Cyclical Storage Logic (Personal Data)
-
@scottalanmiller said:
Yup, the more you encrypt, the more backups matter. But you are encrypting the backups, right? Backups are a common point of vulnerability. Thieves know that hitting backups is often worth way more than hitting running systems.
Of course.
Except for our Datto Alto, which cannot encrypt the local data. But since it's behind many layers and locks in the building, I have deemed it safe. The old "what are the chances" theory we've discussed here.
-
@BRRABill said:
But I also work with single person companies who have the same sort of "senile uncle syndrome".
And generally what they need is to be both overseen AND protected from themselves. It's extremely important with these kinds of businesses that they never, ever get the impression that being irrational, illogical and reckless is acceptable to anyone but them. So often people do terrible things because they see it as socially acceptable and excusable.
End users do this all the time. "All my friends do it." "But isn't this what everyone does?" "I'm just an end user, how am I to know better." All excuses. Even genocide is often only possible because there was some social excuse for it. We, in IT, have to stand firm and convey that it is not acceptable, not professionally, not socially, not financially and not for their business. If we make it clear that they are doing something completely unacceptable, they are less likely to do it.
This is why I wrote about the "home line" to help to explain to businesses that they weren't seeing themselves as a business but just as a hobby and if they want to be treated that way they can keep acting like they do but if they want to be seen by outsiders as a legitimate business, they need to rethink how they behave.
-
@BRRABill said:
@scottalanmiller said:
What software would that be?
Doesn't every small business have its own crazy software that crappily written and with terrible support?
I have an accounting client who was just told last week that the cloud isn't a good option for storage of data, because who knows how long it will be around. I kid you not.
Not every small business, but definitely more do than don't.
I too have a client who gets business advice from someone who is adamantly opposed to 'cloud' services for the same reason. Don't know how long they will be around. Additionally they believe they are more prone to be hacked. There has been no reasoning with them. They simply won't hear it.
-
@Dashrender said:
how many people that you have told this to have actually changed their behavior to follow your suggestions? Non techie people?
Well, considering I've only been brought on board MYSELF in the past month or so, I'd say 2, and both resisted.
-
@Dashrender said:
@scottalanmiller said:
@BRRABill said:
I still help them. I'm not going to criticize and move on.
No, but explaining to them that they are creating their own risk and bypassing the natural protections that normal people have is important. Do this still do it because people enable them or because they truly don't understand the risks that they choose to take?
how many people that you have told this to have actually changed their behavior to follow your suggestions? Non techie people?
Actually, a lot. I don't deal with many non-business people, but those that I do pretty universally have moved to zero data storage models and are SO thankful.
-
@BRRABill said:
Doesn't every small business have its own crazy software that crappily written and with terrible support?
No, you hear about them all of the time because they need tons of support and have to hire lots of IT people to keep their lights on, so they are the squeaky wheels. But most SMBs don't have those issues, that's actually relatively rare.
It's a self fulfilling prophecy - make bad decisions once, probably means you will keep doing it. Doing so means you are the cases that everyone hears about. Healthy businesses don't often suffer from these issues.
-
@BRRABill said:
Except for our Datto Alto, which cannot encrypt the local data. But since it's behind many layers and locks in the building, I have deemed it safe. The old "what are the chances" theory we've discussed here.
In theory, all of the data would be there and be considered safe.
-
@Dashrender said:
Not every small business, but definitely more do than don't.
What makes you feel that way?
-
@scottalanmiller said:
In theory, all of the data would be there and be considered safe.
What do you mean?
-
@Dashrender said:
I too have a client who gets business advice from someone who is adamantly opposed to 'cloud' services for the same reason. Don't know how long they will be around. Additionally they believe they are more prone to be hacked. There has been no reasoning with them. They simply won't hear it.
That's the thing. Irrational, non-business oriented little businesses rarely stay around. The average small business is going to fail. Like 80% or more fail in the first few years. So encouraging them, coddling them, making them feel like it is okay to "be average" is really just a way of helping them close up shop. You aren't doing them any favours by making them feel like it is okay to fail. It IS okay to fail, most people do. But if the goal is to assist them, this doesn't do it.
-
@Dashrender said:
I too have a client who gets business advice from someone who is adamantly opposed to 'cloud' services for the same reason. Don't know how long they will be around. Additionally they believe they are more prone to be hacked. There has been no reasoning with them. They simply won't hear it.
Exactly.
Or, when trying to sell managed services to friends of mine who have a business, almost at cost, and they give them old "it's working, why do I need that" type thing. Yes, we've seen it happen, but it sounds like an insurance salesman to them.
I mentioned once before a lot of the people I know in the MSP business hate it for these very reasons. Pulling teeth to get people to understand, then having to justify for the rest of the contract.
-
@BRRABill said:
@scottalanmiller said:
In theory, all of the data would be there and be considered safe.
What do you mean?
The point I've been making all along is that for most cases - you keep your data safe physically and at the OS level so that you don't have a reason to encrypt. Anytime you feel like you need to encrypt should set of a warning flag in your mind that you have exposed data - why is it exposed? There are cases where that is necessary, but they are the rarity not the common case. Nearly all data can be protected at its storage level. If it isn't think about protecting it completely rather than encrypting it.
If you feel confident that the Datto is safe when it holds absolutely everything, having even more protection for the normal data should be plenty.
-
@scottalanmiller said:
@Dashrender said:
Not every small business, but definitely more do than don't.
What makes you feel that way?
Because I see it all over the place.
I have a doctor client, who their main business software (which is used by thousands of offices I am sure) requires you to turn of UAC and the firewall.
It's ridiculous.
A lot of the MSP contracts I see won't even touch the proprietary software stuff.
-
@BRRABill said:
Or, when trying to sell managed services to friends of mine who have a business, almost at cost, and they give them old "it's working, why do I need that" type thing. Yes, we've seen it happen, but it sounds like an insurance salesman to them.
Ask them if they feel that way about seatbelts and oil changes. Driving with no seatbelt works for everyone.... up to a point.
-
@BRRABill said:
I mentioned once before a lot of the people I know in the MSP business hate it for these very reasons. Pulling teeth to get people to understand, then having to justify for the rest of the contract.
That's why people hate the MSP racket in general - customers just don't care as much as you do about themselves.
-
@scottalanmiller said:
Ask them if they feel that way about seatbelts and oil changes. Driving with no seatbelt works for everyone.... up to a point.
My quote for managing patches always was
"I'm not saying something is GONG to happen, it just makes it easier because unpatched systems are at greater risk" -
@BRRABill said:
@scottalanmiller said:
@Dashrender said:
Not every small business, but definitely more do than don't.
What makes you feel that way?
Because I see it all over the place.
I have a doctor client, who their main business software (which is used by thousands of offices I am sure) requires you to turn of UAC and the firewall.
It's ridiculous.
A lot of the MSP contracts I see won't even touch the proprietary software stuff.
Of course you do.... you are on the IT side. You get called BECAUSE of bad decision making. If they weren't making bad decisions, why would you have gotten called in?
You are seeing the results of bad decisions, rather than a survey of healthy businesses. Look at ML or SW to see what "normal" looks like you will only see, or primarily see, the bad because the bad are the ones that need to be fixed and discussed over and over again.
-
@BRRABill said:
@Dashrender said:
I too have a client who gets business advice from someone who is adamantly opposed to 'cloud' services for the same reason. Don't know how long they will be around. Additionally they believe they are more prone to be hacked. There has been no reasoning with them. They simply won't hear it.
Exactly.
Or, when trying to sell managed services to friends of mine who have a business, almost at cost, and they give them old "it's working, why do I need that" type thing. Yes, we've seen it happen, but it sounds like an insurance salesman to them.
See, your problem here is doing something bad for your business.. Giving a discount to a friend. Random discounts are 100% a bad idea.
I mentioned once before a lot of the people I know in the MSP business hate it for these very reasons. Pulling teeth to get people to understand, then having to justify for the rest of the contract.
I don't accept a client that tries to make me justify something. A client like this is not a client that understands that their IT is critical to their business succeeding. A client that does not understand that IT is critical to their business is not a client that I want. I fire those clients if they get past initial screening of "is this company a good client"
-
@scottalanmiller said:
@Dashrender said:
@scottalanmiller said:
@BRRABill said:
I still help them. I'm not going to criticize and move on.
No, but explaining to them that they are creating their own risk and bypassing the natural protections that normal people have is important. Do this still do it because people enable them or because they truly don't understand the risks that they choose to take?
how many people that you have told this to have actually changed their behavior to follow your suggestions? Non techie people?
Actually, a lot. I don't deal with many non-business people, but those that I do pretty universally have moved to zero data storage models and are SO thankful.
You're a better sales person than me then for sure!
-
@scottalanmiller said:
That's why people hate the MSP racket in general - customers just don't care as much as you do about themselves.
All we heard was how much MSPs hated the MSP business, LOL.