Network Security and the profit margins that kill it!

Network Security and how profit margins that kill it!

           

            You read in the news almost daily about data breaches and users personal information being sold on the scary dark web. As an IT specialist who assists in managing many environments I always think about this. I read these stories and wonder if I would know if my customers data was slipping away before it reach the auction block.

If this does not make me paranoid enough I then begin to think about the rest of the team I work with. Are they taking security as serious as they should?

Well from my perspective such as it is I want to point out where I feel we are failing as network administrators in most cases. I say most because I know there are some administrators and security experts out there who build a fortress around there networks and are exactly what is needed in the coming days.

The biggest hurdle with security will always be the budget. Getting any money to fund something that is not visible and has not happened yet is a lesson in futility in many cases. This challenge is hard enough when you are employed by a single company and are on their payroll where your salary affords a fair bit of time to manage and implement these types of projects.  However if you’re an MSP or an MSSP you can pretty much throw this out the window and start searching for the holy grail. This has a higher chance of success in many cases.

First off even if you do manage to score additional hours or funding for a project more often than not it somehow never ends up being utilized for the project. The big push as an MSP/MSSP is to close tickets and projects in the shortest amount of time possible. This is what drives profits so I get it. However everyone is so worried about getting every cent and then squirrelling it away that it makes it very difficult to achieve a desired end goal.

The sales team closes the deal and then hands it off to the technician to implement. Often this is done with limited plan time in front of performing any work. The project is often cobbled together on the fly. Then it is being pushed along at a fast pace leading to corner cutting and not always fully implementing all of the elements of the project that would have led to a full solution. As an example I see all the time the purchase of an enterprise level firewall with full UTM features and it gets deployed like an 80’s edge firewall with none of the next generation features configured. The reason is simple. It has an initial impact on the customer as things are adjusted and adapted to the customer’s specific needs while providing the highest protection. This drives up setup and implementation time thus reducing profits.

 The reason this happens is because often there is a trust by the customer that there getting the full feature setup they paid for and often the job is completed and just quietly begins working. Or so it seems from the customer’s perspective.  They often have no idea until someone comes along and tells them the truth or something gets compromised and everyone is scrambling to find out why.

If your profits margins drive your security model then one day you’re going to end up in the news painted in a bad light. I believe in your network you start with security as the first priority. Then build the rest of your infrastructure around that. Including your staffs feelings on difficult passwords and browsing wants. If your breached even once you’re going to pay significantly more than it would have costed you to do the job properly in the first place. Second if your contracting your IT to an MSP/MSSP you need to educate yourself enough to audit the work performed or pay someone independent to do this for you. Everyone is responsible for ensuring the security of the data there collecting. Ignorance will not save you if your caught negligent in protecting your customers data.

So my final thoughts are to the people doing the work. Whether you work for a company as an IT or your there as a contracted MSP/MSSP you need to have integrity. Don’t be afraid to say no to a job if it means compromising your final product. In the end its your name that will be in the front of the pact if things go bad. Consider how much that extra couple dollars is worth to you in the long term if your work is rushed and sloppy. Treat every job like you’re going to put it on display for scrutiny by your peers.

Always challenge your mind!

When should you violate privacy? From a Father's perspective!

When should you violate privacy? From a Father's perspective!

            So I am always advocating privacy and you should never give up privacy for any reason. However maybe that’s a bit narrow minded in the grand scheme of things. Maybe privacy is something that needs to be evaluated on an ongoing basis.  Sometimes privacy can be a bad thing. As I will explain with a personal experience I have and am working through.

            As a parent I walk this line every day and do try to adhere to my  strong support of individual privacy. I mean after all I don’t like when my privacy is taken away from me so I do try to keep that in mind with raising my kids. For the most part I have never had a need or reason to go against it.

This summer however I noticed a change with my daughter. She seemed to start to spend more time in her room on her mobile device. At first I believed the line of watching stuff and playing games. So I tried coaxing her into doing that with me downstairs with little success. With the exception of hiding in her room there was no noticeable change in her behaviour. Again I figured it was nothing more than teenage girl stuff.

Now where things start to become more serious was trying to get her to do her chores. After some time of always facing a battle it came out. She said she was depressed and considering suicide. This of course caught me completely off guard. I mean I see her smiling every day and she has a pretty good life here at home. With the usual exceptions of course with respects to brotherly teasing.

I am not great with emotions at the best of times and this was a real challenge for me to process. I at first felt angry that I was just finding out about it. Then I went into the fear stage wondering how I was going to proceed without making things worse. The fear part unfortunately does not really go away to be honest but you do start to use the normal approach to problems you use in your daily lives. First you try to understand why and where this feeling came from so you can start the process of undoing and correcting things.

This is where I got hit with the second shock. I would never have guessed or even suspected anything like this in my wildest imaginations. So as it turns out she had this friend who was under a suicide watch and claims to have some issues. Well thankfully hangouts stores chats in there software and it was my window into the changes I would now have to undue.

This kid her age had spent months repeatedly trying to convince her she is depressed and she should kill herself. This from what she believed was a friend. After enough time anyone can be convinced of anything if you try hard enough.

 Now nothing can tear a heart into pieces then reading those conversations as a father. Nothing fills you with more dread and anger at the same time.  My first instinct of course was of anger and well let’s just says not very nice thoughts. It does not matter whether you’re a mother or a father when your child’s life hangs in the balance your claws come to bear and your teeth are exposed. The initial knee jerk reaction of course is one you hold back and force your mind back to a rational thought process.

Where to go from here? Well for me it began with blocking this kid from all my daughters’ social channels with a warning if she goes anywhere near my kid again the entire transcript of her trying to get my daughter to commit suicide goes to the cops. Next is start to try and understand how to change that influence that has now become a cloud in our house.

I think the last few weeks of the summer have been really great for the recovery process. Though with school starting again tomorrow I only hope that my daughter has the strength to tell that evil kid to stay away. She has some very amazing friends that were there for her through all of this and I hope she learns that those few friends are worth more than any number of bad ones.

The point of this rambling is I would not have known the source of this influence of how close I came to losing someone whom I always swore I would give my life to protect. This meant eventually having to go against the privacy rule which even I hold very close. Sometimes it becomes necessary to go against your own firm beliefs if it means keeping your family safe. I was fortunate this all went on through Google Hangouts otherwise I may never have found the source of the depressed and suicidal thoughts. In this I could never be more grateful to them for their diligence in logging chats.

Never be afraid to challenge even your own thoughts. Yes privacy should be paramount especially for your kids. However if you start to notice any change in behaviour even very subtle don’t be afraid to do some looking around. I never believed I would have to deal with this type of situation but let me assure you it can happen to anyone. Not knowing is not the answer. Mental health issues are a silent viper and even if they do not have it today, there are always predators out there even in there age group that can quickly turn that around on you.

Lastly never be afraid to ask for help if you feel depressed or know someone who is. Telling someone who can help can save lives!

Always challenge your mind! 

Thats how we always do it....

               I really like the title to this blog post. It is a line we have all heard far too often in the workplace. What does that line even mean? To me it means were afraid to try new ideas out. To improve and evolve our way of thinking. This seems to me a response you most often find coming from that long time employee. The one you know is there for life without much ambition or aspirations.

     The thing though with that is these same people while lacking any ambition are usually in positions where they actually hold their employers back from innovation. They stand in the way of evolution and growth that fresh minds often try to introduce. 

Now these employees are certainly reliable and often solid pillars in your day to day life. They also act like anchors holding you back. Think of what you’re looking for in your staff. You want that employee who is prepared to demonstrate passion and drive. To challenge themselves daily to bring new skills to the table. Yet there is that anchor again who stands fast on old ideas.

     I think there is certainly a place for this mindset, in a leadership role is not that place. This has long term negative effects on a team as a whole. People tend to hold back ideas for fear of them being tossed away with often a long winded speech that is founded on fear of change.

Creativity is what drives innovation and it is up to a true leader to recognize and nourish this trait while still keeping the ship between the shores. 

Always challenge your mind! 

Is that contract worth it?

     In today’s competitive market there is always a feeding frenzy that circles around many good contracts. This of course leads to bidding wars and not unintentionally either. Big businesses like this type of behaviour because it drives the cost for them down dramatically.

     However from my limited perspective when I see this vulture feeding session, I cannot help but feel like the customer is losing. If companies have to undercut the price down far enough to get the job then there unfortunately going to need to recover that cost from somewhere. Usually this will occur by rushing a job to completion in much less time then is required to ensure a proper job. These tight margins mean the job that was widdled down in price is now done incorrectly. Shortcuts were taken and less visible items were not done. 

     Now depending on what this job is that may not matter that much. Lets now pretend its something core to your business like your firewall. That piece of hardware your relying on to keep your data safe. Well sure you now have a firewall and it may be a top of line brand name firewall like Fortigate. Capable of protecting you like no other but there is a problem. Just because you have a state of the art firewall does not necessarily mean its actually doing anything. Maybe it has been setup just enough to pass through traffic with a handful of rules to make it look good but all those extra features you pay for in your annual service agreement are not being configured and used. The reason is not enough time and money in the budget for the job to be done properly.

     I guess in my mind I would rather not take those jobs because I would not want my company reputation based on that type of work. I would rather do 10 jobs really well then 50 thrown together ones. This method of work may seem like a good idea today. However I can assure you it only takes one data breach on that firewall you setup to ruin your reputation and leave you looking like the trunk slammers who give IT a bad name. Your reputation will land you the right jobs for your business without playing the price wars.

Always challenge your mind!  

Frustration day

     So In light of more recent events I have determined that we are losing something in today's workplace. Some maybe have not have heard of this little thing called Integrity. When did this happen that you could hold a door for someone just for them the slam the next one in your face so they get to be first in line?

What happened to cause a shift in what makes a model employee? Why does it seem like the ones who do the least work but suck up the best get ahead while those who work hard, push themselves and give up a huge part of themselves get held back.

We all know someone like that in the workplace. There the ones who always seem to have an answer to everything and the perfect excuse when things go wrong for why its not there fault. There the ones who come along when the work is done to happily bring it to the boss to look like the hero while distancing themselves things go bad. 

There the ones who shutdown at the end of the day with no willingness to help there fellow co-workers unless of course the boss is looking. These guys somehow get the better pay, perks and positions.
Where would the world be if we always had this mentality? How is it that business owners not see this?

What about a company that comes and asks you to go above and beyond your job for them but wont go above and beyond in pay. How many people have been asked to step up for there employer when times are tough, but when the times are good and you ask for money get met with excuses or conditions.

Where does integrity need to take a back seat. Many of us still hang on to this antiquated idea and refuse to let it go for anything. In the end that silly notion is going to leave you out in the cold and given just enough crumbs to keep you from starving.

The way I see it is this. You cannot make a good career working for someone and keep your integrity. So if you do not care how you get ahead then by all means go get a job where there are a lot of hard working folks you can trample to get ahead.
You want to work and keep your integrity and dignity your unfortunately going to need to work for yourself. If you do work for yourself then you also better keep your eyes open for that company man who clings to you and always seems to be around for the victory lap and not the race. Distance yourself from them because they will only be by your side as long as it serves them and gone when they get a better offer.

Always challenge your mind!  

Pokemon Go Fever

Pokemon Go Fever

     So the new App Pokemon Go, although limited in the locations on its initial release have far surpassed I am sure the developers expectations. The basic concept involves exploring your natural world for Pokemon to add to your collection. I may not be a Pokemon person I certainly love the concept.

Unfortunately it also appears this app is quickly becoming a victim of its own early on success. Now the limited release locations have people trying many clever work arounds to try and get this game running in areas that are not yet supported. This of course opened the flood gates to all sorts of malware and exploits. 

Getting the software from untrusted sources to install on your device early has been one of the effective delivery modes for many types of mobile malware. This leaves your device exposed and your identity potentially compromised.

     The next part is the physical dangers that are now apparent with this neat little game. People are being lured into places where there being robbed and putting themselves at risk without giving it a second thought. This more then anything i find disturbing. This is a game so many are out there playing and many of these players are kids. 

This type of game is so clever I have even thought up many interesting app ideas that would use the great augmented reality I will call it. Social side of this could be fantastic. I envision an app where you can leave digital bread crumbs to lead others on a trail you like to walk. Or to a little romantic dinner for your love interest. The possibility of something like that would be limitless. The only problem i have besides not having the technical skill to write this program would be how do we educate people before they use it.

All good ideas like this will always attract undesirable people to try and exploit it for bad reasons. 

In the end this is a great way to get off your butt and have fun while doing it. If your safe I see this having potential and hope to see some more open games like this for non Pokemon fans.

Here are my few simple tips if your planning on getting the Pokemon fever,

1. If possible bring a friend with you on your adventure

2. Never venture into places that you otherwise would not feel safe to do so.

3. Private property is never a good place to play without permission

Last but not least. Trust your gut, If it feels unsafe it probably is.

Always challenge your mind!