hard shut down by pressing and holding the computer’s power button. The computer is not usable as the cyber-criminal has it locked up via the connection to your computer. Shutting down breaks that connection and the cyber-crimminal loses his or her lock capability. Then restart normally and the pop up will not re-appear. Run a virus scan to be sure everything is normal.

    In summary, if you get hit with Locker ransomware do not panic and do not make that phone call. Simply shut down the computer and restart normally and all shold be fine.

    Steve Giordano is president of TeamLogic IT. Learn more about the company by clicking here.

    Share
  • Email
  • Next up: Know Your Ransomware Attacks Part II: Crypto Ransomware
  • More in Operations
  • Know Your Ransomware Attacks Part II: Crypto Ransomware

    Presently the interent is seeing two types of ransomware attacks, Locker ransomware and Crypto ransomware. Locker Ransomware is usually fully recoverable but Crypto Ransomware is very dangerous and costly. 

    Crypto ransomware usually attacks an individual computer when the user opens an email and then clicks on an enclosed link or attachment within the email. The crypto ransomware virus launches when the link and/or attachment is opened. The user will receive a screen pop up stating all data on the computer has been encrypted and provides the amount of ransom, the deadline to pay and instructions on how to pay in Bitcoin.

    If the entry point computer is conencted to a network, the virus will quickly spread to any network shared drives. That means, if the computer is connected to the company server and the shared folders on that server, all of those shared folders will be encrypted. If there is a portable storage device such as a usb drive connected to the entry point computer, all the data on that usb drive will be encrypted. Likewise, if there is a portable device connected to the server, all data on that device will be encrypted. There are also instances where the Crypto virus has spread to other network shares including file sharing programs such as DropBox. In short, if the virus can see the shared drive, folder or file, that data will be encrypted and rendered unaccessable and unsable unless the ransom is paid in the timeframe specified. Your data is useless until you pay the ransom.

    In order to minimize the chances and affects of a Crypto ransomware attack, businesses should do the following;

    • Educate employess on what suspicious emails look like. Many times, the email containing the link or attachment exhibits signs that indicate it is dangerous. Make sure your employees can spot the danger signs.
    • Implement business class licensed (not free) anti-virus and business class email spam filtering. Business class applications are best suited to block and capture phishing and other suspicious email.
    • Implement company policies and procedures that restrict/prevent employees from checking their web mail (Gmail, Yahoo, AOL, etc.) accounts using the company computers.
    • Lastly, implement business class backup that disguises the backup and does not allow the Crypto virus to see the network or server backup drive. If implemented properly, this backup can fully recover a network in as little as 1 hour with no lose of data and no ransom paid. 
    Share
  • Email
  • More in Operations