Author Archives: James Osborne

20 Questions You Should Be Able to Answer About Your IT, Part 2

May 02, 17
James Osborne
No Comments

Blogger: James Osborne, Technology Consultant at Osborne Technology Consulting

This is the second in a four part series of blog posts from our 22 March ITMA meeting, “20 Questions You Should Be Able to Answer About Your IT”. Part 1 covered Hardware, Software and other equipment. Part 2 covers Security Concerns and other Policies. Part 3 will cover DR/BCP and IT Department Processes, and Part 4 will cover Miscellaneous Topics. The presentation itself is available HERE.


#6 – Do You Have a Cyber Security Breach Response Plan?
Your odds of suffering a cyberattack vary greatly depending upon your size, industry and exposure.  Health care, for example, is a prime target for attackers.  81% of health care companies suffered a breach over the last two years.  While you can reduce your odds of being breached from a cyberattack, it’s still a possibility you should face.

Having a written Response Plan will provide you with guidelines to respond quickly.  Working on the plan BEFORE any incident happens ensures that you are thinking clearly and dispassionately about how to respond, rather than reacting in the moment.  It also provided you with time to research responses and their repercussions, rather than making a panic stricken response that may be ill-advised.

 

#7 – Do You Have An Emergency Action Plan
There are many threats to our day to day operations – tornadoes, fires, criminal activity, chemical spills, etc, can all impact our businesses.  If a neighboring tenant has a fire, will the sprinklers affect your offices?  If a disgruntled employee storms in with a gun, how do you respond?  What if the estranged spouse of an employee makes bomb threats?

Many buildings now require tenants to have a written Emergency Action Plan (EAP).  They may require periodic testing.  If yours doesn’t, you might wish to consider developing one anyway.  The slight loss in productivity from testing your plan will be worth it should you ever need to actually enact your plan.

While these aren’t necessarily technology challenges, they do spill over.  You can ensure that your plan requires people to bring their laptops, provided it’s safe to do so.

 

#8 – Do You Have a Communications Plan?
How do you alert staff to ‘snow days’?  How do you tell people to not come in because there’s been a chemical spill?  How do you tell people that you’ve had a power outage, and they should work from home for the day?

In years past, many have used a ‘phone tree’ to communicate with staff.  It works, but it’s cumbersome and takes a while with any sizeable group.  E-mail notifications can be effective, but only if your staff all have access to e-mail and check it regularly.  Text messages can also be effective, but again, only if your staff have access to text messages.  Whatever method is used, you must be certain that it’s not reliant on your network resources, as they may be unavailable.

 

#9 – Do You Perform Security Audits?
Unless you’re in the business of Information Technology Security, you likely have many holes in your security.  After all, it’s not a core competency, so it shouldn’t be a surprise if you don’t have everything nailed down.  Even if you’re a IT Security expert, there are likely some holes in your security.  If you don’t perform internal security audits, you should probably contact that work out on a regular basis.

There are many providers out there who would be happy to provide various levels of security audits, from simple network probes to sophisticated ‘social networking’ attacks.  Maybe you’re running an older firmware version on your firewall, or have ports that were left open for an old project.  Maybe you haven’t updated some of your software and there’s a known exploit out there that could allow nefarious individuals into your network.  Maybe your staff are just too trusting and need to be educated how to deal with threats.   Just like you go to a specialist if you have a thyroid problem or suffer from migraine headaches, you should seek the assistance of a security specialist.

However, simple having a security audit performed is not enough….you must follow their recommendations and plug any holes they find.  Unfortunately, many companies who contract an external security audit do not use the audit findings to secure their network.  Either they’re unable to get buy-in from management and earmark the funds necessary to address the issues, or they were compelled to have the audit done for some reason and have no interest in responding to it.  This is as irresponsible as going to your doctor because of some complaint and then ignoring her recommendations and prescriptions.

 

#10 – Do You Have Complete Network Documentation?
As any who know me can attest, Network documentation is a cause of mine.  I frequently have to come into an existing network and try to figure out how things are done because there is no documentation.  Or, worse yet, documentation exists, but it’s inadequate, incomplete or inaccurate documentation.

Network documentation should cover everything in your environment – servers, workstations, print/scan, backup, your cabling infrastructure, your telephony, etc.  If it’s something your responsible for, you should have documentation for it.

People are often unwilling to devote the time to develop good documentation.  Either they feel they’re too busy, or they feel that they have a good handle on things on their own.  Or, they may feel that not making documentation available is some sort of job security.

Good documentation should enable anyone to get into your systems and do the work they need to do.  This includes a consultant assisting with an Office 365 migration, an IT intern adding a new network printer, or your replacement attempting to determine what equipment should be upgraded in the coming years.  Good documentation should also allow you to completely replace everything should Aliens ever take your building – inventory of all hardware and software, contracts, contacts, notes, configurations, etc.

Manage your home computer protection the same way you manage it at the office

Mar 29, 16
James Osborne
, ,
No Comments

Blogger:  Bob Daugherty, IT Director DMLO

I love the dashboard we have at the office for our antivirus/malware software.  But hate managing the individual installs of AVG I use at home.  I use Sophos at work and love it.  Now Sophos is offering a cloud based dashboard with their “free” home software.  It will protect up to 10 computers per account from malicious software, inappropriate websites and viruses.

Unless you’ve got a family of IT professionals the responsibility of protecting those household computers falls on you.  Who knows when your daughter last ran a virus check on her laptop and your son won’t even let you in his room, let alone look at his computer.  And who is helping your aging grandmother living in Florida with her computer?  You are.

The signup is simple and you can protect 10 computers with one account.   Accounts seem to be based on email addresses, so if you have multiple email accounts (and who doesn’t) you could manage more than 10.  Of course you may have to quit your day job to keep up.

The install was easy once I got my current antivirus uninstalled.  It won’t install if there’s another one.  I’ve been using AVG for years and it’s been great but uninstalling it was difficult.  Once it was gone I was good to go.  To automate the installation, you can send a link to your college student living on campus or your grandmother in Florida.  The only thing it’s lacking is the ability to uninstall common AV apps as part of the install.  You have to do that before you start.

Once installed you can see alerts, run scans and block web sites from any place you have internet access.  Even from work if your boss isn’t looking.  Here’s the link, it might be worth taking a look.  https://www.sophos.com/lp/sophos-home.aspx

Where are the great jobs?

Mar 25, 16
James Osborne
, , , ,
No Comments

Bob Daugherty
IT Director at DMLO

What is a great job?  Is it a big salary, a big office, great benefits or interesting and challenging work?  Only you will know if you have a great job.  Everyone’s definition is obviously different.  But salary always factors in somewhere.   See what Robert Half says about IT salaries in their Technology 2016 Salary Guide (https://www.roberthalf.com/sites/default/files/Media_Root/images/rht-pdfs/robert_half_technology_2016_salary_guide.pdf ).

As with anyone’s report on where the jobs are and how much they pay, it’s all a bit subjective based on job descriptions and location.  Be sure to go through the Glossary of Job Descriptions section before comparing your salary to their report.  Don’t forget to adjust for geographical locations.  Louisville is 92.0% of the salary listing and Lexington is 91.5%.

According to Robert Half new jobs will be for developers, business analysts, database admins, network engineers and admins with virtualization skills and help desk support techs.  According to the Bureau of Labor Statistics, the average worker currently holds 10 different jobs before age forty.  Personally I’m beyond that age and beyond that number though only 4 of my jobs were in IT.

How many have you held? How many more are in your future?  As IT professional will we have more than other professions?  I wonder if Robert Half has those statistics.