Protecting your online identity

Small businesses have so much to potentially lose in the event of a data breach. Whereas a larger corporation may have insurance and/or forgiving customers, smaller companies are far more vulnerable to the possibility of losing their business, their customers, and their credibility.

While one can never state that they are 100% confident they will never be breached, taking a layered approach will at least provide multiple deterrents.

Start with your pc:

1)      Changing the local administrator userid. To do this,

a.       Log onto the pc as the administrator

b.      Go to the Start Button and select Control Panel

                                                               i.      Go to User Accounts

                                                             ii.      Rename the Administrator Account.

2)      Disable the Guest account

a.       Log onto the pc as the new administrator account you’ve renamed

b.      Go to the Start Button and select Control Panel

                                                               i.      Go to User Accounts

                                                             ii.      Select the Guest Account

                                                            iii.      Select Turn Off

3)      Don’t use the administrator userid for everyday work purposes

a.       Create a standard user userid

b.      Log onto the pc as the administrator

c.       Go to the Start Button and select Control Panel

                                                               i.      Go to User Accounts

                                                             ii.      Select Create New Account

                                                            iii.      Type in the name of the account

                                                           iv.      Select Standard User

4)      Turn on Windows Update (this can occasionally create problems – confirm with vendors if you have customized software written that depends on certain settings that Windows Update could turn off or install. (An example is the version of Internet Explorer you are running).

a.       Log onto the pc as the administrator

b.      Go the Start Button and select Control Panel

                                                               i.      Select System and Security

                                                             ii.      Select Windows Update

                                                            iii.      Turn Automatic Updates on

5)      Use complex passwords and change your passwords every 60-90 days

a.       Complex passwords consist of a mixture of characters

                                                               i.      Use Lower and Upper alpha characters

                                                             ii.      Use at least one number

                                                            iii.      Use special characters

b.      The password should be at least eight characters but preferably more than ten

c.       Use a passphrase. Something like Iliveinflorida

d.      Perform a character replacement

                                                               i.      Instead of I, use the number 1

                                                             ii.      Always put an exclamation point at the beginning or endings of your phrase

                                                            iii.      Instead of O, use the number zero

                                                           iv.      Instead of an A, use the @ symbol

                                                             v.      Instead of an E, use the number 3

e.      Use different passwords for applications or web portals

6)      Maintain up to date Antivirus and Malware Software

a.       Purchase one that has a pc tune-up component and you’ll insure your pc’s will be more stable as well

b.      Monitor that virus updates are occurring and scans, both full and quick are taking place                        

7)      Be aware of who is accessing confidential, sensitive and/or customer data

a.       “Trust but confirm”

b.      Don’t “overshare” online – once something is out on the internet, it’ll never be private again

These are basics but they are the first step to creating a layered approach to securing your pc and therefore, your online identity.

The next blog will deal with internet browser settings.

Lessons to learn from Jurassic Park

Jurassic Park; what a brilliant concept. A new product that would be a draw to a high percentage of people, regardless of race, creed, or gender, and no competition, what a dream for any business owner. Unfortunately, it failed. Why? A lack of structure, design and processes brought about the complete downfall of the greatest re-creation ever thought of.

One of my favorite lines is said by Jeff Goldbloom’s character, Ian Malcolm, “but John, if the Pirates of the Caribbean breaks, the pirates don’t eat the guests” – I appreciate that fact as a Disney World attendee.

Vision and Scope

·         A zealot running an organization without some counter-controls is a poorly structured company or department. Even brilliant entrepreneurs need a respected counterpart or cohort who will consider the risk of scope and direction.

·         Just because you “can”, doesn’t always mean you should (That’s an Ian Malcolm quote)

·         If you can do it, someone else can figure out how too as well. How do you deal with competition? Intellectual espionage is not just a movie creation.

·         What John Hammond created was a new ecosystem where extinct animals and plants interacted with native animals and plants. He “thought” he created a theme park. The two have nothing in common and in fact, have very different needs and goals.  “All theme parks have issues.” His words, not mine. (or rather Michael Creighton’s). Be sure that you have adequately defined your intentions. Be true to those.

Design

·         I would be thrilled to see brontosauruses and triceratops walking around. I wouldn’t have to see a T-Rex to be satisfied. Why couldn’t herbivores have been Phase 1 and carnivores been Phase 2 after a series of Lessons Learned meetings? Of course, that too could bring its own set of issues.

·         Who defined the DMZ? Poisonous dinosaurs that walked around on the way to the Pier? Sounds like a bad plan to me. (business comparison – data should only be placed in control areas with fences)

Process

·         Poor project management. Experts in the subject matter were only approached after a catastrophic issue had occurred.

·         Poor hiring procedures – Dennis Nedry, the genius from Cambridge, was a poor hire. A good background check would probably have showed that he had credit issues that could negatively impact a top-secret and highly profitable business.

·         No Separation of Duty – Nedry was a programmer who 1) wrote code, 2) introduced it into production (without testing) and 3) also had access to the secure area where the frozen dinosaur embryos were stored. In his role, he did not have a responsibility for the embryos. That should have been restricted to a business need only role. At a minimum, someone should be reviewing who does what, where and when.

·         Introducing code into production environment without peer review – This allowed Nedry to turn off the security systems so he his covert actions could escape notice.

·         Fail-safes had variables that Subject Matter Experts saw the holes in, versus  internal architects.

·         Lack of disaster recovery plans and testing, (how do you get to the point of bringing in a focus group to sign off on the environment without having undergone a full disaster recovery test?)

o   Fail-safes had variables that Subject Matter Experts saw the holes in, versus  internal architects, (withholding lysine, female vs male frog dna)

o   Key systems had dependencies that endangered the overall stability of the environment,

o   Raptors – testing the defenses – pay attention to predators inside and out, (who knew they could open doors, who knew they were testing fences to identify weaknesses?)

o   Underestimating the potential for chaos,

o   Who thought it was a good idea to put the master power controls physically past the raptor environment?

·         Underestimating what you don’t know – bring in Subject Matter Experts, if for no other reason than to put a stamp on your architecture and plan,

·         Poor hardware/memory configuration of systems – if compute cycles are so intensive that they are able to bring down security systems, the environment is not sufficiently robust to be in production. Of course, its possible that Nedry’s excuse was simply a lie – but wouldn’t Mr. Samuels have known that?

·         Just because you “can”, doesn’t always mean you should

Hindsight is 20/20 but the majority of the issues created by John Hammond’s zealous attitude could have been foreseen if he had brought the right people in at the right time and had the right processes and disciplines in place. The brilliance of brainstorming is that different professionals’ experiences contribute to the overall plan and experience. Jurassic Park is a terrific example of what could go wrong in a business. Lessons learned?

·         Pitch your idea to someone you respect

·         Bring in “no-men or maybe-men” versus yes-men
·         Plan
·         Plan some more (you can be on the cutting edge and still follow this advice)
·         Create a structure that resists weaknesses
·         Test
·         Communicate
·         Succeed