Yesterday, LinkedIn confirmed that millions of LinkedIn users passwords have been compromised. Later, LastPass’s and LeakedIn websites offered tools to enter your LinkedIn password to find out if it had been compromised. Why bother! Just change your password! It would take less of your time than going to one of these websites....and you should be changing your password regularly anyway.
I agree with Jim Bliss comment to article "How to Check If Your LinkedIn Password Was Stolen" on mashable.com:
Thursday, June 7, 2012
Saturday, May 12, 2012
"Disaster Recovery Plan" May Not Be Sexy, But It Will Save Your Business Assets
I think Dale Carnegie said it best "plan for the worst, and only good things can happen". In previous blogs I've talked about how 50% of businesses file for bankruptcy immediately after a disaster which prevents them from accessing their data for 10 days or more. 93% will file for bankruptcy within one year following a disaster. Clearly, these companies were ill prepared, and the worst happened because of this lack of preparation.
In the blog "What Kind of Disasters Can Put Your Business Out of Business" I discussed what were the most common disasters that caused these companies to file for bankruptcy. Many of these so called "disasters" do not fall in the category of "acts of God". In fact, the majority of these disasters are "man made" and therefore are 100% preventable.
It does take information to know what to do, and it takes motivation to implement a plan. Sitting on the information won't do you any good. You need to put that information into action. Now that I've outlined what can happen and how certain disasters can impact your business, you will need to know what can be done to prevent, mitigate or even recovery from these disasters.
The best approach to managing disasters is a combination of the following:
But, what is this disaster prevention and planning going to cost my business in time and money?
That is an excellent question, but you are putting the cart before the horse. You should first ask, "If a particular disaster strikes my business, what will be the financial impact on my business?" And, you need to determine not just the short term financial impact, but potentially the long term financial impact as well. Once you have put together reasonably accurate financial impact numbers, then you can start examining the disaster prevention and recovery planning costs. At this stage it is more like shopping for insurance.
In the next series of blogs I'll drill down into more detail about the most effective methods of disaster recovery and prevention planning.
In the blog "What Kind of Disasters Can Put Your Business Out of Business" I discussed what were the most common disasters that caused these companies to file for bankruptcy. Many of these so called "disasters" do not fall in the category of "acts of God". In fact, the majority of these disasters are "man made" and therefore are 100% preventable.
It does take information to know what to do, and it takes motivation to implement a plan. Sitting on the information won't do you any good. You need to put that information into action. Now that I've outlined what can happen and how certain disasters can impact your business, you will need to know what can be done to prevent, mitigate or even recovery from these disasters.
The best approach to managing disasters is a combination of the following:
- Disaster Prevention
- For those events that are within your control to prevent then take the steps necessary to prevent the disaster from occurring. Even if you are not confident you can 100% prevent the event, even reducing the likelihood or mitigating the effects can save money or even your business.
- Disaster Recovery Planning
- For those events that are outside your control then develop a plan to recovery from these disasters in such a way that produces the minimal impact on your business when that disaster strikes
But, what is this disaster prevention and planning going to cost my business in time and money?
That is an excellent question, but you are putting the cart before the horse. You should first ask, "If a particular disaster strikes my business, what will be the financial impact on my business?" And, you need to determine not just the short term financial impact, but potentially the long term financial impact as well. Once you have put together reasonably accurate financial impact numbers, then you can start examining the disaster prevention and recovery planning costs. At this stage it is more like shopping for insurance.
In the next series of blogs I'll drill down into more detail about the most effective methods of disaster recovery and prevention planning.
Saturday, March 24, 2012
What Kind of Disasters Can Put Your Business Out of Business
When a disaster occurs you will want be ready to recover and get your business up and running ASAP, otherwise your business might be a statistic. Considering that 93% of companies that lost access to their data for 10 days or more filed for bankruptcy within one year of the disaster, and 50% file for bankruptcy immediately, you can't afford not to be prepared...unless you are prepared to completely lose your business!
In order to prepare you need to know what to prepare for...
What kind of disasters caused the above mentioned businesses to file for bankruptcy?
As you can see, not all disasters are "Acts of God" out of your control. In fact, numbers 2 through 8 are 100% preventable. To prevent these disasters you just need to know what process, procedures, or products to put into place.
How did these disasters impact the businesses to the point of putting the company out of business?
The answer is actually pretty simple. Essentially, the businesses were unable to deliver their product or service to their clients because...
And the above is just to name a few causes, but you get the idea.
Next Blog: What steps you need to take to prevent the above from happening to your business.
In order to prepare you need to know what to prepare for...
What kind of disasters caused the above mentioned businesses to file for bankruptcy?
- Fire, flood, earthquake, tornado, or other natural disaster that caused major damage to the computer systems or completely destroyed the building where the business was located
- Theft of the major or all computer systems and/or data
- Electrical surges, brown outs, or power outages that caused electrical damage to the computer systems
- Act of sabotage which in most cases were directed at the most important data or database by a disgruntled employee or contractor
- A lawsuit brought against the company for lack of required data security
- Lack of sufficient environmental controls which caused the computer systems to overheat to the point of complete failure
- A virus infection which was designed to wipe out or erase all data on a computer hard drive
- Hardware failure from normal usage
As you can see, not all disasters are "Acts of God" out of your control. In fact, numbers 2 through 8 are 100% preventable. To prevent these disasters you just need to know what process, procedures, or products to put into place.
How did these disasters impact the businesses to the point of putting the company out of business?
The answer is actually pretty simple. Essentially, the businesses were unable to deliver their product or service to their clients because...
- Customers could not communicate with the business due to phone or email systems being unavailable
- Ordering, inventory, and accounting databases were lost or unavailable preventing the processing of customer orders
- The good name or reputation of the business was lost causing customers to go elsewhere because of lack of reliability, slow delivery of product, or lack of confidence their private data is secure
And the above is just to name a few causes, but you get the idea.
Next Blog: What steps you need to take to prevent the above from happening to your business.
Tuesday, March 13, 2012
Stuxnet: The Cyberweapon That Almost Blew Up a Nuclear Powerplant - Update
Back in September 2011 I wrote a blog article entitled "The Cyberweapon That Almost Succeeded in Blowing Up a Nuclear Power Plant" that told the story of the cyber attack on an Iranian nuclear power plant. Recently CBS 60 Minutes picked up on the Stuxnet story and created a 15 minute segment entitled "Stuxnet: Computer worm opens new era of warfare". Security professionals have been sounding the alarm for years that our power facilities, power grid, and manufacturing plants are vulnerable to sabotage by a cyber attack. I highly recommend you watch this video.
Friday, March 2, 2012
Windows XP Be Gone!
It is time to ditch Window XP! If your business hasn't moved to Windows 7, then the time is now...and here's why...
I'm not a Microsoft raving fan, nor am I an unofficial representative. Rather, I am just a computer consultant that has business clients and has to deal with the realities of the Microsoft dominance of the business computing market. When Microsoft came out with Vista and promoted its innovations, I took a pass and kept all my clients on Windows XP. Vista proved to be buggy, unstable and slow. Business needs systems that are reliable, stable and efficient. Waitng for Windows 7 proved to be the best idea. The improvements Microsoft made to Windows 7 over Vista were numerous and well worth the wait. It is fair to say that Windows 7 is my favorite of all the Microsoft operating systems.
Micosoft has annouced that it will stop supporting Windows XP in April of 2014. That may sound like along time away. But, let's get real! Lack of support means that there will be no security patches which will leave your computer vulnerable to the latest attacks. As a business you need to be in compliance with Federal and State data security laws and you can't be in compliance if you can't keep your systems secure. Also, lack of support means software vendors will stop making applications for Windows XP. So, increasingly your company will have fewer and fewer application options for new software or even updates to your current applications.
Your business needs to plan NOW for the transition.
Again, let's get real! You can't set up a new business computer and have all the functionality you have now with your old computer...in 5 minutes! Yeah, I know...you wish. It is going to take time and money. Plan your budget and plan for the time it is going to take to purchase, install, configure and train your staff.
And, if Microsoft stopping support on Windows XP is not enough, Microsoft is going to be coming out with Windows 8 by 2013 (And, maybe sooner if Microsoft can get is engineering act together!) Some of you may be thinking that it would be best to wait for Windows 8. You may be thinking choosing to transtion from Windows XP to Windows 8 would be fine. Think again. My recommendation is DON'T WAIT! Get Windows 7 while you can..here's why...
According, to Paul Thurrott who is a highly respected industry analyst for Window IT Pro magazine and SuperSite for Windows puts the reason into perspective, "Windows 7 was a minor update with extremely clear goals: Keep everything that was right about Windows Vista but make it faster, smaller, lighter, and more manageable. Windows 8, meanwhile, is a revolution. And these things take time." And, as a "revolution" as Paul Thurrott states, the operating system will most likely be like Vista was in that it will be buggy. Paul continues "...there's this measure of doubt that something has gone wrong....Some (developer) complaint posts are so long and so frequently commented on that they're actually locked because they've become too unmanageable. Finding a positive note here is next to impossible."
The wait for Windows 8 may take more time than you think, and there is a strong probabilty it won't be worth the wait for the intial release. But, regardless of what happens with Windows 8, Microsoft will continue with it's plan to phase out Windows XP. It is time to ditch Windows XP and move to Windows 7!
I'm not a Microsoft raving fan, nor am I an unofficial representative. Rather, I am just a computer consultant that has business clients and has to deal with the realities of the Microsoft dominance of the business computing market. When Microsoft came out with Vista and promoted its innovations, I took a pass and kept all my clients on Windows XP. Vista proved to be buggy, unstable and slow. Business needs systems that are reliable, stable and efficient. Waitng for Windows 7 proved to be the best idea. The improvements Microsoft made to Windows 7 over Vista were numerous and well worth the wait. It is fair to say that Windows 7 is my favorite of all the Microsoft operating systems.
Micosoft has annouced that it will stop supporting Windows XP in April of 2014. That may sound like along time away. But, let's get real! Lack of support means that there will be no security patches which will leave your computer vulnerable to the latest attacks. As a business you need to be in compliance with Federal and State data security laws and you can't be in compliance if you can't keep your systems secure. Also, lack of support means software vendors will stop making applications for Windows XP. So, increasingly your company will have fewer and fewer application options for new software or even updates to your current applications.
Your business needs to plan NOW for the transition.
Again, let's get real! You can't set up a new business computer and have all the functionality you have now with your old computer...in 5 minutes! Yeah, I know...you wish. It is going to take time and money. Plan your budget and plan for the time it is going to take to purchase, install, configure and train your staff.
And, if Microsoft stopping support on Windows XP is not enough, Microsoft is going to be coming out with Windows 8 by 2013 (And, maybe sooner if Microsoft can get is engineering act together!) Some of you may be thinking that it would be best to wait for Windows 8. You may be thinking choosing to transtion from Windows XP to Windows 8 would be fine. Think again. My recommendation is DON'T WAIT! Get Windows 7 while you can..here's why...
According, to Paul Thurrott who is a highly respected industry analyst for Window IT Pro magazine and SuperSite for Windows puts the reason into perspective, "Windows 7 was a minor update with extremely clear goals: Keep everything that was right about Windows Vista but make it faster, smaller, lighter, and more manageable. Windows 8, meanwhile, is a revolution. And these things take time." And, as a "revolution" as Paul Thurrott states, the operating system will most likely be like Vista was in that it will be buggy. Paul continues "...there's this measure of doubt that something has gone wrong....Some (developer) complaint posts are so long and so frequently commented on that they're actually locked because they've become too unmanageable. Finding a positive note here is next to impossible."
The wait for Windows 8 may take more time than you think, and there is a strong probabilty it won't be worth the wait for the intial release. But, regardless of what happens with Windows 8, Microsoft will continue with it's plan to phase out Windows XP. It is time to ditch Windows XP and move to Windows 7!
Saturday, December 3, 2011
A Computer Disaster Can Put Your Company Out of Business
"93% of companies that lost access to their data for 10 days or
more due to a disaster filed for bankruptcy within one year of the
disaster, and 50% filed for bankruptcy immediately." (Source: National Archives & Records Administration in Washington.)
Yes, disasters do happen, but we don't need to be helpless victims in the face of every disaster.
To prepare for various causes of computer system disasters there are two important approaches: prevent the disasters you can, and develop a recovery plan for those disasters caused by forces outside your control. There are many computer system disasters that are 100% preventable. Then there are circumstances that are out of your control like "acts of God" such as fire, flood, and earthquakes. Under those situations the best you can do is mitigate the consequences as much as possible. Whether you want to prevent disasters or mitigate the consequences of one you need a plan of action.
Why are so many small businesses ill prepared for a computer disaster?
This illustration provides an explanation: 3% of all hard drives fail on an annual basis. That statistic is constant whether you have one computer or 1000. However, there is a difference in perception between the company that has one computer versus a company that has 1000 computers. The company with 1000 computers experiences 30 computer hard drive failures each year. As result that company will have a process in place to replace those hard drives quickly and with as little disruption as possible. Contrast that with the company that has one computer. It may have yet to experience a hard drive failure. Therefore, there is a perception hard drive failures don't happen and are ill prepared and caught of guard when it does happen. I'm certain that the functioning of the computer system is just as important to the company with one computer as the one with 1000 computers. The difference is the company with 1000 computers has been taught through experience and developed disaster recovery process whereas the company with one computer has no experience with such a disaster and therefore is lacking the appropriate level of emergency recovery preparedness.
But, do you have to wait for a disaster to occur in order to learn what can happen and what you need to do to prevent that kind of disaster or be properly prepared with an emergency recovery process? Obviously, the answer is no. You can learn from your peers. What about that 1000 computer company? Don't you think that company may have some insight you would find useful? It is definitely very important for you to find an expert in this area. Lack of experience or knowledge can be extremely costly if that lack of preparedness results in the loss of your business.
Next: What Computer "Disasters" Can Be Avoided or Prevented
Yes, disasters do happen, but we don't need to be helpless victims in the face of every disaster.
To prepare for various causes of computer system disasters there are two important approaches: prevent the disasters you can, and develop a recovery plan for those disasters caused by forces outside your control. There are many computer system disasters that are 100% preventable. Then there are circumstances that are out of your control like "acts of God" such as fire, flood, and earthquakes. Under those situations the best you can do is mitigate the consequences as much as possible. Whether you want to prevent disasters or mitigate the consequences of one you need a plan of action.
Why are so many small businesses ill prepared for a computer disaster?
This illustration provides an explanation: 3% of all hard drives fail on an annual basis. That statistic is constant whether you have one computer or 1000. However, there is a difference in perception between the company that has one computer versus a company that has 1000 computers. The company with 1000 computers experiences 30 computer hard drive failures each year. As result that company will have a process in place to replace those hard drives quickly and with as little disruption as possible. Contrast that with the company that has one computer. It may have yet to experience a hard drive failure. Therefore, there is a perception hard drive failures don't happen and are ill prepared and caught of guard when it does happen. I'm certain that the functioning of the computer system is just as important to the company with one computer as the one with 1000 computers. The difference is the company with 1000 computers has been taught through experience and developed disaster recovery process whereas the company with one computer has no experience with such a disaster and therefore is lacking the appropriate level of emergency recovery preparedness.
But, do you have to wait for a disaster to occur in order to learn what can happen and what you need to do to prevent that kind of disaster or be properly prepared with an emergency recovery process? Obviously, the answer is no. You can learn from your peers. What about that 1000 computer company? Don't you think that company may have some insight you would find useful? It is definitely very important for you to find an expert in this area. Lack of experience or knowledge can be extremely costly if that lack of preparedness results in the loss of your business.
Next: What Computer "Disasters" Can Be Avoided or Prevented
Have you ever lost an hour of work on your computer?
Now imagine if you lost days or weeks of work – or imagine losing your client database, financial records, and all of the work files your company has ever produced or compiled. Imagine what would happen if your network went down for days, where you couldn’t access e-mail or the information on your PC. How frustrating would that be?
Or, what if a major storm, flood, or fire destroyed your office and all of your files? Or if a virus wiped out your server…do you have an emergency recovery plan in place that you feel confident in? How quickly do you think you could recover, if at all?
Many small business owners tend to ignore or forget about taking steps to secure their company’s network from these types of catastrophes until disaster strikes. By then it’s too late and the damage is done.
"93% of companies that lost access to their data for 10 days or more due to a disaster filed for bankruptcy within one year of the disaster, and 50% filed for bankruptcy immediately." (Source: National Archives & Records Administration in Washington.)
Your first response may be this is an astonishing statistic. But, is it all that surprising?
Obviously, this statistic would not even exist if all business owners had effective disaster recovery plans in place. I'm sure that these companies that declared bankruptcy after disaster thought their businesses were secure from the consequences the very disaster that put their company out of business. Unfortunately, there is a huge gap in the knowledge small business owner need to have in order to develop an effective disater recovery plan.
In the next series of blogs I will go over developing an emergency recovery plan for your business that will keep your business functioning through the loss of your computer systems or communication systems as well as loss of access to your company data and customer databases.
Having a disaster recovery plan is critical to not only your company continuing to conduct business but also staying in business.
Or, what if a major storm, flood, or fire destroyed your office and all of your files? Or if a virus wiped out your server…do you have an emergency recovery plan in place that you feel confident in? How quickly do you think you could recover, if at all?
Many small business owners tend to ignore or forget about taking steps to secure their company’s network from these types of catastrophes until disaster strikes. By then it’s too late and the damage is done.
"93% of companies that lost access to their data for 10 days or more due to a disaster filed for bankruptcy within one year of the disaster, and 50% filed for bankruptcy immediately." (Source: National Archives & Records Administration in Washington.)
Your first response may be this is an astonishing statistic. But, is it all that surprising?
Obviously, this statistic would not even exist if all business owners had effective disaster recovery plans in place. I'm sure that these companies that declared bankruptcy after disaster thought their businesses were secure from the consequences the very disaster that put their company out of business. Unfortunately, there is a huge gap in the knowledge small business owner need to have in order to develop an effective disater recovery plan.
In the next series of blogs I will go over developing an emergency recovery plan for your business that will keep your business functioning through the loss of your computer systems or communication systems as well as loss of access to your company data and customer databases.
Having a disaster recovery plan is critical to not only your company continuing to conduct business but also staying in business.
Subscribe to:
Posts (Atom)
Why LastPass’s and LeakedIn’s password checking tools (above) are really not a good idea:
1) They only check a subset of the leaked passwords. Therefore, even if you get a ‘clear’ result this can not be relied upon as there are many leaked passwords that are not checked against.
2) Recommending users to enter their passwords into third party sites is asking for trouble, desensitizing users to the problems of phishing.
3) Sooner or later (if not already) a site will spring up claiming to check passwords only to store them for nefarious use (yes, without a corresponding username / email address it is arguably less problematic; however, it would still be useful data for a cracker enabling them to hash the captured password and see if there’s a match and, bingo, you’ve done their work for them).
Far better advice, IMO, is to ignore the checking tools and just change your password.
Checking with these tools provides no security or assurance whatsoever.