<%=INSERTTEXT%>
 

 

A Weekly ComputorEdge Column by Douglas E. Welch

 

 

 

Back to Archive Index -- Go to WelchWrite.com

about this column.


September 19, 2003

It's a Blast!

© 2003, Douglas E. Welch


As anyone in high-tech knows, the MBLAST Worm program made a shambles of many PCs and servers over the last month. Despite promises from Microsoft to increase the security of their software, people continue to find, and exploit these flaws to greater and greater effect. Among the hue and cry that is raised with each new attack, high-tech professionals can be heard disclaiming any culpability. “Microsoft is to blame for lousy software.” “Hackers and script kiddies are to blame for writing the exploits.” “Users aren’t bright enough to protect themselves from attack.” While I don’t deny the truth behind any or even all of these statements, I have some difficult news for high-tech workers. Despite all these problems, protecting your systems is your responsibility. Regardless of the culpability of any of the above parties, when you let your systems become infected, and, even worse, infect others, you have failed in one of the basic missions of any high-tech job. Failing to patch for known flaws, especially when you know an attack will be forthcoming, makes you part of the problem instead of part of the solution.


The buck stops here


Part of any high-tech job is keeping systems operating at optimal levels. You spend hours updating software, troubleshooting problems, reading support tech notes from vendors and much more reaching for this goal. Whether it is implicitly stated in your job description or not, you are also responsible for the physical and virtual security of the systems under your watch. Even more, your boss probably believes, rightly or wrongly that you are responsible for these systems. You can explain about the difficulties of updating hundreds of machines, the reasoning behind the attacks, the seemingly endless parade of flaws and fixes, but, in the end, they are only excuses.


Does this sound harsh? I admit it does, but like most harsh statements, it is based in reality. When you sign up for a high-tech career, you need to clearly understand the challenges you will be facing. Much like the manager of an office in a depressed section of town understands the reality of graffiti on the walls, a network manager should expect attacks and do everything in their power to prepare. If you are not clear on this from the start, you are risking your entire career. You are the “keeper of the keys”, whether you like it or not. Even if you would like to believe that it is not your responsibility, I can guarantee that your boss sees the issue differently. You are the first (and sometimes, last) line of defense. If you abdicate this role, your company, your users and you will be at risk from every attack that comes along.


Awareness


While it may seem like a heavy burden rests on your shoulders, you can elicit help from those around you. In fact, this may be the only way to keep your head above water. If you are in management, every employee, not just those in IT, need to understand the need and application of security systems. Your workers need to be on the look out each and everyday for security problems. As a high-tech workers you need to understand the importance of your role in security. Finally, you need to do everything you can to allow your users to help themselves, thereby helping you, protect their computers.


The other night, while IM’ing my sister, Denise, a fellow computer trainer and consultant, she summed up the security situation in one word, awareness. Making your users aware of the threats against their computer allows them to exercise more caution when using their machine. She has been running non-stop these last few weeks cleaning up worm and virus infections. In many cases, her users opine, “If I had only known about it, I would have called you first.” This lack of awareness is a failing not only on the user’s side,. She and I both realize that when our users are unaware, we have had a hand in their ignorance.

 


Start today


If you don’t have effective methods of increasing your user’s awareness today, here are a few methods to get you started.


• Regular print/email newsletters


Over the last several months, I have produced a monthly newsletter to remind my users about virus and other security threats, along with other information. This never fails to elicit 2-3 phone calls or emails. Often these problems would have gone undetected. In these newsletters I try to state the problem in non-technical ways so that the users can clearly understand the threat and how they can prevent it.


• Special Email Notices/Warnings


In severe cases, like the Mblast worm and others, I send out special notices to the newsletter list. I use this sparingly, so that my users don’t get blasé about the warnings. When they receive one of these special notices, they know it is something important.

• Face to Face


Most important of all, whenever I am dealing with one of my users, I take the time to reinforce the issues of security, software updates and anti-virus programs.


While it may seem like a high-tech career is a thankless task, fraught with opportunities for disaster, what job isn’t? There are ways to insure that you, and your users, are doing as much as possible to protect the security of their systems. Be aware and share this awareness with others, whenever you can. In this way, you can protect your systems while also protecting your high-tech career.

 



Book of the week:

The Art of Possibility: Transforming Professional and Personal Life

 

about this column.


Douglas E. Welch is a freelance writer and computer consultant in Van Nuys, California. Readers can discuss career issues with other readers by joining the Career Opportunities Discussion on Douglas' web page at: http://www.welchwrite.com/dewelch/ce/

He can reached via email at douglas@welchwrite.com

Book Recommendation

Browse the WelchWrite Bookstore

<%=INSERTTEXT%> 

 

Amazon Honor System Click Here to Pay Learn More

Also on Welchwrite.com

<%=INSERTTEXT%>