50 Shades of Pay Grades: Part 2

In our last edition of “50 Shades of Pay Grades” (blog entry from August 8^th), we first laid out the scene for our “50 Shades of Pay Grades” story.

If you haven’t read it yet, here’s the link to Part 1.

As mentioned before, it had taken several days until the proper supervisory staff was alerted to this mysterious document that had been inappropriately posted up on its web site.  The document appeared to list individual staff positions, hourly pay rates, and other compensation-related information.

Here was the ironic “twist” to the story.  Upon closer inspection, the document actually had FALSE information!  For instance, where it listed “Maintenance Technician I” – while there was a pay rate indicated for that position, the pay rate listed actually was completely INACCURATE!  Ditto for ALL of the other listed positions – e.g. “Custodian II”, “Groundkeeper I”, “Security Guard I”, etc., etc.. As it turns out, this curious document came from some sort of other system (or software) that essentially had “placeholders” or “fake data” loaded into it – albeit, still with the actual real position names indicated.

To the casual observer, the document APPEARED to list the pay rates or hourly rates for each position in the organization – and, although no names were specifically mentioned – since this was a relatively small organization, it was not difficult for people to potentially assume who a given position’s title was associated with.  However, the extreme irony is that even though all of the data turned out to be FAKE and INACCURATE – simply having what APPEARED to be this data inappropriately released, caused a great deal of gossiping, speculating, rumors, second-guessing, and “I can’t believe that so-and-so makes such-and-such” kinds of commentary, throughout the organization.

So, one of the “morals” of the story is that even inaccurate data – or misinformation – if released improperly, can still cause a tremendous amount of turmoil, drama, stress, and harm to an organization.

Advertisement

New Virus Threats: “CryptoLocker”, Ransom-Ware and Survival Tips

How would your organization handle a “Data-for-Ransom”, or other serious IT Security breach?

2013 has certainly seen a significant rise in the number of Internet and network security threats, and has included the unwelcome introduction of a particularly fearful type of hacker attack – that’s the one now known as “Ransom-ware”, and more specifically, “CryptoLocker”.

Simply stated, “CryptoLocker” is essentially the IT equivalent of a hostile, external force taking over your computer (or server), and holding its most critical data “hostage for ransom”.  Whereas other types of viruses and other “malware” tends to steal passwords, invade privacy, damage, degrade, or otherwise compromise systems, etc. – as if all of those perils weren’t disruptive enough – this particular form of “malware” goes the additional mile, and actually forcefully “locks up” the computer’s various data files, and holds them “for ransom”, unless the attacker is paid off.  This type of attack probably ranks up near the top of some of the most disruptive and malicious perils that a computer user could potentially encounter, simply by performing as innocent a mistake as opening (or running) an infected or malicious attachment.

Although none of RiteTech’s clients has been infected by CryptoLocker to date, we have heard of a greatly increased incidence rate of its infections encountered being reported by other IT providers, which suggests that the overall level of infection is increasing, and accelerating.  While there is never a 100% guarantee or prevention from IT security breaches (just as there is never a 100% guarantee from physical security breaches, or other perils – like fire, floods, etc.) – there are several “best practices” that can help organizations maintain a reasonable level of security and data protection.

RiteTech can help provide guidance to ensure that your organization’s IT infrastructure and policies are “all that they could be”.  We provide “lunch n’ learns” about IT Security, Cloud Computing, and other informative seminars to qualifying organizations.  Contact us for further details.

In the meantime, several critical IT security and data protection “survival tips” include:

1. Having an appropriate and adequate data protection strategy is essential.  This includes ensuring that all critical data is properly backed up (ideally, off-site for the most critical data), and that restoring from backups are regularly tested.  Incidentally, when the restoration is tested, part of what also needs to be tested is the length of time for a restoration to occur.  Many firms, including IT firms, vastly underestimate the amount of time, or level of effort, to recover data from a catastrophic loss.

2. Ensure that staff is storing critical data in the appropriate locations (which are in turn, backed up) is also essential.  This is largely a policy and a training issue, rather than a technical one.

3. Ensuring that staff has basic awareness of IT security policies – as well as their own employer’s policies – is also extremely important.  For instance, does staff know how to handle (or report) a suspicious incoming e-mail or phone call?  A malfunctioning computer?  A telephone, LAN room, or other sensitive “IT closet” that is discovered with its door opened and no explanation, etc.?  All of these are examples of scenarios that staff should have some basic awareness on what to look out for, and how to handle.

4. What is the organization’s “Bring Your Own Device” [B.Y.O.D.] policy?  (e.g. for syncing personal devices with e-mail, etc.?).  How will the organization handle scenarios if an employee’s personal device is lost, stolen, or hacked – and the company’s data on the device is somehow compromised or placed at risk?  (Hint:  Mobile Device Management [MDM] software and related policies can help reduce and control these risks).

5. Does the organization’s network have an appropriate, and properly managed and monitored firewall(s), that can adequately protect against all modern threats, while also not drastically slowing down the organization’s Internet speeds?  Hint:  If the firewall(s) cost the organization less than $1000 and/or if the firewall was purchased from a Best Buy or other retail source, then the answer is almost assuredly NO.  (Contact us for explanations about why that is).  An unmonitored firewall – especially one without someone who regularly views or analyzes its activities or reports – is about as helpful as having a security camera system where nobody ever watches the monitors, or ever plays back its security recordings.

6. And of course, it goes without saying – however, having effective, well-updated, and centrally managed/monitored antivirus or appropriate security software on ALL connected devices – as well as some sort of uniform method of ensuring that various critical software patches or updates are consistently deployed on all of these devices – is essential.

Want More Info?

The following articles provide more information about the threats:

http://www.symantec.com/connect/blogs/cryptolocker-qa-menace-year

http://blogs.avg.com/news-threats/protecting-against-cryptolocker/

Responsive Web Design – Day 2: Oh Snap!

On day two of my responsive web design Odyssey, I was able to make some progress!  I had previously downloaded the Skeleton CSS framework because it was small and compatible with IE7.  I started by stripping out all the styles and began with just the media query size differentiators.  I kept the standard body styles, such as 0 margins, borders and padding.

Skeleton, like most response frameworks, works with a grid system with a set number of columns.  This is still to advanced for me, so I focused on just getting the header to display the way I wanted it to, which I was not able to accomplish using Skeleton as is.

The RiteTech web site header is a solid black strip flush against the top of the browser.  To the left is our logo and to the right is our phone number.  Since there is a bit of black space on 960 screens, I figured the format would also work well for screens 768 and higher (iPad held portrait) and up.

The code for this was pretty straight-forward:
<div>
        <div>
            <div><img src=”/img/logo.gif” /></div>
            <div>
                <p>Tel. (703) 561-0607 * FAX (703) 561-0608</p>
                <p>New Sales/Consulting:  Dial x. 101</p>
            </div>
        </div>
    </div>

.container { position: relative; width: 960px; margin: 0 auto; padding: 0;}
.header {background: #000; height:83px;}
.header .logo {background: #000; float:left; height:83px;}
.header .tagline {background: #000; float:right; text-align:center; padding-right:10px; padding-top:10px;}
.taglineMain {font-size:1.3em; color:#FC0;}
.taglineSub {font-size:1.2em; color:#fff;}

The container is 960 pixels wide with no margins or padding.  The header background is black and 83px (the height of my logo) high.  I probably have some redundant styles in there, but this is a work in progress.  The tagline floats to the right, and I added some padding to the top and right so it isn’t flush against the browser.

To reduce the size for 768 and higher browsers, all I had to do was change the width of the container:

  @media only screen and (min-width: 768px) and (max-width: 959px) {
        .container {width: 768px;}        
    }

The final size I played with was 480 and up, which would require the logo and tagline to be stacked.  I also decided to add a border between the two blocks so properly delineate the logo.

This is where I had to start playing with the styles a bit more:

@media only screen and (max-width: 767px) {
        .container {width: 460px;}
        .header {display:inline;}
        .header .logo {float:none;}
        .header .tagline {float:none; height:auto; border-top: 1px solid #C57227; padding-right:0px; padding-top:0px;}   
    }

The container size has been reduced, naturally.  I also removed the float for the logo and tagline blocks.  While that made them stack, the text beneath was running up into my tagline block.  To get rid of that, I had to make the header display as inline.  Still trying to gain a better understanding of that, but it did work.

I also made some other display changes to the tagline, like adding an orange top border and removing the padding from the top and right, since they are no longer needed.

As I continue with this project, I will be posting full page files and more code examples of my website.

I’m very excited!

Responsive Web Design – Day 1

After many years of focusing on the programming aspect of web side development – ColdFusion, SQL & jQuery – I decided it was time to get back into the game of better web site design.  After all, HTML is apparently up to version 5 and CSS 3 is now pretty much the standard.

This renewed interest is in thanks to a large part in my attending RIACon 2012 a few weeks ago.  There was a lot of focus on building sites for mobile devices and I was introduced to the wonderful world of responsive design.  Those of you who are not familiar with the term – as I was not – fear not!  It is a concept I was familiar with already – sites that update their design and layout when the size of the browser changes.  I could give you lots more background, but just do a Google search of jump to Wikipedia for more information.  One of the issues I face is one of my largest clients still uses IE7 in-house.  Anyone who has worked with jQuery UI knows how much fun IE7 can be.

I’ve been looking at some of the frameworks for a week or so, and finally settled on one yesterday.  I downloaded it and created a small test site on my computer.  I also browsed different sites that use responsive design and found some to use as starting guides.  After an hour or two I realized I was out of my element – no pun intended.  For years I’ve just been copying styles and making modifications to do what I desired, but I never really understood how the CSS worked when it came to layout.  I would just make change after change after change, hoping I could reach my preferred outcome.

So yesterday I decided that I’ve had enough of that.  I figured it was time to actually learn the advanced concepts of CSS so making something the work the way I wanted it to was just a matter of making a change, not hours of trial and error.

Because I’m old, I decided to go out and buy some actual, paper books.  I just learn better that way.

I will be posting regular updates on this journey for those of you interesting in seeing an old dog learn a new trick.  Maybe you’ll learn something along the way as well!

Organization Goes Low Tech

Happy New Year!

What are your resolutions for the year?  I’m guessing almost everyone wants to be more organized, correct?

I am no exception.  My desk is never as neat as I want it to be and I always seem to have tons of receipts and pieces of paper in my purse and computer back.  I’m a tech geek, I am proud to say, so all my contacts, emails and calendar items live happily on my laptop, iPhone and iPad.

But…I like lists.  To Do Lists.  Grocery Lists.  Lists of things to pack on vacation, lists of development ideas  – well, you get the idea.

Read the rest of this entry →

Who Owns Your Data?

As a provider to cloud-based services, we always talk to our clients and prospects about understanding ownership of their data hosted in the cloud and to understand what happens if the hosting company or provider goes out of business or is sold.

The Washington Post has a great article about this very topic today: view the article at www.washingtonpost.com.

This article focuses mainly on personal data, such as sites that host your photos and such, but it is something that anyone – individual or business – thinks about when they copy their data elsewhere.

Happy New Year!

Live Blogging – SMB Nation 2011

SMB Nation has gotten off to a great start at 7:00 local time here in Las Vegas. It is early, but there is a lot of excitement.

I’m currently watching the main keynote with Cisco, which is making a big push into the small and medium business space. Since SMB’s drive the economy, this is great news.

Some of the points being made are that they need technology to stay competitive, are shifting to the cloud for efficiency and reliability and are shifting away from a full time IT staff.

At RiteTech, we’ve been working with Cisco for over a year by testing some of their new devices and services.

We also urge our clients migrate to the cloud and consider ourselves your “outsourced” IT department, so we are right on track.

I look forward to the rest of the conference!

Cisco Features RiteTech and Dave Bainum in Video

Back in July the RiteTech office was busy preparing for our big screen debut.  We cleaned the office, painted the walls and wrapped the vehicles!  All our efforts paid off, for the video is great!  Check it out:  http://www.cisco.com/web/partners/sell/smb/onplus/grow_my_business.html.

For over a year, RiteTech has been working with Cisco to perfect their OnPlus network device and service.  This device allows us to better monitor our client’s locations and network.  We know within minutes if a network goes down – invaluable information in our line of work.

Variable Placement in SQL Queries

When I’m creating complicating queries, I tend to build the query in SQL Query Analyzer before copying the code into my ColdFusion page. Other times I will copy the ColdFusion debugging code into Query Analyzer with the variable values to recreate a result set. Either way, handing variables can be tricky. I either have a hard time locating the variables to put in static values, or forget to remove static values and put back in the variable place holder before pasting back into CF. Anyone else do this?

To make my life easier, I’ve starting declaring all of my SQL variables at the top of the query. This has several benefits:

1. I can easily see all the variables and their data types at the top of the query
2. I don’t have to hunt around to find/replace values
3. I only need to pass in the same variable value once

Here’s an example of a query in Query Analyzer:

DECLARE @startDt DATETIME
, @endDt DATETIME

SET @startDt = '1/1/2004'
SET @endDt = '1/31/2004'

SELECT *
FROM SalesOrder SO
INNER JOIN SalesOrderDetail SOD ON SO.SalesOrderID = SOD.SalesOrderID
WHERE 1 = 1
AND (
@startDt IS NULL
OR SO.SalesOrderDt >= @startDt
)
AND (
@endDt IS NULL
OR SO.SalesOrderDt <= @endDt
)

For testing purposes, I’m getting all sales in January 2004 (Sorry, my test DB has OLD data). When I past this into CF, I only need to change two lines:

SET @startDt = <cfqueryparam cfsqltype="cf_sql_date" value="#startDt#"
null="#IIf(IsDate(startDt), DE("no"), DE("yes"))#" />
SET @endDt = <cfqueryparam cfsqltype="cf_sql_date" value="#startDt#"
null="#IIf(IsDate(startDt), DE("no"), DE("yes"))#" />

If either value is empty, a NULL value will be passed into the query and the WHERE clause will properly handle that value.

While it does create more code, it is a much more elegant – and stress free – way to design a query.

Returning Delimited Lists in SQL

In a past CFUnited SQL presentation, I gave a demonstration on a Transact-SQL (SQL Server) concept known as cross apply which will return a delimited list of items in a query. This is a great way to roll up a one-to-many relationship into a single row. For instance, the following example returns all the reasons for which a sale was one, which may be zero or many. Regardless of the number of reasons, each sales order will only returned once, in one row:

SELECT TOP 100 SOH.SalesOrderID, SOH.OrderDate,
   LEFT(SalesReasonList, LEN(SalesReasonList) - 1) AS SalesReasonList
FROM Sales.SalesOrderHeader SOH CROSS APPLY (
   SELECT SR.Name + ', '
   FROM Sales.SalesOrderHeaderSalesReason SOHSR
      INNER JOIN Sales.SalesReason SR ON SOHSR.SalesReasonID = SR.SalesReasonID
   WHERE SOH.SalesOrderID = SOHSR.SalesOrderID
   ORDER BY SR.Name
   FOR XML PATH('')
) AS Cross1(SalesReasonList)
ORDER BY SOH.SalesOrderID DESC


You can download the full presentation on my presentation page.