Batting Cleanup...before March Madness

My last Blog post was at the end of January. Now, in late February - as the baseball teams get into the swing of Spring Training (see what I did there?) - and after Shawn, Chris, and Richard posted excellent Blog articles in February, I’m in the #4 spot. I’m “batting cleanup.” Don’t worry, I think the Astros are in good shape with a talented set of choices; it’s merely a sports analogy from a geek. We’re not going to compete in Minute Maid Park, but we will be there to cheer on the team when they start home games in April.

But I digress…back to late February and my thoughts for this riveting post.

Hmmm…so many passwords, so many post-its!

Hmmm…so many passwords, so many post-its!

Adding a key point to Shawn’s insightful post about Passwords, and combining with Chris’ thoughts about small business security, PLEASE STORE YOUR PASSWORDS IN A SAFE PLACE!

In January we blew through the 1-year anniversary of Hawaii’s bizarre “2018 end of the world” panic, prompted at the time by an emergency management signal that warned (falsely, it turned out) of inbound ballistic missiles from North Korea. In Houston it went largely unnoticed for several reasons, primary of which is that it didn’t happen here. However, in preparing discussion topics for an upcoming talk, I dug into the details to refresh my memory. My research (searching “hacked credentials: password in photo led to Hawaii emergency alert, north korean missile inbound”) centered around a key point: a password critical to the process had been compromised.

My time in government service, predominantly in the Army but in a wide variety of joint-service and civilian-heavy organizations, spanned a 30-year career that began in 1984. Over that period I saw more than a few changes in IT and our use of computers, electronics, gadgets, and other tech toys. I also worked in restricted access areas requiring secret and top-secret clearances, most obviously denoted by wearing a “Blue Badge.” This backdrop prompts me to note several disturbing aspects of the Hawaii incident:

1) A password was written on a post-it note and stuck to the monitor of the alleged source of the incident.

2) The post-it note with password was photographed in July 2017 and published on social media.

3) The photo was published by a proud government civilian, who wanted to share his great work environment with friends and family.

Sadly, the 3d item should never have happened. TOTALLY INAPPROPRIATE, and obviously the #2 and #1 items ALSO would not have happened had #3 never occurred. So it begs some questions: Why was the photo taken? How did a restricted space with a “blue badge” employee even allow the photo to be taken? If the photo was sanctioned, why was the area not “sanitized,” i.e., why did he show his access badge and post-it note, along with a host of other items and physical cues to what goes on in the command center? It is THE STATE of HAWAII’s EMERGENCY MANAGEMENT Command and Control Center! Can you imagine walking into the Pentagon, the White House Situation room, or Jack Bauer’s CTU crisis center and just taking a happy-snap for your Instagram post? I cannot.

Circling back to both Shawn’s and Chris’ posts, here is my point: just like not leaving keys in the ignition to your car with the windows down and doors unlocked, it REALLY is NOT SMART to write your password and store it in an obvious place near your computer. At Envision, we have fantastic tools to help individuals, small businesses, non-profit organizations, government entities, and even large corporations manage their information. You can trust me - in my life I have served at various levels of each of these types of organizations.

Pointing out Richard’s #3 Blog post of February, we have developed great loyalty and trust with our existing clients. Our amazing clients have helped build Envision Design into Houston’s oldest member of the Apple Consultants Network. We specialize in securing and monitoring their computer systems 24x7. And we are doing it in diverse situations, including the very restrictive, high-penalty world of HIPAA compliance and regulation. I’d like to highlight a key point of Richard’s “How to become an "En-Visionary"...” rewards program: because our clients TRUST us with the life-blood of their businesses, and because we have to earn their LOYALTY and retain it monthly, we understand that every customer matters. Chris pointed it out with his question of “So why should small businesses partner with a MSP?” EVERY business should have protection in place. We all owe it to our own patients, clients, customers, and business/practice/firm team members. The price of failure could be…well, failure.

In looking ahead to March, the elite teams will emerge in the NCAA basketball tournament. Another sports reference from Tom: March Madness is on the way! Love it or hate it — or even for those just indifferent to it — March Madness frenzy is measurable, and HUGE. Reflecting on our Blog posts, we’d love to see a frenzy of referrals in March, fueled by true passion to help each other secure, safeguard, and monitor sensitive information. As much as it’s about “NCAA tournament brackets,” I’d love to see March Madness become a business referral principle, as well. Send me your thoughts!

New Years Resolutions - 1 month down, how are we doing?

January draws to a close this week, and we are super-excited about 2019, right? At least that’s what we said a month ago; so now it’s time for a progress report. Vector check. Monthly review. Self-assessment. Call it what you want, but reviewing status is a no-brainer, especially when it comes to business goals.

Over the past month I have had many conversations with clients and interested parties regarding Envision Design’s security, data protection, backup, and recovery processes. Surprisingly, some business owners still seem to treat these aspects of protecting their businesses with a casual, “Hey, it’s good enough. I’m pretty sure there’s nothing that can go wrong, and I am fairly certain I can recover what’s needed so I can stay up and running.”

Well, maybe that’s a bit overstated - they haven’t really been THAT casual. But some responses have indicated a bigger lack of awareness. Some even seem to be the proverbial ostrich with its head in the sand. So what happened? Think of the New Years Resolution of “I am going to be serious in 2019, look into vulnerabilities and weaknesses my business has, and mitigate or even eliminate the chance of going bankrupt this year.”

Tom Sands, here - your friendly Client Relations Manager at Envision Design. Maybe it’s just the career Army guy in me, but protection is ALWAYS critical. From an outpost of 1 Soldier doing daytime duty at the front gate of “Camp Swampy,” USA, to a Corps of over 60,000 people deployed for months (or years) of combat operations - and all points in between - it always starts with security. We protect ourselves first, make sure we can communicate second, and then take care of myriad priorities of work from there.

I have found the business world to be no different. If money or information is exchanging hands, external forces seem to be ready to pounce. They want to catch a free ride; and they are looking for an easy chance to intercept some, all, or even MORE than just the transactional amount. Treasure troves have been released by simple, small vulnerabilities. Look at the Target breach of millions of customers’ data - it occurred largely because the Heating Ventilation Air Conditioning (HVAC) log-in was simple, AND it was on the same network as the financial data. I’ll bet the Target leadership did NOT have the New Years Resolution to ensure they had heightened security in 2013. That said, after the November incident, we can all be assured that their 2014 resolution included a healthy dose of security upgrades.

Heading into February, our Envision Design newsletter will hit the streets in a week. Along with it is the monthly free report, “The 7 Most Critical IT Security Protections Every Business Must Have In Place NOW To Protect Themselves From Cybercrime, Data Breaches And Hacker Attacks.” Truth be told, none of our clients are the size of Target; but we treat each one with the same level (or an even HIGHER level) of respect in terms of securing, monitoring, protecting, backing up, taking actions against threats, and preparing to recover their data. At the beginning of the 2d month of 2019 would be a perfect time to review the 7 Protections checklist. Reflect. Assess. Take action.

Our clients went into business to help people, to follow their passions, and to make money in the process. We aim to have them ALL on board when we roll into 2020, so we work hard during the day to stay ahead of threats - learning, studying, training, monitoring, watching for anomalies or intrusion - and we sleep well at night, assured that the systems are in place to make all of that happen 24-7. It’s like being in the Army, again - we are on duty all the time.

Contact us any time - email or or call 832-442-8588.

Ever Vigilant -  as a modification of the National Security Agency’s motto,  Envision Design is “Defending Our  Clients , Securing The Future.”   See where your business stands.  Fill out a basic 20-question checklist;   take our survey, and let us help you    bring your vision for your business    into focus.   Click the image above to visit our internal page. We will contact you to review your results.

Ever Vigilant - as a modification of the National Security Agency’s motto, Envision Design is “Defending Our Clients, Securing The Future.”

See where your business stands. Fill out a basic 20-question checklist; take our survey, and let us help you bring your vision for your business into focus.

Click the image above to visit our internal page. We will contact you to review your results.

bullet proof backups

I'm sure this has been posted before, but it's easy to ignore backups and the consequences are not worth the risks of not constantly having a good backup solution. Here are the steps I go through to create a good backup of my computer system. (It helps me sleep better at night:)

1. Setup a backup program that keeps an on-going timed backup of all of you files. For Macs Time Machine is a good option. However, there are plenty of good applications that do similar backups. I use Time Machine for my personal backup at my house. The files get written to a Network Attached Storage (NAS) that is constantly on. The nice thing about this setup is that my backups start every time I connect my computer to my home network. I don't have to think about plugging in a drive. I also get a notification if something starts to go wrong.

2. Create an offsite backup that is at another location than your normal backup. This for disaster recovery in case of fire, flood, theft etc... You may be able to use a second drive at work and create a second Time Machine backup. I use a program called Crashplan that backs up to their cloud service. There are other cloud backup services as well. I like Crashplan as it keeps a backup from the beginning of the backup, so if your backup is 4 years old you could go back 4 years and retrieve lost files. I have gone back nearly a year to get a file from backups. It can be a life/time saver.

3. Create a local bootable clone of the entire system. This is so you can quickly recreate your system in case something like a hard drive fails. I use a program called Carbon Copy Cloner to clone my system, but there are other cloning programs as well. I've set up a rule that clones my computer every time I connect a specific drive to my computer. The point of failure is that I have to remember to connect the drive.

4. Lastly review your backups. Log into each program occasionally and verify that it is actually backing up and is not generating any error. If any of the backups are having problems, fix the problems right away. I also go the extra step of occasionally grabbing a few files from my backup as a way to test the system. If you can boot to your clone and pull files from your backup, then you should be safe.

They're coming for you files and passwords...

This week researchers have found two new pieces of malware that are targeting your Mac. One called OSX/Keydnap is looking to steal your passwords and the second called Backdoor.MAC.Eleanor wants to help hackers take over your entire system. Both of these malwares are stymied by your Mac's built in Gatekeeper function, so make sure that it's enabled. You can read more about this here and here.




A good Discussion of Encryption and Security on your digital devices.

For those of you that are still on the fence about the debate on encryption. The video blogger CGP Grey has release a couple of videos about the good and bad points of encryption in general and the benefits and drawbacks of encrypted communications. I'm not sure if any of his arguments will convence anyone to completely changed their stance on the issue, but he has several good points as to why encryption is on our devices and why it will probably stay there for the foreseeable future. Enjoy the videos...