Besides my family, I am passionate about three things:
Computer Training (I can teach just about anyone.)
Educating parents on how they can keep their kids safe online.
Whether the organization is small, large, for profit or nonprofit, here are my fundamental technology beliefs.
IT IS A WONDER THAT IT WORKS
Computer hardware is just a hunk of metal without the software telling it what to do. The physical components were made by man (or woman) and we make mistakes. Software was programmed by some human and may contain over 10,000 lines of instructions. Can you do something 10,000 times and not make one mistake?
Technology has gotten better over the years, but there are still problems, bugs, etc. I think there will always be SOME problems. Please do not get me wrong, you should expect your technology investment to work perfectly the majority of the time. I am saying problems happen and when they do it is probably best to remain calm and in control.
Hopefully you already have a plan, and good people in place to get things back up and running with as little downtime as possible.
TRAIN YOUR PEOPLE
What’s the benefit of spending $1,500 on the latest high-end laptop (or some other technology) if your people have no idea what to do with it. I believe in squeezing every ounce of performance out of equipment in order to help me do my job. After all, technology is a tool. The tool is not much good to you if you do not know how to use it or take full advantage of the features it offers that will help you do your job and be more efficient.
TRAIN YOUR PEOPLE and then TRAIN THEM AGAIN.
INVEST IN WHAT YOU NEED INSTEAD OF ALWAYS CHASING THE LATEST AND GREATEST
New hardware, software, and websites are created daily. You would drive yourself crazy chasing after the latest and greatest technology and feeling that you just have to have it now…SLOW DOWN. You need to know exactly what your needs are currently and plan what your needs will be 3-5 years from now. Next, buy the very best equipment you can afford that meets your core needs.
Implement the new technology, train your people and keep the technology updated when new patches, fixes ,and firmware become available.
SPEND THE MONEY…WISELY
I know money does not grow on trees. We all have budgets. However, in general, I do not believe in buying the cheapest technology simply because it is the cheapest. You must be honest when you calculate the absolute total amount of money you have to spend, then go out and find the best technology for your budget and your needs.
I started using computers back in 1988. I have given many people technology buying advice over the years. I often here, “John there is a much cheaper model over at such and such store.” A few people that did not take my advice and purchased “the better deal”, the cheap product. About 90% of the time, the same person comes back to me and tells me that they wish they had not purchased the cheaper item. It was either not built very well and broke or they out grew it very fast.
I have never had a person come back to me that took my advice and tell me that they bought too much technology. The greatest computer on earth is our brain. People often start out saying, “I don’t need to spend that much money. All I am going to do with it (hardware or software) is one or two things.” They buy the technology and in 3 months or less, they want to do more, but guess what, they can’t. The CHEAPER technology they bought just will not do what they want to do…unless they spend more money and update what they just bought.
USE TECHNOLOGY FROM A SMALL LIST OF MANUFACTURERS
Technology will break from time to time. If you have all IBM ThinkPad laptops, it will be much easier to fix things and anticipate future problems because all of the computers are the same. Imagine if you had computers from HP, IBM, Sony, Dell, etc. Your tech support costs (time and money) just went up. The same problem or error message on each of these different systems could mean something totally different. You have to spend extra time trying to figure what is really going on. It is like herding cats.
HAVE TOP-NOTCH RESOURCES TO SUPPORT YOUR TECHNOLOGY INVESTMENT
Hire people that are TRULY interested in technology, ideally passionate about it. Next, the person needs to be smart. The person needs to be fast and tenacious about searching for answers. No one knows everything. You need to know where to go and find the answers.
For EVERY piece of technology you have, make sure you have a website, book, manual, or PDF file regarding the equipment.
For EVERY piece of technology you have, make sure you have the support website address for that technology, a 1-800 support number and the contact information of two people that work at the company that created the technology you have. When a system goes down, that is not the time to be hunting for help from resources that are not tried and true.
Many people do not like my security position. Some say that it is pessimistic. I say it is steeped in reality. The only 100% secure system is the one that you keep in the box.
Yes, there are all types of controls, hardware\software and really talented people that can help keep your systems protected from hackers and malware. However, the bad guys just always seem to be one step ahead. I think it has to do with comfort. For example-
You have the great and wonderful security administrator. He is happy, making good money, is well fed, and has a house, a wife, 2.5 kids and a Volvo.
You have the very talented hacker that wants to eat as well. He is hungry. He makes his money by compromising systems and stealing information. He lives in a crappy apartment that leaks when it rains and somebody stole his bike last night…his only way of getting around. He is not very comfortable right.
I am not saying that all hackers\bad guys live this way, but which one do you think is more motivated to accomplish their job, the security administrator in the suburbs or the lowly hacker?
Depending on who wants to break in, it is not matter of if they will break into your systems, but when. You need to have in place a system that alerts you a soon as something happens and a recovery plan to minimize the damage. The other part of the recovery plan must be meeting with all stakeholders and figure out what happened, why it happened and how the problem can be minimized or avoided in the future.
Have you heard of Anonymous? Anonymous is perhaps (right now at least) the best group of hackers on the planet. They have broken into:
The Federal Reserve Bank
The Department of Justice
The FBI phone system
Just to name a few.
If Anonymous decided to break into your organization, do you really think you could completely stop them? It does not have to be Anonymous, lesser known and talented hackers employ the APT method of breaking into systems. APT stands for Advanced Persistent Threat. The hackers are patient, determined and just keep knocking until they get in.
In no way am I saying not to do the fundamental things that can keep your systems safe such as:
Harden servers and workstations.
Reduce the attack surface by only running necessary software, protocols and services on any given system.
Keep the OS and applications updated.
Use excellent malware detection software and keep it updated.
Use IDS and IPS technology.
Train your people to be security aware. Recently, I was in the Security Operations Center (SOC) of my current employer. I was picking the brains of the security guys. I learned that for the most part gone are the days of a hacker trying to penetrate your firewall. It is much easier to get an employee to click on a link (Phishing) that takes them to an infected website. Malware is downloaded on that machine giving the hacker total control. Now the hacker can see what other computers (perhaps even servers) he can access from this one compromised computer…TRAIN YOUR PEOPLE.
I hope this information was helpful.