Horse Sense #62 

In this issue:
  • Tips--Security Tips From the Feds
  • Toys for Techs
  • When Should I Delete an E Mail?
  • Spam Realities
  • Avoiding Costly Computing Errors: Be Willing to Accept an Unexpected Answer!
  • Subscription and contact information
Tips--Secure Your E Mail, Shop Safely
If you have your own e mail server and want to do your part to cut down
on spam, take a look at these recommendations from the FTC that are
Here are some tips from the FTC for safe on line shopping:

Toys for Techs
It may not be the time for Christmas presents, but any time of year is a
good time to give "Toys for Techs."  A "Toy" must do something for the
business.  A "Tech" could be anyone who is using your computing
resources and thinks they see a way to get more out of them, not just
the geeks (like me!).  You can make a substantial improvement in your
business and motivate people by letting them take a project and run with
it with management support.  Be open to new ideas.  Who would have
thought that you would have an e mail address 20 years ago?  Now many
businesspeople find it indispensable.  Consider these "Toy" suggestions:
-A "Toy" to bring the future alive:  Speech recognition software and a
microphone.  For those who don't type well or who have motor
difficulties, this software could dramatically improve their
productivity.  The amount of training and the learning curve have gone
down as the accuracy rate has improved.
-A "Toy" that shows how the world works:  Practically any form of
training.  We would suggest security training for the organization, but
you might also benefit from specialized application training or network
administration training.  Typing tutor programs don't hurt.  Language
tutoring software might be a good idea as well.  Few tools work well in
untrained hands.
-A "Toy" that stretches the imagination: A network security and business
analysis.  It sounds like a luxury, but that's the point of a toy.
Something that sounds like a luxury can still produce many desirable
results.  Have Iron Horse look at where you are and have been and then
point you towards a more profitable and desirable future.  "Toys" need
not be physical.  What is more fun than imagining a better day and
knowing you can make it a reality?
-A "Toy" that uncovers what was previously hidden:  I have written about
the Cymphonix network appliance before.
 While this appliance starts at $2000, I've had two customers tell me
it paid for itself in less than one day!  We will be happy to tell you
the stories.  This "Toy" can find and manipulate to your advantage what
otherwise would be invisible.
-A "Toy" to keep up with the other "Techs":  You may not get Microsoft
Windows Vista, Exchange 2007, or Office 2007 right away, but someone
should know something about it.  Or, maybe you need to see what another
piece of software, a new dual processor system or a modular notebook can
do for you.
-A "Toy" that fixes other stuff:  Utilities can keep your computers
running smoothly or restore them to their former glory.  After removing
unnecessary software and files and using Diskeeper disk defragmentation
software I have seen 400% improvements in speed!
-A "Toy" box to keep your toys safe:  Buy a better backup solution than
the one you have now.  Disk to disk backup, disk imaging, continuous
data protection, and automatic remote backup are available now.  Are you
using them or are you putting all your work at risk?
-A "Toy" that is fun to watch, but often ignored as it lets you enjoy
other "Toys" in peace:  Little kids like to watch bug zappers.  The
network equivalent of a bug zapper is antispam.  Is your antispam
working well?  Could it work better?  Do you need a different solution?
 Or, does your current solution just need some fine tuning?  We can
tell you about a client who went from babysitting their antispam servers
to almost ignoring them after some changes we recommended.
-A "Toy" that lets you view the world differently:  Large high
resolution flat screen monitors are proven productivity enhancers.  They
can also lower electric bills and save desk space.
-A "Toy" that brings your ideas to life:  New color printers are
inexpensive and capable.  You can now sell your ideas more effectively
with color.
You get the idea.  If these "Toys" are not for you, we can help you pick
out other good ones.  Who says toys can't be fun and make your business

When Should I Delete an E Mail?
The US Supreme Court amended the Federal Rules of Civil Procedure last
These rules cover all federal civil (non-criminal) litigation.  State
courts will likely soon follow their example.  Every business in the US
must now make a "good faith" effort to disclose "electronically stored
information."  Practically, this means all organizations will need to
have policies about how their electronic information is to be stored
and/or deleted.  Litigants are likely to request this information to
support their case.  Organizations without proper policies, procedures,
and technologies in place may face sanctions.  They will also face
higher costs in complying with documentation requests.  Companies will
also need to know how much effort it will take to produce requested
information.  Disclosure rules take into account how onerous and
expensive it is to provide requested information.  However, that means
you still must know where the information requested would be and be able
to give figures on how much it would cost to get to it.
E-mail is now considered a corporate document, so organizations will
have to have policies on how long to keep e mails, when they should be
deleted, and how and where to store e mails so that they may be viewed
later.  Any company with a delete all email policy or a 30, 60, or 90
day retention policy for the purpose of destroying smoking guns ought to
consider whether its policy would stand a court test of good faith.  You
will need to develop a document retention policy and stick to it.  If
your employees regularly flout the stated policy by saving e mails older
than the stated corporate standard policy of 90 days, then your company
"policy" could be considered whatever the employees are doing because
those files will be available in corporate systems as well and subject
to electronic discovery.
Be warned.  When a company has to produce electronic documents, it may
not be able to follow its regular document destruction procedure.  That
means that even though you have a policy of destroying old e mail, as
soon as the discovery process for those e mails starts, you cannot
delete them.
There are no hard limits written into these procedures.  It took decades
for the IRS to decide that 7 years was a reasonable limit for record
retention.  This new rule and the corporate accountability laws passed
by the US Congress over the past few years have placed a heavy record
keeping burden on companies.  For some, it may have been a driving force
to go private or stay private.  These are "best efforts" or "good faith"
type laws.  It means the standards can continually change to fit the
time and the particular situation, which is good.  It also means that no
one knows what "best effort" or "good faith" means until it is actually
tested in court.
For more information see these links or call Iron Horse:

<Link died, removed 1/15/2012>

Some companies now attempt to "keep everything forever" to defend
against lawsuits.  Most organizations need not take on this massive
expense.  The value of a piece of information flowing through your
business, its method of storage, and its age sensitivity determine its
availability.  You want to design your business not around the fear of
litigation but around your need to manage information.  We can help you
design data protection systems that make sense for you.  In fact, these
rules seem to support keeping records as long as they can be expected to
be relevant to the business.  Less relevant materials are expected to be
harder to get to or unavailable.  For example, accountants have lists of
different types of documents and how soon you can get rid of them based
on their relevance and your liability to taxing authorities.
As a side note, expect more and more e mails to have lengthy disclaimers
attached to them so that companies feel safe in deleting these records
from their systems.  You may even see some saying "The following e mail,
by company policy, may be permanently deleted after 90 days unless you
reply to us saying that it needs to be kept for a longer period.  If you
do not do so, this e mail may be deleted with your permission and you
warrant that it will not be needed for discovery in civil litigation
after that date."  I expect to see many variations on this theme.  I
would bet these disclaimers would fail the "good faith" test in court.
Call Iron Horse and talk to us about your needs to manage your
information.  We have many excellent products and services that can
help, especially with e mail.

Spam Realities
Recently, when a communications cable crossing the Pacific got cut, spam
volume decreased around the globe.  Unfortunately, most of your spam
comes from the US.  Spammers want to use large numbers of machines with
access to high bandwidth Internet connections near their targets to
maximize their ability to send mail quickly.  Spammers also are
selective.  It is useless to send offers in US dollars in English to
Russians.  Spammers often use machines that have been compromised.
Literally thousands of these machines may be directed by a single
control point to deliver spam to millions of people.  Spam is not about
annoying you.  It is about making money.  Almost all spam is directed at
a person rather than an organization.  Offers that sound too good to be
true, usually are.  Stock tips that come unsolicited over the Internet
are not a sure fire way to make money.
Many criminals use e mail that appears to be from legitimate sources to
get you to disclose confidential information they can use to steal from
you later.  These e mails look VERY real.  I have even seen US Secret
Service agents who investigate financial crime on computers fall for
these ploys.  DO NOT respond to any request for personal information or
update requests in e mail without first calling the company.  Do not
trust the phone numbers in the e mail.  Use the number on the back of
your credit card, on your bank or brokerage statement, etcetera.  Do not
click on suspect e mail links.  The delete key is your best defense.  If
it is REALLY important, companies who handle your personal finances will
not count on e mail as a way to contact you.  And, because exposing
health related information can result in civil and criminal liability,
anything involving your health is unlikely to be sent by e mail.
Not all mail is spam.  You may get e mail from a perfectly legitimate
company that you were not expecting.  Do not complain to your overworked
help desk or Internet Service Provider (ISP) about it.  Legitimate
companies will make it very easy for you to verify their identities and
to sign off their mailing lists.  They usually will provide multiple
ways to do so.  Most business to business solicitation, newsletter, and
marketing e mails will be from legitimate companies.  By law, these e
mails are not considered spam.  And, many organizations, including every
government entity I know of, has a policy mandate to open up their
procurement to all qualified sources.  In effect, those rules ask
companies to try and get in touch with people who might need what they
have to offer.
Signing off legitimate mailing lists should be easy.  These companies
will have valid return e mail addresses, postal mail addresses, and
phone numbers prominently displayed in their e mails.  Legitimate
businesses want to make it easy for you to contact them.  It may be
annoying to get marketing e mails, but it is not in their best interest
to make you any enemy.  They will sign you off their mailing lists if
you ask.  You may have to ask more than once, especially if you call
them again or order something because they can make the logical
assumption you want to do business with them.  Relax.  A marketing e
mail is a lot less intrusive and onerous than a phone call, fax, or even
a piece of postal mail.  Sign off again or delete the message.

Avoiding Costly Computing Errors
When working with your IT providers, use these tips that I have learned
from over 20 years as a computer consultant to save money, time, and
headaches.  If you have a favorite tip or story, please write us about it!
Be Willing to Accept an Unexpected Answer!
Help your consultant or salesperson to understand what you want to do.
Begin with what you want to do, find software that will help you do it,
then get the hardware to help you run the software.
Partner with service providers who will work to give you the answers you
need.  Do business with those who under promise and over deliver.  Do
business with those who freely admit what their solution will not do
well.  Do not be afraid to ask this question:  Can you think of a better
way to handle this?
Some Unexpected Answers I Have Delivered to Customers:
-----I often tell people that they already have what they need.  I often
get the question, "Should I upgrade my computer?"  I will ask some
questions and end up replying, "No.  A faster computer will not help you
as there is no difference between instant and faster instant."  They
wonder why I might turn down a sale.  I am not turning down a sale.  I
am building a relationship of trust so that I can work with them long
into the future.
-----Sometimes, the answer is not what you want to hear, but correct.
One client could not decide between a small hard drive and a costlier
larger one.  I told him that if he even asked the question, he should
get the larger one because if he ever needed the extra capacity, he
would have a very expensive retrofit on his hands.  Even if he never
used the extra space, the most he would "lose" would be the cost
difference between the two drives.  In my experience, people fill up all
the storage space they can find anyway.  He bought the bigger drive.  A
few weeks later, he started a new project.  He needed much more storage
space than he originally thought, which would have overfilled the
smaller hard drive causing an expensive upgrade at a very inconvenient time.
-----Fairfax County Public Schools came to us requesting new keyboards
of a specific brand for their machines.  We asked why.  The kids were
removing the caps on the keyboards and making them completely
alphabetical, losing them, etcetera.  We asked if they would consider an
alternative.  We found a better keyboard for them.  The caps could not
be removed.  It had three times the warranty.  It was less than one
third of the price.  Finally, it would also work with other machines
they had so they could use one keyboard as a replacement for nearly all
their equipment, when they used to have to stock multiple keyboard
-----The US Department of Energy wanted to enhance some highly secure
networks so different sites could share lots of classified information
safely.  The project manager was presented with a design by her internal
network engineers.  She then called on Iron Horse to review the design.
 We discovered unnecessary bottlenecks and unneeded equipment which
would save the DOE $360,000 in purchase costs and over $25K per year in
maintenance costs.  The project manager was happy with that result until
we pointed out that the data did not have to be moved in the way they
thought it did, exposing potential savings in the millions of dollars.
Our cost to the DOE for the analysis was $1100! Maybe we should have
asked for a percentage of what we saved them?!
-----It is often a terrible idea to buy software from a manufacturer and
have it preloaded on a machine.  The software licenses supplied on these
machines are "locked" to these machines (OEM licenses).  You are
prohibited from moving that piece of software to another machine.  It is
much more difficult to create a standard image for desktops and have it
load up with the correct license keys if you are using licenses that
lock you into individual machines.  OEM licenses often have no support
from the software manufacturer.  The software manufacturer "forces" the
machine builder to provide that support to you (good luck with that).
Even the free software preloaded onto a system can cause real problems.
You can see enormous performance improvements on some machines by
removing preinstalled software that you will never use.  Sometimes
preinstalled software causes incompatibilities or crashes or makes
installing other pieces of software more difficult.  The time it takes
to reconfigure a new machine to fit a user may not be that big a deal
for the home user.  In a business, however, you want to be able to drop
a machine on a desk and be able to produce something on it right away.
Any additional amount of configuration and maintenance time will raise
your support costs and keep your users from working (another cost).
Rather than rework a preconfigured machine that doesn't fit your needs,
you may want to purchase a machine with a blank hard disk.  Computer
manufacturers can also load a reference image you give them so that most
of the software configuration is done when it reaches you.
The lesson?  Take the time to listen to other inputs.  Rather than
buying SOMETHING, consider buying something different, doing something
different, or (knowingly) doing nothing to arrive at your best answer.

©2007 Tony Stirk, Iron Horse