#fifonetworks — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #fifonetworks, aggregated by home.social.
-
Now is a really good time to think about what information your company should have connected to the Internet.
Yesterday was a better time. Last year was better still. But, now is a really good time.
#CallMeIfYouNeedMe #FIFONetworks
#DataClassification #InformationPolicy #PrivateNetworks #AI
Cybersecurity - Networks - Wireless – Telecom – VoIP
-
This week I did an interesting data recovery task for a family. (This was a legal data access. The identities were verified). They were trying to put together a notification list for an upcoming funeral. They could tell the contacts in the person’s laptop were incomplete because names they knew should be there were missing. And the person’s Android phone, with Google Contacts, won’t directly sync to the email app on the laptop. They could go through the phone contacts one at a time, but, was there an easier way?
Yes, there is.
In this case, it was an Android phone. Refer to the picture.
You can export the Google Contacts to a single .vcf file (vcf is an abbreviation of an abbreviation. It stands for vCard File, and vCard is short for Virtual (Business) Card).
People sometimes think that a .vcf file is a single contact, but a .vcf file can contain multiple contact records. It can be quite large and contain hundreds, even thousands, of contacts.
You can view some of the information with any text editor like Notepad. To easily view all of the information, import the .vcf file into a new or existing address book in an email program.
SUMMARY
For this client, the solution was to export the contacts as a .vcf file from the phone, import the .vcf file into the contacts in the computer, and merge duplicates. Now they have a relatively complete list of contacts in one place, and they can manage announcements and invitations using a full-size keyboard.The client is in another state. A family member did the steps while I coached them over the phone.
#CallMeIfYouNeedMe #FIFONetworks
#TechSupport #RemoteSupport #HelpDesk
Cybersecurity - Networks - Wireless – Telecom – VoIP
-
Last Thursday I was doing a remote tech support call for an elderly gentleman and his wife in Macon, Georgia (I’m in Seattle). He said, “The printer is in another room, and I want to check the status to see if my document is done printing. It takes a lot of steps. Is there an easy way to see when the printer is done?”
SOLUTION
I put a shortcut to the printer queue on his Windows desktop, which was actually on a laptop. They both liked it, so I put another shortcut on the desktop of her laptop.HOW TO DO IT
If you’d like a shortcut to open your printer queue, here are the steps. If you have more than one printer, you can make one for each of them.Step 1: In Printer Properties, copy the name of your printer.
Step 2: On the desktop, Right-Click - New - Shortcut.
Step 3: Where it says, "Type the location of the item," write:
C:\Windows\System32\rundll32.exe printui.dll,PrintUIEntry /o /n "YourPrinterName"
Between the quote marks, replace YourPrinterName with the name of your printer, found in Step 1.Example:
C:\Windows\System32\rundll32.exe printui.dll,PrintUIEntry /o /n "WF-2930 Series(Network)"Step 4: Give the shortcut a name and save it.
Step 5: While something is printing, double-click the icon to see the current document queue and status.
#CallMeIfYouNeedMe #FIFONetworks
#TechSupport #RemoteSupport #HelpDesk
Cybersecurity - Networks - Wireless – Telecom – VoIP
-
There was a massive Verizon outage on January 14. Reuters reported that it lasted 10 hours. Downdetector said it received 2.2 million reports of problems with Verizon’s service, but other estimates are as low as 180,000. As of this writing, Verizon hasn’t announced a reason for the outage. Cybersecurity concerns are possible, but have been mostly ruled out. It appears to have been an internal “technical issue.”
I can’t tell you what the specific technical issue was, but I can tell you what the general issue was: massive centralization.
Companies design systems with massive geographic centralization for cost and convenience, not for resilience – or, for that matter – cybersecurity.
Information and communications industries as a whole have been moving steadily towards massive centralization for several years now. Decentralize command and control. Centralization is a military-grade problem. There will be bigger and more impactful outages across all industries while we re-learn this lesson.
-
Proprietary protocols are a security risk.
Proprietary protocols necessitate vendor lock-in.
When you commit your design to proprietary protocols, you lose the freedom to shop for lower cost products.
You’re stuck with the vendor’s availability and deliverability schedule.
If another vendor comes to market with a desirable feature, you can’t buy their product or use that feature until your proprietary protocol vendor includes it in their product – which may be a long time, if the feature is protected by a patent.
You’re stuck with the vendor’s schedule for firmware updates and CVE patches.
RECOMMENDATION
Your risk analysis should include an inventory of hardware, software, AND protocols.
Recommend the redesign of any system with proprietary protocols.
In the short term, before redesign is complete, update your Incident Response plan, growth plan, and spares inventory to minimize crises.CEOs: Ask your CISO, CIO, or systems architect, “Do we rely on any proprietary protocols?” And if they don’t immediately know the answer, it’s time to find out.
-
Winter weather – power failures – what’s a good design?
In theory – in a perfect world – the backup batteries only need to last long enough for the generator(s) to start up and stabilize with the load of your choice. But, in the real world, the backup batteries should hold the system up in the following scenario:
1. Power goes out.
2. Batteries/UPS take the load.
3. Power failure alarm is issued to the technician on call.
4. Generator fails to start.
5. Generator failure alarm is issued to the technician on call.
6. The tech on call requests service from the generator maintenance contract company.
7. The generator company rolls a truck.
8. The generator service person identifies the problem, repairs it, and starts the generator.If continuous operation through a power failure is the goal, I design battery/UPS systems for a minimum six hours of run time, and if the generator company has to roll a truck that’s really not enough. Six hours is only enough if you have in-house technicians on call who live close to the monitored system.
If it’s impractical to support a system with the appropriate amount of battery capacity for a generator repair, then the solution is a second generator. If, and only if, the system is protected with a second generator, is it feasible to reduce the battery capacity. Keep in mind that battery capacity decreases over the life of the battery, or with temperature variations, etc. Also, equipment gets added over time, so if the system is built with marginal capacity (generator startup and RPM stabilization), then when you have an outage six months or a year after initial installation, the batteries may no longer be adequate.
Design with lots of margin, not just to load transfer time.
-
Ask yourself, “Why am I doing this with a VM instead of a physical device?”
Ask yourself, “Why am I doing this in the cloud instead of on-prem?”
Ask yourself, “Why am I doing this with public Internet connectivity instead of private data circuits?”
If the best answer you can come up with is a reflexive, “Because it’s cheaper and more convenient,” then you’re not engineering systems, you’re copying what someone else did.
“Cheaper” and “convenient” aren’t the only design criteria.
First, you don’t know if it’s cheaper until you design and spec it more than one way.
Second, you don’t know if it’s more convenient until you actually think through the alternative business and operations processes that are influenced by the design.
Just because an operational solution is different doesn’t mean it’s less convenient. In fact, it may provide amazing new efficiencies.
Here are some design criteria for you to consider:
Security.
Performance.
Control.
Versatility.
Cost effectiveness (don’t confuse “cost effective” with “cheaper”).
Scalability.
Third-party vendor management.
Third-party vendor risks.
Compliance.
OPEX vs CAPEX -
A few months ago I discovered a law firm’s financial information (specifically billing and payment information), online. It’s a nationally known law firm, and the records in question were for the Seattle office.
Broken down by customer.
Itemized hourly billing.
Hourly billing rate.
Other expenses.
Customer account number.
Customer payment information, including bank account number.
Law firm’s bank account number.
Amounts paid.
Payment dates.
Balance due.
The information did NOT include details of the services provided.I found it entirely by accident, with a Google search that wasn’t targeted in nature.
No, I didn’t report it to the law firm. In Washington, “Good faith acquisition of personal information . . . is not a breach of the security of the system when the personal information is not used or subject to further unauthorized disclosure.” (RCW 19.255.005(1))
I believe that protects me, but I don’t want to test it in court, and if the law firm knew about it, they might feel compelled to take some sort of action other than securing their information better.THE LESSON
Do not store your company records, and host your website, on the same server. I can’t believe I have to write that sentence. -
Concerned about AI-generated malware bringing down your company? Then get your critical data off the Internet.
This isn't rocket science. This is Occam’s Razor.
The Internet is for social media and retail sales.
PII, PHI, employee records, customer information - nothing important should ever be Internet accessible.
Ever heard of private data circuits? Private data circuits are a real thing. People quit using them because the Internet was cheaper.
"It'll be secure," they said.
No. The Internet has never been secure. The Internet cannot ever be secure, because authenticated users will always be tricked into doing stuff for cybercriminals.
If there was ever a time to rethink your business strategy as it relates to information storage and processing, that time is now.
It's going to get worse quickly. Your best defense is to get sensitive data out of the public cloud.
-
A lot of the work I do is in high security systems where sensitive data isn’t connected to the Internet, and isn’t hosted on commercial public cloud platforms, because such an architecture can’t meet the design criteria.
A recurring issue I face is educating new decision makers who get ill-informed notions that they can reduce costs (thereby becoming heroes, or so they think), by centralizing information storage or processing on rented commercial platforms. So I go through it all again, patiently, politely, with the new person.
The other recurring threat I deal with is C-level people who want what I refer to as Data Ubiquity: “I want access to all of the data, at any time, from any location, on any of my devices.”
Data Ubiquity = Maximum Vulnerability.
Even “perfect” authentication won’t prevent this vulnerability. Why? Phishing. The authenticated user will be tricked into opening the door for the cybercriminal.
When the data is in no way Internet connected, how does the victim deliver the data to the cybercriminal? Do they print it out and ship reams of paper in boxes to the criminal via FedEx?
Offline Data = More Secure Data.
The cloud is for retail sales and social media, NOT for PHI, PII, corporate secrets, intellectual property, employee records, industrial controls...
-
This week I fixed a laptop for a client. It was the second time this client has had me do work for her. The first invoice was in 2016.
2016. It’s been nine years. Her husband isn’t in IT, but he’s a tech-savvy person, so he provides most of her tech support. But when he couldn’t resolve the issue, she still remembered me and came back to me for service in 2025.
That’s customer loyalty. Treat them right. They remember. They’ll come back.
-
A Training Manager at a company (who shall remain nameless) requested the course description for my CompTIA Network+ boot camp. It’s been a minute since the last time I got a request for that. There’s so much study material available online now. But in this situation, the company has a need to get several current employees certified in a hurry.
CompTIA’s current version is V9, N10-009. The course is five days, on site, instructor-led by yours truly. No, there’s no guarantee that everyone will pass the exam. On the other hand, I’ve trained hundreds of students at community colleges (semester-long version) and in corporate training rooms (the 5-day boot camp). Most people who complete the course without stepping out of the room to take phone calls, and show up every day, and do the homework, and follow my study tips, will pass on the first try.
So, something to think about, if your company needs several people certified all at once.
-
“Bob, do I need a new iPad?”
The client complained that the iPad was slow. Pretty vague, but that’s okay. The client isn’t expected to know that there can be a lot of reasons for slowness.FIRST: What does “slow” mean?
1) “Slow” can mean the device itself is slow, for any one of several reasons. Usually it’s background tasks that are running and using up CPU clock cycles. But it can also be insufficient RAM, or even more rare conditions like internal or external RF interference affecting the CPU, or a failing component.
2) “Slow” can mean the Internet connection is slow. This can be caused by inadequate Wi-Fi signal, external RF interference affecting the 1st RF amplifier, or a problem with the ISP that could be just down the street or miles away.
3) “Slow” can mean the web server the iPad is connected to is having performance issues.SECOND: Narrow it down.
1) To see if the device itself is slow, try opening and using an app that doesn’t require an Internet connection at all. A good choice is to open Photos. Run a slideshow. Try local editing (not online, but something on the device like cropping or resizing). Play a local MP3, or start a local video. Not streaming. Be sure it’s on the device. If operation is normal, the device is fine.
2) To see if the Internet connection is slow, run a speed test. If the speed is good, it’s definitely not the ISP. But, be careful! If the speed is bad, it doesn’t prove the ISP is the problem. It could be a weak signal, interference, a bad antenna in the device... lots of reasons for slow Internet that are separate from the ISP. In the example picture, we can see that the ISP is not the problem. This Internet connection is rated at 500 down, 35 up, so the speeds are within normal range.
If the ISP is good, but the Internet connection is slow, rule out a weak signal by moving closer to the wireless access point. Rule out interference by testing from a different location: maybe a neighbor’s house, or a coffee shop. Also, if the speed test is bad, check the speed with some other devices. If the speed is only slow on the complainant’s device, it may be an internal problem.
3) To see if the web server is slow, first, ask the device owner: “Were you experiencing slowness while connected to a particular site?” Maybe they’re having a problem with a slow game, or with online shopping. Start by opening a connection to the web server and try it out. If it is indeed slow, try OTHER web servers. Maybe stream a video, or try a game by a different company, hosted on a different server. If the slowness is caused by a particular server, you’ll have clear evidence now.THIRD: Should I buy a new iPad?
If the device is slow (test #1), you may want to get a new device.
If the ISP is good and the signal is good on other devices, you may want to get a new device.
If the web server is slow, there’s no reason to get a new device. -
Today I went to a client location to do a site walk for an expansion they’re doing. I got the details and then immediately scheduled a site meeting for tomorrow with a fiber installer to get a quote for connectivity to the new space. But that’s really not the story...
While I was in the existing office space, the Business Manager said, “Also, the guys are complaining about the Wi-Fi, so if you have time, would you take a look at that?” I said sure. When I’d finished the main activities I tracked down their Scheduler/Foreman and asked him for details about the Wi-Fi problem: “Is it everywhere, or in certain places? Is it all the time, or sporadic?”
He said the Wi-Fi was consistently bad in his office on the second floor. That was really the only complaint. They had remodeled an old storeroom into his office, and it had never been included in the original Wi-Fi plan. The Wi-Fi was truly awful in his office. But – he had an open Ethernet jack!
So I installed an additional Access Point right in his office. A few minutes later he came back in, just as I was finishing up the speed tests: 540 Mbps down, 41 Mbps up. Since they’re paying for 500/35, I’m pretty pleased. I gave him the SSID and key, and he connected – you should’ve seen the smile on his face.
Sometimes it doesn’t take much to be a hero. The simplest things...
-
"Bob, what does 'bandwidth' mean?"
Earlier this week I was in a video conference with an excellent team from a regional ISP on behalf of one of my clients. Of course the term “bandwidth” was used multiple times in the conversation. I was reminded again of how much this term has changed over the years. Personally, I wish the term was only used in analog frequency contexts, but language is a living thing and the meanings of words change. Here now, for you, is a lexicon of sorts: a brief list of the various meanings given by digital technologists to the word “bandwidth.”DOWNLOAD SPEED
Maximum Bandwidth: the maximum data transfer rate of incoming data, measured in bits per second (bps), Kbps, Mbps, Gbps, or Tbps. This value may be deliberately rate-limited, or it may be determined by the physical characteristics of the system.Current Bandwidth: the instantaneous, as-measured data transfer rate of incoming data, measured in bits per second (bps), Kbps, Mbps, Gbps, or Tbps.
UPLOAD SPEED
Maximum Bandwidth: the maximum data transfer rate of outgoing data, measured in bits per second (bps), Kbps, Mbps, Gbps, or Tbps. This value may be deliberately rate-limited, or it may be determined by the physical characteristics of the system.Current Bandwidth: the instantaneous, as-measured data transfer rate of outgoing data, measured in bits per second (bps), Kbps, Mbps, Gbps, or Tbps.
In the context of metered data, “bandwidth” also has these additional meanings.
MONTHLY DATA CAP
Monthly Bandwidth: The maximum amount of data that can be transferred during the billing cycle. This may be specified as download, upload, or combined up/down data. In this context, the unit of measure is bytes, not bits, so the acronym when correctly written uses a capital B: KB, MB, GB, TB. It does not specify “per second.”MONTHLY DATA ALLOWED BEFORE THROTTLING
Unlimited Bandwidth: Many “unlimited” data plans include a limit (for example, 100 GB) at the maximum download speed, and after that the customer can still download data, but at a slower, rate-limited speed.AMOUNT OF DATA USED DURING THE BILLING CYCLE
Actual Bandwidth: This use of the term “bandwidth” answers questions like, “What’s our average monthly bandwidth consumption?” If the average monthly data downloaded is 10 GB and a company is on a 100 GB plan, they may be able to save money by dropping to a 50 GB plan. It also allows the network engineer to see if the company is consistently hitting the throttling limit, in which case the bandwidth allowed in the plan should be increased. -
"Bob, what does 'bandwidth' mean?"
Earlier this week I was in a video conference with an excellent team from a regional ISP on behalf of one of my clients. Of course the term “bandwidth” was used multiple times in the conversation. I was reminded again of how much this term has changed over the years. Personally, I wish the term was only used in analog frequency contexts, but language is a living thing and the meanings of words change. Here now, for you, is a lexicon of sorts: a brief list of the various meanings given by digital technologists to the word “bandwidth.”DOWNLOAD SPEED
Maximum Bandwidth: the maximum data transfer rate of incoming data, measured in bits per second (bps), Kbps, Mbps, Gbps, or Tbps. This value may be deliberately rate-limited, or it may be determined by the physical characteristics of the system.Current Bandwidth: the instantaneous, as-measured data transfer rate of incoming data, measured in bits per second (bps), Kbps, Mbps, Gbps, or Tbps.
UPLOAD SPEED
Maximum Bandwidth: the maximum data transfer rate of outgoing data, measured in bits per second (bps), Kbps, Mbps, Gbps, or Tbps. This value may be deliberately rate-limited, or it may be determined by the physical characteristics of the system.Current Bandwidth: the instantaneous, as-measured data transfer rate of outgoing data, measured in bits per second (bps), Kbps, Mbps, Gbps, or Tbps.
In the context of metered data, “bandwidth” also has these additional meanings.
MONTHLY DATA CAP
Monthly Bandwidth: The maximum amount of data that can be transferred during the billing cycle. This may be specified as download, upload, or combined up/down data. In this context, the unit of measure is bytes, not bits, so the acronym when correctly written uses a capital B: KB, MB, GB, TB. It does not specify “per second.”MONTHLY DATA ALLOWED BEFORE THROTTLING
Unlimited Bandwidth: Many “unlimited” data plans include a limit (for example, 100 GB) at the maximum download speed, and after that the customer can still download data, but at a slower, rate-limited speed.AMOUNT OF DATA USED DURING THE BILLING CYCLE
Actual Bandwidth: This use of the term “bandwidth” answers questions like, “What’s our average monthly bandwidth consumption?” If the average monthly data downloaded is 10 GB and a company is on a 100 GB plan, they may be able to save money by dropping to a 50 GB plan. It also allows the network engineer to see if the company is consistently hitting the throttling limit, in which case the bandwidth allowed in the plan should be increased. -
"Bob, what does 'bandwidth' mean?"
Earlier this week I was in a video conference with an excellent team from a regional ISP on behalf of one of my clients. Of course the term “bandwidth” was used multiple times in the conversation. I was reminded again of how much this term has changed over the years. Personally, I wish the term was only used in analog frequency contexts, but language is a living thing and the meanings of words change. Here now, for you, is a lexicon of sorts: a brief list of the various meanings given by digital technologists to the word “bandwidth.”DOWNLOAD SPEED
Maximum Bandwidth: the maximum data transfer rate of incoming data, measured in bits per second (bps), Kbps, Mbps, Gbps, or Tbps. This value may be deliberately rate-limited, or it may be determined by the physical characteristics of the system.Current Bandwidth: the instantaneous, as-measured data transfer rate of incoming data, measured in bits per second (bps), Kbps, Mbps, Gbps, or Tbps.
UPLOAD SPEED
Maximum Bandwidth: the maximum data transfer rate of outgoing data, measured in bits per second (bps), Kbps, Mbps, Gbps, or Tbps. This value may be deliberately rate-limited, or it may be determined by the physical characteristics of the system.Current Bandwidth: the instantaneous, as-measured data transfer rate of outgoing data, measured in bits per second (bps), Kbps, Mbps, Gbps, or Tbps.
In the context of metered data, “bandwidth” also has these additional meanings.
MONTHLY DATA CAP
Monthly Bandwidth: The maximum amount of data that can be transferred during the billing cycle. This may be specified as download, upload, or combined up/down data. In this context, the unit of measure is bytes, not bits, so the acronym when correctly written uses a capital B: KB, MB, GB, TB. It does not specify “per second.”MONTHLY DATA ALLOWED BEFORE THROTTLING
Unlimited Bandwidth: Many “unlimited” data plans include a limit (for example, 100 GB) at the maximum download speed, and after that the customer can still download data, but at a slower, rate-limited speed.AMOUNT OF DATA USED DURING THE BILLING CYCLE
Actual Bandwidth: This use of the term “bandwidth” answers questions like, “What’s our average monthly bandwidth consumption?” If the average monthly data downloaded is 10 GB and a company is on a 100 GB plan, they may be able to save money by dropping to a 50 GB plan. It also allows the network engineer to see if the company is consistently hitting the throttling limit, in which case the bandwidth allowed in the plan should be increased. -
"Bob, what does 'bandwidth' mean?"
Earlier this week I was in a video conference with an excellent team from a regional ISP on behalf of one of my clients. Of course the term “bandwidth” was used multiple times in the conversation. I was reminded again of how much this term has changed over the years. Personally, I wish the term was only used in analog frequency contexts, but language is a living thing and the meanings of words change. Here now, for you, is a lexicon of sorts: a brief list of the various meanings given by digital technologists to the word “bandwidth.”DOWNLOAD SPEED
Maximum Bandwidth: the maximum data transfer rate of incoming data, measured in bits per second (bps), Kbps, Mbps, Gbps, or Tbps. This value may be deliberately rate-limited, or it may be determined by the physical characteristics of the system.Current Bandwidth: the instantaneous, as-measured data transfer rate of incoming data, measured in bits per second (bps), Kbps, Mbps, Gbps, or Tbps.
UPLOAD SPEED
Maximum Bandwidth: the maximum data transfer rate of outgoing data, measured in bits per second (bps), Kbps, Mbps, Gbps, or Tbps. This value may be deliberately rate-limited, or it may be determined by the physical characteristics of the system.Current Bandwidth: the instantaneous, as-measured data transfer rate of outgoing data, measured in bits per second (bps), Kbps, Mbps, Gbps, or Tbps.
In the context of metered data, “bandwidth” also has these additional meanings.
MONTHLY DATA CAP
Monthly Bandwidth: The maximum amount of data that can be transferred during the billing cycle. This may be specified as download, upload, or combined up/down data. In this context, the unit of measure is bytes, not bits, so the acronym when correctly written uses a capital B: KB, MB, GB, TB. It does not specify “per second.”MONTHLY DATA ALLOWED BEFORE THROTTLING
Unlimited Bandwidth: Many “unlimited” data plans include a limit (for example, 100 GB) at the maximum download speed, and after that the customer can still download data, but at a slower, rate-limited speed.AMOUNT OF DATA USED DURING THE BILLING CYCLE
Actual Bandwidth: This use of the term “bandwidth” answers questions like, “What’s our average monthly bandwidth consumption?” If the average monthly data downloaded is 10 GB and a company is on a 100 GB plan, they may be able to save money by dropping to a 50 GB plan. It also allows the network engineer to see if the company is consistently hitting the throttling limit, in which case the bandwidth allowed in the plan should be increased. -
"Bob, what does 'bandwidth' mean?"
Earlier this week I was in a video conference with an excellent team from a regional ISP on behalf of one of my clients. Of course the term “bandwidth” was used multiple times in the conversation. I was reminded again of how much this term has changed over the years. Personally, I wish the term was only used in analog frequency contexts, but language is a living thing and the meanings of words change. Here now, for you, is a lexicon of sorts: a brief list of the various meanings given by digital technologists to the word “bandwidth.”DOWNLOAD SPEED
Maximum Bandwidth: the maximum data transfer rate of incoming data, measured in bits per second (bps), Kbps, Mbps, Gbps, or Tbps. This value may be deliberately rate-limited, or it may be determined by the physical characteristics of the system.Current Bandwidth: the instantaneous, as-measured data transfer rate of incoming data, measured in bits per second (bps), Kbps, Mbps, Gbps, or Tbps.
UPLOAD SPEED
Maximum Bandwidth: the maximum data transfer rate of outgoing data, measured in bits per second (bps), Kbps, Mbps, Gbps, or Tbps. This value may be deliberately rate-limited, or it may be determined by the physical characteristics of the system.Current Bandwidth: the instantaneous, as-measured data transfer rate of outgoing data, measured in bits per second (bps), Kbps, Mbps, Gbps, or Tbps.
In the context of metered data, “bandwidth” also has these additional meanings.
MONTHLY DATA CAP
Monthly Bandwidth: The maximum amount of data that can be transferred during the billing cycle. This may be specified as download, upload, or combined up/down data. In this context, the unit of measure is bytes, not bits, so the acronym when correctly written uses a capital B: KB, MB, GB, TB. It does not specify “per second.”MONTHLY DATA ALLOWED BEFORE THROTTLING
Unlimited Bandwidth: Many “unlimited” data plans include a limit (for example, 100 GB) at the maximum download speed, and after that the customer can still download data, but at a slower, rate-limited speed.AMOUNT OF DATA USED DURING THE BILLING CYCLE
Actual Bandwidth: This use of the term “bandwidth” answers questions like, “What’s our average monthly bandwidth consumption?” If the average monthly data downloaded is 10 GB and a company is on a 100 GB plan, they may be able to save money by dropping to a 50 GB plan. It also allows the network engineer to see if the company is consistently hitting the throttling limit, in which case the bandwidth allowed in the plan should be increased. -
Sometimes in-person, on site work is better than doing remote maintenance. Story time...
The owner’s laptop was telling him it needed updates, and he’s not comfortable doing them on mission-critical software. I get it. I hadn’t been on site there in months, so I made arrangements to do the work in person rather than remotely. Last Thursday I was in his office, and I’m glad I was.
His laptop was ponderously slow on boot-up. I set up that machine a little over a year ago. It’s Windows 11 Pro, modern CPU, lots of RAM. It should be nimble. I called him back into his office and showed him that some of his programs wouldn’t work correctly until after he saw the “black flash” on the screen, which is a custom startup script.
While we’re watching the boot process, he said, “Can you stop Teams from opening every time I turn on the computer?” I said, “Sure.” Other things were opening, too, so I asked, “Is there anything else opening on startup that you don’t use or want?” He answered, “All of them. Nothing needs to open until I want it.”
He went on. “Even my browser opens on startup. I don’t know why.” I said, “Okay, you can go do other things for a while, and I’ll get these programs to stop.”
It turned out that the browser that was opening on startup was one I’ve never heard of, called Shift. Scam Detector rates Shift 42.2 out of a possible 100 points, and labels it “Controversial. Risky. Red Flags.” It looked a lot like any standard browser, but it opened on startup even after I removed its entry from the Startup folder. Also, the name of the entry in the startup folder was “ui,” not Shift. An obfuscated name is sketchy. To make it stop opening on startup I had to open the program and go to its preferences menu.
All of this made me want to check with the owner. I asked, “Is there a reason you started using the Shift browser?” He looked puzzled and said, “What’s that?” I showed him, and he thought it was just the latest tweaks to Microsoft Edge. He didn’t know how it got there. With his permission I uninstalled it. Between removing several startup apps and uninstalling a browser with suspicious behavior, his computer is back to full speed again.
THE LESSON
On site tech support is an important service offering. Most remote maintenance software doesn’t let you see the boot process, unless you’re working for a company large enough to have something like Dell’s iDRAC solution. Small businesses typically don’t have that. The advantages to on site support include:
1. Seeing things you wouldn’t otherwise notice, like boot processes.
2. Observing user behavior, which influences a lot of problems.
3. Solid relationship building, creating real trust. -
Over the weekend I set up an air-gapped computer for use with certain clients. The increasing use of Artificial Intelligence (AI) to analyze data of all types warrants this new operational procedure for my clients with Non-Disclosure Agreements (NDAs).
Examples of privacy violations are too numerous to count. To give you one example (that doesn’t even use AI), companies have been found guilty of violating user preferences regarding location tracking. Another example: so-called anonymized data has been connected back to the associated sources many times through the use of many methods. The analysis of anonymized data with AI tools makes it even easier to de-anonymize information.
Major software companies, operating system companies, device manufacturers, and cloud service providers are all actively working to obtain your data.
Legal protections are lagging behind technology advances.
Privacy policies are written to confuse. They deliberately include doublespeak and ambiguity.
Default opt-in is normalized.
AI systems are leaky. They have information they obtain without your informed consent, and they leak that information in ways the system owners can’t even predict.
You cannot avoid working with AI-enabled networks, hardware, software, and systems. Even when you try to minimize it, disable it, or reject it, your information is at risk.
For these reasons, I’m applying the following operational policies for information from any company for which I’ve signed an NDA:
1) I’m making available file transfer systems that are end-to-end encrypted. The use of these systems is at the client’s option. If they want to send a document as an unencrypted email attachment, they can still do that. I’ll support, and work with, any encryption methods the client chooses.
2) All information received under an NDA will be moved to the air-gapped system for processing. Even if they send me a document as an unencrypted PDF, I won’t open it with any application until it’s on the air-gapped system.
These steps don’t protect the client from all risks, but they do allow me to prove due diligence in protecting information provided to FIFO Networks under an NDA.
-
When you set up your e-commerce platform on a Cloud Services Provider (CSP), be sure you understand how their load balancing works. Understand the geographic distribution of the load balancing system in relation to your e-commerce servers. Where are your customers “entering” the network, and where is their data transported for sales and payment events? Load balancing can significantly affect pricing, so you’ll want to engineer accordingly, and monitor continually.
-
Recently I did a remote tech support call with someone in Seychelles, south of the equator in the Indian Ocean. Not long after that, I did a remote tech support call with someone in Brunei, in the South China Sea. Now I’m wondering if there’s a niche market for English-speaking tech support in some of the world’s faraway places.
-
Do you have capital budget responsibility? It’s mid-June, so if you didn’t start your capital budget prep at the beginning of the year, now it’s absolutely time to get rolling. A well-managed company whose fiscal year matches the calendar year will be collecting capital budget requests in September or October. Mismanaged companies will have their pants on fire and do a half-baked rushed budget in November or December.
1) Start preparing a list of capital items you need.
2) Hold some team meetings. What do your people advise that is needed?
3) Check equipment age and manufacturer’s end-of-support and end-of-life lists. What is working, but should be replaced?
4) For everything on the list: what support equipment is required? The support equipment may or may not be capitalized, but you need to include it in your planning.
5) For everything on the list: what employee training is required? Training that’s part of a capital project can be capitalized, too.
6) Know your labor needs. Does this project require additional headcount? If so, will you need to hire additional full-time employees, or obtain the assistance of integration vendors or consultants?
7) Parallel to steps 1-6, start getting quotes from vendors. Be kind to your vendors. Drop vendors that raise your blood pressure.
8) When requesting quotes, tell your vendors, “I’m getting quotes for things we may not purchase for another year. Include any projected price increases.”
9) Prioritize your list. When you go into your budget negotiation meeting, you’re not going to negotiate on dollars. You’re going to negotiate on projects.
10) This one should be obvious from #9: know your “why.” For every project in your capital budget, know why it should be done, the benefits of doing it, and the consequences of not doing it.
11) Know your calendar. Don’t kid yourself into thinking you can do a two-year project in one year, or a six-month project in three months.
12) When you go into your budget negotiation meeting, don’t use fear tactics. Fear tactics alienate the decision maker(s), and reduce your credibility. You’ll be viewed as a fear-monger, not a trusted advisor.
13) Don’t pad your numbers very much. The financial decision makers will include an overall pad in their planning behind closed doors. That’s not your issue. Make your numbers realistic, with enough margin to account for price increases. Have supporting documents (vendor quotes, for example) to justify your numbers. Have a spreadsheet to show how you calculated your capitalized labor costs.
14) Include a couple of “nice to have” projects. This gives you something to negotiate away. They’re sacrificial lambs.
15) Consider bringing me in as your consultant on budget preparation. I’ve done a lot of multi-million dollar budgets. Paying for an hour a week could save you money and reduce your stress level.
-
Do you have capital budget responsibility? It’s mid-June, so if you didn’t start your capital budget prep at the beginning of the year, now it’s absolutely time to get rolling. A well-managed company whose fiscal year matches the calendar year will be collecting capital budget requests in September or October. Mismanaged companies will have their pants on fire and do a half-baked rushed budget in November or December.
1) Start preparing a list of capital items you need.
2) Hold some team meetings. What do your people advise that is needed?
3) Check equipment age and manufacturer’s end-of-support and end-of-life lists. What is working, but should be replaced?
4) For everything on the list: what support equipment is required? The support equipment may or may not be capitalized, but you need to include it in your planning.
5) For everything on the list: what employee training is required? Training that’s part of a capital project can be capitalized, too.
6) Know your labor needs. Does this project require additional headcount? If so, will you need to hire additional full-time employees, or obtain the assistance of integration vendors or consultants?
7) Parallel to steps 1-6, start getting quotes from vendors. Be kind to your vendors. Drop vendors that raise your blood pressure.
8) When requesting quotes, tell your vendors, “I’m getting quotes for things we may not purchase for another year. Include any projected price increases.”
9) Prioritize your list. When you go into your budget negotiation meeting, you’re not going to negotiate on dollars. You’re going to negotiate on projects.
10) This one should be obvious from #9: know your “why.” For every project in your capital budget, know why it should be done, the benefits of doing it, and the consequences of not doing it.
11) Know your calendar. Don’t kid yourself into thinking you can do a two-year project in one year, or a six-month project in three months.
12) When you go into your budget negotiation meeting, don’t use fear tactics. Fear tactics alienate the decision maker(s), and reduce your credibility. You’ll be viewed as a fear-monger, not a trusted advisor.
13) Don’t pad your numbers very much. The financial decision makers will include an overall pad in their planning behind closed doors. That’s not your issue. Make your numbers realistic, with enough margin to account for price increases. Have supporting documents (vendor quotes, for example) to justify your numbers. Have a spreadsheet to show how you calculated your capitalized labor costs.
14) Include a couple of “nice to have” projects. This gives you something to negotiate away. They’re sacrificial lambs.
15) Consider bringing me in as your consultant on budget preparation. I’ve done a lot of multi-million dollar budgets. Paying for an hour a week could save you money and reduce your stress level.
-
Do you have capital budget responsibility? It’s mid-June, so if you didn’t start your capital budget prep at the beginning of the year, now it’s absolutely time to get rolling. A well-managed company whose fiscal year matches the calendar year will be collecting capital budget requests in September or October. Mismanaged companies will have their pants on fire and do a half-baked rushed budget in November or December.
1) Start preparing a list of capital items you need.
2) Hold some team meetings. What do your people advise that is needed?
3) Check equipment age and manufacturer’s end-of-support and end-of-life lists. What is working, but should be replaced?
4) For everything on the list: what support equipment is required? The support equipment may or may not be capitalized, but you need to include it in your planning.
5) For everything on the list: what employee training is required? Training that’s part of a capital project can be capitalized, too.
6) Know your labor needs. Does this project require additional headcount? If so, will you need to hire additional full-time employees, or obtain the assistance of integration vendors or consultants?
7) Parallel to steps 1-6, start getting quotes from vendors. Be kind to your vendors. Drop vendors that raise your blood pressure.
8) When requesting quotes, tell your vendors, “I’m getting quotes for things we may not purchase for another year. Include any projected price increases.”
9) Prioritize your list. When you go into your budget negotiation meeting, you’re not going to negotiate on dollars. You’re going to negotiate on projects.
10) This one should be obvious from #9: know your “why.” For every project in your capital budget, know why it should be done, the benefits of doing it, and the consequences of not doing it.
11) Know your calendar. Don’t kid yourself into thinking you can do a two-year project in one year, or a six-month project in three months.
12) When you go into your budget negotiation meeting, don’t use fear tactics. Fear tactics alienate the decision maker(s), and reduce your credibility. You’ll be viewed as a fear-monger, not a trusted advisor.
13) Don’t pad your numbers very much. The financial decision makers will include an overall pad in their planning behind closed doors. That’s not your issue. Make your numbers realistic, with enough margin to account for price increases. Have supporting documents (vendor quotes, for example) to justify your numbers. Have a spreadsheet to show how you calculated your capitalized labor costs.
14) Include a couple of “nice to have” projects. This gives you something to negotiate away. They’re sacrificial lambs.
15) Consider bringing me in as your consultant on budget preparation. I’ve done a lot of multi-million dollar budgets. Paying for an hour a week could save you money and reduce your stress level.
-
Do you have capital budget responsibility? It’s mid-June, so if you didn’t start your capital budget prep at the beginning of the year, now it’s absolutely time to get rolling. A well-managed company whose fiscal year matches the calendar year will be collecting capital budget requests in September or October. Mismanaged companies will have their pants on fire and do a half-baked rushed budget in November or December.
1) Start preparing a list of capital items you need.
2) Hold some team meetings. What do your people advise that is needed?
3) Check equipment age and manufacturer’s end-of-support and end-of-life lists. What is working, but should be replaced?
4) For everything on the list: what support equipment is required? The support equipment may or may not be capitalized, but you need to include it in your planning.
5) For everything on the list: what employee training is required? Training that’s part of a capital project can be capitalized, too.
6) Know your labor needs. Does this project require additional headcount? If so, will you need to hire additional full-time employees, or obtain the assistance of integration vendors or consultants?
7) Parallel to steps 1-6, start getting quotes from vendors. Be kind to your vendors. Drop vendors that raise your blood pressure.
8) When requesting quotes, tell your vendors, “I’m getting quotes for things we may not purchase for another year. Include any projected price increases.”
9) Prioritize your list. When you go into your budget negotiation meeting, you’re not going to negotiate on dollars. You’re going to negotiate on projects.
10) This one should be obvious from #9: know your “why.” For every project in your capital budget, know why it should be done, the benefits of doing it, and the consequences of not doing it.
11) Know your calendar. Don’t kid yourself into thinking you can do a two-year project in one year, or a six-month project in three months.
12) When you go into your budget negotiation meeting, don’t use fear tactics. Fear tactics alienate the decision maker(s), and reduce your credibility. You’ll be viewed as a fear-monger, not a trusted advisor.
13) Don’t pad your numbers very much. The financial decision makers will include an overall pad in their planning behind closed doors. That’s not your issue. Make your numbers realistic, with enough margin to account for price increases. Have supporting documents (vendor quotes, for example) to justify your numbers. Have a spreadsheet to show how you calculated your capitalized labor costs.
14) Include a couple of “nice to have” projects. This gives you something to negotiate away. They’re sacrificial lambs.
15) Consider bringing me in as your consultant on budget preparation. I’ve done a lot of multi-million dollar budgets. Paying for an hour a week could save you money and reduce your stress level.
-
Do you have capital budget responsibility? It’s mid-June, so if you didn’t start your capital budget prep at the beginning of the year, now it’s absolutely time to get rolling. A well-managed company whose fiscal year matches the calendar year will be collecting capital budget requests in September or October. Mismanaged companies will have their pants on fire and do a half-baked rushed budget in November or December.
1) Start preparing a list of capital items you need.
2) Hold some team meetings. What do your people advise that is needed?
3) Check equipment age and manufacturer’s end-of-support and end-of-life lists. What is working, but should be replaced?
4) For everything on the list: what support equipment is required? The support equipment may or may not be capitalized, but you need to include it in your planning.
5) For everything on the list: what employee training is required? Training that’s part of a capital project can be capitalized, too.
6) Know your labor needs. Does this project require additional headcount? If so, will you need to hire additional full-time employees, or obtain the assistance of integration vendors or consultants?
7) Parallel to steps 1-6, start getting quotes from vendors. Be kind to your vendors. Drop vendors that raise your blood pressure.
8) When requesting quotes, tell your vendors, “I’m getting quotes for things we may not purchase for another year. Include any projected price increases.”
9) Prioritize your list. When you go into your budget negotiation meeting, you’re not going to negotiate on dollars. You’re going to negotiate on projects.
10) This one should be obvious from #9: know your “why.” For every project in your capital budget, know why it should be done, the benefits of doing it, and the consequences of not doing it.
11) Know your calendar. Don’t kid yourself into thinking you can do a two-year project in one year, or a six-month project in three months.
12) When you go into your budget negotiation meeting, don’t use fear tactics. Fear tactics alienate the decision maker(s), and reduce your credibility. You’ll be viewed as a fear-monger, not a trusted advisor.
13) Don’t pad your numbers very much. The financial decision makers will include an overall pad in their planning behind closed doors. That’s not your issue. Make your numbers realistic, with enough margin to account for price increases. Have supporting documents (vendor quotes, for example) to justify your numbers. Have a spreadsheet to show how you calculated your capitalized labor costs.
14) Include a couple of “nice to have” projects. This gives you something to negotiate away. They’re sacrificial lambs.
15) Consider bringing me in as your consultant on budget preparation. I’ve done a lot of multi-million dollar budgets. Paying for an hour a week could save you money and reduce your stress level.
-
Today a repeat client contacted me via text messaging (RCS). It was in the last half of a Friday afternoon. I was sitting at my desk doing paperwork. I texted back, “I can help you right now, if that works for you.” Their reply was, “Now would be great.” I called them, then connected remotely to their MacBook Air, and took care of the issue. And a little before 5pm, I emailed them the invoice.
The paperwork can wait. Speed matters.
-
“If you have turned on two-step verification and cannot access any of the alternate methods to get a verification, we cannot help you, sorry.” (Source: support(.)microsoft(.)com)
Yesterday I tried to assist a client with Microsoft account recovery. This client had enabled 2FA/MFA on the account using the Microsoft Authenticator app. Then, the phone with the Authenticator app broke.
There was no alternate 2-factor authentication enabled. No alternate email, no option for SMS (text messaging) verification, no Yubikey. When the client initially set up 2FA with the Authenticator app, they were offered the option to save recovery codes, but didn’t write them down.
The client is highly educated. If you blame the client, I will block you, because you’re a jerk.
Microsoft, and other companies, need to do a much better job of ensuring workable account recovery options are not just available, but actually enabled.
This is a paid annual account. By default, Microsoft works hard at making sure at sign-up that you enable auto-renewal. Do you see the problem? The client can’t access the account, and will have to cancel the credit card to avoid continued payments.
THE LESSON
It’s up to you to make sure you have alternate account recovery mechanisms in place. The cloud service companies will not help you. They are not your friend. They don’t even make it easy to contact them to discuss account problems.If you’re not comfortable setting up secondary account recovery options, I can help. Do it now, before your phone breaks.
-
Using the company website as the launch point for the employee login is a common practice. With adequate Identity and Access Management (IAM), it seems secure enough. But, there’s another piece to this.
When the well-known domain is the launch point for the employee login, it sometimes means that the employee data is stored on, and accessible from, the same server group, and in the same IP address range. In other words, the employee data may be accessible and downloadable without an employee’s authentication credentials.
I know of a law firm that has its billing and financial data literally on the same hard disk as their website. If the cybercriminal breaches the website, they have access to everything.
THE LESSON
The more separation you have between your public website and your private data, the better. -
“It’s spooky to watch your computer doing things when you’re not touching it. It’s hard to let someone have remote control of your computer.”
I was talking to a client in Colorado yesterday. He was recalling the first time he let me work on his computer remotely from my office here in Seattle.
It does take a certain amount of trust. And right now, I’ll be the one to warn you not to let a complete stranger on the Internet have remote access to your computer! Word-of-mouth advertising and referrals mean a lot.
-
This morning I did a tech support phone call with an existing client. Based on her area code, I think she’s in California, but I don’t actually know that for sure. It’s kind of humorous! With credit card billing, I have to enter the billing zip code, but I don’t bother looking them up. The location just doesn’t really matter.
Anyway, back to the call. She visited a website for an animal rescue organization. Seems safe enough, right? She ended up with an uncontrollable, noisy pop-up that said her computer was infected. “Don’t turn your computer off!” it said, and it wouldn’t stop beeping.
She did the right thing. She turned her computer off! I’m so proud of her.
At some point, she turned her computer back on, and everything seemed normal. She called me to see if there was anything else to do. An extremely computer literate person in her life had recommended that she do a factory reset on her computer, but she was hoping she wouldn’t have to do that much work.
This is where risk assessment comes in.
I told my client that her advisor was not wrong at all. That was absolutely the safest and best advice.
But, usually those pop-ups are the baited hook, and not the malware. If my client had clicked on a link, or called the “support” phone number in the pop-up, the risk level goes up immediately. Instead, she did the one thing the cybercriminal told her not to do, because it defeats the infection attempt: she turned the computer off.
I offered to reset the browser, but warned her that doing so might delete some saved security settings, and she’d probably have to re-enter passwords on some of the sites she visits. I also told her that she could keep using the computer for a few days without any changes, and if the problem doesn’t reoccur, everything is probably fine.
Remember, the pop-up is the baited hook, not the malware.
For now, she chose to take no action. The call was ten minutes long. She offered to pay. I told her no, let’s call this one customer care. I told her that if she had agreed to have me to reset the browser or run a virus scan, and things like that, I would’ve charged her, but not for answering a few questions.
THE LESSON
The client is the person with the power. Explain options and risks. Let the client make the decision. It’s their equipment. It’s their life. It’s their money.I could’ve taken advantage of the situation and said, “Oh, yes, your advisor is right! We must factory reset your computer! I’ll help you do that right now!” That’s how I would’ve made the most money today. Instead, I chose to keep a client for life. The money will come.
-
If you prefer centralization to segmentation,
If you prefer “cloud only” to cloud as a last resort,
If you prefer outsourcing your help desk to building tribal knowledge,
I’m not your huckleberry.Why? Because...
I will tear your team apart.
I will deconstruct your team
and reconstruct your team.As quickly as I can, I’ll replace the “cloud only” people with
people who value security over convenience, with
people who value security over lowest cost, with
people who value security over business as usual.From Accounting to Marketing to Sales to Customer Care, every department will be involved in reviewing their part of the company’s data to determine what must be online, and what can be stored locally.
You will have a server room of your very own.
Your own IT personnel will hear the whirring of the servers’ fans.
I will replace some VPNs with more expensive dedicated circuits.
Some data will only be accessible by coming into the office.
In Customer Care, no single login will be able to access all customers’ sensitive information. Depending on the size of the company and call center, one Customer Care representative may only be able to access A-M, or A-G, or maybe even just A. If a cybercriminal phishes their login, that’s all the cybercriminal will get.Everything will be backed up locally.
Everything.
Even what’s left in the cloud.
Yes, there will still be some data left in the cloud, like your store, where you sell stuff.
And there may still be some data off premise, in private cloud storage, on servers the company owns, rather than servers the company leases.
But, for the most part, the cybercriminal will have to enter the building to access the data.
Instead of having only one security mechanism (authentication), you will have two: authentication security plus location security.If you can’t make a profit with this security model, one of two things are true.
Either
Your business model isn’t viable,
Or
You suck at running a business.It has always been possible to run a profitable business without creating a global attack surface for your sensitive data.
The Cloud Sales Machine has done an incredibly effective job of convincing you
that if it’s not secure, it’s your fault,
that authentication is enough,
that cheap is just as good.The Cloud Sales Machine has done a really, truly, amazingly, incredibly effective job with that last one: cheap.
It is rational for you to question whether your monthly subscription and service fees have gotten out of hand.
It is rational for you to be dismayed at the complexity of the pricing scheme, because it really is a scheme, carefully designed to hide the true cost in a swirling fog of mystery.It is rational for you to think, “Maybe we could actually save money by pulling this in-house.”
But don’t lose sight of the objective.
The objective isn’t to do it the least expensive way possible.
The objective is to do it in a way that is secure, and still profitable.If any of this makes sense to you,
I’m your huckleberry.#CallMeIfYouNeedMe #FIFONetworks #cybersecurity #networkarchitecture
-
Someone recently asked me about the difference between network segmentation and data segmentation after I mentioned them in a post. Both are important. Sometimes you use one method, sometimes the other, and sometimes both. And then, karma. A perfect example of data segmentation appeared on my screen a day or two later, and now I’ll share it with you.
Here’s an example of data segmentation, possibly without network segmentation. See accompanying picture.
I have multiple websites with the same hosting company. The hosting company is offering me the option of merging all of my websites under one login. That would be convenient, but it’s less secure.
At the data level, a cybercriminal must authenticate on each of the websites separately, with separate 2FA. At the network level, I have no way of knowing if the web hosting company has segmented the infrastructure, and to what degree. For some companies, detailed knowledge of the hosting company’s physical architecture is essential to good security, but for me it doesn’t matter, since I have zero confidential information stored on, or accessible from, the web servers. The worst thing a cybercriminal can do to my websites is defacement or knocking them offline.
THE LESSON
As part of your risk assessment, consider both network segmentation and data segmentation. Everything that can be accessed from the same authentication credentials is in the same data segment. The most common weakness I uncover is in granting a single Administrator account too much access. -
Drawing attention to just one good quote in the article: “And it also taught many of them the importance of segmenting their networks as much as possible to contain possible damage from malware infection.”
Sadly, there’s still a long ways to go before all organizations understand the importance of not only network segmentation, but also data segmentation.
About a year ago I was at a state government industry forum (I won’t name the state) where they boasted about their ambitious goal of moving everything to the cloud and centralizing all departments’ data. In one of the breakout sessions during the Q&A period, I stood up and asked, “How are you planning to address the security risks you’re creating by total centralization?” The person on the panel who took my question said that one system they could control completely was more secure than ten or twenty systems that might have varying degrees of security. I refrained from telling them that they just admitted they sucked at project management.
#CallMeIfYouNeedMe #FIFONetworks
-
This morning an existing client texted me to ask about purchasing the extended warranty for the laptop they’re ready to buy. I don’t sell hardware, but I also don’t charge for this sort of pre-purchase assistance.
I know that I’ll make money setting up the laptop after the purchase. And I know that for the life of the laptop, this client is likely to call me for remote tech support. So I’m happy to take some time over a period of days answering questions about memory, storage, CPU types, brand preferences, and so forth. (I texted the client a list of recommended minimum specs several days ago).
Everything I’ve said above is standard customer care stuff. What I want to emphasize to you with this post is rapid availability. The client texted me at 9:05, and I didn’t see it for about a half hour. Whoops! As soon as I saw it, though, I replied. There’s a possibility that the client is in the store, or has a browser tab open ready to complete the purchase online. They need answers. Part of keeping your clients coming back is the seldom talked about attribute of availability.
(If you’re new to my posts, here’s a little background. I make most of my money every year doing on-site cybersecurity projects for public utilities, custom on-site training for network engineers, and solving specialized problems where the in-house expertise needs a brief boost. But that only happens a few times a year. For instance, my next trip is currently scheduled in August. To fill the time between the big revenue generating gigs, I do tech support for companies that are too small to have a full-time IT staff, and for residential customers. I’m not going to sit around and watch TV all day. I love doing this stuff. It’s fun for me).
-
A 79 year-old man on the East Coast surprised me this weekend. He called me to work remotely on his Windows 7 computer. I think I talked him into upgrading to a new computer with Windows 11. He asked me for recommendations. I gave him the minimum specs I recommend and taught him how to read the specs in the ads at Best Buy. He said he knows a local computer shop, and he thinks he’ll just go in there with the list of specs I gave him and ask them to put one together.
That was the part that shocked me.
He’s in a state on the Atlantic Coast. He knows a local computer shop. Yet he calls me, in Washington State, for tech support.
Okay then. I’m honored, and happy to help.
-
Q) What's the most dangerous folder in a Windows computer?
A) The default downloads folder.
Okay, if you asked me that question out of the blue, I’d probably say C:\Windows\System32, but just go with me for a minute here.
In the world of small business/home office/residential IT support, moving someone’s data to their new computer is a common task. And, often, the user is the Administrator on their own computer, so they can download and install anything. Anything at all.
Some things I always transfer: Documents, Music, Pictures, Favorites, and so on. But the Downloads folder is a crazy beast. Some people use it as a storage location. They download stuff and just leave it there. Manuals, legal documents, bank statements, all kinds of things. So I have to check, I can’t just ignore it.
But the default downloads folder is also full of executable files, mostly installers for apps and printer driver packages. If the client downloaded a program – maybe a game – that contains a trojan, this is where it will be. The Downloads folder is frequently the home of malware origin files.
(Sidenote: three malware file types you should know about are origin files, loader files, and active files. They exist in various combinations. For example, the origin file may be the active file, but sometimes it’s not, and the origin file may pass a virus scan).
Okay, back to the main point.
When I’m transferring the data to the client’s new computer, I put the contents of the Downloads folder on the screen and ask them, “Do you need any of these files?” Usually, they look confused, and then I know it’s safe to not transfer the Downloads folder’s contents. I don’t care about the app installers and printer drivers, because I’m going to download and install the latest version anyway. The installers in the Downloads folder may be older versions.
THE LESSON
Be wary of the client’s default downloads folder. Transfer any items after evaluating them individually. Don’t just copy the folder contents. -
A small business client called me this morning in a panic. Their Dell computer prompted them to do “an update,” the client clicked okay, things happened, and then the screen went black. The client then tried to restart the computer and got a black screen again. Next they unplugged the computer, and that’s when they called me.
I asked, “During this whole time, did you ever see the word ‘firmware’ on the screen? Or B-I-O-S?”
“Yes.”
I cringed a little. “Okay, let’s plug it back in and see what we can do.”
Reports of various blinking lights, sounds, then nothing.
“Let’s leave it alone for several minutes, don’t do anything with it, and I’ll call you back.”
I waited about ten minutes and then called the client.Now we were able to power off, power back on, it booted normally, and the client logged in. Crisis averted!
Sometimes updates – firmware or otherwise – take longer to complete than we might like. This calls for patience. Go get a cup of coffee, or read “Gone With the Wind,” or something. Give it time. If you turn the computer off or try to reboot it at the wrong time during a firmware update, you run the risk of “bricking” the computer.
-
I just posted this controversial post on LinkedIn. Let the blocking begin. (It might happen here, too).
“Hi Bob, I hope that you're well! Do you do migrations? I’m looking for someone who can help me with migrating my <number redacted> employee company from <Cloud Provider Name Redacted> to <Cloud Provider Name Redacted> and help us avoid any gotchas, as we will still be hosting our production site on <Cloud Provider Name Redacted> for the time being. I'm realizing that paying an expert in this case will save time and opportunity. Thanks much!”
“<Name redacted>, thank you so much for thinking of me. In this instance, I’m not the right person for the job. I’d be the one to call if you wanted to migrate out of a commercial cloud service and maintain your operations in your own server room, or on your (owned) equipment in a private data center. You need someone with good knowledge of <Cloud Provider Name Redacted> cloud products. I studiously avoid an architecture that I consider fundamentally flawed.”
If the current chaos in the USA has caused you to realize that it’s important to keep local control of your IT operations, I’m the Network Architect/Engineer who can help you with that.
#CallMeIfYouNeedMe #FIFONetworks
#ProjectManagement #NetworkArchitecture #NetworkEngineering #Policy #CyberSecurity #InformationSecurity
-
A new Director asked me for help to quickly get a grasp of the network he was responsible for. I signed an NDA as part of the preparation for the engagement. Then the company sent me a purchase order, and we were ready to begin.
As we talked, I learned that he was the only in-house, on-the-payroll IT person. It was a hybrid system, both cloud and on-prem. The company was using a Managed Services Provider (MSP), and they provided two full-time, on site personnel. They did Help Desk support and any on-prem work that needed to be done in the server room.
“Okay,” I said, “ask them to give you a copy of the network diagram and send it to me. Then we’ll go over it together, and I’m sure I’ll have more questions, too.”
The two guys from the MSP couldn’t provide him with a network diagram. This MSP had been providing operations support for a couple of years. Both of the gentlemen from the MSP had been working on site for several months.
Soon, I was in a video conference with the Director and the two techs from the MSP. They didn’t like me much. I was always polite and respectful, but I kept asking questions they couldn’t answer. Someone at the MSP figured out that the account was in jeopardy and told the on-prem guys to cooperate with me. Things went much smoother after that.
THE LESSON
If you’re in IT upper management, ask your team for a network diagram. Even if the majority of your system is cloud-based, you’ve still got an Internet connection into the building, a firewall, and a distribution system. They should be able to provide this information instantly, and if they can’t, there are far bigger problems waiting to be discovered. -
“My daughter’s personal computer, she uses for school work, came up with needing a BitLocker recovery password.”
Over the weekend I was contacted by a dad on the other side of the country trying to locate the BitLocker key. This is a very common problem. Microsoft’s position is, “Don’t worry, we store you BitLocker keys for you in your Microsoft account!” Microsoft’s attitude seems like: “I know you’re in water over your head, and you can’t swim, and you’re drowning and choking, but don’t worry, we have life preservers right here on the boat. Come get one!”
The reality is that many people have no idea what to do when faced with this challenge.
You must protect yourself. Get your BitLocker recovery key for every BitLocker device, and store it safely yourself. You can find information on how to get your recovery key by searching for “find my BitLocker recovery key,” or a similar phrase, using any search engine.
If you don’t want to do that, contact me, and I’ll help you get your BitLocker key(s) for a very reasonable fee.
-
TO THE HELP DESK PERSONNEL:
If people try to cut the queue in the IT call center, it's not because they're impatient. There are two factors that, together, cause people to try and circumvent the ticketing process.1) Management above you has inadequately staffed the help desk in order to cut costs.
2) The people who call you are dedicated employees who genuinely want to get back to work and be productive.As a help desk worker, you can't fix this. But you should at least understand what's really going on.
TO THE PEOPLE WHO CONTACT THE HELP DESK:
If the person you called seems to be an idiot, you’re wrong. They’re not. There are two factors that, together, cause them to give you inadequate support.1) Management hasn’t trained them adequately. They want to succeed in their job, but they were thrown to the wolves, so to speak, by managers with understaffed departments and insufficient training budgets.
2) They’re rendered powerless by policies they didn’t create. Even if they know what you really need, they’re bound by rules that specify what they can and cannot do.As an employee needing an IT issue resolved, you can’t fix this. But you should at least understand what’s really going on.
As someone who has managed help desks, and who has managed help desk managers, I’ve seen the issues up close. These problems can be solved if upper management is willing to change how things are done.
#CallMeIfYouNeedMe #FIFONetworks
#HelpDesk #TechSupport #ServiceDesk #management #leadership #ProcessImprovement
-
True problem analysts do not like default solutions. Every solution to every problem needs to be independently derived. Underlying principles stand firm, but the methodologies and solutions are always in flux.
“Bob, what are you talking about?”
Well, here’s an example. A default solution to a wide array of problems today is, “We’ll spin up another VM in our cloud account.”
Stop. Analyze. Is the data appropriate for an Internet-accessible environment? What are the security requirements? Is that VM going to generate revenue, or save money, or… is it just an expense? Will the data be backed up? Will the environment be backed up? How does that affect the cost analysis?
Yesterday’s solution isn’t necessarily today’s solution. Work it out, each time, as a new problem – because it is.
-
Information storage centralization.
Information processing centralization.
Information management automation.
Remote systems operation.These are the Four Horsemen (Famine, Plague, War, and Death) of the modern age.
Famine can be prevented.
Plague can be prevented.
War can be prevented.
Death can… well… okay, some things can’t be prevented.The point here is that the very things we rely on – centralization, automation, and remote operation – can become problematic if they’re not managed well.
Segmentation, including microsegmentation, may be a better choice than centralization. And a lot of designs that are described as segmented really aren’t. For example, if a single user account can access or manage information across segments, it’s not segmented.
Centralization or Segmentation,
Automation or Manual Intervention, and
Remote or Local –
these things shouldn’t be assumed. Ask yourself the questions every time, and design the architectures and policies that are appropriate for each instance.#callmeifyouneedme #fifonetworks
#cybersecurity #informationtechnology #networkarchitecture #policy
-
Dear Delta Airlines: You should bring me in as the consultant to restructure your IT Department and Information Systems.
#callmeifyouneedme #fifonetworks
#cybersecurity #informationtechnology #networkarchitecture #systems
-
On the one hand, I hate QuickBooks.
On the other hand, I make a lot of money off of their stupid engineering. -
Last week I spoke at Rotary of Renton, WA about cybersecurity. If you’d like me to speak about a cybersecurity topic to your group (Rotary, Kiwanis, Chamber, or similar) in Washington or Oregon, feel free to contact me. Topics of interest might be Internet Safety, Email Safety, Identifying Malicious Websites, Recovering From Ransomware Without Paying Ransom, or you can suggest a topic.
#callmeifyouneedme #fifonetworks
#cybersecurity #cybersecurityawareness #kiwanis #rotary #chamberofcommerce
-
Data sync and data backup: they’re not the same, and one may not be of any use after a ransomware attack. Here’s what you need to know, and how to avoid data loss.
https://fifonetworks.com/resources/backup_and_sync_explained.pdf
#callmeifyouneedme #fifonetworks
#cybersecurity #ransomware #informationsecurity #networkarchitecture