Cyclical Storage Logic (Personal Data)
-
@BRRABill said:
So my first Bitlocker install i was unaware of that.
But end users are always unaware, that's the risk.
-
@scottalanmiller said:
Business users have different needs and need to be treated like a business, not like a senile uncle. Your old uncle needs to be coddled and protected from himself.
LOL. Yes, I do jump.
But I also work with single person companies who have the same sort of "senile uncle syndrome".
-
@BRRABill said:
Had it installed on a new DELL server, and saved the password to the TPM. Was working like a charm. Until I had to update the BIOS for another issue they were having. Remotely. I was working with a DELL tech, and he said it would not affect Bitlocker. It obviously did. Computer would not boot back up. I Googled and figured out what I did, and spent the night feverishly worrying the recovery key I had wouldn't work. It DID, thank goodness, but out the fear of Bitlocker in me to this day. (Another reason to always have backups, right?)
Yup, the more you encrypt, the more backups matter. But you are encrypting the backups, right? Backups are a common point of vulnerability. Thieves know that hitting backups is often worth way more than hitting running systems.
-
@scottalanmiller said:
@BRRABill said:
I still help them. I'm not going to criticize and move on.
No, but explaining to them that they are creating their own risk and bypassing the natural protections that normal people have is important. Do this still do it because people enable them or because they truly don't understand the risks that they choose to take?
how many people that you have told this to have actually changed their behavior to follow your suggestions? Non techie people?
-
@scottalanmiller said:
What software would that be?
Doesn't every small business have its own crazy software that crappily written and with terrible support?
I have an accounting client who was just told last week that the cloud isn't a good option for storage of data, because who knows how long it will be around. I kid you not.
-
@scottalanmiller said:
Yup, the more you encrypt, the more backups matter. But you are encrypting the backups, right? Backups are a common point of vulnerability. Thieves know that hitting backups is often worth way more than hitting running systems.
Of course.
Except for our Datto Alto, which cannot encrypt the local data. But since it's behind many layers and locks in the building, I have deemed it safe. The old "what are the chances" theory we've discussed here.
-
@BRRABill said:
But I also work with single person companies who have the same sort of "senile uncle syndrome".
And generally what they need is to be both overseen AND protected from themselves. It's extremely important with these kinds of businesses that they never, ever get the impression that being irrational, illogical and reckless is acceptable to anyone but them. So often people do terrible things because they see it as socially acceptable and excusable.
End users do this all the time. "All my friends do it." "But isn't this what everyone does?" "I'm just an end user, how am I to know better." All excuses. Even genocide is often only possible because there was some social excuse for it. We, in IT, have to stand firm and convey that it is not acceptable, not professionally, not socially, not financially and not for their business. If we make it clear that they are doing something completely unacceptable, they are less likely to do it.
This is why I wrote about the "home line" to help to explain to businesses that they weren't seeing themselves as a business but just as a hobby and if they want to be treated that way they can keep acting like they do but if they want to be seen by outsiders as a legitimate business, they need to rethink how they behave.
-
@BRRABill said:
@scottalanmiller said:
What software would that be?
Doesn't every small business have its own crazy software that crappily written and with terrible support?
I have an accounting client who was just told last week that the cloud isn't a good option for storage of data, because who knows how long it will be around. I kid you not.
Not every small business, but definitely more do than don't.
I too have a client who gets business advice from someone who is adamantly opposed to 'cloud' services for the same reason. Don't know how long they will be around. Additionally they believe they are more prone to be hacked. There has been no reasoning with them. They simply won't hear it.
-
@Dashrender said:
how many people that you have told this to have actually changed their behavior to follow your suggestions? Non techie people?
Well, considering I've only been brought on board MYSELF in the past month or so, I'd say 2, and both resisted.
-
@Dashrender said:
@scottalanmiller said:
@BRRABill said:
I still help them. I'm not going to criticize and move on.
No, but explaining to them that they are creating their own risk and bypassing the natural protections that normal people have is important. Do this still do it because people enable them or because they truly don't understand the risks that they choose to take?
how many people that you have told this to have actually changed their behavior to follow your suggestions? Non techie people?
Actually, a lot. I don't deal with many non-business people, but those that I do pretty universally have moved to zero data storage models and are SO thankful.
-
@BRRABill said:
Doesn't every small business have its own crazy software that crappily written and with terrible support?
No, you hear about them all of the time because they need tons of support and have to hire lots of IT people to keep their lights on, so they are the squeaky wheels. But most SMBs don't have those issues, that's actually relatively rare.
It's a self fulfilling prophecy - make bad decisions once, probably means you will keep doing it. Doing so means you are the cases that everyone hears about. Healthy businesses don't often suffer from these issues.
-
@BRRABill said:
Except for our Datto Alto, which cannot encrypt the local data. But since it's behind many layers and locks in the building, I have deemed it safe. The old "what are the chances" theory we've discussed here.
In theory, all of the data would be there and be considered safe.
-
@Dashrender said:
Not every small business, but definitely more do than don't.
What makes you feel that way?
-
@scottalanmiller said:
In theory, all of the data would be there and be considered safe.
What do you mean?
-
@Dashrender said:
I too have a client who gets business advice from someone who is adamantly opposed to 'cloud' services for the same reason. Don't know how long they will be around. Additionally they believe they are more prone to be hacked. There has been no reasoning with them. They simply won't hear it.
That's the thing. Irrational, non-business oriented little businesses rarely stay around. The average small business is going to fail. Like 80% or more fail in the first few years. So encouraging them, coddling them, making them feel like it is okay to "be average" is really just a way of helping them close up shop. You aren't doing them any favours by making them feel like it is okay to fail. It IS okay to fail, most people do. But if the goal is to assist them, this doesn't do it.
-
@Dashrender said:
I too have a client who gets business advice from someone who is adamantly opposed to 'cloud' services for the same reason. Don't know how long they will be around. Additionally they believe they are more prone to be hacked. There has been no reasoning with them. They simply won't hear it.
Exactly.
Or, when trying to sell managed services to friends of mine who have a business, almost at cost, and they give them old "it's working, why do I need that" type thing. Yes, we've seen it happen, but it sounds like an insurance salesman to them.
I mentioned once before a lot of the people I know in the MSP business hate it for these very reasons. Pulling teeth to get people to understand, then having to justify for the rest of the contract.
-
@BRRABill said:
@scottalanmiller said:
In theory, all of the data would be there and be considered safe.
What do you mean?
The point I've been making all along is that for most cases - you keep your data safe physically and at the OS level so that you don't have a reason to encrypt. Anytime you feel like you need to encrypt should set of a warning flag in your mind that you have exposed data - why is it exposed? There are cases where that is necessary, but they are the rarity not the common case. Nearly all data can be protected at its storage level. If it isn't think about protecting it completely rather than encrypting it.
If you feel confident that the Datto is safe when it holds absolutely everything, having even more protection for the normal data should be plenty.
-
@scottalanmiller said:
@Dashrender said:
Not every small business, but definitely more do than don't.
What makes you feel that way?
Because I see it all over the place.
I have a doctor client, who their main business software (which is used by thousands of offices I am sure) requires you to turn of UAC and the firewall.
It's ridiculous.
A lot of the MSP contracts I see won't even touch the proprietary software stuff.
-
@BRRABill said:
Or, when trying to sell managed services to friends of mine who have a business, almost at cost, and they give them old "it's working, why do I need that" type thing. Yes, we've seen it happen, but it sounds like an insurance salesman to them.
Ask them if they feel that way about seatbelts and oil changes. Driving with no seatbelt works for everyone.... up to a point.
-
@BRRABill said:
I mentioned once before a lot of the people I know in the MSP business hate it for these very reasons. Pulling teeth to get people to understand, then having to justify for the rest of the contract.
That's why people hate the MSP racket in general - customers just don't care as much as you do about themselves.