Deck the Halls with Stolen Identities

-- Fa La La La La, La La La La

By Crystal Johnston - October 24, 2019

Deck the Halls with Stolen Identities, Fa La La La La
It is that time of the year... Out with the old and in with the new. With the end of the year approaching FAST, we start looking at new trends, with many of these in technology. While you are looking at all the all of the new laptops, phones, and tablets, do not forget about your old equipment. There is A LOT of data left on old equipment, and you don’t want your holiday season ruined with your information being stolen! Here’s a few tips on how to keep yourself safe, and how to avoid those dumpster divers from taking your personal information:

The trashcan is NOT your friend.
This is the first place that people will look when it comes to anything of value. You may think “Well I reset my computer to the factory settings, they shouldn’t be able to get anything of value”.  Well, there are ways to still access your information, EVEN after you have erased your hardware. Your best bet is to take your hard drive OUT of your system and smash it with a hammer (Office Space style) or take it to get shredded (see next tip below on how to get it shredded).

Check before you sell your phone to someone.
Did you know that there are people out there that purchase old cell phones not for the phone, but for the data that can be accessed on that phone? Phones nowadays have more information than personal computers. When selling your phone, remember it is like you are handing over your entire identity.
Take these three steps into consideration:
  • Take out your SD card. Not only to take your information with you, but also so you can use your SD card in your next phone.
  • Take it to a REPUTABLE service who specializes in flashing phones; wiping them completely clean of carriers and information. I would recommend using the BBB.com (Better Business Bureau) to find companies who have a positive reputation in this arena.
  • Check to see if your phone is even worth selling. In many cases, older phones are only worth under $50.  By the time you do all the work to try to sell it at a tiny fraction of the cost, in may be worth it to just smash it into bits (*Again, Office Space style).

I want to donate it to someone who needs it more than me.
That is a GREAT idea, but again, don’t just donate your computers or phones without assuring that your computer hard drive is wiped, and your phone is flashed. When you are looking to donate, look for institutions that specialize in that.
I recommend BlueStar Recyclers! They are a non-profit organization who employ hard working individuals with disabilities and provide them with industry education and fair working wages.  They are in Denver, Colorado Springs, and Boulder; and specialize in recycling old computers and technological components.  I have worked with this organization for YEARS, and they are amazing at what they do. Their facilities are also wonderful to tour. It is FREE to donate your computers and wipe your hard drives. Now, if you want your hard drive destruction certified, there is a small fee but that goes right back to the employees of BlueStar Recyclers. Check them out at Blustarrecyclers.com

I got the best of the BEST new (enter device here) and threw out the packaging.
WHOA Cowboy, wait a second… That packaging is a BIG red flag to thieves and can cost you big time. This time of year, porch pirates and dumpster divers are hot on the trails of lingering items just waiting to be stolen. You may be excited to have that new TV sitting in your living room but putting the box on the corner waiting to be picked up by a sanitation worker is a major indicator to thieves as to what you may have sitting in your house.
Collect the boxes and take them to be recycled. DO NOT have any of these boxes associated with your address, as it is just an invitation for thieves to come into your home and “shop around”.
It is very easy to be taken advantage of when someone obtains your information. They do not care about you and have no compassion for your identity. All they care about how much they are going to get from your mistake. Avoid the headaches and take an extra step to make sure you are not another statistic.
AND when all else fails, just take a baseball bat to your fax machine (kidding, don’t do that).

Crystal Johnston
CMO – 24/7 Networks




 
Read More...

Adoption Training

More Important Than You Think!

By Crystal Johnston - June 21, 2019

Adoption training, it should be everywhere: The never-ending process of Adoption Training
If you are not aware of adoption training, you should be. The landscape of technology is changing every day, are you keeping up with it? What this means is that we are constantly trying to improve, change, and adapt to new ways technology can help us streamline our workflow. With that, adoption training should be implemented prior to deployment of any new technology or new process. Here are 5 tips on how to provide adoption training to staff without pulling your hair out:
  1. Why?
    1. This question should be answered before considering a new process or technology. For example, if you are looking to open communication channels within your company, then your why may be “wanting to eliminate email threads by providing an instant message platform, allowing departments to interact in real time.” Providing the WHY is how you explain to your team the reasoning behind the change.
  2. Change is HARD
    1. Not one person I know enjoys change but change with a purpose can ease the pain. Everyone adapts in different ways, so keep this in mind when developing an adoption training strategy. Start from ground zero, or the invention of the internet as I like to call it. Why are we doing this? How is it going to be done? Who is going to be affected? Will this take long? How is this going to help me? These are all questions that should be answered in making the adaptations to the new process or technology less harsh.
  3. Timetables
    1. Surprises can be fun, but when they interrupt a current workflow, it can be disastrous. Create an in-depth timeline and make it transparent to everyone. A timeline not only keeps the project on task, but it also provides a picture to your team on what to expect next. Timelines would include dates, implementations, expectations, training, and deployments. Try and include as much information on your timetable as possible. It does not have to be a novel, but it should include anything that could potentially affect someone else.
  4. There’s no rush
    1. Unless all phone lines are down, or your data center just burnt to the ground, take your time! It is better to have a process 90% mastered and done in 3 months, then have it 40% mastered and done in 1 month. You are in control of the adoption, and if the process isn’t deployed on time, that just means adoption should wait. Avoid training on a new process or technology until your team can put it to real life use.
  5. Once isn’t enough
    1. You completed adoption training and the team feels ready to move forward, but don’t hang up your coat yet. Staff turnover, updates to software, growing or slowing company size? All of these will change how often you will need to continue adoption training. One of the biggest mistakes is allowing current staff to train new staff on process or technology. The new staff will not know the WHY and could have limited knowledge on how the process can improve their personal workflow. Take the time to provide new employee adoption training as well as refresher training to all staff. The more they know and are conformable with, the easier adoption training will be in the future.
There is no scientific process to adoption training, it all depends on your company culture and how they adapt to changes. Remember that adoption training is an ongoing and ever evolving. Always update your adoption training guidelines and keep them as relevant as possible.
 
Read More...

We survived Y2K – 19 Years into the Future

The New State of Security

By Tyler Hardy - December 31, 2018

Let’s begin with a little history. Starting in the early 1990’s, the internet was a new, and fresh commodity within both public and private sectors. Quickly, the internet grew with unbeknownst issues, that would later cause unruly, and problematic dilemmas. Ushering in the new millennium, the year 2000 was approaching, and so was the first IT disruption of magnus proportions. The now notorious "Y2K" bug precipitated a years’ worth of worldwide concerns around major outages of technology platforms leading into the New Year. The issue was simple: software and hardware using 2 digits for the year instead of 4 would throw off all programs using time-based calculations when the digits went from 99 (1999) to 00 (2000). Time would be resetting backwards, not forwards.

The fallout was potentially disastrous. How would banks use software to forecast interest rates if year was wrong? Could they amortize bank loans? Bill their clients on a schedule? Continue automated withdrawals? Any critical function that was automated based on a calendar was in jeopardy — nuclear power plants to hospitals were affected. Massive efforts to avoid a crisis were put into play. Finally, the New Year came and went, and all the "Y2K" panic seemed overhyped. No major problems were reported.

Centralized Systems Made Y2K Easy to Solve


Let’s take a moment to go through some statistics from the years:
  • United States cost to repair from Y2K - $100 Billion (Chandrasekaran,1999)
  • 738 Million internet users in 2000 globally
  • 3.2 Billion internet users in 2015 globally (Smiths, 2017)
  • Worldwide IT spends for 2018 – $3.7 Trillion
  • Expected worldwide IT spends for 2019 – $3.8 Trillion
These numbers speak volumes on where we were to where we are now. In 2018, the total IT spend globally will be around $3.8 trillion. So, we averted a 'worldwide disaster' and 'economic collapse' by spending only 3% of that amount ($100B) over the course of 5ish years to fix the Y2K bug — now that's efficiency! But what were IT teams dealing with in the year 2000?

Perhaps a better question to ask is, what were they not dealing with?

Personal laptops didn’t exist in mass use at that point, and tablets sure as hell didn’t. The iPhone wasn’t invented yet, and the 'Cloud' was still referred to moisture in the sky. Software as a service, isn't an established market yet, and no, there isn't an app for that. The Blackberry was also born in 1999. No one would know what you meant by BYOD, and few IT teams were strategizing on mobile device management (MDM). Oh and least we forget, the original 802.11 WIFI was just released in 1997.

Not to mention, Justin Timberlake and Britney Spears were also Americas top couple. Does this help to put it in perspective?

Indeed, this was a time where business IT platforms were highly centralized and meticulously controlled. Technology programs used by employees could typically be counted on half of one hand. Remediating a few core systems of a business with a multi-year timeline wasn't an impossible task.

What's interesting to note though, Y2K was a generalized security issue in 2000. That being said, cybersecurity was rarely its own job position. Representing the state of security in the 90's, security almost always fell under the system engineering positions. Security concerns of the yesteryear were simply the uptime and security of several main business systems.

A lot has changed, as we know. Security teams have evolved outside of systems engineering to large separate teams of dedicated security professionals (both IT and business), tasked with the expanding responsibility of varied outside and inside threats.

The Accelerating Threats of Decentralized Technology


The reasons seem obvious as to why IT security teams need to be so much more dynamic today. Mobile users, IoT, social engineering, increased connectivity, 'the cloud,' etc. Despite it being obvious, I still hear some clients say "we want to improve our edge security." And in my own head I'm screaming:

EDGE!? WHAT THE DO YOU MEAN BY EDGE!? IT DOESN'T EXIST ANYMORE!

There is no edge. There is no perimeter. There is an ever-expanding series of doorways constantly being opened by people other than technology teams — internally and externally. Any business spending money to improve its "edge" while forgoing spend on social engineering training to educate its employees on how to avoid email phishing scams is missing the point.

Clients, customers, employees, partners, vendors, friends, and hackers all pose substantial security risk to any business regardless of their intent being malicious or inadvertent. Connectivity is anywhere and everywhere. Data is being pushed in every direction in and out of the office, and Godspeed to the careers of any IT team not accelerating this advancement and impeding productivity of the business. Successful IT teams are helping the decentralizing of technology while creating frictionless security controls across all risk mediums — and that isn't an easy task.
To meet these growing threats, the market has seen a proliferation of new security hardware, software, and tools. With this a new problem has been born.

Security Products Alone Do Not Make You Secure

  • Intrusion Detection
  • Network Monitoring
  • Data Loss Prevention
  • Email Encryption
  • Identity Services
  • Firewalls
  • Antivirus
  • Firewalls
  • Antivirus/anti-malware
  • Disaster Recovery
  • Cloud Security
  • Big Data Security
  • Governance/Compliance Management
  • Security
  • SSL & Digital Certificate Authority & Management
The above list just scratches the surface on the areas in which security and IT teams need to have solutions. There are literally hundreds of thousands of products and tools for each one of these categories. It's an overwhelming portfolio to choose from, but too many teams make the mistake of over-evaluating the features of each tool and compare product vs. product in endless cycles. I use the analogy; a boat is taking on water, and the captain is more worried about what color tape to use to plug the leak.

What's even more damning is when IT teams pick the most robust security tool while failing to have any internal skill or availability to deploy, tune, and actually utilize the tool. Given the often-limited resources IT teams have, I have seen countless purchases of very expensive security tools which go un-deployed, underused, and unmonitored for months and even years. More often than not, this creates friction from the business units allocating budget to technology who consistently feel a lack of return on their investment.

Strong Security is Not a Product, it's a Procedure

Effective security and IT teams are evolving quickly, understanding that their impact is greatest when they focus on building a program that is augmented by security products. It's an ongoing operation with checks and balances, tools and people, changes and improvements. They realize that the threat landscape is evolving far too quickly to get hung up on any single feature of a product. Tools are useless if the are not utilized to their maximum abilities. Security and IT teams need good employees and strong partners they trust more than they need products. I'll take that one step further:

Bad products implemented and managed by a strong team and trusted partner are far better than great products that are poorly implemented by weak teams and incompetent partners.

It is disheartening to see technology partners and product manufactures alike rave on and on about how stellar and secure their products are, never once thinking to ask if their product actually fits into an existing program or how their client would implement, support, or fully leverage the product.

This is something your IT must learn to ask for themselves.
The days of centralized technology platforms are long gone. We can no longer avoid disaster by making one or two adjustments to a handful of systems or buying a product. Security and IT teams must shift their focus to building programs connected to the business in deeply valuable and impactful ways. The IT security teams of today must:
  1. Move away from being experts in security technology to being experts in identifying their organization's biggest risks and quantifying risks and opportunities of growth.
  2. Find strong and trusted partners to be their new experts in security technology, and who can provide varying options with full transparency.
  3. Build a strong team and process that manages the security operations with scheduled time dedication.
None of this is ground breaking though — I believe most would find these ideas to be accurate or at minimum, common sense. But one doesn't have to look far to see common sense is not adopted everywhere. Equifax spends roughly $200M a year on security upgrades after the notorious breach of 2017 (Sakelaris, 2017.) Come to find, their massive breach a year ago was not a failure in product, and it wasn't a missing feature. It was because a process wasn't followed and a server wasn't patched.

That's it. A 30 minute patch.

So, as we reflect on another New Year, saying goodbye to 2018 and hello to 2019, we need to remember those times that put our tech world on high alert. We remember what past incidents occurred and how we can adjust towards the future. There will always be security alerts, attacks, and malware, but with the right process and team procedures, these “alerts” will become less and less detrimental. Remember, it is not about the products you have in place, it is how your team implements those products and utilizes them to the fullest degree.

References
https://www.upi.com/GAO-Equifax-spent-200M-on-security-upgrades-after-2017-data-breach/4991536324061/

http://www.washingtonpost.com/wp-srv/WPcap/1999-11/18/077r-111899-idx.html

https://www.gartner.com/en/newsroom/press-releases/2018-10-17-gartner-says-global-it-spending-to-grow-3-2-percent-in-2019

https://www.quora.com/What-percentage-of-people-in-this-world-have-a-computer-How-many-of-them-are-connected-to-the-internet-How-many-of-them-know-how-to-code

 
Read More...

VAR’s and IT Business Transformation


By Justin Fields - November 19, 2018

            The year was 2007.  Peyton Manning and the Indianapolis Colts beat the Chicago Bears, 29-17 in Super bowl XLI (41), The Sopranos series finale aired on HBO (the infamous “cut to black” ending), Barry Bonds breaks Hank Aaron’s HR record with his 756th home run and Steve Jobs, CEO of Apple announces the iPhone – changing mobile computing forever!  
           
Before this evolutionary changing event, mobile phones saw minimal transformation from its early inception in 1973. The visionaries of this time foresaw wireless communication products that would be small enough to use anywhere.  By the early 80’s, the infrastructure to support cellular devices was still in its infancy and only a few mobile phones we in the market.  The DynaTAC 8000X mobile phone was launched in 1983 on the first US 1G network by Ameritech.  It cost $100m to develop and took over 10 years to reach the market.  The lifecycle of mobile devices / cellular phone took years from conception to market.  Each year, the infrastructure and devices became better and more available.


Fast forward to today.  There are more than 7.19 billion mobile devices in the world.  The rapid change of this technology is difficult to keep up with.  In previous years, the lifecycle of the product took so long that it was easier for organization to set a vision for how the product was going to be used, implemented and supported.  Now, that life cycle has rapidly decreased on time.  Organizations are consuming technology at a slower pace than that technology is changing.   There is now a need for rapid adoption of technology.

Technology Adoption of the Past:


Rapid Technology Adoption of Today:


As each organization has a vision.  Technology within that organization should have a vision.  How is technology changing the way consumers view and purchase your product or services? How are your employees utilizing technology to become more efficient in their daily activities?  How is your organization deploying technology to fully recognize the benefits of that technology?
As IT business consultants, we are responsible for helping organization achieve their technology vision… and if they don’t have one, we need to be the ones assisting them in creating that vision. 
The technology business economy of today isn’t that of large dollar hardware purchases followed with professional services to implement.  Consumption economics shows that organizations are spending dollars in a different manner.

Technology Adoption of the Past:

Technology Consumption Today:

Technology is changing at a rapid pace and the way organizations are consuming technology is changing. What are we doing as consultants to assist organizations in this rapid evolution of technology? 

The simple answer is business consulting, IT business consulting to be more specific.  As technology is changing, so is the value added reseller (VAR).  The evolution of the VAR is seeing more transformation now than they had ever seen before.  VAR’s in the late 90’s and early into the 2000’s capitalized on their customers need to build massive infrastructures, obtaining multiple million-dollar deals in one fail swoop.  This trend has significantly decreased over the past 10 years with the introduction of “the cloud.”

Cloud organizations such as AWS, AZURE and Google are again, changing how organizations are consuming technology.  Companies now have the ability to offload their infrastructures to these cloud providers and eliminate their IT staff… in theory. The simple reality of this concept is that only a few business verticals allow for a true “all in” cloud concept.  Most organization need to look at a hybrid-cloud approach to fulfil their business needs.  Going back to the VAR concept, VAR’s are evolving into the IT business consulting space to help these organizations move pieces of their infrastructure into the cloud.

The most successful VAR’s are not just selling products to their customers, they are partnering with them to understand their business and what problems their businesses have.  We now need to understand the detailed functions of business units and understand how they consume technology and guide them down the path to achieve their business goals and vision.     

Jack Welch, former chairman and CEO of General Electric stated this concept well, “Good business leaders create a vision, articulate the vision, passionately own the vision, and relentlessly drive it to completion.”   VAR’s will continue to evolve and become more strategic with the business to achieve their vision.









 
Read More...

Cisco Meraki Proactive Switch Replacement

Cisco Meraki MS210-48P, MS210-48FP, MS225-48LP & MS225-48FP

By Crystal Johnston - August 27, 2018

The Cisco Meraki MS210-48P, MS210-48FP, MS225-48LP & MS225-48FP have been detected to have fan component issues that are limiting the long-term reliability of the switches. Cisco is providing a proactive replacement solution for all switches that have been affected by this defect. It is being recommended that these switches are to be replaced as soon as possible with newly redesigned switches. 

In early October 2018, Cisco Meraki will be proactively replacing units that have experienced issues with new units. Starting August 27, 2018, you will be able to order replacement switches within the Dashboard. To request your replacement unit, or to determine if you are eligible for a replacement unit, please click here. If you have units that qualify, select "MS225/MS210-48LP/FP proactive replacement". This will initiate the replacement request.
 
If you would like to learn more on replacing the Cisco Meraki switches, have further questions, or would like to know more about the replacement process, please visit MS225/MS210-48LP/FP Proactive Replacement or contact us at 303.991.2224, support@247networks.com or visit us online at 247networks.com 
 
Read More...