We’ve heard a lot about “SmartHomes” over the past several years, potentially more so with the popularity of Nest, and other emerging technologies.
I have to admit that I’m a recent EcoBee3 convert (rather than Nest), and I’m hooked. Our EcoBee system has been in place for about 3 weeks, and I find myself wondering why I waited so long to take the leap.
Let me first say that for anyone who’s ever been frustrated by having to get up to walk down the hallway to adjust the temperature or air flow – or worse yet, not having control at all – you’re in for a treat. Part of the reason why I selected the EcoBee3 for our home was because it has a phone app. as well as a web site interface. However, the other key differentiators are that it allows multiple temperature reading sensors (for different rooms and/or floors), as well as it shows the current set-point in addition to the current temperature on the main display (which oddly enough, Nest does not do).
I will post up more photo’s and examples once I’ve collected a better set of the same… however, all I can say in the meantime is – “Where have you been all my life?!”. 😉
Public computing facilities – whether it’s shared workstations, or public WiFi – often get a bad reputation, and it’s often no wonder why this is the case. There are many security threats out on the Internet, and keeping shared computing stations running quickly while remaining “safe and clean” from new and emerging threats is often a challenge for even the most diligent and well-trained IT professionals.
At RiteTech, our principal consultant and co-founder has years of professional experience from the financial services and IT security disciplines. His philosophy of “practical, prioritized security” helps to ensure that RiteTech’s managed solutions keep system downtime and productivity losses due to unexpected incidents to a minimum, while keeping reliability and customer satisfaction high.
Contact us to learn more about how RiteTech can help your organization with public computing and WiFi challenges.
Isn’t it amazing how WiFi has gone from “luxury”, to “nice-to-have”, to “must-have” – in just a few short years? Who would have imagined that small, portable devices such as cell phones and tablets would start to become the primary and most frequent devices for accessing the Internet for the vast majority of the modern world?
WiFi presents more than its fair share of challenges, when making arrangements for public access. Many factors have to be taken into consideration, including appropriate radio coverage, potential interference sources, setting and enforcing a security policy, time and traffic limits, and so forth. Contact the experts at RiteTech for more information about some of the pro’s, con’s, and success stories that our team has experienced with public and private WiFi.
Practical IT “e-Security” (Part 1): How to protect your business, yourself, and your family in the “post-Target” age.
The odds are that if you weren’t directly impacted by the recent Target stores credit data breach, you probably know someone who was. And if you don’t happen to know someone who was – well, *I* was impacted by it – so now you do. 😉
The brazen and extensive scope of this attack has, not surprisingly, generated a lot of recent questions, soul-searching, and hand-wringing about the topic of IT Security, and/or what I call “e-Security”.
Given that I was impacted by the breach firsthand – and that I’ll confess that I used to be a IT Security Administrator for a quasi-Federal agency in a past professional life – I decided to share some of my various impressions, thoughts, and suggestions in a series of these blog articles.
One of the first questions that often comes to mind is “how could this happen?” or “how did this happen?” – particularly on such a wide scale in the case of numbers of cards compromised. While doing some of the after-event quarterbacking or second-guessing can be of some limited value (particularly, if that process is used to help learn from the event, rather than just to excoriate the people involved) – the simple fact is that today’s IT systems are so complicated, intertwined, and extensive that it’s extremely difficult for anyone to keep every possible vulnerability or exposure point completely protected.
An analogy I like to use is that of a physical building or facility – such as a hospital – with multiple entrances and exits, and with many different types of persons entering and exiting, at many times of day. Some of those persons may be visitors. Others may be direct staff. Others may be contractors. And others may just be plain up to “no good”. Very few of them will probably “check in” or “sign in” at a entrance desk, even if they should be. Think of these various random persons as if it was traffic or computing applications that’s flowing inside and outside of a computer network.
And there you have it. Unless you have protections, controls, and training provided to your staff, family, or business to help address handling and/or monitoring these activities, you may not even know that they’re even occurring.
And with that, it’s time for another analogy. 😉
A physical building can have many entrances and exits. Some buildings- or their facility managers- choose to hire guards, front desk staff, and/or install cameras to help record or monitor what goes on in the building. It is hoped that some combination of these techniques will help discourage incidents, or at least provide some information about those incident(s) if they occur.
In a traditional computer network, frequently there is one (or more) devices that acts like a “gateway” to the rest of the world – particularly if that network is connected to the Internet. That gateway – and/or firewall (if it exists) – is where all of the traffic (or “people”) go through, regardless of who they are, what they are doing, or if they have benign versus malicious intent.
So my question to most organizations when we do an initial IT security assessment is: Who (or what) is monitoring or watching your firewall or gateway? And the answer frequently is – “crickets chirping”, or, “I don’t know”. In the physical world, that would be the equivalent of leaving the main entrances or exits to the building unwatched, or having a fancy camera system that nobody ever bothers to watch the footage from.
The good news is that there are mechanisms, services, software, policies, and training available that can help mitigate, reduce, and/or (in some cases) prevent or discourage – but not entirely eliminate – many IT security and data privacy risks. Just as is the case in the physical world, with physical security.
Some examples include Two-Factor Authentication (meaning, not relying just on user-generated passwords), having Mobile Device Management (MDM) systems for iPad’s, iPhones, etc., and firewall monitoring services with the appropriate policies applied.
In other cases, it’s just having some good old fashioned training performed and policies writtten, to help ensure that your organization or family is well informed in terms of how to help stay “e-Secure”.
Stay tuned for future additions or tips in a future post[s]…
A few weeks back our company sponsored a marketing event in tandem with a local trade association at the Ruth Chris’s steakhouse in Tyson’s Corner, VA. Now, for those who haven’t been there before, I don’t want to spoil the culinary delights or surprises. However, the main focus of this post is to call out the unexpectedly affordable pricing for their various Happy Hour specials.
Yes, it’s true. Their Happy Hour prices are quite affordable for drinks and appetizers during happy hour, with a location and atmosphere that’s pretty hard to match for the money in the beehive of activity that is Tyson’s Corner.
I’m always someone who expects a lot for their dining dollars. The experience well exceeded my expectations of value, service, and comfort. So, I will happily add this venue to my short list of favorites, in addition to such notables as the Black Rooster Pub in DC.
If you haven’t read it yet, here’s the link to Part 1.
As mentioned before, it had taken several days until the proper supervisory staff was alerted to this mysterious document that had been inappropriately posted up on its web site. The document appeared to list individual staff positions, hourly pay rates, and other compensation-related information.
Here was the ironic “twist” to the story. Upon closer inspection, the document actually had FALSE information! For instance, where it listed “Maintenance Technician I” – while there was a pay rate indicated for that position, the pay rate listed actually was completely INACCURATE! Ditto for ALL of the other listed positions – e.g. “Custodian II”, “Groundkeeper I”, “Security Guard I”, etc., etc.. As it turns out, this curious document came from some sort of other system (or software) that essentially had “placeholders” or “fake data” loaded into it – albeit, still with the actual real position names indicated.
To the casual observer, the document APPEARED to list the pay rates or hourly rates for each position in the organization – and, although no names were specifically mentioned – since this was a relatively small organization, it was not difficult for people to potentially assume who a given position’s title was associated with. However, the extreme irony is that even though all of the data turned out to be FAKE and INACCURATE – simply having what APPEARED to be this data inappropriately released, caused a great deal of gossiping, speculating, rumors, second-guessing, and “I can’t believe that so-and-so makes such-and-such” kinds of commentary, throughout the organization.
So, one of the “morals” of the story is that even inaccurate data – or misinformation – if released improperly, can still cause a tremendous amount of turmoil, drama, stress, and harm to an organization.
How would your organization handle a “Data-for-Ransom”, or other serious IT Security breach?
2013 has certainly seen a significant rise in the number of Internet and network security threats, and has included the unwelcome introduction of a particularly fearful type of hacker attack – that’s the one now known as “Ransom-ware”, and more specifically, “CryptoLocker”.
Simply stated, “CryptoLocker” is essentially the IT equivalent of a hostile, external force taking over your computer (or server), and holding its most critical data “hostage for ransom”. Whereas other types of viruses and other “malware” tends to steal passwords, invade privacy, damage, degrade, or otherwise compromise systems, etc. – as if all of those perils weren’t disruptive enough – this particular form of “malware” goes the additional mile, and actually forcefully “locks up” the computer’s various data files, and holds them “for ransom”, unless the attacker is paid off. This type of attack probably ranks up near the top of some of the most disruptive and malicious perils that a computer user could potentially encounter, simply by performing as innocent a mistake as opening (or running) an infected or malicious attachment.
Although none of RiteTech’s clients has been infected by CryptoLocker to date, we have heard of a greatly increased incidence rate of its infections encountered being reported by other IT providers, which suggests that the overall level of infection is increasing, and accelerating. While there is never a 100% guarantee or prevention from IT security breaches (just as there is never a 100% guarantee from physical security breaches, or other perils – like fire, floods, etc.) – there are several “best practices” that can help organizations maintain a reasonable level of security and data protection.
RiteTech can help provide guidance to ensure that your organization’s IT infrastructure and policies are “all that they could be”. We provide “lunch n’ learns” about IT Security, Cloud Computing, and other informative seminars to qualifying organizations. Contact us for further details.
1. Having an appropriate and adequate data protection strategy is essential. This includes ensuring that all critical data is properly backed up (ideally, off-site for the most critical data), and that restoring from backups are regularly tested. Incidentally, when the restoration is tested, part of what also needs to be tested is the length of time for a restoration to occur. Many firms, including IT firms, vastly underestimate the amount of time, or level of effort, to recover data from a catastrophic loss.
2. Ensure that staff is storing critical data in the appropriate locations (which are in turn, backed up) is also essential. This is largely a policy and a training issue, rather than a technical one.
3. Ensuring that staff has basic awareness of IT security policies – as well as their own employer’s policies – is also extremely important. For instance, does staff know how to handle (or report) a suspicious incoming e-mail or phone call? A malfunctioning computer? A telephone, LAN room, or other sensitive “IT closet” that is discovered with its door opened and no explanation, etc.? All of these are examples of scenarios that staff should have some basic awareness on what to look out for, and how to handle.
4. What is the organization’s “Bring Your Own Device” [B.Y.O.D.] policy? (e.g. for syncing personal devices with e-mail, etc.?). How will the organization handle scenarios if an employee’s personal device is lost, stolen, or hacked – and the company’s data on the device is somehow compromised or placed at risk? (Hint: Mobile Device Management [MDM] software and related policies can help reduce and control these risks).
5. Does the organization’s network have an appropriate, and properly managed and monitored firewall(s), that can adequately protect against all modern threats, while also not drastically slowing down the organization’s Internet speeds? Hint: If the firewall(s) cost the organization less than $1000 and/or if the firewall was purchased from a Best Buy or other retail source, then the answer is almost assuredly NO. (Contact us for explanations about why that is). An unmonitored firewall – especially one without someone who regularly views or analyzes its activities or reports – is about as helpful as having a security camera system where nobody ever watches the monitors, or ever plays back its security recordings.
6. And of course, it goes without saying – however, having effective, well-updated, and centrally managed/monitored antivirus or appropriate security software on ALL connected devices – as well as some sort of uniform method of ensuring that various critical software patches or updates are consistently deployed on all of these devices – is essential.
Want More Info?
The following articles provide more information about the threats:
… It’s been about 10 days since healthcare.gov launched, and I still can’t create an account or log on. Or even browse prices of health care plans. As I’ve said before to many people in various different forums, I *really* want health insurance and health care reform to work in this country – for MANY reasons – but the chronic failures of their web site is really, really, bad & isn’t helping the cause at all.
To take a step back – part of the original motivation here is that as a small business co-owner, I’m very interested in trying to get better health coverage – hopefully, for less money – for myself, my partner, and/or (hopefully) also our staff. That’s a very difficult thing to do when you’re a small business, such as one with less than 50 employees. Medical insurance companies have historically always charged horribly exorbitant rates to individuals and small businesses, and we have seen that firsthand at RiteTech, where we’ve had to pay astronomical amounts of money for medical insurance compared to what we used to pay as individual employees in the past, working for other firms (or people).
Now granted, many (actually, most) IT projects – particularly ones of any significant size or complexity – end up being “challenged” – which is a kind euphemism for meaning that they undergo serious problems, whether it’s related to the technology, the budget, a lack of sponsorship (either financial or political), inadequate and/or incompetent staffing, or otherwise . This sad, accurate, but sobering statistic is reinforced over and over again in Project Management Institute (PMI) training and commiserating. It’s a “movie” that I also saw played over and over again back when I used to work as a project manager in prior governmental or quasi-covernmental settings, such as for Loudoun Water or Fannie Mae.
That said, It would be one thing if this was an earthshattering new technology or otherwise experimental new ground in terms of the underlying concept – build a web site to allow consumers to browse/research/compare, and/or possibly purchase, certain goods or services online. But there are way more complicated pricing models out there on large sites, handling much more transaction volume, every day – airlines, stock exchanges, hotel bookings, etc.. The healthcare exchanges can only adjust pricing based on age, smoking/nonsmoking, sex, state of residence, and the specific different “plan” being offered. That’s a lot less complicated of a set of variables than, say, airlines, stock trading, hotels, etc. – and yet all of those sites can handle major loads with no issues…
The fact that the site is pretty much dysfunctionally unusable 11+ days after launch, in my humble opinion, shows a major FAIL on the part of the design and/or project management, IMHO. I heard a statistic that 9 of 10 people trying to use the site are unable to – and I believe it – given that I’ve been completely unable to use it since its launch, and I’ve tried pretty much every other evening since 10/1 just to create a logon.
Other pundits have pointed out the huge cost for the site’s creation (allegedly $634 Million), given that it still doesn’t work, and seems awkwardly designed:
While I can’t speak to the accuracy of the information in that article, from my own basic initial browsing of the site – at least, the sections I can get to- these two critical questions come to mind:
#1 Flaw: Why on earth are creating logon accounts REQUIRED in order to just *browse* plans or gain comparative information? That in and of itself is probably a huge source of additional stress on the system. Most people who browse, aren’t going to buy. That’s just Sales/Marketing 101.
#2 Flaw: Why aren’t the people in charge of this system or web site getting some urgent, emergency, expert help to handle the load from others who have experience in designing, maintaining, and supporting such large-scale systems? Some immediate relief could be as simple as perhaps having a 3rd party site (who can actually handle the load – like maybe Akamai or Amazon) offload the signup or “create accounts” process or pages, then have those parties send over that info. to the back-end systems in some sort of secured batch process, and then send the people signing up an email in a few hours saying “okay, we’re ready for you to log on now.” Yes, what I propose is certainly a very *lame* workaround and I’m sure highly embarrassing to those who’d have to eat crow to ask for this, but isn’t that better than having chronic error pages for days on end, and putting the whole potential program at risk?
I’ll keep people updated in our ongoing efforts to try to get some information from HealthCare.gov.
Thanks for reading!
With HOA Budgeting season coming up, as a former HOA President – and more recently, a frequent HOA vendor – I’m sure that most in the HOA industry have seen more than their fair share of strange or bizarre behaviors during the annual HOA’s budget process.
While experience, professionalism, and practicality all certainly matter to help ensure a functional and reasonable budgeting process – it’s very frequently the “BUDGET DON’T’s” (or a lack of knowledge of the DON’T’s) that seem to get more novice Boards of Directors (or Board Members) in trouble.
One of the most basic flaws we’ve often seen in an HOA budgeting process starts right off the bat with original planning assumptions about the amount of expected revenue. Frequently, HOA Boards (or their property managers) will simply take the their total anticipated budget, divide it by the number of units in the community, and simply declare that this is the target per-unit rate for the dues. However, this very simplistic calculation doesn’t take into account many real-world and likely scenarios, such as the fact that it’s unlikely that the HOA will get “full” or “perfect” collections – either due to delinquent accounts, vacant properties, or otherwise. While there’s no perfect formula to help mitigate this, a good frame of reference is often to look at prior years’ collections activities or vacancy rates to help determine what the actual REALISTIC anticipated income for the Association will be. It will most likely be a few percentage points below 100% theoretical planned maximum income, depending on the level of delinquent accounts, vacancies, etc. in the community.
Another frequent mistake is underestimating the effects of price changes due to expiring/renewing contracts or other variable costs. At RiteTech, we see this all the time when assisting communities in analyzing their telephone, Internet, or cable TV bills. Frequently, carriers have the ability to change or modify their pricing unless specific contract(s) or price protections are in place. In other cases, certain telecommunications services may be very heavily taxed, and may be taxed more so depending on the carrier used and the way that the carrier’s service is regulated. Ironically, older accounts, older technologies, and older carriers (particularly ones that start with the letter “V”) often tend to be more heavily taxed under more antiquated and less favorable rules than more modern services. They also typically love to cram unnecessary charges, options, or other fees onto those telecommunication bills, knowing full well that the majority of their customers are simply going to pay them, without really questioning what they are, understanding what they are, or if they’re even technically necessary. In other instances, a larger and/or order location may have many phone lines or other services that are simply no longer even being used, and may not even be physically connected to any devices any more. This can be difficult to verify unless the lines are traced by skilled technicians who also know to look out for specialized devices such as elevator phones, fire alarm and/or security panels, HVAC or boiler monitoring systems, door boxes/card entry systems, or other specialized equipment that is typical to larger buildings or facilities.
Another favorite example relates to waste removal and snow removal. Frequently, waste removal involves variable costs such as “tipping fees” (or dumping fees), and/or fuel charges that may vary, even though the “base rate” may be protected under contract. Likewise, snow removal costs are typically a very difficult item to predict, as it very much depends on the weather.
As with most endeavors related to HOA governance, it’s best to get a healthy mixture of different persons involved with varying skills, experiences, and interests to help ensure that the budgeting process goes as smoothly as possible, and that the resulting budget helps to represent and enable the HOA’s and the membership’s priorities. Having at least one person (and ideally, more than one) experienced with budget preparation and accounting is extremely helpful – many would say, absolutely necessary – to help ensure that the process goes smoothly, and that critical mistakes are not made during this crucial activity.
One of the most important aspects of any widespread e-mail communication is not only the “From” line, but also the “Subject” line.
We’ve pasted some examples of some catchy or enticing subject lines below. While we can’t take credit for actually coming up with some of these subject lines, these give some good examples of some of the more interesting ones we’ve come across. Enjoy!:
“Need more clients but don’t know where to start?”
“Please don’t forward this”
“Something you’ll like :)”
“Total anticipation… or panic…”
“Good news ;-)”
“Are you with us?”
“<your name here> VIP invitation”
“For <your name here>”
“Can I ask a quick favor?”