Tag: business

The Hidden Risks of Shopping: In-Store vs. Online

Shopping is a fundamental part of our lives, whether it’s for necessities like a kitchen faucet or small tools, or for indulgences we’ve had our eye on for weeks. With the rise of online shopping, many of us face the eternal debate: is it better to shop in-store or online? While both options have their advantages, they also come with risks that can leave us frustrated, disappointed, and sometimes even out of pocket. Let me share a few personal experiences to shed light on some of the pitfalls of both.

The In-Store Shopping Experience: Not Always What It Seems

In theory, shopping locally should be a straightforward process. You walk into the store, find what you need, pay for it, and go home. Simple, right? Unfortunately, it’s not always so smooth. Here’s what happened to me:

The Case of the Used Faucet
Not long ago, I needed a new kitchen faucet—nothing fancy, just something functional. After a quick trip to the hardware store, I found the one I wanted, asked a clerk to grab one in a box, and brought it home. But imagine my surprise when I opened the box and found a used, broken faucet inside! Someone had cleverly resealed the box with tape and banding straps, returned it to the store for a refund, and left me with their defective item.
Missing Tools from a Sealed Package
Months later, I went to a different store to buy some small tools for my Dremel. Once again, I trusted the packaging, but when I got home, I found that the package had been previously opened. Two of the five tools were missing! Clearly, this had happened before the item made it to my hands.

These aren’t isolated incidents. Over the years, I’ve noticed a disturbing trend: shrinkage, or the theft of items in-store, not only hurts retailers but ultimately impacts customers like you and me. Whether it’s used ink cartridges, defective products swapped for new ones, or missing parts, these instances are frustratingly common in local shopping.

Is Online Shopping Any Better?

If you think online shopping offers a refuge from these issues, think again. While it’s undeniably convenient, it comes with its own set of challenges.Take my experience with TEMU, for example. I decided to try out the platform, tempted by its low prices. I ordered an item, and when it arrived, it was broken into multiple pieces. Disappointed but hopeful, I tried contacting their support system. However, their chatbot insisted on photos of the damage and even required me to cover the cost of return shipping. For a $20 item, it simply wasn’t worth my time or energy. I tossed it and moved on.While my experience with TEMU was frustrating, it’s important to note that this isn’t unique to them. Online shopping platforms often come with risks like:

Receiving damaged or defective products
Misleading product descriptions or photos
Complicated return processes
Shipping delays or lost packages

The Bigger Picture: Are We Ever Truly Safe from Bad Shopping Experiences?

Whether you shop at your local store or online, one thing is clear: no system is perfect. In-store shopping may feel more secure because you can see and touch the item before buying it, but that doesn’t mean it’s guaranteed to be flawless. Similarly, online shopping gives you convenience and access to a wider variety of products, but it also comes with the risk of receiving damaged goods or dealing with poor customer service.Ultimately, these shopping mishaps highlight a larger issue: the lack of accountability in the retail world. Both in-store and online retailers are vulnerable to fraud and shrinkage, and unfortunately, customers are often the ones left footing the bill—whether it’s through higher prices, wasted time, or sheer frustration.

How Can You Protect Yourself?

While there’s no foolproof way to avoid these problems, here are some tips to minimize your chances of running into trouble:

Inspect In-Store Purchases
Before leaving the store, take a moment to inspect the packaging. Look for signs of tampering, such as resealed tape or damaged boxes. If something feels off, ask for a replacement.
Read Online Reviews
Before purchasing from an online retailer, read customer reviews to get a sense of their reliability. Look for common complaints about damaged products or poor customer service.
Know the Return Policies
Whether you’re shopping in-store or online, make sure you understand the retailer’s return policy. Some stores and platforms have more customer-friendly policies than others.
Use Trusted Retailers
Stick to brands and retailers with a proven track record of quality and service. While it might be tempting to try a new platform with rock-bottom prices, sometimes it’s worth paying a little more for peace of mind.

Final Thoughts: What’s Your Take?

At the end of the day, shopping—whether in-store or online—comes with risks. While my experiences have taught me to be more cautious, I know that everyone’s mileage may vary. Have you had similar experiences with defective products or poor customer service? Do you prefer the immediacy of in-store shopping or the convenience of online retailers?I’d love to hear your thoughts and stories! Drop a comment below and let’s discuss.

Prime Day and the Human Face of Amazon

Jeff Bezos built an empire by understanding one fundamental truth about modern consumers: we crave instant gratification. With a click, our desires materialize on our doorsteps, sometimes within hours. It’s a remarkable feat of logistics and psychology working in tandem.

The Retail Evolution

We’ve witnessed this transformation before. Large box stores swept through America, turning thriving small-town main streets into ghost towns as mom-and-pop shops closed their doors. Now, Amazon is doing the same to shopping malls. The retail landscape continues to shift beneath our feet. But here’s the thing, Amazon’s dominance isn’t guaranteed. It could unravel quickly if the company overlooks a critical detail: delivery drivers are the human face of Amazon.

When Cameras Are Watching

Cameras are everywhere now. Ring doorbells (ironically, an Amazon-owned company) capture every interaction between drivers and our front porches. When a delivery driver stands several feet back and tosses a package onto the concrete, customers notice. That toss communicates something…whether it’s exhaustion, frustration, or contempt. The perception matters, even if the driver is simply overwhelmed.

The Prime Day Problem

During Prime Day, order volumes surge dramatically. Drivers face longer routes, heavier loads, and tighter schedules. That’s understandably stressful. However, this increased demand is precisely why they have jobs. Customers aren’t inconveniences, they’re the entire reason the position exists.Combine rough handling with Amazon’s often minimal packaging, and you have a recipe for damaged goods and frustrated customers.

A Simple Solution

Perhaps it’s time for Amazon to invest in a genuine conversation with their delivery teams. A reminder that every toss, every interaction, and every doorstep moment shapes the brand. Customers are watching—literally.Gratitude goes a long way. So does setting a package down gently.

#PrimeDay
#PrimeDay2026
#AmazonPrimeDay
#Amazon
#AmazonDelivery
#JeffBezos

About the cover: He has watched empires rise and fall. He has walked through plagues, wars, and revolutions. Yet for over five hundred years, only one thing has kept him tethered to this world—her face, frozen in oil and pigment, imprisoned behind a gilded frame.When a powerful king discovered his daughter had given her heart to a creature of the night, he turned to dark sorcery to end the affair permanently. He couldn’t kill the vampire. So instead, he trapped the princess somewhere far more cruel—inside a painting, suspended between life and death, visible but forever untouchable.The vampire has never stopped searching for a way to free her.Now, posing as a respected museum curator, he has finally uncovered an ancient ritual that might shatter the curse. But magic this old demands a price. And after centuries of patience, he must ask himself:How much is he willing to lose to bring her back?

Genre & Comparables

Magical realism with gothic romance elements—perfect for fans of The Invisible Life of Addie LaRue, Interview with the Vampire, and The Night Circus. The Girl in the Guilded Frame

No Juice, No Problem, Candles still work.

🚨 About That Power Outage in Hunt County… 🚨

So, last week over 4,000 people lost power around 12:02 AM. The cause? Absolutely nothing to see here, folks. No clear explanation. Zero. Nada.And wouldn’t you know it—the outage just happened to be centered around Cash, Texas. You know, the exact area where a 285-megawatt data center is being proposed. But sure. It was probably just squirrels. 🐿️ Oh honey.We need a Nick Shirley investigating things around here. Speaking of which, where is the media?! When was the public meeting about this? Whats going to happen to property values? Is this Data Center going to improve our lives?

Here’s What’s Actually Happening

Core Scientific acquired a 265-acre site in March 2026 to build a massive AI and high-performance computing data center right here in our backyard—rural Hunt County, near Greenville.The Details:

70 acres of land (formerly owned by Telios)
Consulting with Cash SUD for water and Farmers Electric Cooperative (FEC) for power
ERCOT approved the interconnection back in 2024
Operations expected by 2027, full buildout by 2029 I am speculating its off 3805.

“Local Approval?” That’s Cute.

Here’s the kicker: Texas counties have virtually no authority to approve or deny these projects.As one county judge put it: “By the time I hear about it, they’ve already bought their land, so it’s not like they’re asking our permission to show up.”They “ask” us as a symbolic gesture. Meanwhile, folks still have “No Data Centers” signs in their yards. This has been in the works for a while, and someone knew before we did. Follow the money—there’s a LOT of development suddenly flowing into this area. High-occupancy housing, apartments, mobile homes… Greenville is buzzing.

The Good, The Bad & The Loud

If you moved out here for peace and quiet? Brace yourself.🔊 Noise: Data centers are LOUD. You can hear them for miles.💧 Water: They consume massive amounts of resources.⚡ Electricity: They get discounted rates. Will you or I? Nope. In fact, expect your bills to go UP.💰 Tax Revenue: Will it benefit us? Keep dreaming.

At this point, I might as well add CORZ to my portfolio and skip buying hearing aids—I won’t be able to afford them anyway.Thoughts? Drop them in the comments below. ⬇️

About the Picture: That is the cover for a book I wrote.

Nothing But Time

Thirty years.That’s what he gave them. Thirty years of missed recitals, cold dinners, and promises whispered into voicemails that were never saved. Thirty years of believing the corner office was the destination—not the cage.They gave him a gold watch. They gave him a cake. They gave him a handshake and a cardboard box.And just like that, the man who had built something… was nothing.

The merger was clean. Surgical. He never saw it coming.Now the house echoes with the ghost of a marriage he neglected. The children who grew up without him have lives of their own—lives he watched from the periphery like a stranger pressing his face to the glass.He traded everything for a seat at a table that was never his.And now? Now he has nothing but time.

Then the letter arrives.Charlie’s gone.His college roommate. The one who laughed too loud, dreamed too big, and once grabbed him by the shoulders and said, “You’re gonna wake up one day and wonder where it all went, man.”Charlie left him the farm.Sixty acres of overgrown fields, a farmhouse with a sagging porch, and a horizon that stretches further than any quarterly report ever could.

He came to bury his past.He didn’t expect it to save his life.

Nothing But Time

A story of what we lose—and what we can still become.

Who is Steering the Ship?

Is the captain of a company the CEO?
Is it the board of directors?
Is it the Stockholders?

I would argue yes and no. The customer most probably guides or “tugs” your ship through the turbulent waters of the industry you are in, more than you might think.

Since the driving force is out of your complete control, can your ship stand up to the pressures of high winds or traversing into territories which are uncharted? Is there a reef ahead waiting to break the spine of your vessel? Will Sirens lure your men into a false state of complacency?

While need necessitates the possible paths that you as the captain choose to follow, the infrastructure and robust nature of your data systems will be part of the viability of your success.

Companies must be robust enough to change directions or take on more massive task as the customer demands. As an SME in Data processing (Information Systems) and Disaster Recovery, frequently I find through the audit process that the ship is traversing the waters without a rudder, and an engine that is held together with duct tape and bailing wire.

Some of the critical problems in this industry are human nature, underperforming CIO’s, and lackadaisical staff. Other issues often include a CIO taking on the job of CFO.

Encouraged by upper management to rain in cost, the CIO might look for ways to cut the budget using poor quality sheets, and used line, taken from derelict ships that have already made their way to Davy Jones locker.

When the proverbial fork in the road or in keeping with the metaphor, when the winds change, will your company be ready?

Often, Board Members or CEO’s look at disaster recovery like insurance. It is much more than some policy that you purchase.

When you bring in a person or company, who specializes in Disaster Recovery many things happen.

The first two are a risk analysis and an audit of how you currently do business regarding Data processing. The scope, of course, can be more than just your data processing capabilities and often it is expanded to include all functions of your company.

Depending on the size of your company and its complexity this could be a project for a consultant, or it might include one or more FTE’s that maintain your ships viability into perpetuity.

While the Risk Analysis may or may not be a surprise to you, the audit will almost certainly be a surprise. Nobody wants someone poking around in their business.

Frequently those in charge of the department will make themselves scarce. While weekly meetings and deliverables are a must, I often find that an audit shakes things up, and that can be a good thing. This process also exposes any weak links in the proverbial chain.

Your IT department is a dynamic part of your company and often is the engine which drives your ship. While frequently looked at as a cost center, without it, your company I dare say would die on the vine or flounder.

In the final examination of your company, we will discover if you are ready for the next opportunity or the next fork in the road. We might also learn that you are treading water.

When the prevailing winds shift directions, will your ship be able to adjust?

Smooth Sailing!

Scott Taylor

Apple Update: Do you want to do it now or later, or never?

This notice used to be no cause for alarm. Having been in the computer business for some time updates were always rather innocuous.

Novell was the first program that I dealt with that you had to read each and every “readme” and decide if you indeed wanted this patch or that.

Patches were not mandatory they were written for specific bugs or concerns. The problem with patches like that are, they can only be applied during a “service window.”

A service window is a time of the day and week when ordinary people are sleeping or not thinking about work. Holidays were great times for service windows as applying a patch would be the least disruptive for business functions. Midnight to five AM Saturday night into Sunday morning was usually a good time for a service window.

While Microsoft has taken the guesswork out of service windows, it would seem that Apple has as well.

You turn on your PC, and it says, applying updates, please stand by.

No matter how urgent your need is the updates will commence, and you will be patient.

With this latest phone update that crippled my one-year-old phone, I am a little gun-shy about taking any more updates from Apple. I am thrilled that they are going to repatriate billions of dollars bringing it into the US as well as providing jobs for Americans, I am not so excited with the fact that my phone is barely usable. The old 4S that I did not update is faster than my 6S.

To say that this practice of slowing down older product is reprehensible, does not begin to cover it.

I was seriously thinking about looking at an Android-based smartphone when I received an Apple watch for Christmas. Great Timing!

Now I have a watch that tells me when to stand and breath but works very slowly as far as my phone is concerned.

My first iPad worked just fine until I was going to give it to an older gentlemen to watch Netflix on or read Kindle stuff. I reset it and managed to brick it as they don’t have any software that works with that OS, and they don’t have the version of OS for that iPad available. Resetting it from a usable tablet to original killed it.

I don’t know why they cannot make the server smart enough to detect which product you have and offer you an IOS or apps that will work on that product? Oh, wait I do to know. They want you to buy more hardware!

I met Steve years ago while supporting Next Step Computers. I wonder how he would feel about what is happening today.

I would imagine he would be ok with it. Like the Schick razor they want to sell you new blades, or in this case more product into perpetuity.

I would think that consumer watchdog groups would be all over this nonsense. A thousand dollars for a phone is over the top, one should get more than a year out of it.

This Pc that I am writing from today, I built seven years ago. When I designed it, I put in components that were capable of playing the most aggressive video game of the day. Why? Here we are seven years later with the latest version of Windows 10, and it is still plenty fast.

An important note to keep in mind. Hardware is measured in MTBF which means Mean Time Between Failure. Hard drives die! Fans Die! Power supplies Die! Moral of this story is to keep your files backed up. If your data are only on your PC, you are living dangerously.

By files I mean data. Document and pictures, email PST files, excel documents and so forth.

Whether it is an apple update or windows update keep in mind that I have seen Microsoft updates brick computers.

As far as Apple is concerned, I am in hopes that they will correct their error and think twice about that kind of activity in the future. To screw up their brand in such a cheap way is beneath them in so many ways. If you want people to purchase, the latest greatest, make it stand head and shoulders above the rest. You might also work on the price!

-Best

Is Buffoonery the new American Norm?

“Doctor, when I do this it hurts. My hair is thinning, and I am tired all the time.”

“Is that all?”

“Yes, other than this strange growth on my neck. What can you give me to make it better?”

“We must run some test first to see if these symptoms are related and then figure out what is causing them.”

“You doctors are all alike, you just want to run my bill up with unnecessary test, so you can make a car payment or even a house payment. Just prescribe something, and I will be on my way.”

The patient in the above dialogue is a Buffoon.

Oddly enough, I get this same kind of rhetoric when I am called out to come up with a disaster recovery plan and discover that they have many other issues.

“Do you think you can fix these issues we are having?”

“What are some of the issues?”

“Computers drop off the network for no reason. Printers often don’t get their print jobs, we think it is the printer, so we keep calling Cannon out, but they never fix it! The internet is slow and sometimes unresponsive. Our phones don’t always work. The phone vendor keeps telling us it is not his problem but you know those vendors, get your money and then forget they know you. My lead guy tells me we need more internet bandwidth, would that fix it?”

“It sounds like you have some serious issues, when would you like me to start?”

“Start? Just go push the right button and fix it! How long will it take?”

“It depends on what I find.”

“What do you charge?”

“$125 an hour unless you would like to have me out here on a contract for a set amount of time.”

“What would you charge if I contract with you for two hours.”

“$250, (and it may be more if I have to deal with stupid nonsense like this, while I am working.)

“Truly I get this kind of stuff from CIO’s no less.”

The old joke about a thousand dollars regarding kicking a computer to make it work is just a joke. While that might end up being the final diagnosis (which I doubt), this is a mindset from those who have no idea of what they are talking about.

Truly if it is from someone outside of IT, it is not their fault. Their job is to run the company, turn a profit or drive the business to produce more of what they do. It is not to run IT. Now if the CIO has this dialogue with you as a consultant then you have issues.

Some people are in high up positions because of who they knew and not what they knew. Some are there because their parents own the company. I personally try to stay out of situations like that because it hardly ever ends well. I have done it many times in the past. One of the most frustrating things is working for a guy “CIO” who did not even have a computer at home. He knew little about computers or technology other than green screen 5250 stuff as a programmer, using RPG or Cobol.

When I walk in your door to resolve an issue or create a disaster recovery plan, there are things that I want to see.

Up to date network map.
A runbook
I will want to see the recent logs from the servers.
I will want to see your notes from the change control committee. (living document)
I will ask about your issues from the past to current. Are there pain points and what are they?
I will want to know what you would like to see as a deliverable. (an end goal)
I will want to know about your business model, so I can best position you for the future.
I will ask about the age of the hardware and what your hardware asset management looks like.
I will also want to know the same about your software. S.A.M.
I will want to see the licenses for the software that you have and I will want to see where the software is and when, if ever was it updated.

If you asked your CIO for these things, could he provide them?

As the CEO, ignorance is not an option. There are seldom good surprises in business.

There are many other things I will want to have handy before I even begin to diagnose, troubleshoot or create a disaster recovery plan. One of the most effusive displays of frustration from a client was when I discovered through digging that someone had spliced network cable improperly and it would need to be replaced. Cat 5 to Cat 3 no less.

Yes, I will want to know about the cable plant. Was it installed all at one time or has it evolved over the years? When you climb into the overhead ceiling to find a gob of electrical tape or even scotch tape holding network cable together, that will make your blood run cold. If they are that stupid or cheap unless they are under new management or are willing to hand you the checkbook, you probably should just walk away. Life is too short.

When I talk with potential customers, I can get a sense of their knowledge level quick enough. How is that done?

I was in data processing long before Bill Gates was a household name. Steve Jobs was still a criminal selling blue boxes made in his garage and CPM was the operating system. What I do is not cheap but, it is worth it. Most companies that have a disaster if not resolved within three days go out of business.

“We live in Dallas Texas, what kind of disaster could we have that would put us out of business?”

The disaster that I see the most often was caused by employee error. I do a risk assessment as part of the deliverable which many companies need for their insurance provider.

Now that we are in 2018 is this the year that you pay attention to your network and other infrastructure? Is this the year that you look at security both digital and physical? “yes, I do that too.”

If you like my blog, please consider following me.

-Best

Why should you use Rent-A-Geeks for your disaster recovery drills?

The pushback I get on this one topic is phenomenal. Their IT people who know their boss better than I, always question the need for a disaster recovery audit in the first place.

“I Get it! To them, that is synonymous with taking your shoebox full of tax information to the IRS and asking them for an audit. Please let me suffer through an audit because I love pain!”

So who in their right mind would do it?

I can think of no better argument than Puerto Rico. That island was wiped off the map. They have no power grid left. They have no data communications and let’s face it; It will take years for them to recover.

I had customers there, but I bet that those businesses may no longer be viable.

They are requesting of all things truck drivers, among their many lists of needs. Why?

Their truck drivers were affected by the buss’s called Irma and then Maria.

I am speaking to the owners of businesses with this next sentence. “Folks, your IT guy that tells you that you don’t need an outside firm or audit, is setting you up for disaster.”

Objectivity is essential. You need an honest assessment by someone who does not have a dog in that fight.

If a team of rent-a-geeks cannot restore your company at a warm site, the DR plan that you think you have is worthless. It may satisfy the ISO folks or the other government or banking or insurance companies, but the sad truth is, in an actual Disaster your people may not be around to add their collective knowledge to the process.

One client did not even look at one I prepared for them. When I asked if he wanted to go over it he shook his head. “No, I just need something for the auditor to show that we have one.”

My reports go to you the customer, nowhere else. My recommendations are put forth in a clear, concise manner that you will not need your IT guy to explain to you. Read and understand my blogs on the topic and then ask the critical questions. If you hold your SA’s feet to the fire or your CIO’s feet to the fire, you will far better off than most of the firms I deal with.

One firms CIO that I worked with was not suited for desktop wizard much less the end all be all guru of all things technology. Now if numbers are what interested the CEO, this was his guy. He could pinch a nickel with the best of them. “Penny wise pound foolish,” should be on this man’s card.

It does not take an Irma or Maria to sink your business. It only takes a Ted or Bob or a fire of some small part in the computer room to decimate your company. Assume nothing! Do you have the right employees doing the job?

Pray for our brothers and sisters in Puerto Rico, and if you have the ability, you might consider donating something to some of the excellent organizations who are working so hard to bring some relief to those affected.

Having lived through Alicia, I would not wish that on my worst enemy.

-Best

Ready, Fire …Aim

After the recent storms, one might have guessed that my phone has been busy. Firstly let me say that Disaster Recovery by its very title is a bit of a misnomer. While I have some abilities to recover lost data using some forensic skills developed over decades of twiddling bits, that is not really disaster recovery.

Disaster Recovery and business continuity are about planning for an event which may or may not happen. The “plan” assumes that your business systems will be affected negatively and puts forth a tested strategy to recover from the said event.

With the recent devastation by hurricanes and earthquakes, one would think that those businesses not affected would be learning from those that were. If you search my blogs on this site, you will see that I have laid out

Do not ask him or her, are we covered just in case, ask them specific questions laid out in this blog here.

Yes is not a satisfactory answer, demand the details and the proof. I don’t care how much of a friend he or she is, demand the evidence. The devil is in the details, and the last thing you want is a bunch of excuses.

I am learning from phone calls that too many have been assured that they are covered, and that is very possibly why today they are looking for ways to recover data from destroyed equipment.

Disaster recovery is not some dark magic spell cast under the voodoo magic of bits and bytes in the wiring closet or back part of the computer room. The bottom line is to test it, whatever your people come up with, check it. Keep checking it until you can recover your business with outside contractors and hardware with data and documents prepared by your staff. There is to be no input from you or your staff during the test. The hurricane, earthquake, fire, attack from zombies or employee error took you and them away from the scene. The plan provided must work!

This is why we who do this insist that companies use “best practice” standards in the industry when creating your individual networks and systems.

One such company has a senior IT staff littered with programmers. These people think they know more than Microsoft. Using kludges from Unix, Linux and other programming wizardry to subvert some of the basic tenants of networking, they have made their network so unique that it will depend on them to be there to recover.

If it is not broken, don’t fix it!

Writing programs that workaround things like DNS is just crazy stuff and now it is dependent on the network never changing, at all.

If your data is successfully mirrored offsite, an excellent team of engineers might get you going in weeks, not days if you have failed to follow best practices. While your data might eventually be usable, you and your company will be on the sidelines as most businesses do not recover from such a catastrophe.

Folks I have been at this since 1982, I have learned a thing or two in those years. Ask your team the questions or be prepared for unpleasant surprises should you ever face a business stopping event.

Got to go and explain once again what disaster recovery is and is not.

-Best

What If?

Every day someone finds something. This day was no exception. The more creative the attack the more interesting the day. If you call that number they try to get you to give them $199.00 to unlock your computer.

You can send me some money if you like but, here is the fix for this…

CTL ALT DEL , task manager, kill the process, aka browser and then do not restore the page when you reload the browser.

I am not affiliated with CCleaner but I sell a heck of a lot of it for them. Install it and let it clean your browser after every use. $25 a year and damn well worth it!

As one might use an explicative to emphasize a point, I often use a somewhat tawdry analogy for this purpose. Surfing the web with inadequate anti-virus software is like “hooking up with a stranger” without using protection. Not only is it idiotic, but dangerous!

Having been in Data Processing, or the IT business since before Steve Jobs or Bill Gates was a household name, I know a thing or two. The scars on my back are from arrows taken in the trenches of digital mayhem. This bedlam was caused by such things as bosses wanting to be on the bleeding edge, to software not ready for prime time, been there done that.

Free antivirus software is not worth what you pay for it!

The best security software is going to have a price or cost to it. Why? It takes many engineers, coders, and much research to create and maintain a massive program like anti-virus software. Who is going to do that for free? More importantly, why?

While someone might write an app for free, to get their name out there; anti-virus software takes a village.

Much like hiring someone to sell your home, you don’t hire someone who does it part-time or as a hobby. If you want to get something done, give it to a busy person. If you want to sell your home, hire someone who’s lively hood depends upon them being successful. You want a secure computer, hire or purchase the product with the most to lose if it fails.

There is much more to the process of considering which product to purchase but, free is not a reason. I would argue that free is a cause to eliminate that choice.

The reality is that the internet has become the wild west. The bullet that finds you can come from almost anywhere. Every company that uses computers should have a security officer. His or her job should be to focus their attention on threats out there and the best way to keep them from affecting that company.

I find it surprising that politicians are screaming about Russian hacking of our computers. What the hell do you expect? You just assume that someone with a certification gives a damn!?

What worked in 1982 does not work now. Having a “PC Wizard, or your grandchildren” working for you is tantamount to a trapeze act, blindfolded and working without a net. Insurance companies and credit card companies are now aware of this and demanding your strategies to be secure in the world of cyber threats. They should audit you, and they should hire folks like me who know what to look for.

White Hat hacking allows us an inside look at what one might expect. We learn many ways to infiltrate a company. The same applies to the TSA in homeland security. While I would probably choose a job to be that guy that test the security systems of the homeland, airports and such, it is much easier to check companies.

The first thing I must do is understand you. More importantly, know that entity many of us in the biz call “users.”

Too many infiltrations are accomplished with something called click bait. “Ten pictures that should never have been made public…” With half a picture of some scantily clad woman visible, how many will click?

Human nature dictates men will want to see what the camera saw. “Boom, you’re infected.”

Good antivirus software will stop any activity created by software manipulation but, the caveat or keyword there is “good.” What if you bought the bargain basement software or just used the free stuff?

For the coders to write the fix, someone must fall prey to it, report it, and then they must institute a fix. That is why Software of this type is never static. Updates are consistent and often. New threats are released hourly. To run a company dedicated to this is no small task.

Maybe you own a plant which produces widgets. Your widgets are better than others, and your competition wants the skinny. You hired someone like me for your IT manager or CIO so they cannot get in through your firewalls. Your safe, or so you think. Industrial espionage is rife in the competitive world of gadgets and widgets. If I want in bad enough, I will contract one of my guys to write a program that will hide on a computer until certain key phrases are typed, and then it will activate.

“Wait, you said my firewall is secure, Fort Knox secure!”

“Why yes I did, so I am going to place this little program on a thumb drive and…I am going to put some naughty pictures on it with some commercial looking writing on the outside of the device to make the person who picks it up from the parking lot where I dropped it, think that they have something juicy.”

Possibly just tossing a thumb drive out the window of my car near the parking lot with a few files on it, and the Trojan would be enough to get me into your network. I will purchase some chrome colored or fancy looking thumb drive to be sure that it is spotted. I will know when the landscape folks work, so I make sure and plant it after they have done their thing so that one of your employees will find it.

Maybe I send one of my spies out to places that your guys eat and leave the drive on the table by the ashtray or the salt and pepper shaker at the table they eat every week on a given day and time.

Possibly I get one of my people inside your company, hired by you. They install some remotely controlled program like Team Viewer on their PC and Viola; you are hacked.

Because your IT guy is so sure that his firewall is good enough, or your engineers are so demanding that he left the USB ports open for use by them, with lax policies he leaves your company vulnerable too.

How do we stop the threats?

One way we do this is with training. Every employee should sit through CE training on the essential use of the corporate computers. This is information that they can bring home and share. Education is by far the best tool one can have in their arsenal.

All of the policies are trumpeted for them to hear and before they leave they sign a document saying they will adhere to them. With it harder and harder to fire people these days, that too is one more tool in your belt. Good employees, you want to keep, those that prove lacking, they need to go.

I could easily make the argument that good computing practices are patriotic. I could certainly apply this to purchasing respectable anti-virus software and creating policies and procedures that protect your business but, the bottom line is, in the end, it will save the company money.

I was making this argument to a CEO of a good-sized company when he stopped me and said, but viruses help your bottom line too.

I argued that I would much rather use my time and talents to design safe environments for companies like his than put out fires. It is considerably less expensive to install a good fire retardant system then to try and rebuild. Yes, a metaphor for using robust best practice standards in computing vs. reacting to noise.

Noise is the result of a problem created by an event that was unplanned or caused by employee error.

A good security person is somewhat paranoid and is always asking, what if? I do this in disaster recovery scenarios balancing those “what if’s” against statistics and a risks assessment.

With proper education, we can mitigate the employee errors. Using proper procedures and policies, we can diminish the unplanned events, i.e. viruses or other malicious code.

When I run into companies that think free antivirus software is adequate, it makes me a little crazy. If they are a public company, trust me, I will not purchase their stock. Flirting with disaster out of sheer frugality or ignorance is idiotic.

If you keep your guys around because you like them, think again. I may love some folks, but I would not hire them for certain positions if I could find someone better. I don’t have to like you, for you to work for me. If you are the best person for the job, you get the job. P&L trumps feelings! Feelings can be costly and can be a liability. Logic in business is your ally. Logic must always be forefront when making business decisions.

I have walked away from companies who have their kids working for them. By hiring the children, you open yourself up to losses that could be untold. One company had their children not doing the paperwork necessary to complete the task, thus losing money in that department. Hiring me to do an analysis, it did not take long to find the problem. I fired her children after trying to work with them. I kid you not one of them actually cried in my office after telling him time after time he must do all of the job. A grown man crying! There is no crying in IT. Either perform the work or get the hell out! Either do all of the job or learn to ask, “Do you want fries with that?” Is that too tough? I felt for the kid but, feelings do not dictate policy.

Do your kids a favor and don’t hire them. The real world does not work that way so why in the world handicap them, and make them believe that it does?

Over the years there are best practices that have been created by time trusted procedures and policies.

Some are things like:

Hardware Asset management.
Software Asset Management
Security both physical and digital

I could write a book on the subject, but I will spare you the details.

Today, now more than ever we must harden our networks. We must have sound policies and procedures in place, and they must be adhered to. Documentation is essential, and it must be updated.

I don’t relish firing people but, sometimes their people are the problem, and the CEO is so far removed from the process they just don’t know it. If training can fix it, I am all for it. Attitude too plays a crucial role in the process, and I will not tolerate a crappy attitude. Life is too short, and the subject matter is too important.

I love the HR folks because often they are the gatekeepers, saving the CEO from disaster. Good HR folks are worth their weight in silver. Gold, maybe not, so let’s stick with silver. Worthy people are not that hard to find as many would have you believe. Upright people are around, but they may not have everything that you are looking for immediately.

Instant gratification is an expensive luxury and can be elusive at best. Where employees are concerned, I want to start with a “good foundation.”

We place certifications above character, and that is part of our modern day conundrum.

I hired a grocery store manager and trained him for a job in IT. He had little experience in the job I hired him for, so why did I hire him?

He had the right attitude and wanted to learn.

I had the time to train him.

The money used for training him was penny’s compared to hiring exactly what I was looking for.

He did not have the bad habits that come with so many “experts” with the certifications, and their egos.

He ran a grocery store and let me tell you; he was not afraid of work!

Back in the day, we had interns or apprentices. Folks, we need to look carefully at that once again. I have hired many over the years that had the right attitude and the skill set to learn. American people are out there struggling, and we won’t give them a chance. Why? Instant gratification. We need someone who can step into the job right now, and we run with minimum employees because of what? Because it is so expensive to have employees.

That is one of the things we need to push back on Congress and health care to fix, but the reality is, internships and apprentices I think are essential to finding and creating good employees.

Every job fair that I go to has thousands of workers looking for work. If you can’t find them, you are not looking! I spot good employees daily. There are times I would love to go work for a recruiter just because I can spot talent!

Are they the exact racehorse ready for the Derby today? Maybe not, but can they be trained? There are virtual diamonds in the rough everywhere, looking for a chance! We are begging to bring in more H1B folks instead of taking care of our own. That is not very damned patriotic if you ask me!

Our schools are a disaster in my opinion. In speaking with college graduates today, I am frequently amazed at just how ignorant and totally out of touch with reality that they are. Someone somewhere screwed them to the tune of tens of thousands of dollars for an education that is worthless. When they think voting for a socialist is a good idea, they were screwed by their college and should demand their money back!

Today we have kids tens of thousands of dollars in debt, and they cannot find a job. I know of several college grades making much less than $15 an hour. Our educational system needs an overhaul.

As quickly as a company can get a process documented and packaged, they send it overseas via a VPN over the internet, sending jobs out of the country.

Trades are being overlooked for white collar jobs which are going the same way. IT jobs are vanishing in the states. Virtual IT shops are set up in some foreign country, hiring an English speaking American to act as a liaison between them and their Indian or other counterparts. With an American point of contact, it is then up to the American to manage the folks in another country who speak little English, making little money, to be the IT shop for these American companies. This same person puts an American face on their business while working with their client managing the “noise.”

“Do you see any security risk there?”

You have no clue where your intellectual property is going or who is seeing it. Maybe you have a contract but so what. Much like HIPAA was created to protect your health information, do you honestly feel as if your information is secure? If you do, you are fooling yourself. Read the documents you sign when you visit the doctor. You sign things saying that your information is protected and then you sign a document which pretty much gives them a pass to do whatever they want to do with your information. Smoke and mirrors.

Doctors and hospitals are hacked and the information is stolen all too often. Why? How? Piss poor planning on someone’s part. Using some cheap method to get things done perhaps?

Your contract with your Virtual IT company is as worthless as the paper it was printed on. Yes, that deal might make you feel better but, know if you are a developer, someone in some other country has your work and if they can use it, they will.

I want to touch on Software Asset Management as it is germane to this subject. All of the subjects are salient, but that one, in particular, is in the case of security.

There are tools which you can use to inventory every program on every PC. Why? Why would you want to do this?

Licensing of software is an issue, but more importantly, you should want to know what is on those PCs. The first time I did this for a company I was struck with the reality of the sheer number of programs designed for remote control of a PC, that was active.

In this world we live in, corporations can ill afford to have the wild west inside their computer networks. Besides the games and other foolishness that was identified, the risk to the infrastructure was phenomenal. The company is liable for every program on their PC’s, no matter who put it there. If they are audited for their licenses, and someone like myself does an audit and finds them, they must then produce that license. Can you? Can you put your hands on all of your licenses?

Ignorance is no excuse!

Having been part of the evolution of the business process, dating back to the secretary and the typewriter to current day, I have seen the learning curve first hand. Fighting the first virus on a network before there was anti-virus software; asking “what if” became second nature.

Back when Gregg shorthand was used, a business letter cost an average of $100.00 back then. Now we type out e-mails with the ease of few keystrokes and dictation is a thing of history. Technology has improved the business process, but the bad guys have found a way to make it interesting.

The very tools we use to make our lives easier are under constant threat by evil forces that look for ways to extort money or steal your property either through the exploitation of your network, or your employees themselves.

We use the cloud as if it were a hard drive in some vault in our closet. We send information to the cloud without a clue where the cloud is and who has access to it. Why we don’t encrypt that data before it leaves our computers is beyond me. If I were a villain, I would be looking for ways to infiltrate the “cloud.”

“What if?”

The opinions expressed are my own as well as the intellectual value of the information put forth for your consumption.

When is the right time to think about Disaster Recovery?

Spring rains bring on more than just flowers or in my case, weeds. The phone started ringing early the other morning. My coffee was still brewing when the continuous ring of the phone demanded me instead of the regular answering service.

It would seem that lightning hit a pole close to one of my clients.

Lightning is far from respectful of your deadlines or the amount of work that your staff has lined up to accomplish. From simple power outages to fire, lightning all by itself is a disaster in the making. Some simple steps ahead of time can keep your company from being a victim to what this client was.

One girl had her headset in when the lightning struck and was shocked. Happily, she is ok, but their systems were not so fortunate. Had the grounding been worse; she may have been the path to ground.

Once the power was restored the server, router, and switch, did not recover.

The one machine on a UPS died as the power went out.

What went wrong?

Surge protectors have a finite lifetime. People buy these power strips with surge protectors and forget about them. Surge protectors are nothing more than a power strip with something in them known as a “Metal Oxide Varistor or MOV.”

Any power surge above an acceptable voltage is clamped or shorted to ground by this device. The problem is the MOV only last so long before it no longer functions. Every time there is any spike in the line from compressors shutting off to other electronic “noise” these components are adversely affected.

What is better?”

A UPS of enough wattage to allow the computer to be safely powered down in the event of a power failure. Along with the backup power ability, these devices have more sophisticated line conditioning circuitry protecting your equipment from stray voltage spikes.

One note to remember, these too only last so long before they must at least be maintained, or replaced. Any CIO worth his salt is familiar with Hardware asset management and has this is mind for his budget. CEO’s hate surprises like unexpected expenses. It is much easier to argue a budgeted expense than going hat in hand begging forgiveness for your ineptitude.

Suffer a catastrophe like this client, hope your boss does not hire someone like me to do a root cause analysis.

At the very least batteries must be changed out but keep in mind that an MOV is also part of that piece of hardware. I would budget the replacement of a UPS, rather than just the batteries if it were me.

Unless you have electrical engineers on staff, who are qualified to re-certify that equipment, it is too cheap not just to replace it.

Along with outdated hardware or not enough of it, I have seen too many times the ground plug defeated to save a dollar from an electrician. Those ground plugs are there for your protection, not because someone wanted to make it difficult for you. The problem with temporary is all too often it becomes permanent.

Lightning struck outside one of my client’s offices hitting a pine tree. Finding the electrical ground for the building, which was poorly grounded, everything in the building suffered a power surge knocking out much of their equipment.

Many times, building management will only do what is necessary by code and leave the gamble up to you the tenant.

Depending upon your location, achieving a good ground could be difficult. The type of soil must is taken into account among other things. Again, depending upon your location, you might want to invest in grounding your building with lightning protection equipment including lightning rods or now they call them “air terminals.” The idea is to have some amount of confidence that if lightning hits, it will strike your planned target and be dissipated safely into the earth.

Since all computer equipment and now phones are wired through the network, this last customer lost computers and phones along with the network infrastructure.

Failure to plan is planning to fail.

The cost of the hardware and time to repair was minimal, compared to the amount of time the company was out of business.

Insurance will only get you so far. As these spring storms fire up, there is a real element of danger to your building, business and, like the one young lady found out, to her person. Had proper grounding been utilized I doubt the girl would have felt the shock in her ears.

While a tested, reliable disaster recovery plan will allow you to sleep at night, preventing the disaster in the first place is what you should shoot for. That starts with planning.

From your building security to network security, right down to protecting your infrastructure from mother nature, accounting for every contingency is paramount.

Truth told, there are seldom good surprises in business. Mitigating the surprises with proper planning can prevent poor performance. Asking “what if” is key to any plan. Weighing cost vs. probability allows anyone with some business acumen to make sound decisions without breaking the bank. Understanding the risks, are the starting point.

-Best