Did I get you to click, did I get your attention?
Many have e-mailed me asking where I have been as my phone has been busy. What I just did with that title is called phishing. No, I am not infecting you, as the matter of fact if you read this you might very well be better off!
Had I said something even more audacious using Ivanka’s name and Nude in that title more of you would have clicked.
Those that write worms and Trojans and other malevolent spyware know how to prey upon your weakness. They studied the human heart enough to know that we cannot resist a story like this, especially if it is something negative about Trump. They manipulate you through your emotions.
Once you click on a link, many firewalls and antivirus software’s will assume that you know what you are doing and let you click, thus screwing up your computer and possibly give you something to “wannacry” about.
Yes, I specialize in disaster recovery, but if someone has not taken me or someone like myself up on these services before the crises and they suffer a loss, They might want to cry!
CIO’s and their teams must provide the company with several layers of protection which includes the best anti-virus software on the market. It includes making sure that all systems are patched and up to date. The companies that are the most vulnerable are the companies who take IT and what it does for granted, not supplying them the resources that they might need. These businesses that have someone in their IT department who is lackluster in keeping up with updates is another. Maybe they fail to stay informed of threats making their company fair game for the people inside the castle who click on the shiny red button or trinket of knowledge; looking for scandalous information on a person that they hate or a nude picture of their daughter or wife.
Human nature is predictable which is what the evil dudes depend on. You too know human nature if you are a human. There are few good surprises in business and even fewer in the IT industry. Vigilance on your IT crews part must be elevated as the threats are more dangerous and more frequent.
I have an article called Attention CEO-CIO and so forth, read that. I don’t want to waste my time writing it all over again. It is full of good information.
Develop and test a DR plan.
Use technology only to give your employees access to what they need and not what they want. Be judicious with updates, checking of logs and the software that is in your domain.
- What is on each PC?
- Do they need it?
- Do you have licenses for it?
- Do you have that software updated and in a vault in case the worst happens?
Using a program like Spiceworks not only can you account for all of your hardware but you can get a listing of every executable on each PC. This information is an eye opener. Frequently the CEO will ask, what do they need that for?
That is a good question, but the real wake-up calls are, is it legal? What is it and where did it come from? What does it do?
I find remote control software on PC’s that is waiting for some remote PC to dial in and take over the PC which if left attached to the network, lets the villain into everything!
This is where I have been and will most likely be again as the threats are more often now than ever before.
Those of you that follow my blog know of what I speak. Vigilance is not a nice thing if you have time. Attention to Security is mandatory. It is much easier and cheaper to fix what you have now vs. trying to restore what you have with an untested backup solution.
“How do I do that, we don’t have time?”
If that is your answer, you probably ought not to be where you are at.
Hire a technical crew (preferably from your vendors which you should have a relationship with) give them the backups in an offsite facility designed for such things and tell them to restore your company.
You have a person there to take notes, but not to assist them, for practical reasons that man went under the bus with the rest of your IT employees. When they get your company “live;” you then bring in a Skelton crew. Have them perform their functions at that site, and again take notes.
I can almost guarantee it will never get to the point of your employees headed to the hot site to test things unless of course, you are one of the few who is vigilant.
The purpose of the exercise is to figure out what the deficits are and then create a plan to fix it.
“Our stuff is configured so that we would need to be there to make it work?”
I have seen it, and that is not smart. Best Practice is around for that reason. Your company must be using “best practice methodologies” as those are what SME’s will be expecting. You don’t want some outside firm to guess at what you have done and try to put band aids on stuff. In the event, your IT folks do get hit by the bus you want to be able to hire SME’s and have them quickly take your documentation and step in, while your IT guy recovers or you replace him or her.
- Don’t fall for bogus click baits
- Don’t surf the web carelessly at work
- No Nigerian prince wants to give you money
- The IRS will not send you an E-mail telling you to look at this attachment.
- Buy install and maintain the best antivirus on the market.
- Have an inventory of your purchased software, know where the licenses are and the updated software disk.
“I just download the software when I need it.”
“Your internet is down, and will not be restored for three weeks…where is that software going to come from?”
Just when I think I have seen and heard it all, I am amazed at the stupidity or ignorance that abounds in this industry. Folks, if your ego cannot afford to look at how you are doing things, possibly you are in the wrong job.
I had finished advising a client recently and was still in earshot when I hear the CIO tell his boss that I was not correct and making too much out of it! WTF! This guy was so egocentric or afraid for his job that his ego could not handle the fact that he was wrong about so many things that he lied to his boss and put the company in harm’s way! I was not wrong!
Look, I have no dog in the fight! I am going to call them as I see them and what you do after that is on you. If your IT guy hung the moon; good for you! When the feces hits the rotating oscillator, I would love to be a fly on the wall when he tries to talk his way out of it.
A short story totally out of left field is this. We have all seen drivers text or do something with that smartphone going down the road. If you haven’t maybe you are texting and driving and I am talking about you!
Driving up 45 from Houston, during a thunderstorm, there was this fuel truck, 18 wheeler doing the dance. You know the dance where they are all over their lane occasionally dipping into the next lane or possibly onto the shoulder. I saw him in my mirror as he was advancing close to me. Getting out of his way, I noticed as he passed me that yes, he had his phone in his hand.
This was a fuel truck; you know the kind with the volatile product in it! Slowing way the hell down I let him pass. Ten miles down the road there he was, stuck in the ditch. He ran off the shoulder into the rain-soaked ditch and buried it! Now, this could have been so much worse!
“Do you think he called his boss and said.” Funny thing, I was texting my wife a grocery list and the next thing you know I am stuck in the ditch, isn’t that a knee slapper?”
“No, he will tell him that someone cut him off and if he has an otherwise good track record his boss will buy the lie!”
IT guys with ego problems are like that, as was this one guy. Trust but verify!
Look at that other article and ask your folks some of those questions and see what they say.
Hope you don’t WANNACRY and that all of your employees don’t click on stupid things.