BYOD – Bring Your Own Device, or Bought Your Own Disaster?

It seems that the talk of business is BYOD – employees don’t want to carry two phones – employers don’t want to buy phones for employees … what to do, what to do …

Here is a thought !  Lets bring our own devices, iPhones, iPads, Blackberries, and Droids to work and get our corporate email on there !

Here is a thought !  Lets tell our employees we will give them $ 25.00/month to use their own personal devices for corporate email and we won’t have to buy them phones !

And how wonderful that is, the win-win proposition of business.  What could be bad with that ??

Well – it may not be a bad thing at all, as long as the employees and the employer are both pleased with the employment arrangement that they have entered into.  But suppose, one day, the rose-colored glasses break, and it is time to change the employment arrangement. Most of the time, either the employer or the employee knows when this is going to happen before the other one does.  They both know, however, that some of the data on the phone is personal and some of it is corporate.

We now have a electronic data child custody battle.  I’ll bet you weren’t ready for this when the whole BYOD idea came up.

From a corporate perspective, the data on that phone needs to be wiped – but you can’t do that without wiping the whole phone, and those cute little pictures of the puppies the phone owner took this morning will be lost.  That will not go over well.

From a personal perspective, that phone belongs to me, and so does everything on it.  Im not tech-savvy and I don’t know how to back it up, but Im not asking my ex-company for help..

So, Solomon, the baby is in front of you … what do you do ?

It would not be uncommon for both sides to have attorneys to represent their interests – so what will you do ?  Will you, the employee, hand over your phone to be wiped and lose all of your personal information ?  Do you want them to see the texts that say that your boss is an idiot ?  Or perhaps the not-so-flattering pictures you took of a co-worker (who wants to continue being employed) when you were out last weekend ?

Will you, the company owner, be comfortable with the employee you fired saying “don’t worry, Im not upset over this, I’d be happy to erase all of your critical data that I have on my device” ?

No, there is no good answer in this situation.  How did we get here ??  Oh, that is right, we wanted a little more convenience and to save a little more money.

My advice is simple : don’t do it.  If you need your employees to have mobile devices, then provide them.  If they don’t want to carry two devices, then they can leave their personal phones at home, or in their car.  It might cost you an extra $ 50.00 / month, but your attorney bills will consume 3 years of that in one day of legal work.  As an employee, I value my right to privacy too much to allow corporate interests to infringe upon my personal life.  Yes, they would give me money per month to defray my data costs, but my rights are not for sale.

At the very least, when you are tempted to enter into such an arrangement, consult your attorney for legal advice.

 

twitterlinkedinmailtwitterlinkedinmail

Do you suffer from “Too Quick to Click” Syndrome?

The perils of being “too quick to click”…

We have all gotten them – those familiar looking emails from banks, facebook, twitter, that all turn out to be less than genuine.  The tactics that they use are things designed to make you act quickly : someone has compromised your account, someone made a withdraw, YOU have cancelled your facebook account.  These outrageous claims are designed to make you want to correct the problem IMMEDIATELY.  That is exactly what these ne’er-do-wells are seeking to do, get you to CLICK HERE before you think.

I am an advocate of knowledge.  To quote a movie icon, “knowledge is good”.  Unfortunately, the evil people of this world watched another movie quoting that “greed is good”.  Knowledge will win in this arena.

When I showed an email to someone this morning, she made the comment “If these criminals ever get to the place where their English is good, then how will people know they are being scammed ?”

It is a good question.  There are still some good indicators that will tell you, and there are some FINE rules that you should employ.  They may seem like common sense, but to be honest, good sense is not common – it only seems that way if you are sensible in the arena being analyzed.  You would not want to rely on my common sense in a brain surgery scenario.

1)      NEVER respond to an email from your bank.  Call them.  Do NOT use the provided phone number in the email.  It is on the back of your credit card, AND information (411) has the branch number.

2)      ALWAYS look at the FROM and TO addresses.  It if is from elfdevil@wearecrooks.com, then it should be avoided.  The good ones will try security@facebook.com.euro.net ß this is NOT an address at facebook.  ALWAYS read the address from right to left.  The last two items are the domain it came from.  In this instance – EURO.NET – they can put anything that they want to add to the left of the domain.  So just because it has the word facebook in it, that means nothing.

3)      Look at the TO address.  Is it yours ??  If it isn’t, discard it.

4)      Check the grammar – many of these emails are poorly written.  You may not have gotten an A in English, but these are pretty hard to miss. “You account have be disabled” is not something you would expect from your vendor.  If they really write this way, move your money.

5)      IF there is a link in a suspicious email, don’t use it.  It takes only a minute to look up the correct address of the institution in question.

6)      And finally, if you WERE really related to a Royal Family in Africa, you would have heard about it by now … don’t fall victim to bank transfers and the promise of instant wealth.

 

So there you have it, a small dose of “common sense” … don’t feel bad if you didn’t know it before, instead be happy that you do now !!

twitterlinkedinmailtwitterlinkedinmail

Windows 8 – WHERE THE H#LL IS MY START BUTTON ??

Funny the thing people notice most.  In Windows XP we got the START button.  How great, we knew where to start.  In Windows 7 it was replaced by the Windows Button – it didn’t say START anymore, but we all knew what it really was.

Now we have no button … or do we ?

I really didn’t want to take the work of anybody else, I mean, with the election and all, I’ve had my fill of what other people were telling me was true.  They had an agenda.  I do not.

Let’s be real clear about this.  I do not care what tool you use to compute.  I use a lot of different tools, because I find that I must be facile in a variety of environments.  That being said, please resist telling me “just use a mac” … I already do.

Since I have a natural distrust of new things from ANY manufacturer, I wanted to try it myself.  I took an extra hard drive (because I have that sort of thing lying about), and plugged it into my laptop.  I loaded Windows 8 and here is what I found :

10:30am : begin load
10:33am : verify time, date, and keycode
10:37am : begin installation
10:48am : booting into O/S
10:49am : reboot
10:53am : 4 attempts at the CAPTCHA query before succeeding
10:54am : preparing PC (Pretty screen colors)
10:55am : installing APPS
10:56am : LET’S START
10:59am : setup mail account from my exchange server
11:00am : testing

SO, in 30 minutes, I was able to format a drive, install Windows, and start using it. Kudos to Microsoft for making that part faster.  But getting to someplace new quickly isn’t always what it is cracked up to be.

I can’t help but mention this, though.  I understand CAPTCHA challenge boxes (you know, type these two words that look like grafitti painted by a dog hyped up on coffee), but why do we need them while installing an operating system ??  Are we really that concerned that a computer is going to automate this process and leave us mortals out of the mix ?? (which might be cool, by the way).  Note to Microsoft … STOP IT<>

Lets talk about the interface.  Do you like Windows Phone ?  You will love Windows 8.  Do you like the idea of an APP store and iCloud ?  You will love the Microsoft APP store and SkyDrive.

Do you like change ?  That would be helpful.

Windows 8 has icon tiles instead of menu items.  Some of them, like the weather are live icon tiles and will show you current conditions.  This is not unlike the same feature on your iPhone.  Conicidence ?  nahhh.

You may not like some of the icon tiles – no problem, right click it and a toolbar will appear at the bottom of the screen where you can unpin it (or uninstall it).

If you move your mouse to the RIGHT side of the screen you will get another menu  that will appear that will let you modify your screen settings and some of the computer.  It seems like there is something new in each of the sides of the screen.  The more compelling issue, however is if you RIGHT click where the START button USED to be.  THEN you will get a menu of things that you will find helpful. If nothing else in this article will help you, THIS WILL.

Ok, that was fun.  Time to shut down. Counter-intuitive as it used to be, we are used to clicking the START button when it is time to stop.  Microsoft has fixed that problem by removing it.  However it might be nice to end this session.  Don’t hit the power button yet .. there is a right way to do this.

1. Mouse over to the lower right corner of the screen. (You can also move your mouse cursor to the upper left corner; same result. Or, you can press Windows-C on your keyboard.)   2. In the slide-out menu (known as the Charms Bar – ostensibly because it looks like charms from a charm bracelet) that appears, click Settings.   3. Click the Power button, and then click your desired action: Sleep, Shut down, or Update and restart.

On our next time together, we will install some apps …

Micro Systems Management’s opinion on Windows 8:

*  It appears to be faster than Windows 7 and also requires less resources to run.

*  Windows 8 boots faster than Windows 7 and hosts a variety of new tools.

*  This is brand new, version of Windows that was designed for people using Microsoft phones & tablets (touch screen enabled), and does not look or function at all like previous Windows versions.

In summary, we suggest that you wait a couple of months before purchasing.  But if you can’t wait and want to sit down with one of our staff and get a personalized tour, call and we will setup an appointment!

twitterlinkedinmailtwitterlinkedinmail

The good, the bad, and the ugly…of the computer industry.

Modern movies and fiction have made it easy for any ten-year-old to spot a “bad guy” a mile away. Spaghetti Western? Black cowboy hat and Snidely Whiplash-style mustache. Action or suspense movie? Cerebral, rich, and suave, with sophisticated tastes in music and art, à la Hannibal Lecter or Dr. Moriarty. But…“villain IT guy”? What supervillainy clothes does he wear to set him apart from the “good guys”?

Khakis, most likely. Maybe a clip-on tie.

There are plenty of “bad guy” IT guys out there, and pretty much everyone has a story about one. They range from the clueless to the careless to the unethical, and most non-IT professionals have no way of telling one from another.

What this has to do with outsourcing your IT work
Quick, off the top of your head: how many different software or computer certifications can you name? (Did you even know they exist?) If so, how many of them have you ever heard of before? If you were trying to advertise for a new IT guy, which certifications would you require him to have?

In the computer industry, every applicant will have some degree of experience (thanks to the ubiquity of computer technology in popular culture). Since there is no overarching regulation in the computer industry, there is no “industry standard” when it comes to competence or knowledgeability. The only current method for gauging computer ability is certifications, but they can be out-of-date, irrelevant to the requirements of the position, or not perceived as legitimate by the community at large. And unfortunately, there are plenty of people with certifications who don’t possess the assumed skills. How do you know how good your IT guy is? Will you know if he installs pirated software on your company’s machines, for instance? (One of our clients just found out that their tech guy had been doing that for years.)

On the other hand, third-party companies whose work is solely IT can’t stay in business if their employees aren’t qualified and skilled. In our situation, our business depends completely on the abilities of our technicians to fix problems and to stay up-to-date with ever-evolving softwares and hardwares. If our technicians don’t have the chops, our business tanks. We have all the motivation in the world to do your job skillfully, promptly, and to your satisfaction, because our business depends on that satisfaction.

Speaking of things that people don’t have time for, how would you like to spend dozens of hours you don’t have to learn a skill that you will need for exactly one week? Computer and network projects are often like that. Sometimes an IT department is simply overflowing with work and they don’t have time, and sometimes they just don’t want to put in the effort of mastering a task that their company will only need performed once in their entire career. Sometimes the job required is simply going to be very difficult and time-consuming – we’ve done jobs setting up intercontinental video and audio conferences, doing radio frequency analyses, surveillance, and even forensic employee investigation (something you’d really want an outside source to do).Giving projects like those to an outside company means less stress and wasted time for your tech staff, improved functionality and tech response time for you, and business for us. It’s a win-win-win.

The other most important reason why you should outsource your tech work is peace of mind when it comes to character. Do you know if your tech guy is an ex-con? One of our clients just found that out about theirs. Have you ever done a background check? Do you know how to? Are you nervous about giving your techie access to personal information? Do you trust them? If they just stopped showing up to work one week, would you worry about all the information they could have taken with them? The consultants at our company have not only been screened for tech competence, but also for good character. (And believe it, as a company whose work often focuses on security, we know a thing or two about background checking.) If we don’t trust them, we won’t hire them, and we certainly won’t send them out to a client. And ours have accountability – most of our techs have been here for years, and they’ll still be here after your job is done if you need to find them again. Our company’s been around for 25 years, and the good name and community of partners we’ve built up over that time is something we would never jeopardize.

We can replace your IT staff without needing to cost you salaries and overhead, but we can also partner with your existing IT staff when helping hands are needed. Check back soon to read our tips on how to screen potential IT employees. And, as always, feel free to contact us with questions or concerns .

twitterlinkedinmailtwitterlinkedinmail

Read this only if you want to have Internet access after next Monday.

(this article originally published 7/4/12)

Everyone loves George Clooney in an Armani suit, but that isn’t the only reason why people like watching the movie Ocean’s Eleven. Even when we know the “bad guys” are doing things they shouldn’t, we can all still admire a particularly elegant or sophisticated scheme, even when it involves stealing a few million dollars. Sometimes crime can be cool, right?

And sometimes it can be positively infuriating, and we don’t care for a second how “cool” it is because we’re too busy turning into The Hulk and throwing the nearest appliances at the wall in sheer rage. And it will be infuriating, next Monday, when millions of innocent internet-users are going to open their Internet Explorers, Chromes, and Firefoxes to find that their internet won’t take them anywhere anymore – not their email accounts, not their Facebooks, not even CatsthatlooklikeHitler.com. There’s a particularly insidious computer virus called TDSS that is currently residing on millions of computers worldwide, and, much of the time, it’s completely invisible. (It’s actually been around for awhile now, but the most recent strains of it have been particularly harmful.) Sometimes the only “symptom” of TDSS is your computer running a bit more slowly. (Other symptoms include not ending up at unintended websites, no security-check dialogue boxes when you run a new program for the first time, and increased pop-ups when you browse the internet.)

If your computer has TDSS, it’s running slowly because it has become a “slave machine”…and yes, that’s just about as technologically disturbing as it sounds. Until recently, TDSS’s “slave bots” were under the control of some programmers in Estonia, and those Estonians could control those computers to do pretty much anything they wanted. Of course, they could get people’s personal information out of the enslaved machines, but they could also use infected computers like puppets to perpetrate other crimes. It’s pretty much the plot of every zombie movie ever made, but with computers, and it’s real and happening now. It spreads just like most other viruses: the good news is that you’ll often stay out of trouble if you don’t go looking for it (by going to suspicious websites, opening sketchy emails and attachments, etc.), but the bad news is that sometimes the innocent fall victim anyway.

TDSS is also known by the monikers Alureon, TidServ, or TDL4, and it’s what’s called a rootkit. (Tech-speak ahead; skip down to the boldface for the most important stuff.) Like a blood-sucking leech, it’s difficult to remove once it’s made itself nice and cozy in your hard drive, but thankfully it can be eliminated. Whenever you want to visit a website, your computer uses something called a DNS server to tell it how to get where it’s going, like your car’s GPS. When TDSS infects a computer, it redirects your browser to use a different DNS server than the one it’s supposed to, and that bad DNS server can make your computer go wherever it wants. This means our Estonian friends could make the infected computers go to all sorts of harmful sites, among other things. It’s the equivalent of replacing a normal car GPS with one that will only take you to likely gunfight venues in Gangland while laughing at you maniacally like Jack from The Shining. And, because they’re sneaky bad guys, the first thing TDSS does is disable any of your antivirus/antispyware/antimalware softwares, so your computer won’t even notice it’s there. You can do all sorts of malware scans, but your computer will never find anything fishy, so those softwares won’t remove it, either.

Now, thankfully – and this is pretty rare in the world of computer viruses – the guys who created this virus and set up the rogue DNS servers were caught. Unfortunately, that doesn’t mean that the virus automatically disappeared in a puff of smoke and binary code, as it’s still on several million machines all over the globe, but it does mean law enforcement bodies are trying to clean it up as best they can. Unfortunately (but not all that surprisingly) this cleanup effort is what’s going to shut down the internet for a bunch of people on July 9th. You see, law enforcement had no feasible way of resetting all those millions of infected machines and redirecting each one back to its proper DNS server – the best they could do was to make the rogue DNS servers work the way they were supposed to, so that the browsers on all the infected machines would go back to taking users to the correct sites. This is why the majority of users with TDSS-infected machines have no idea they’ve been infected – their computer might be running a little slow, but their browser usually works fine, and nothing seems seriously amiss.

However, on Monday, July 9th, the previously-rogue DNS servers are getting shut down entirely. For anyone whose computer has been relaying information through those servers, their internet is going to stop working. When the authorities caught the originators of TDSS, they were able to get a court order allowing them to take the servers under their control and to temporarily get them back to directing computers to the correct sites again. That court order will expire on 7/9, without warning and without explanation.

So! The important stuff. Is my computer currently infected by TDSS and will it be affected by the 7/9 shutdown? The authorities have created a super-simple method for you to tell: go to this site in your browser on whichever computer you’d like to test.The webpage will either give you a bright green graphic that says you’re clean, or it will tell you that your computer’s been affected. If you get the “green is for go” page, you’re golden and may now return to your previously scheduled life. However, can something be done if you have the virus? Of course, why do you think we’re writing this article?

If your computer has TDSS, a company called Kaspersky Labs has created your new best digital friend, TDSSKiller.
1. Download it here (green link towards the bottom of your screen). Save it to your desktop or somewhere else that’s easily accessible.
2. VERY IMPORTANT STEP. Once you have the file saved, you need to rename it, preferably something nonsensical (abcdef.exe, etc.), but make sure the filename still ends in “.exe”. The virus won’t let you run anything with “tdss” in the name, just in case it’s an antivirus tool.
3. Right-click the renamed file and hit “Run.” The good folks at Kaspersky Labs will take it from there.

It’s never a bad idea to double-check with this sort of thing, so when TDSSKiller is done with its magic, you should go back to the dns-ok.us site and give it another go. Everything should have returned to the proper Aquinian order of things. (Or, you know, whatever order things were in before.)

twitterlinkedinmailtwitterlinkedinmail

The New Internet has come – are you ready for it?

(this article originally published on 6/27/12)

The internet has just evolved in a really important way that’s going to affect your business. People are even going so far as to call IPv6 “The New Internet” because it’s completely revolutionizing the way the world transmits and receives information online – and yet, most of your everyday users will never hear about it or notice that anything’s different. And if you’re a tween who only uses the internet to play World of Warcraft, or a sorority girl who thinks of her Macbook as a “Facebook machine” – that’s probably fine. However, if your business or professional life relies on the internet, you’re going to want to pay attention.

IPv6 stands for “Internet Protocol Version 6.” Most of the online world is running on Internet Protocol Version 4, which, believe it or not, has been running since the late 1970’s, unlike your beloved El Camino. (Don’t ask what happened to Version 5; the answer’s really boring.) As you might guess by the use of the word “protocol,” IPs are basically the rules that dictate how anything with an internet connection gets and sends out information. Of course, they used to just apply to computers, but now we have smartphones, Androids, tablets, gaming consoles, netbooks, e-readers – heck, I bet you could find cookware with an internet connection, if you looked hard enough. I love to use metaphors, so, if we think of the internet as a series of roads and highways, it now has more “cars” – internet-using appliances – on it than ever before. Internet usage has absolutely exploded in the past decade or so, to the point where, apparently, even the entire royal family of Nigeria has gotten email accounts. With increased “cars” (and therefore increased “traffic”) has come a number of problems that didn’t exist when the internet was just boring old DARPAnet back in the day.

The biggest problem with IPv4, in essence, is that there simply aren’t enough “license plates” to go around. Anything that communicates on the internet has to have what’s called an IP address, which, like the license plate on your Camry, is a series of numbers that allows the vehicle to be identified. An IP address is a way of identifying who’s doing what on the internet, which is a vital element for technological security these days. But, whatever it is you’re doing on the internet, your device has to have one or it won’t work. So they’re pretty important, and, unfortunately, they’re running out. In fact, if you go to IPv6Forum.com, you’ll see something on the left-hand side labeled “IPv4 Exhaustion Counter,” which is simply a doomsday-like countdown until all the IP addresses in a given geographic region are going to be used up, and there will not be room for even one more smartphone to get on the internet. Anyone who buys a smartphone after that line has been crossed will be destined to accidentally eat at poorly-Yelp-reviewed restaurants for the rest of their days, and there’s nothing they can do about it. Unless they want to move to Antarctica. (Good luck finding any restaurants there.)

But not so fast, says IPv6, cape billowing in the breeze, for I have enough IP addresses for all! (3.4×1038 of them, in fact, which means that every single person of the world’s 2011 population [7 billion] – individually – could have 4.8×1028 of them. Holy exponential numbers, Batman!) Preventing IPv4 address exhaustion is the main reason why IPv6 had to be invented, but it does a lot more than just provide more “licenses” for the growing number of “cars.” It’s created a whole new set of data transmission capabilities that never existed before, and it’s made some of IPv4’s preexisting capabilities much faster and more efficient. If you’re interested in the technical jargon, you can show off to your friends and say it allows for things like new routing capabilities (including route aggregation), makes renumbering an existing network for a new connectivity provider MUCH easier, and it has improved multicasting abilities with new bells and whistles. (And even if you don’t know what those things are, they do sound impressive, don’t they?)

What you probably don’t know is: IPv6 is already here. June 6, 2012, was the World Launch Day, which means that there are a chunk of the world’s internet devices out there that have already been transitioned from v4 to v6. The world’s largest internet service providers, hardware manufacturers, and web content providers have already begun transitioning the world’s main data centers and routes of data transmission to v6.>

Here’s the part where you come in, so pay attention! The world, at a point in the not-too-distant future, is going to be using IPv6 on the vast majority (if not the entirety) of their internet devices. But you will need to manually convert your servers, DNS servers, routers, and etc. to IPv6 if you want to be able to communicate with the rest of the world. You may have heard it said that routers and computer devices “talk” to one another, in a manner of speaking, and you’re going to need your devices to be able to “speak” and “understand” both IPv4 and IPv6 systems (what we would call backwards compatibility). For instance, if your router hasn’t been converted from IPv4 to IPv6 compatibility, it isn’t going to be able to communicate with any device bearing an IPv6 address (which will be most of them, pretty soon, because, as we mentioned earlier, there aren’t many more IPv4 addresses to be had).

Now, manually converting your devices sounds like work, and it is (sorry), but it’s not really optional if you’re making any attempt at network security. The transition has already begun, and if your devices aren’t actively transitioned with it, they’re going to be security risks for your networks, devices, and data. Routers and infrastructures that have been designed around IPv4 technology have new vulnerabilities, because they’re now less advanced than the systems they’ll be runni8ng. Because the very format of IP addresses has changed with IPv6, this also means that legal tools for tracking IP addresses (and safeguards within your routers and servers) will need to be redesigned as well.

Remember, those who would use their electronic powers for evil almost always know what they’re doing better than your in-house IT guys do (no offense to them). And your IT guys need to be prepared for this new change to keep your data and business protected and running as the technology evolves and adjusts with each new implementation. If they need any help getting used to the new system, contact us here for information on training or device conversion.

twitterlinkedinmailtwitterlinkedinmail

Predictive coding: the future of electronic discovery?

(this article originally published 6/20/12)

If you keep up with news of the legal technology world, you’ve already heard about something called predictive coding, and about why it’s a game-changer in the field of eDiscovery (electronic discovery). And with recent legal cases both showing federal support of the technology and attempting to regulate its use, the judicial system seems to assume it’s here to stay.

And why shouldn’t it?

Why We Love It
Let’s say ne’er-do-well John E. Guilt got caught embezzling company funds and is being brought to court for it. He doesn’t much like the idea of jail time and is claiming innocence, the greedy rascal. Prosecutors are now faced with the task of sifting through all his personal and company emails from the last five years to look for evidence, which wouldn’t be so bad if there weren’t 3 million of those to go through before the case against him can be fully prepared (a relatively normal figure). And, with recent legal events like the rulings of Judges Peck and Carter in da Silva Moore v. Publicis Groupe (which supported a preference for the use of current predictive coding software over manual review techniques) and the US v. Metter et al ruling (which limits the amount of time prosecution can take to analyze and present electronic evidence), the prosecutors handling Mr. Guilt’s case are most likely going to turn to predictive coding to help them churn out their evidence on time.

Mr. Guilt’s prosecutors use a well-known predictive-coding software like Recommind’s Axcelerate, plug in Mr. Guilt’s emails, babysit it for the first few trial runs, then sit back and wait for their results to pop out. It gets through them in a few days (rather than the months a team of poorly-equipped manual reviewers might have taken), organizes those results for efficient access, cross-lists pieces of related information, avoids the false positives and negatives that generally come from manual review, automatically prioritizes documents by importance, and does it all 60-90% faster and cheaper than the team of unmotivated, underpaid interns who would have done the job using clumsy keyword-based searches in years past. The cherry on top? Axcelerate does it all with higher consistency and quality than any manual review team armed with a notepad and Google-type search engine ever could. What’s not to love?

Why We’re Not Pinning Our Hopes and Dreams On It
Your much-abused interns (and, especially, the third-party computer-forensic investigator that you’ve hired to help nail Johnny Guilt) have more going for them than you may realize. While companies like Recommind are quick to point out that manual review misses 25-50% of documents, they don’t claim it’s perfect, either – in fact, as Recommind’s Craig Carpenter puts it, “perfection is not the goal” compared to improvement over manual review. And the aforementioned court rulings aren’t wholehearted endorsements of it, either. Judge Carter from the da Silva appeal wrote, “There simply is no review tool that guarantees perfection…. [t]here are risks inherent in any method of reviewing electronic documents.” We tend to agree, and for a couple of important reasons.

First of all, predictive coding is absolutely perfect…for the honest criminal who knows he should go to jail, feels really really bad about what he did, and wants to make it up to society by gift-wrapping all the incriminating evidence for them. (We’d really like to meet one of those, but we’re also still holding out for proof of unicorns and leprechauns.) More than likely, your tech-savvy criminal is going to want to hide or destroy (spoliate) electronic evidence if he knows he’s been caught, so there’s a good chance he’s going to try to get rid of it or, barring that, to encrypt it. Encrypting electronic evidence is unexpectedly successful when it comes to predictive coding, because the software often can’t read encrypted files and won’t list it in search results. The software might have noticed something unreadable was there, but it’s probably not going to tell you about it. And sometimes, your really tech-savvy criminal will be able to remove evidence and leave only an indicator that something was deleted. Unfortunately, your predictive coding software isn’t going to find that, either.

In addition to encryption and deletion, there’s also the option to simply hide the stuff you don’t want the lawyers to find, and predictive coding software won’t always see it. For instance, there’s something called alternate data streams which allows you to hide a document within the structure of another document. Your software might find the outer “shell” document, which is a flier for the homeless shelter where you’ve been volunteering twice a week, but it won’t see the embedded document, creatively titled “My Scheme to Take Over the World.” For the especially devious, there’s also the option of hiding documents in completely unrelated file formats (steganography) – like hiding a document in an image file. Once again, predictive coding will find the picture, but not what’s hidden within it.

And, last but not least, there’s the issue that some criminals are intimately familiar with predictive coding software, and they know how to defend themselves against it (anti-forensic technology). It’s the reason why you may not want to put one of those “Protected by ADT” signs in your front yard if you have an ADT home security system – if you’re targeted by a criminal who used to work for ADT and knows how to get around it, there’s a good chance he’ll rob you blind, expensive security system or no. If predictive coding technology is ruled legally sufficient for all methods of electronic discovery, criminals will be able to accurately predict the methods which will likely incriminate them, and they can learn how to avoid them. It’s much more difficult for a criminal to know the methods of examination and analysis that, say, a forensic investigator would use, because he’ll use a wider range of tools (some of which use predictive coding, and some of which don’t).

Are we trying to start a blood-feud with all advocates of predictive coding technology? Not at all. We think predictive-coding softwares are great tools, but people are often quick to assume that they can replace the whole toolbox. So what method has the efficiency of predictive coding without losing the intelligence and problem-solving abilities of a human examiner? As you’ve probably guessed, we say that nothing can beat a forensic computer investigator. The right investigator has experience, certifications, the “imagination” to think of outside-the-box solutions, a thorough knowledge of the capabilities of hardware and software, expertise in a wide range of popular and lesser-known investigation tools, and the ability to put himself in the shoes of another computer expert. Best of all, you never have to pay to download his newest update. You can find the one we recommend here.

twitterlinkedinmailtwitterlinkedinmail

This article may be about backups, but you know you want to read it anyway.

(this article originally published 7/6/12)

Do you know how difficult it is to make an article about backing up computer data sexy? Try it sometime. We’re about to, so hang on to your hats….

Okay, so everyone hates it. No arguments there. (We’re some of the only people you’ll ever meet who will confess they like it.) It’s like going to the dentist – everyone knows you’re supposed to, everyone hates the hassle of it, and we’ve all managed to convince ourselves that the chances of disaster are relatively slim (who doesn’t know that one guy who’s never done it and his life is still perfect?). However, we all know that it’s one of those things that will only bring your world crashing down at the worst possible moment, leaving you with that nagging self-loathing that only comes from the knowledge that your catastrophe was completely preventable. We’ve been there and we get it, don’t worry.

A good portion of our business happens to come from cleaning up after those catastrophes, when innocent professionals wake up one morning to find that their office has flooded, or that their systems were hacked (more frequent than you might think) and their data security compromised, or sometimes that the hardware has just failed. Unlike cavities, which can usually be prevented by avoiding certain foods and flossing whenever you remember to, there’s no way to prevent hardware from giving out or wearing out. Entropy really isn’t very nice sometimes.

If you’ve been reading any of our past articles, you know that we tend to harp on the importance of your data’s security. It’s kind of the thing that allows your business to run, and you have to be able to rely on it for the well-being of you and your company. We know you don’t want to hear it, but it really is worth a little effort to protect it.

So! How can we make “digital dentist trips” more bearable?

1. Schedule backups so that they happen automatically. You won’t even have to think about them, and you get all the nice warm fuzzy feelings of knowing your data will still be there in the morning. Schedule them for the middle of the night, and you won’t even have to be left without computer access during the day.

2. Use a cloud-based service as your secondary backup. (Yes, you really do need at least two different modes of backup).

3. If you have a vast amount of data to protect, or you’re just especially paranoid (we totally understand), use multiple secondary backups and rotate them in and out of use in case of failure.

4. Also, for those who need to back up more data, invest in an appliance like a Barracuda Backup Service device or Message Archiver. The second one is especially important if the entirety of your company’s business is handled through email.

5. Finally, get one of our Backup Checkups. We evaluate your current backup hardware and protocols, validate your media, check your devices for defects, and perform a test restoration. What good is having a backup plan if you find out that it doesn’t work when it really counts? They’re quality for the price, and best of all, signing up for one before Wednesday, July 18 enters you into a drawing for a FREE Touro Desk Pro 1TB USB 3.0 External Hard Drive! There’s no downside to having one of those, but it has a lot of upsides, including 3 free GB of cloud storage in addition to the terabyte (that’s 1,000 GB) of hardware storage you’re getting. All you have to do is email pattyz@msmctech.com (put “Backup Checkup” in the subject line) and sign up for a Backup Checkup for you or for your company (which you really should be getting anyway). Doesn’t get much easier than that, folks.

Most external drives and backup devices come with software which allows you to schedule backups, but if not, you can still schedule them yourself. (With Windows, you can do this at Control Panel → Backup and Restore; with a Mac, all you need is Time Capsule.) For a casual user, backing up data once a week is probably sufficient, but backups will need to be more frequent (and with multiple devices) when professional data is concerned.

Cloud-based applications: most people are acquainted with “cloud computing” at this point – using a trusted Internet-based service to host your data on an offsite, third-party-owned server which makes the data accessible to the user from any location. You can go anywhere and use any computer to access your data. As a technology company that deals largely in Internet security, we’re wary of any solutions which encourage you to trust all your data to the cloud, but it’s suitable for a secondary backup device in most situations. Upside: no hardware to lug around, no cables to forget, no setting reminders on your phone to make sure you back up your data frequently enough. Downside: once again, as security technicians, we’re always aware of the risks you take when making information accessible on a global network. But if you are at all skittish, ask us and we’ll help you determine what’s best for your company.

The rest of the above points are fairly self-explanatory. The more backup devices you have in a rotation, the lesser chance you have of losing anything important. The questions are simply, how sensitive is the information? How much does your business rely on it? Does the nature of the information make it more likely to be targeted? Also, when it comes to devices like the Barracuda storage appliances – the larger your network, the bigger and badder your backup devices need to be. It’s also worth asking yourself how much of your information needs to be backed up – some storage solutions can be programmed to only back up programs or data that have been used or modified since the last backup, saving you time and storage space.

External hard drives and USB drives are portable, usually reliable, and, depending on what type, can store a lot of information. Tape storage devices (like DAT, DLT, and – dare I say – 9-track) are unreliable, expensive, slow, and small in terms of storage space. The media which actually stores the information is fragile and easily rendered useless. We do not recommend them. For cloud-based solutions, we can recommend Intronis and our own ProSysCtrl managed platform service – which, as a bonus, will monitor the health of your hardware, software, and devices, while alerting you to any possible appliance failures before they happen, giving you time to safeguard your data. (You know, an ounce of prevention and all that jazz.)

If you’re still left with questions about how much of your information needs backing up, how frequently, and with what devices, we’re always happy to help. Give us a call at 440.892.9997 or email info@msmctech.com and let us help you protect your business.

Oh, and did we mention there’s a shiny and super-fast new FREE Touro 1TB External Hard Drive involved?

As always, feel free to contact us with questions or for further information.

Copyright ©2012, Micro Systems Management. All rights reserved.

twitterlinkedinmailtwitterlinkedinmail