Computers from Big Box Stores Are Not Meant for Business

risksummary_computer

The Shortcomings of Consumer-Grade Computers

Brian, our new client and CEO of “Media Dome, Inc,” had recently purchased seven laptops for his employees from the local Best Buy. Because the computers hadn’t been unboxed, we recommended that they be returned and exchanged for the equivalent business-class Lenovo Thinkpad laptops, which are made with higher quality components and come pre-licensed for use in businesses. Well, evidently Brian felt that these business-class laptops were not as stylish as he would have liked, and opted instead for us to take the original computers and “make them work.” So we upgraded the operating systems ($100.00 per computer), cleaned off the extra junk software, and installed the software that they needed to perform their job duties ($300.00 labor per computer).

Lo and behold, these laptops started having performance problems less than a month after being put into action. Two laptops had bad hard drives, which we ended up having to upgrade to SSDs ($200 each). The five remaining laptops all experienced main board failures within a week of each other. These computers were returned to Best Buy and the laptops we had initially suggested were purchased to replace them, leaving five employees without computers for almost two weeks. In all, Brian’s decision to prioritize style over substance cost Media Dome a grand total of $3,200.00, plus the lost productivity of five employees. 

The Right Tool For the Job

In our story, Brian made the common mistake of judging a computer solely based on its specifications and appearance. On paper, the decision to go with the more expensive business-grade laptops wasn’t exactly obvious. But when we look a little deeper, the advantages really start to stack up. 

Less Pre-installed Software

  • The first time you start up a consumer laptop, you’ll probably see tons of demos, games, and trial software that you’ll never use. These programs take up space and can slow down your processing speed. Of course, you can remove these unwanted extras yourself, but it’s a big hassle and wastes time and money. Manufacturers of business laptops know this, so you won’t have to deal with loads of bloatware before getting down to work.

Greater Security

  • Because business laptops are often packed with highly sensitive information, manufacturers will usually incorporate additional security features into their hardware. For example, bio-metric tools like fingerprint scanners can be used to make sure that only authorized personnel can access the computer’s stored information. They can also be configured to use some form of encryption that scrambles the computer’s data as it’s being written to the hard drive, making it nearly impossible to read without the proper decoding keys.
  • Consumer-grade computer manufacturers have also been known to pre-install adware programs onto their computers that can track your activity and send personal information back to third party companies. And because these programs come with their own root information, your computer will be more vulnerable to other forms of malware attack.

Better Performance

  • Just because your personal computer seems to run quickly and without issue doesn’t mean that it’ll perform well in a business context. You may not need much processing power to surf the internet and check email, but consumer-grade equipment will rarely have the powerful hardware needed to run the applications necessary for business purposes. Not only are consumer-grade computers generally inferior out of the box, they’ll also tend to slow down over time.
  • The bottom line is that you’re just not going to get the same quality of components in a consumer-grade computer as you would in one designed for businesses. Sure, you might save a little money up front, but the costs of upgrades and repairs are just not worth it in the long run.

Better Service and Tech Support

  • When a consumer-grade computer stops working for whatever reason, your only option is usually to send it into a diagnostics and repair center. Your computer could be out of commission for anywhere between a couple of days to a couple of weeks. It’s even possible that they won’t have the replacement components in stock, leaving you in the lurch until they can get it. Businesses can’t afford to have their employees sit around waiting, which is why business-grade computers typically come with a next day on-site warranty.

Playing the Long Game

When you compare consumer grade computers to professional grade computers, it’s important to look beyond the sticker price and instead consider the long-term costs that’ll accumulate over the computer’s lifespan. In our story, Media Dome’s CEO may have saved himself $300-$400 per computer up front, but the nightmare of trying to make them fit his business’s needs quickly chewed through this savings, leaving him with two sub par laptops and a massive headache. 

How Fax Has Become a Security Risk

risksummary_fax

Our client “Olympia Publishing, Inc” recently decided to outsource their website, and to save time and paper, Suzanne from HR, asked if they could accept job applications online. Their web developer would collect all of the application data and email it to Olympia’s HR department. Everything sounds good so far, right? Well, Olympia was collecting the applicant’s social security numbers in the digital form and transmitting the information through email. That’s a big no-no. When we caught wind of this misstep, we called Suzanne and explained to her the security risks, as well as the potential legal ramifications of mishandling the applicant’s personal information. She didn’t see what all the fuss was about and asked us how this was any different from when they had an employee fax the paper applications over to the main office. This was another “uh-oh” moment for us, and we soon found out that the faxes being received by the HR department were actually coming from a fax-to-email service. It turned out that every “fax” sent to and from Olympia Publishing was unprotected, and thus highly susceptible to being read by prying eyes.

Why Isn’t Email a Secure Form of Communication?

Quite simply, email is not a secure form of communication because it was never meant to be. Email was first developed when the internet was still young, and people were looking for a simple, standardized way to store-and-forward messages between different kinds of computers. Email messages were transferred completely in the open, and could be read by anyone with access to network traffic. You might be amazed to learn that this wide-open method is still how email works to this day, making emailed information extremely vulnerable.

Here is a short list of some of the ways your emails and emailed faxes can become vulnerable:

  • Since emails are not encrypted, they can be easily sniffed while in transit.
  • Because emails are recorded on the physical disks of all the servers involved in transmission (sender’s email server, recipient’s email server, etc.) they can be read once the server is decommissioned, or through backup tapes. Heck, they could be read by anyone with access to the server, be it a bored intern or a malicious identity thief.
  • There are a number of viruses which inspect the emails received by infected machines, looking for valuable information such as credit card info or social security numbers.

In reality, the entire email system is just relying on the honor system, and it’s amazing it still works as well as it does!

Why Is This so Important for Your Business?

It isn’t just irresponsible to send sensitive information through fax and email, it can also land you in some pretty serious legal trouble as well. In the state of Texas, there are a number of laws against sending personal information through insecure channels. In fact, fines can range anywhere between $2,000 and $50,000 per incident. Again, that is a per incident fine, meaning that if the personal information of ten different people is compromised, a company could be charged with ten separate offenses. If your business has a history of sending sensitive information through fax or email, these fines can add up quickly.

Using our story as an example, let’s imagine that Olympia Publishing sent the job application forms for 100 prospective employees through unsecured email or fax to Susan in their HR office. Assuming that state attorneys determine that each infraction carries with it the minimum fine of $2,000, Olympia Publishing could be charged with 100 violations with a total cost of $200,000. And should the State decide to charge them with the maximum fine of $50,000, Olympia would have to pay a grand total of $5,000,000!

Should You Keep Using Email and Fax in Your Business?

The correct answer here is both yes and no, depending on the situation. You have a legal obligation to both your clients and employees to protect their private information. If a major part of what you are sending or receiving via fax and email is sensitive personal information, then you should absolutely not be using these channels. Fax and email are fine for basic communication, but when you are dealing with credit card information, social security numbers, copyrighted information, etc, you need to use a service that does not transmit data over the internet.

Offering a Better Solution

The story of Olympia Publishing should highlight the importance of working with experts who understand network security inside and out. After all, if we hadn’t stepped in to inform them of the legal consequences of sending sensitive information through unsecured channels, Olympia could have landed in some really hot water.

This material is for informational purposes only and not for the purpose of providing legal advice. You should contact your attorney to obtain advice with respect to any particular issue or problem.

I Do Not Get Paid $60,000 a Year to Watch Netflix

risksummary_netflix

The Truth About Internet Monitoring and Content Filtering

Not too long ago, we were hired by “Local Valley Construction, Inc.”, their first standardization project was an update to their network. Because we were using Cisco Meraki equipment, we offered to put some web content filtering rules in place. Local Valley’s CEO, George decided against this step, fearing that he’d come off as a bit too authoritarian if he censored his employee’s access to the internet. Well, a few weeks later, employees started complaining about slow internet speeds. We investigated these claims and, sure enough, our logs revealed that several of Local Valley’s employees were spending their days watching videos on all of the major streaming networks. The understandably irritated George, issued a warning to all of the employees and hoped for the best. After a week had passed we checked the logs again and found that there was still one employee, Tim, who was spending 7+ hours a day watching Netflix. Much to the George’s chagrin, Tim was a manager who, evidently, thought that the rules applied to everyone but himself. A quick audit revealed that this manager’s workload was being handled by two assistant managers. Needless to say, George determined that Tim’s position was unnecessary, and he was let go the same day. In the end, the company saved themselves $70,000 a year in salary and overhead costs!

So What Was the Problem?

Prior to us switching Local Valley’s network over to Cisco Meraki equipment, Local Valley’s leadership had no way of telling how their employees were using the internet. Everyone could have been watching cat videos on YouTube all day behind the CEO’s back and (if the employees we were sneaky enough) he’d have no way of knowing. Because we were using the proper equipment, we had the power to monitor internet use within the network and spot unproductive activity as soon as it occurs. Had the CEO been on board from the beginning, we could have even stopped the problem at its source by blocking certain websites entirely, eliminating the need to pour over network logs.

Why Is This Important?

As a business owner, you can’t afford to have employees wasting time on the internet that is not relevant to their work. Not only does it slow down your business’s productivity, you’re essentially throwing money down the drain by paying someone for a 40-hour work week when they’re only actually working for half of that time, or even none of the time in the case of this particular manager. Even your truly dedicated employees are negatively affected by improper internet use. While they’re busy downloading important files, or carrying out work related research, slow internet speeds force them to wait, slowing down their work output.
Now, filtering employee internet access is not an all or nothing solution. There are a number of exceptions that we can take into account when setting up a businesses’ internal network. Like a castle laying down its drawbridge, you can choose who you let through your internet filtering barriers.

Laying Down the Drawbridge

Before setting up Local Valley Construction’s network to block certain websites, we worked with the leadership team to determine which employees or departments should or shouldn’t have access to different categories or particular pages. We also provided a digital form they could fill out to request sites in the future for the leadership team to review. Here are three examples typical of what we find after turning this on:

  1. Local Valley’s HR manager, let us know that she needed to access Facebook in order to screen potential employees during the interview process. She had a valid reason to visit social media websites as part of her job, so leadership approved her access.
  2. Not long after that, one of their construction site foreman requested access to YouTube, to gain access to videos that were used for safety training. Of course, he was granted special access as well.
  3. A few weeks later, one of Local Valley’s accountants asked us if he could access his favorite online message board where members share pictures of their cats dressed up in Halloween costumes. He claimed it helped calm him down after stressful business calls. His request was denied.

We’ve listed these examples to show that internet filtering within your company’s network can be made as strict or as flexible as you like. And because we’ll continue to work with your business long after we’ve set up your network, we can act as the go-between, granting special internet access on a case by case basis.

Offering a Better Solution

The story of Local Valley Construction should highlight the importance of working with consultants that understand the full potential of comprehensive network monitoring. After all, had Local Valley’s CEO stuck with their old internal network, he might still have a manager leeching off of the company’s payroll, along with countless hours of lost productivity among his staff.

 

Surprising Risks of Not Archiving Email Properly

risksummary_netflix

Recently we took over all the technology needs of “Awesome Realty, Inc.” Awesome Realty purchased Microsoft’s Office 365, before we started with them from “We Can Do IT Cheap” a local IT company. They chose the cheapest plan, and proceeded to move everyone’s email over to the new system. They were told they now had archiving and larger mailboxes. They could also now send larger attachments – they saved money and they felt great! Around two years after moving to this system, Awesome Realty realized they needed access to emails from John Sales, a former employee, that left the company over a year ago, they desperately needed to retrieve for some potential legal issues. “No problem” they thought, “we’ll just go grab those out of our archive.” Except, well – the emails weren’t there.

They were upset, confused and asked “What happened?” Well as it turns out, Awesome Realty made a mistake we see far too often, they didn’t properly understand how Microsoft defined archiving compared to what they thought archiving in an email system to be. And with the overwhelming number of options out there (365 alone has over seven plans to choose from!), they picked a plan they thought did everything they needed, except it didn’t.  This ended in Awesome Realty not being able to prove what John Sales had promised, which was at the heart of their new legal problems.

Keeping A Clean House

Let’s take the metaphor of a house (an employee..ie.John Sales) in a neighborhood (a business..ie.Awesome Realty), to explore why this happens way too often. On the most basic level, email is just your Inbox, a spam folder, and a deleted folder right? To compare to a house, let’s say the Inbox is your living room, spam is the closet you throw everything in you don’t want to have to look at, and the deleted folder is your trash can in the kitchen. Simple enough. You bring something into the house (new mail), it either gets thrown away outright in the trashcan (deleted), stashed in the closet and maybe eventually thrown away or used (spam), or you want to keep it and it gets put into the living room (your inbox) to be read later or put somewhere else. 

Where we see most clients get hung up is when you introduce new folders, archiving, and something called Litigation Hold – so let’s add those to our metaphor and see where Awesome Realty went wrong. Many of us have created additional folders under our inbox to sort mail once we’ve read it, this is equivalent to moving something from the living room into one of the bedrooms once you know where you’d like it to go – pretty straightforward. But many email systems have a feature called “archiving”, and it is important to understand exactly what this does. If folders you create are equivalent to rooms in your house to store things in, an archive would be akin to the attic. You can place things there to get them out of the living area and not take up your precious space, but still have them in case you’d like to go rummage through them from time to time. This is exactly what archiving does, when you “archive” something in your email, you move it to a folder that doesn’t count against your used space in your inbox – you’ve stuck it in a different storage location.

Archiving and Litigation Hold

If you recall our story at the beginning, you’ll see Awesome Realty did have archiving!

So what was the problem?

  • They didn’t have Litigation Hold. Litigation Hold is very misunderstood – in our house example Litigation Hold is equivalent to having an underground bunker the whole neighborhood (the entire business) shares. As you bring mail into your house, a copy is made and stored underground in the bunker.

Why is this important?

  • Let’s say you have a fire in your house, it could potentially take out all of your rooms and the attic. You could lose EVERYTHING. This is what we see happen far too often, an employee leaves, or deletes their mail (sometimes just not knowing any better), and everything is lost – including the archived content. By having the underground bunker, you still have a copy of everything you’re looking for protected from the fire (or ignorant / malicious employee), covering you legally and in some cases financially.

Offering A Better Solution

This story gives a great example of why working with a consultant that understands technology strategic planning and risk management is absolutely critical. Had Awesome Realty been told why they would want one plan that includes Litigation Hold over the cheaper plan that didn’t, they would have had those emails when they needed them a year later. Offering true consulting means being willing to step up and defend the interest of the client’s organization, even if that sometimes means the solution is more expensive. After all, true strategy planning looks at the total cost of a decision, including the risks and opportunity cost, not just the upfront cost of the proposed solution.

Let TechBundle help make your business successful. Contact us at (979) 446-0580 or online for a free consultation.

*This material is for informational purposes only and not for the purpose of providing legal advice. You should contact your attorney to obtain advice with respect to any particular issue or problem.