Network Security and the profit margins that kill it!

Network Security and how profit margins that kill it!

           

            You read in the news almost daily about data breaches and users personal information being sold on the scary dark web. As an IT specialist who assists in managing many environments I always think about this. I read these stories and wonder if I would know if my customers data was slipping away before it reach the auction block.

If this does not make me paranoid enough I then begin to think about the rest of the team I work with. Are they taking security as serious as they should?

Well from my perspective such as it is I want to point out where I feel we are failing as network administrators in most cases. I say most because I know there are some administrators and security experts out there who build a fortress around there networks and are exactly what is needed in the coming days.

The biggest hurdle with security will always be the budget. Getting any money to fund something that is not visible and has not happened yet is a lesson in futility in many cases. This challenge is hard enough when you are employed by a single company and are on their payroll where your salary affords a fair bit of time to manage and implement these types of projects.  However if you’re an MSP or an MSSP you can pretty much throw this out the window and start searching for the holy grail. This has a higher chance of success in many cases.

First off even if you do manage to score additional hours or funding for a project more often than not it somehow never ends up being utilized for the project. The big push as an MSP/MSSP is to close tickets and projects in the shortest amount of time possible. This is what drives profits so I get it. However everyone is so worried about getting every cent and then squirrelling it away that it makes it very difficult to achieve a desired end goal.

The sales team closes the deal and then hands it off to the technician to implement. Often this is done with limited plan time in front of performing any work. The project is often cobbled together on the fly. Then it is being pushed along at a fast pace leading to corner cutting and not always fully implementing all of the elements of the project that would have led to a full solution. As an example I see all the time the purchase of an enterprise level firewall with full UTM features and it gets deployed like an 80’s edge firewall with none of the next generation features configured. The reason is simple. It has an initial impact on the customer as things are adjusted and adapted to the customer’s specific needs while providing the highest protection. This drives up setup and implementation time thus reducing profits.

 The reason this happens is because often there is a trust by the customer that there getting the full feature setup they paid for and often the job is completed and just quietly begins working. Or so it seems from the customer’s perspective.  They often have no idea until someone comes along and tells them the truth or something gets compromised and everyone is scrambling to find out why.

If your profits margins drive your security model then one day you’re going to end up in the news painted in a bad light. I believe in your network you start with security as the first priority. Then build the rest of your infrastructure around that. Including your staffs feelings on difficult passwords and browsing wants. If your breached even once you’re going to pay significantly more than it would have costed you to do the job properly in the first place. Second if your contracting your IT to an MSP/MSSP you need to educate yourself enough to audit the work performed or pay someone independent to do this for you. Everyone is responsible for ensuring the security of the data there collecting. Ignorance will not save you if your caught negligent in protecting your customers data.

So my final thoughts are to the people doing the work. Whether you work for a company as an IT or your there as a contracted MSP/MSSP you need to have integrity. Don’t be afraid to say no to a job if it means compromising your final product. In the end its your name that will be in the front of the pact if things go bad. Consider how much that extra couple dollars is worth to you in the long term if your work is rushed and sloppy. Treat every job like you’re going to put it on display for scrutiny by your peers.

Always challenge your mind!

When should you violate privacy? From a Father's perspective!

When should you violate privacy? From a Father's perspective!

            So I am always advocating privacy and you should never give up privacy for any reason. However maybe that’s a bit narrow minded in the grand scheme of things. Maybe privacy is something that needs to be evaluated on an ongoing basis.  Sometimes privacy can be a bad thing. As I will explain with a personal experience I have and am working through.

            As a parent I walk this line every day and do try to adhere to my  strong support of individual privacy. I mean after all I don’t like when my privacy is taken away from me so I do try to keep that in mind with raising my kids. For the most part I have never had a need or reason to go against it.

This summer however I noticed a change with my daughter. She seemed to start to spend more time in her room on her mobile device. At first I believed the line of watching stuff and playing games. So I tried coaxing her into doing that with me downstairs with little success. With the exception of hiding in her room there was no noticeable change in her behaviour. Again I figured it was nothing more than teenage girl stuff.

Now where things start to become more serious was trying to get her to do her chores. After some time of always facing a battle it came out. She said she was depressed and considering suicide. This of course caught me completely off guard. I mean I see her smiling every day and she has a pretty good life here at home. With the usual exceptions of course with respects to brotherly teasing.

I am not great with emotions at the best of times and this was a real challenge for me to process. I at first felt angry that I was just finding out about it. Then I went into the fear stage wondering how I was going to proceed without making things worse. The fear part unfortunately does not really go away to be honest but you do start to use the normal approach to problems you use in your daily lives. First you try to understand why and where this feeling came from so you can start the process of undoing and correcting things.

This is where I got hit with the second shock. I would never have guessed or even suspected anything like this in my wildest imaginations. So as it turns out she had this friend who was under a suicide watch and claims to have some issues. Well thankfully hangouts stores chats in there software and it was my window into the changes I would now have to undue.

This kid her age had spent months repeatedly trying to convince her she is depressed and she should kill herself. This from what she believed was a friend. After enough time anyone can be convinced of anything if you try hard enough.

 Now nothing can tear a heart into pieces then reading those conversations as a father. Nothing fills you with more dread and anger at the same time.  My first instinct of course was of anger and well let’s just says not very nice thoughts. It does not matter whether you’re a mother or a father when your child’s life hangs in the balance your claws come to bear and your teeth are exposed. The initial knee jerk reaction of course is one you hold back and force your mind back to a rational thought process.

Where to go from here? Well for me it began with blocking this kid from all my daughters’ social channels with a warning if she goes anywhere near my kid again the entire transcript of her trying to get my daughter to commit suicide goes to the cops. Next is start to try and understand how to change that influence that has now become a cloud in our house.

I think the last few weeks of the summer have been really great for the recovery process. Though with school starting again tomorrow I only hope that my daughter has the strength to tell that evil kid to stay away. She has some very amazing friends that were there for her through all of this and I hope she learns that those few friends are worth more than any number of bad ones.

The point of this rambling is I would not have known the source of this influence of how close I came to losing someone whom I always swore I would give my life to protect. This meant eventually having to go against the privacy rule which even I hold very close. Sometimes it becomes necessary to go against your own firm beliefs if it means keeping your family safe. I was fortunate this all went on through Google Hangouts otherwise I may never have found the source of the depressed and suicidal thoughts. In this I could never be more grateful to them for their diligence in logging chats.

Never be afraid to challenge even your own thoughts. Yes privacy should be paramount especially for your kids. However if you start to notice any change in behaviour even very subtle don’t be afraid to do some looking around. I never believed I would have to deal with this type of situation but let me assure you it can happen to anyone. Not knowing is not the answer. Mental health issues are a silent viper and even if they do not have it today, there are always predators out there even in there age group that can quickly turn that around on you.

Lastly never be afraid to ask for help if you feel depressed or know someone who is. Telling someone who can help can save lives!

Always challenge your mind!