End-Users and the Weather

I want to start with an IT Joke: Q: How is an end-user like the weather? A: Everybody complains about them but nobody does anything about them.   Simply put, end-users are the biggest hole in most security systems. Security breaches are rarely the result of some elite hacker exploiting a tiny hole the size […]

I want to start with an IT Joke:

Q: How is an end-user like the weather?

A: Everybody complains about them but nobody does anything about them.

 

Simply put, end-users are the biggest hole in most security systems. Security breaches are rarely the result of some elite hacker exploiting a tiny hole the size of a thermal exhaust port on the Deathstar. It’s far more likely that an employee clicked on a link in a suspicious email and invited the hacker inside.

Security professionals have known this forever but have rarely done much about it. Plenty of companies have no training program at all. Only slightly better is “herd your users once a year into the break room, keep them awake with coffee and donuts, and give them a “death by PowerPoint” awareness update.” This means users continue to choose bad passwords, install sketchy apps, and sometimes open phishing emails that expose their computers and the whole company’s network to an attack. This last method was the way a recent big attack (WannaCry) got into various systems.

At Newplan, we have begun helping our clients secure the weakest link in their IT security–their users–with an innovative new solution being provided by a company called Knowbe4. Using the same social engineering techniques the criminals use, Knowbe4 phishes end-users. When users open emails they shouldn’t and click on links they shouldn’t, the system can direct them to a website warning them of risky behavior and also direct them to training videos. Moreover, the system produces reports of how the various users behaved allowing the appropriate department (IT or HR most likely) to address the issue.

The reason nobody does anything about the weather is because they can’t. For a long time many IT professionals have treated end-users the same way. They don’t have to anymore.

If you’re looking to improve your company’s IT security, contact us today for a free consultation.

SaveSave

Everything You Always Wanted to Know about Email but Were Afraid to Ask

But how does it work? And how can knowing how it works allow you to better use it? I hope by the time you are finished reading those questions will be answered. Have you ever wondered what happens when you are sent an email and all your computers, smart phones and tablets are off? Where […]

But how does it work? And how can knowing how it works allow you to better use it? I hope by the time you are finished reading those questions will be answered.

Have you ever wondered what happens when you are sent an email and all your computers, smart phones and tablets are off? Where does it go? The answer to that question depends on your particular email system but generally can be boiled down to two places. Either it goes to the cloud (which I will explain shortly) or it goes to a local mail server (which I will also explain shortly). If your email address is email.address@gmail.com, emails sent to you will land at a server (a fancy name for a computer) somewhere in the world where Google has decided it wants to have servers. It also gets copied to additional servers in case a disaster should destroy a data center (a fancy name for a place with lots of servers). The same is true of Hotmail, AOL, and any other large, reputable email provider. This is what people are talking about when they talk about the cloud. The other possibility is that your company hosts its own mail server. This would mean that in a server closet somewhere in your office is a server that is always on and receiving email. These systems rarely have the redundancies that the big providers do, but they also have some advantages, the most obvious one being the ability to add new users for free.

When you turn on your computer or smart phone or tablet, the device reaches out for the mail server (whether Google is hosting it or you are hosting it yourself) and asks for any new mail that may have been sent. It then updates the device with the new messages. Depending on the specific system, it may or may not leave a copy on the server, but if you have ever experienced an issue where you only get a single copy of an email (if it is on your phone then it isn’t on your computer or if on computer not on phone) then you have a system that is not keeping a copy and should be fixed (unless you like that sort of thing).

Imagine for a moment that it is the day after Hurricane Sandy. Your office is in downtown Manhattan, there is no power to your building, and you are hosting your own mail server. What happens when someone tries to send you an email? The answer is it bounces back to the sender because your server is offline (the power is down). If your mail were being hosted by Google, emails would still come through. That means your phone and your home computer would be available as a stopgap until the blackout was fixed.

Conversely, imagine your office of 300 users’ Internet line failed and you are hosting your own email server. While no incoming mail from outside the office will get through, those three hundred employees will all be able to communicate with each other. If you were being hosted by Google, others would see your email as up but you would have no access to the emails nor be able to send internal ones.
Lastly, let’s talk about cost. An email address will cost you around $5 per user per month at a cloud service provider. An email server will cost you $5,000 and ongoing maintenance costs of about $200 a month. While there are outlier cases where one might want an in-house server even at a smaller company, I would s

 

uggest that if you have less than 100 users you should almost certainly outsource your email. Which service to use is a question that I could write an entire article on, but for now I will suggest that you narrow your choices to Office 365 and Gmail. Of the two, I find Office the more elegant interface, but both provide top quality services at reasonable prices.

While I have tried to touch on the basics, as always, there is a lot I can’t fit into a blog post. If you have additional questions that weren’t answered, we’ll be happy to answer them!

SaveSave