The Enemy Within

I worked at a spy shop once and saw a few interesting things. One was a fellow employee I will never forget. She was a bit on the eccentric side and would often emerge from the ladies room with a white powder dusting just around her nostrils. She was hyper and emotional, all at once. Then one Monday morning she didn't show up for work. She didn't come in on Tuesday either. By Wednesday morning we were all concerned since she hadn't even called in. That afternoon she strolls in with her hair all a mess and her shirt half tucked in. “Good morning!” she chirped as we all looked on in horror. When the guard asked her where she had been, she looked at him as if he was nuts. When she asked what he meant she looked visibly shocked to discover that it was Wednesday afternoon and not Monday morning. She blamed the episode on her roommate whom she swore was after her and she believed had reset her alarm clock. That was why she was two and half days late.

Well, she had to be escorted out of the building and suddenly a rush began to protect the business from any retribution on Crazy's part. The lesson learned here; protect yourself from the possible enemy within as well. Companies spend a lot of time and money on protecting loopholes and trying to make systems that cannot be hacked. Many times businesses forget about those who know the most about these security issues within the current system. Surprise, it's your current and former employees who know all the loopholes in your system. It's a fact that 4 in every 5 IT-related crimes have been committed from disgruntled employees, former fired employees, and even external service providers. All these culprits were insiders in the company at one time. All businesses should consider running background checks on all employees before hiring and change passwords immediately when employees leave.

End of story, while protecting yourself from external threats is valid and necessary; don't leave your business vulnerable to the nuts and vengeful you may have unintentionally invited in yourself. BTW, when her belongings were dropped off at her place, it was discovered she had no roommate…creeeeeepyyyyy.

Helpdesk Right At Your Desk(top)?

There once was a time when helpdesk was such a misnomer. It was more like help-over-the-frustrating-phone. Working in the bullpens of nationwide organizations in the mid ‘90's, I can recall the hair pulling experience of troubleshooting a printer problem for almost half an hour over the phone, when the client finally confessed that he had not been following many of my instruction because he “couldn't be bothered” and thought I should just know how to fix his problem off the bat without his “help”. Pins and needles, my friends, pins and needles (Honeymooners reference there for those that don't know it).

Oh what we would have given for remote access software. Oh how we would have rejoiced and made offerings to the mighty software gods for such powers. Now I write this of course from the techie's perspective, but I can well too imagine the dialogue of that one time client: “I had a printer problem and this company technician, whom I'm sure is overpaid, had me clicking around for almost two hours. She had no clue what the problem was and who knows how we got it to work.” Perspective is everything, but I am sure this guy would have rejoiced just as loudly given the option of me simply remoting his system and taking care of the issue while he got himself a latte.

End of story, today's technology goes a long way to bridging the gap between user and support technician, making everyone's life easier and blood pressure that much lower.

The Baker Doesn't Make Candles For A Reason

I went to a trade show recently and have to marvel at the flexibility of some companies and the focus of others. There were companies that could help you with all your marketing needs, from concept to print to web and beyond. They were very versatile in their industry and impressive in their presentation. There was another company that only did search engine optimization. Anything else you might need they could refer you to a great company they have either worked for or with. Then there was this one table of CPAs.

Now I have a certain level of respect for CPAs because they have a tolerance and understanding of numbers I will never achieve, but this table of CPAs didn’t seem to understand what CPAs did. See, in inclusion to your regular CPA services, they also listed tech services. Upon close inspection I read “Deinstallation/Reinstallation.” What? When I asked what that even meant, they explained to me that they had “taken some stuff off and reinstalled it on a bunch of machines for” a large bank chain. With that weak, best effort, explanation they now considered themselves expert techs. Mouth agape, I walked on.

End of story, I promise not to do your taxes if you promise to hire true techies to take care of your technology needs. You might also want to ask your bank who they hire to “Deinstall/Reinstall” their stuff. It could say a lot about who you’re trusting your money with.

What Is A Security Policy And Who Needs it?

When I was a kid in Brooklyn my mother taught us kids how to be city dwellers. We learned how to walk while being completely aware of all our surroundings, never talk to strangers no matter how much candy was being offered, walk down the street in the opposite direction the cars go, yell fire instead of help and only answer the door only when we heard the secret knock. This in effect was our family’s security policy. A couple of decades later I find myself unscathed with all limbs intact. Mission accomplished. A security policy can work just as well for your business as well.

A written security policy detailing instructions about not sharing passwords with others, locking the computer when leaving their desks and more can go a long way towards preventing data from being improperly accessed. Of course many other security policies can be automatically implemented, such as a change of password policy, restricting sensitive areas to data and programs. Security policies can be centrally managed through a server ensuring uniformity and proper implementation. You can even run a report to see whether any one has been trying to access anything they shouldn’t be.

End of story, there are certain things that are only meant for management’s eyes and not others, but without security policies in place, you can never be sure if that’s truly the case. It does not take a lot of effort but a certain amount of expertise. You may want to consider it if any of your data requires any level of confidentiality. Knock, knock. Does your data know just when to open the door?