A disaster by any other name...is still a disaster

There was a hurricane, her name was Katrina. Now I realize it's 2014, not 2005. But I have point, I promise. 

Most people remember Katrina, vividly, in fact. About 3 years ago I worked with a CIO that had been at Tulane University at the time she hit. He recalled after the disaster, the IT folks, himself included, got into small boats and recovered servers that were under water or in standing water inside the university. 

What?! Yes, they actually did this and it's not that much of a surprise, unless he lied to me. Either way, it's a great example of a poor disaster recovery. While most people probably wouldn't have cared an ounce if those servers were recovered or not, it is impressive that they went to such lengths to retrieve that data. Although, should they have had too? 

In our modern world, we have crazy weather (coughKatrinacough), people blowing up buildings, earthquakes, auto/plane/train accidents, fires, etc. that can cause the need of a disaster recovery plan in place for an organization to try to secure the integrity of their data and recovering it, should they need too. 

But how does a company do that? Well they build what's called a contingency plan.  Analyzing the business impact and their response plan should something disaster-ish. Then they develop a disaster recovery and business continuity plan. Granted it's a lengthy process, but the worthwhile is not having to get in a boat after a huricane and go "rescue" servers from a server room. Had they planned their disaster recovery better it would have been backed up, off site, and those servers could have floated away and it wouldn't have mattered. 

While we (IT professionals) tend have a lot of different issues on our plate with regards to making our IT world go round...I think we sometime miss the important stuff. Like disaster planning. 

My mom always told me, "it's better to have it and not need it...than need it and not have it."

Well said mom! Now to get the IT folks on board with this mind set.

Oh Sony, Poor Sony...

Cnet once again has reported that Sony has been hacked. Seriously? Dang Sony, you can't catch a break! This time though it was the Playstation Network, unlike two weeks ago where malware hit Sony Movie studio by presumably by a North Korean group; Guardians of Peace. 

This week the Sony Playstation store was taken offline by a so claimed group or individual named; the Lizard Squad. Their actions bringing users to a halt when trying to access the online store and while it's not clear if private information was compromised or not, it still caused some frustration to users. However, the previous incident of the Sony Movie Studio was reportedly claimed to compromise employee social security numbers and passwords. The group claiming that Sony needed to "immediately showing the movie of terrorism which can break the regional peace and cause the War (cnet.com, 2014)!" 

While if anyone remembers this year in the summer of 2014, Sony's Playstation store was hit at that time as well. Sony, oh Sony. Why do you keep getting hacked? Where are your safe guards? Clearly, Sony needs a re-vamp on their security. 

These re-occurring incidents seem to scream loudly “come at me bro”. And while it might be apparent they keep getting their security breached, I am curious what steps they are taking to resolve these frequent incidents?  With Christmas fast approaching, those PS4’s flying off the shelves…I wouldn’t put much faith that while you are enjoying your high def video game at $60 bucks a pop…that your private information is really secure. 

Well…at least not yet.

Source: http://www.cnet.com/news/sony-hacked-again-this-time-the-playstation-store/

Tis the season for Cyber Crimes

Alright lets be honest here, every time is the time for cyber crimes in our modern day lives, but the holidays tend to bring more to the for front than most.

While days like Black Friday and Cyber Monday drive shoppers to bargains in stores and online for their holiday gift purchases, the cyber criminal also plans ahead. Sending out Phishing emails from supposed banks, reporting account issues. It includes a link to the "website" which looks like the bank's site, but isn't. The user attempts to login and BAM personal information stolen. OR even more clever, the criminals send out sale announcement type email with a popular store or brand. Luring the customers to click on the link inside the email that again takes them to a fake website that looks like the real one, getting them to buy items and stealing their information. The customers never get their items and their privacy has been compromised.

How do consumers avoid this? Well there are a few things to remember. Never click on links inside emails, just go directly to the site. Also check the site for security; it will have a https vs. http AND many have a icon that looks like a pad lock either in the top of the browser window or the bottom.

The big thing is to go slow, double check everything, keep confirmation emails/numbers for all purchases, use a credit card (those are easier to fight a identity theft problem, and if it seems to good to be true...it probably is. And keep in mind that while Black Friday and Cyber Monday may have gone, the criminals and their attempt to trick you, have not.

Source: http://www.cnet.com/news/cyber-monday-beware-the-malware/