1. Be sure to proofread your email or blog post. With the use of spell checker in all email and interfaces, there’s no reason for messages that contain spelling and grammatical errors. Spell check! Do hesitate and  delay sending.

2. Use short and concise subject lines. The subject line should always match the topic you are discussing in the message.

3. Don’t get labeled as spammer. Use proper capitalization in subject lines, avoid using exclamation points excessively. Those types of messages are often tagged as spam.

4. Beware of the “reply all” button. The reply all can have catastrophic effects on your personal life or career if the wrong person receives an unintended message from you.

5. Maintain Privacy. Recipients that are only known to you and not to other recipients receiving the message should have their information hidden. You can use theBCC field to hide private email addresses. Include address in the To: field for those whom you would like to receive a response. Include addresses in the CC: field for those that you are just FYI’ing.

6. Don’t write an angry email. Do not write people with bad news, or a reprimand, or disparaging others. Email is a medium where messages and files can be stored forever, meaning a message can come back to haunt you. It is best to give such news in person or on the phone.

7. Respond in a reasonable timeframe. Unless the email requires immediate attention for mission critical issues, an acceptable timeframe for an email response is anything between 24- 48 hours. Always acknowledge emails in a timely manner as well.

8. Avoid using shortcuts to real words or slang and CAPS. Shortcuts for words such as 2 u 2 for “to you too”, or GR8 for “great” is considered unprofessional in the business setting (as of this writing) and are just hard to read. WRITING INALLCAPS is just RUDE. Unless you’re screaming or writing out a long acronym, use proper form of capitalization.

9. Stop with the one-liners. Messages with just an “O.K.” or “thanks” are big time wasters and unnecessary. You can say, “No response needed” in the subject line if you don’t expect a response.

Use three of the following four types of characters:  upper case, lower case, certain, but not all (?), “special characters”, and a number.

You cannot use your last five passwords.  Your last ten.  Your last 20?  Really?  Really?!!!!!!!!!!!!!!  I can’t even remember my past two.  Grrrrrrrrrrr!

Change your password every 90 days.  60 days.  30 days?  Ten days?!!!  C’mon man!  I only use some sites once a month and have to change the password when I do!  Aaaargh!

Your password cannot contain any part of your login ID, first name or last name.

If you have any other ones, feel free to toss them up here as a comment.

IDs and passwords for the network at the office, our computer at home, database systems at the office, our phones, our voice mail, our social media accounts.  Things we use everyday.  Things we rarely use.

So what do we do? Either we have our device remember the password, which works well until the next time you have to reset it. Or we write it all down on a Post-It note on a Word document on our computer.  These methods, even though we resort to them ourselves at times, drive us IT folks nuts.  It contradicts everything we know about security.

You could opt for an internet-based password vault service, like Iron Stratus or LastPass, to securely hold the links to our web-based systems on a web site, but to get to that, you have to login to your computer or network and then login to the service.   So if every system you have is web-based, you are down to two passwords with the same ludicrous rules.  These services give you access to all your site, login IDs and passwords from any intern-connected device.  You could buy a similar program for you computer.

The requirement for “secure” or “strong” passwords is understandable.  I recently read an article that went something like this

If your password contains ten characters,  it would take hackers just over perhaps for 19 years to try every possible combination of 10 characters if the hackers have enough computing power to mount a 100-billion-guesses-a-second effort to break the encryption.

This “brute force” method to obtain your password is one of many common attacks.

You can actually find lists of the most commonly used password and try those.  Here’s a link (note:   Some people apparently use offensive language for a password!  This is most likely a result of some of the items that started this post.).

The “bad guys” also use phishing e-mails to get login credentials from folks.  Phishing is a way of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication.  In this scenario, thousands and thousands of e-mail messages are sent to unsuspecting folks out there.  The e-mail asks that you send your user name and password to them to verify your identity.  Some are so bold as to ask for your account numbers, SSN, DOB,….  It only takes one person to respond to one of these e-mails to make it worthwhile for the folks to continue the practice.

Many passwords, like Sarah Palin’s infamously hijacked Yahoo account are compromised using social engineering.  It goes like this…If you can find out certain information about people, you can figure out their passwords.  Most commonly used items as part of a password are pet’s names, child’s name, last four of phone number, last four of SSN, date of birth, birth year, house numbers from your address.  I can hear you thinking, “That’s what I use.”  The list goes on.  So you find this stuff out from somebody’s social media file, on-line phone directories, public records,… and start trying combination after combination.

Recently we now have an added layer of security with the addition of “secret questions” that only you know the answer to. What was the last name of your first grade teacher (What if somebody that went to my school is trying to hack my account?)?  What’s the name of your first pet (What if your spouse is trying to access your e-mail account?)?  What’s you father’s middle name?  Your mother’s maiden name?If a train leaves New York going west and one leaves Chicago going east at exactly the same time where will they meet?  What’s the land speed velocity of a coconut-laden swallow?  OK.  Aside from the last two, the previous point on social engineering applies.

I swear there are days I wish I just had a retina scanner, QR code or bar code tattoo, or an embedded chip to make it simple to verify my identity.

I would like to thank the chapters that were on the call:  Westchester Arc, The Arc of the Central Chesapeake Region, The Arc, The Arc of Greater Pittsburgh (ACHIEVA), The Arc of Davidson County, and The Arc of Greater Tarrant County.   In addition to the diversity of the chapters, the group included a mix of individuals from different areas within the organizations.  Executives, IT staff and Marketing individuals took part in the conversation.

The group spent some time discussing the format and frequency of future “Tech Talks” prior to actually talking about the application of technology within our organizations.  The point of the group is for chapters that have experience and/or expertise in technology to share it with other chapters around the country.  In this initial meeting, the group discussed:

• Where marketing and technology intersect
• Using technology to improve our services
• Document management systems
• Communicating technology concepts and expectations in non-technical terms

The next “Tech Talk” webinar/conference call will be open to a much broader audience.  Look for the date and time in a future communication from NCE.  If you are interested in participating or having somebody from your chapter participate, contact Steve McDonell via e-mail:  smcdonell@achieva.info

As a general practice, the best way to keep your professional life apart from your private life on Facebook is to have two different accounts.  And while that may sound like a good idea, it may be a bit more involved making the adjustment now that many folks are pretty far down the road on one account on which they do both.

Regardless of what you end up doing, Facebook has all kinds of different ways to display information about you to groups of users without your really realizing that it is being shared.  FB assumes you want to share everything by default and have been responding to concerns about violations of privacy because of this philosophy.  Here are some interesting items you may not be aware of that you may want to investigate and correct. 

Here’s a link to four things you may not know about your FB account:

http://www.cio.com/article/663675/Facebook_Privacy_4_Valuable_Yet_Hard_to_Find_Settings

Click here.

Many of the techniques to optimize your website for search are things you can and should be doing anyway, but click this link to review an article by David Tinker.  David is the Development Director at ACHIEVA as well as the author of the NCE Social Media blog.  The link leads to the Table of Contents.  David’s article on SEO/SEM starts on page two.

 The most common threats to you and your computer fall into three categories:  viruses, adware/spyware, and phishing.

“Phishing” – Part 3 of 3

Congratulations!  You have won the (insert country name of your choosing here) National Lottery!  Just provide your credit card information to cover the $ (insert random dollar amount here) processing fee so we can forward the full prize amount of $ (insert a number with a few commas in it) to you!!!

You did NOT win the lottery!

 Hi!  It’s me.  I’m stuck in (insert country name of your choosing here).  We lost our credit cards during our trip and I was hoping you could send us some money so we can check out of the hotel and catch our flight back home.

This e-mail is NOT from your friend!

 This is (insert name of large bank or credit card company here).  Due to a recent security breach, we are in the process of reassigning all passwords to our accounts.  Please visit this website (or respond to this e-mail) and provide your account number, password, social security number and date of birth so we can verify your identity and issue you a new password (PIN). 

Banks and other financial institutions do  NOT request this type of information from their customers because they already have it.

 “Phishing” is the act of sending an e-mail that fraudulently represents a legitimate company or somebody you know and “lures” you into divulging personal and financial information that could then be used for identity theft.  This used to be done by phone or even by good old snail mail.

 Your best line of defense against phishing is to not be lured. Unfortunately, thieves use creative tactics to trick you into providing your personal information so they can steal your identity or credit card information.   Here are a few tips to help you recognize and avoid phishing scams.

 Do not reply to any e-mail that instructs you to provide any piece of personal information directly into the e-mail (or directs you to a web site to do the same thing), such as:

• An urgent notice that your account will be closed or suspended if you do not provide personal information
• A survey that asks you to enter personal information
• An urgent notice that your account has been compromised and asks you to confirm your account information
• An e-mail that directs you to a non-secure webpage (http://) and asks you to enter your username, password or account numbers
• An e-mail that asks you to confirm, verify, or refresh your account, credit card, or billing information.
• “Dear Borrower” (no customized salutation; this is a mass mailing of a phishing e-mail) e-mails.
• An e-mail stating “There Is a Problem With Your Account. Confirm your account number…”
• E-mail stating “You Just Won a $100 Gift Certificate. Provide your name, address, loan number.”

 Phishing Avoidance:

• Double-check the internet address in your browser.
• The safe way to visit a website is by typing in the address you know to be authentic.
• Do not click on emails from unknown senders.
• Use caution when entering personal information including your account number, login name and especially credit card information and your social security number.
• Regularly review your online accounts to ensure no fraudulent activity has taken place. If anything suspicious appears, contact your bank or service provider immediately.
• Do not share your password and user IDs with anybody.

 The most common threats to you and your computer fall into three categories:  viruses, adware/spyware, and phishing.

 Adware/Spyware – Part 2 of 3

The term adware frequently refers to any software that displays advertisements, whether or not the user has consented. Adware in this form does not operate surreptitiously or mislead the user, and provides the user with a specific service.

Spyware is a type of malware (malicious software) that can be installed on computers and collects little bits of information at a time about users without their knowledge.  While the term spyware suggests that software that secretly monitors the user’s computing, the functions of spyware extend well beyond simple monitoring. Spyware programs can collect various types of personal information, such as Internet surfing habits and sites that have been visited, but can also interfere with user control of the computer in other ways, such as installing additional software and redirecting Web browser activity.  Spyware is known to change computer settings, resulting in slow connection speeds, different home pages, and/or loss of Internet or functionality of other programs. 

Spyware infections usually occur through a user installing software on their machine from an Internet download.  The scareware example used at the start of this piece is a good example.

As the spyware threat has worsened, a number of techniques have emerged to counteract it. These include programs designed to remove or to block spyware, as well as various user practices, which reduce the chance of getting spyware on a system. 

The programs can provide real time protection against the installation of spyware software on the computer. This type of spyware protection works the same way as that of anti-virus protection in that the anti-spyware software scans all incoming network data for spyware software and blocks any threats it comes across.  The second common practice for spyware protection is after-the-fact removal of adware/spyware.

Anti-spyware software programs can also be used solely for detection and removal of spyware software that has already been installed onto the computer.  This type of spyware protection is normally much easier to use, more popular and available at no cost.  This type of anti-spyware software scans the contents of the windows registry, operating system files, and installed programs on the computer and will provide a list of any threats found, allowing the user to choose what to delete and what to keep.

As a user, here are some tips for you to use at work and at home to keep your computers adware-free.  Many of these will sound familiar because you saw them in part one of this series.

• On your work computer, do not install software without clearance.
• Be suspicious of all e-mail attachments.
• Be extremely cautions of links in e-mails. 
• On your home computer, avoid installing add-on toolbars in your web browser unless they come from a trusted organization.
• Be careful of peer-to-peer file sharing networks. 
• Be wary of security warnings that ask to download software while you browse the web.
• Read all unexpected messages and dialog boxes.
• Use common sense, and go with your gut.

The most common threats to you and your computer fall into three categories:  viruses, adware/spyware, and phishing.

Viruses – Part 1 of 3

Most organizations provide virus protection programs on their computers and servers.  That said, the folks that create the products to protect computers from viruses are always playing a cat-and-mouse game with the people that develop and distribute the viruses, this protection is not necessarily 100% effective.  As a user, here are some tips for you to use at work and at home to keep your computers virus-free.

• Do not open any files attached to an email from an unknown, suspicious or untrustworthy source.
• Do not open any files attached to an email unless you know what it is, even if it appears to come from a dear friend or someone you know. Some viruses can replicate themselves and spread through email. Better be safe than sorry and confirm that they really sent it.
• Do not open any files attached to an email if the subject line is questionable or unexpected. If the need to do so is there always save the file to your hard drive before doing so.
• Suspect particularly messages with subject lines that are blank, uninformative (e.g. Hi, Re:, Pix, Urgent! Help!), weird (nonsense letter combinations, outrageous claims), or unrealistic (96% off software, Sign up and win a house).
• Delete chain emails and junk email. Do not forward or reply to any to them. These types of email are considered spam, which is unsolicited, intrusive mail that clogs up the network.
• Do not download any files from strangers.
• Exercise caution when downloading files from the Internet. Ensure that the source is a legitimate and reputable one.
• Use Anti-Virus software and update it regularly
• When in doubt, always err on the side of caution and do not open, download, or execute any files or email attachments.

As an IT person, one of the most important things you learn is…

So, when one of the accounting staff mentioned first thing through the door at 7AM on Monday of last week that they could not access the accounting server, I did not panic.  After some investigating, the power supply in the server had stopped working.  We’d order a replacement, have it overnighted and be back up and running in a day.  Not a problem.  Easy fix.  Right?

So the new power supplies (We ordered two just in case one was bad.  We were thinking ahead.) arrive by 10AM then next morning and one goes into the server.  We flip the switch and the server…

…catches on fire.  Having had some experience with fire in the national office in Albuquerque I thought…

OK.  So now we have a bigger problem, but we also have a server sitting around from an application we moved to “the cloud” a few months back.  It happens to be almost the same exact server.  We figured we could pull the hard drives out of the scorched server, slip them in the spare and be up and running.  That worked until that pesky little adverb reared its ugly head – almost.  Almost is good enough for horseshoes and hand grenades.  For swapping out hard drives in servers, even with Dell Tech Support on the phone, not so much.  Server comes up but cannot recognize the drives.  This is when the panic scene from the Airplane comes to mind because now we are talking about getting a new server in here and:

• Being down for a few more days at a minimum
• Checks not going out or having to be handwritten
• Bad stuff man!
• Lost productivity!
• Potential late fees from vendors!

I kept telling myself…

We had given the hard drive swap out a 50% chance of working.  As we were swapping out the hard drives, in the back of my mind I was going into Winnie the Pooh mode wondering what we had to do to get a new server in up and running as soon as possible and then it hit me.  What’s the quickest way to do this?  The cloud!!!

We were planning to move our accounting package to a cloud-based solution in November.  The vendor made this option available about two years ago and had spent the interim refining it to the point where we were comfortable moving to that model when they stopped supporting our current server version effective January 1, 2011.

We called them to see if we could do it sooner, (like now!) rather than later.  Long story short, we sent them the data from our last backup before the server went kaplooey (Our backup has been cloud-based for about four years.) at 2:45 PM on Tuesday and they had us up and running in the cloud with our live data by the end of the day!!!

On Wednesday morning, our users were logging into the software and up and running again at our headquarters location.  Checks were going out in the mail.  Reports were being distributed to appropriate parties.  We were importing data from other systems into our accounting system.  Invoices were going out.  No waiting for a new motherboard.  No waiting for other parts.  No hoping that the redundant disk drives in the server were not fried as well.  No waiting on a Dell technician.

By Thursday, all the databases that had previously connected to the accounting system were connected to Excel spreadsheets that contained the table data.  The accounting software vendor provided these by the end of the previous day as well.  We even had one individual working at one of our satellite offices for the first time.  People can work now from anywhere now as long as they have an Internet connection.

You have heard me extol the virtues and benefits of cloud computing.  You have heard the folks at NTEN talk about moving from a reactionary IT infrastructure to a proactive/value/service infrastructure.  This is an example of where these concepts came together to equal 42.