5 Questions to ask Before Moving to an Unmanaged Server

Over the last several years growth in cloud computing has skyrocketed. (Don't believe me? Ask Google.) Setting the numbers aside, and just taking anecdotal evidence from here on the ground level, much of this growth comes from businesses who are abandoning their traditional managed servers hosted by the likes of Rackspcae and Liquid Web, and instead spinning up AWS or GCP instances in an unmanaged environment.

And therein lies a problem that no one seems to be worried about. These organizations are leaving managed space for the wild west of unmanaged space. This shouldn't be an issue for large organizations who have Sys Admins on staff. Those professionals should be up to the task of managing servers.

But for smaller organizations, this move (which is often done to try and save money) adds a whole level of complexity that no one in technology or management is properly addressing. You see, the servers that the dev group has used to develop solutions for the business are highly complex technical entities themselves. And if Liquid Web used to be the entity responsible for maintaining the software on that server, who's responsible over at AWS?

Before you make the jump into an unmanaged environment (cloud or not) you have to know the answers to the following.

What technologies are we actually using, and how are we becoming aware of flaws, updates, and patches?
You can't maintain a service you don't know you're supposed to be maintaining. The tech people will need to know exactly what's out there, and the state that it's in. Do you have an open source FTP server that hasn't seen a code-change since 1999? You probably need to get rid of that entirely and replace it with a better maintained package. You also need to be sure that when you "flip the switch" you don't accidentally take out a service you've forgotten about. If Sales loses VoIP it'll eat into your cost savings very quickly.Read more

3 Ways Not To Get Phished You Can Start Doing Right Now

One of my clients has been battling it out with a group of email phishing scammers trying to trick employees into divulging PII, and because of their industry, they have a lot of PII.

The Tech Group has gotten involved: the network people are securing things further; the Sys Admins are adjusting their filters; and they've even added a banner to every email that originates outside the organization.

But, what about the rest of us? Here are three things you can do to avoid getting phished.

1. Never Email Personally Identifiable Information

Never send out an email containing any information you wouldn't normally feel comfortable shouting across a room filled with strangers. Email is inherently insecure. Do not email, under any circumstance, banking or sensitive personal information. Pick up the phone. Then it's just between you, the person you've called, and the NSA.

2. Don't Be So Damned Click Happy

Links in an email are a great convenience, but for most people, they're also dangerous. When you click a hyperlink in an email, you're not entirely sure where you are going to end up. In about 10 minutes, I can make a website that looks just like your bank and gathers your login credentials. You might not even realize that you've been phished.

Instead of clicking that link, go to your browser and type the address to your bank in. That way, at least, you're sure where you end up. This same idea applies to replying. If you get an email from someone looking for PII, call them up at the main office line for the company rather than replying. Basically, be sure you know who you're communicating with.

3. Don't Lose Your Cool

May of the most egregious phishing scams attempt to use a false sense of urgency to get you to act before you've thought through your actions. It is unlikely that your grandson and has been kidnapped by a Mexican gang. Especially if they're not in Mexico.

If you're being asked to send money on behalf of a relative, confirm with other relatives that the details make sense. Under no circumstances should you act right away. Even kidnappers understand due diligence. So, don't get pushed into acting without thinking.