When it comes to instant messaging, many organizations allow their
employees to call the shots. In a recent TechRepublic Quick Poll,
members revealed whether their organization has an instant messaging
policy. See how you compare.
Those of you in regulated industries (Financial, Health care, etc.) should
seriously consider putting in place a formal policy regarding the use
of instant messaging in the workplace. Also keep in mind that regulatory
bodies may require that you capture and archive all IM traffic.
Let us know if we can help.
Joe Tartaglia / High Caliber Solutions
If there are any topics you would like to see discussed in the future or
if you have any comments, please contact me at
JoeT@HighCaliber.com
Employer monitoring of stored emails and voicemails is much less regulated
and generally allowed under federal law. Under the ECPA sections codified at
18 U.S.C. §§2701, et seq., employers that provide electronic communication
service may access messages once they are stored in their computer or
telephone systems, without notifying employees of the access.
Best practices include reasonable policy and selective monitoring
As discussed above, the law allows employers to monitor when certain
conditions are met, and most businesses find there are legitimate business
reasons to retain the right to do so. However, any type of surveillance can
cause serious morale problems if not handled appropriately. No one likes to
be spied on, particularly when engaged in personal, nonwork-related
activities, even if these activities occur at work. To reduce these
problems, your best bet is to be up front-- communicate your policy
carefully and clearly, and then monitor only to the extent necessary. The
following five strategies will help your organization prevent abuse while
promoting positive employee relations.
Develop a policy specifically addressing monitoring of employee
communications and educate your employees about it. The policy should:
Clearly state that the computer system and communications services are the
property of the employer
Reserve the right to monitor employees’ electronic communications
Explain the business-related reasons for the monitoring
Describe permissible work-related and personal telephone, e-mail, and Internet use
Prohibit inappropriate use, including: excessive personal use; sending,
accessing, or storing discriminatory, harassing, defamatory, or pornographic
material; duplicating or distributing copyrighted material without
permission; and transmitting confidential, proprietary, or trade secret
information
Include penalties for policy violations, up to and including termination.
Keep the monitoring work-related. If you offer employees a sound and
positive business rationale for monitoring, they are more likely to accept
it as a legitimate work-related tool rather than an intrusion. Acceptable
reasons include monitoring to respond to a complaint regarding policy
violations or to improve employee performance, customer relations, and the
quality of products and services.
Make it reasonable regarding personal use. A policy that prohibits all
personal use is usually both impractical and virtually impossible to enforce
in many employment environments. Similarly, draconian punishments for a
relatively minor policy violation will understandably be viewed as unfair by
many of your employees.
Check state law. If you are in a state that requires the consent of all
parties to monitor telephone calls, consider adding a prerecorded message to
all incoming and outgoing calls to inform nonemployees of potential
monitoring.
When in doubt, give notice and get consent. Remember, monitoring is
always legal when you get consent, so if you are going to monitor employees,
have them sign off on it when they are hired or when you start monitoring.
Monitoring is a tool to be used carefully. Employee monitoring has become more commonplace
and has many legitimate uses. However, overly intrusive practices can create
the negative perception that Big Brother is watching. The solution, therefore,
is to balance your need for protection with your employees’
desire for as much privacy as possible. A policy that embraces the five
components discussed above is a good place to start.
Microsoft's new DPS (Data Protection Server) will provide enhanced data
protection via continuous disk-based backup. DPS is scheduled for release
the second half of 2005. Meant to be used in conjunction with more
traditional backup systems (tape?) DPS also solves another problem with
these traditional systems: the restore process is cumbersome and often
fails too. DPS is ideal for quickly recovering accidentally deleted files.
While DPS is designed to simplify and reduce the backup and recovery process,
it does not provide a lot of features: like off-site replication, failover,
and doesn't support specific high-availability for apps like Exchange and SQL.
What it will provide is:
Rapid and reliable recovery through use of disk-based backup of files stored on W2K, W2K3 and Windows Storage Server 2003.
Continuous real-time data backup, shortening backup windows.
Integration with tape through a (planned) backup interface.
The DPS server makes so called 'point-in-time' snapshots.
You can tell DPS how frequently you want to replicate and
how many snapshots you want to keep at hand. The idea is
too keep a few months of snapshots on disk, and save older
data off to tape. It will support end-users restoring
their own files via a few self-service tools that will magically
appear in WinXP and Office 2003.
Recent blackouts in the US, UK and Italy highlighted the need for a
reliable power supply, particularly if you are looking after critical
electrical equipment. However, catastrophic failures are not the only aspect of a
reliable power supply. You also need to cope with voltage sags and surges,
transients (such as lightning strikes), high-frequency noise, harmonic
distortion and frequency variation, often traced to low-quality power
sources.
Various systems can protect against some of these problems; power
conditioners, automatic voltage stabilisers and standby power systems, but
none offer complete protection for all, except an uninterruptible power
system (UPS) with online dual conversion.
The UPS should be able to support the load for as long as applications
need to be kept running.
The main type of UPS battery used is the Valve Regulated Sealed Lead Acid
(VRLA) type. The VRLA has a 5 or 10 year design life and is maintenance
free. Runtimes up to several hours can be generated from a suitably sized
battery pack or local generating set.
For remote operating locations, consideration has to
be given to where to house the UPS – either in a local building or specially
fabricated structure. With this in mind physical constraints can become more
of an issue in terms of easy access to site, security, environmental and
fire control, and remote monitoring. Typical environmental problems include
temperature control both during the winter and summer months in remote
access cabins which can detrimentally affect the working life of both the
batteries and UPS electronics.
Manufacturer’s rating plates normally state the maximum peak load, the
estimated average running load is usually half this. However, such power
draws need to be considered with future needs in mind. As technology
improves and appliances are upgraded they usually result in a need for more
power.
Although you should never forget that the key factor to consider for a UPS
is reliability, there are a number of technological developments worth
considering, especially in models below 10kVA.
Optimal battery management can be achieved with prolonged battery life
using LRCD (low ripple current discharge) and batteries can be ‘hot-swapped’
to gain prolonged back-up time.
User selectable operating modes: these normally include On-line (where the
inverter powers continuously), Economy (where the UPS supports the load when
the mains fail or the load fluctuates), Smart Active (where the mode is
selected depending on the stability of the mains by the UPS itself), or
Emergency (where the UPS is in standby mode and only operates when the mains fail).
Advanced diagnostics: this means that real time information can be
displayed on critical UPS data such as mains voltage, UPS load and battery
charge. Remote monitoring, control and shut-down software is also available.
This allows remote interrogation of UPS logs and operating parameters, to
enable easy diagnosis of potential alarm and fault conditions. You can also
define and instigate an unattended, orderly shutdown and establish for
example, critical file server shutdown hierarchy.
For complete peace of mind, remote site monitoring services are now
possible from selected UPS manufacturers and specialists to support 24-7
maintenance and response contracts. This service monitors the UPS for any
changes in operation and links up to the UPS customer service team to offer
round the clock diagnostics and support. A service engineer could be on-site
even before a fault situation becomes critical!
Ontrack Data Recovery has unveiled its annual Top Ten list of
the strangest and funniest computer mishaps. The global poll
of Ontrack’s experts uncovered the best examples of bizarre data
disappearances taken from the thousands of recovery jobs Ontrack
processed this year. In all incidences, Ontrack recovered the
data, by either working on the computers or media/storage devices
in their labs and cleanrooms, or by using its patented Remote
Data Recovery technology.
The Ontrack 2004 Top Ten List of Data Disasters
Data Defrost - One man brought in a hard drive in a wet plastic bag. He said
he had read on the Internet that if you place a broken drive in the freezer
it would fix it. So he tried that method and asked the recovery engineers
not to laugh.
Reckless Recycling - One man tidied up his computer folders and
inadvertently deleted the ones he meant to keep. He then cleaned up his
system, emptied the recycle bin and defragged the hard drive before
realizing his error. He now triple-checks files before deleting them for
good.
Rowdy Relatives - A man suddenly found his laptop would only boot up to the
'blue screen of death,' putting his data at risk. A week later, his nephew
admitted that he used its screen as a punching bag to relieve his
frustrations with the slow computer. The man sent his nephew back to live
with his parents.
Digital Disaster at 19,000 Feet - The Polish explorer, Krystof Wielicki,
dropped his digital camera when climbing the Himalayas on his latest
expedition, smashing it to smithereens and damaging the memory card in the
process.
Gone in a Flash - One medical company worker completed 1,200 customer
billing entries - a process that took several days - when lightning struck
the transformer outside the building. Everything was gone, including all the
bills she had just prepared.
Baby Blues - One couple had hundreds of pictures of their baby's first three
months on their computer. When a virus struck their PC, the computer
manufacturer advised them to reload the operating system but they forgot to
save the data.
Construction Calamity - During the construction of a large office building,
a steel beam fell on a laptop computer containing the building plans,
crushing the laptop.
Toilet Trauma - One man became so mad with his malfunctioning laptop
computer, he threw it into the toilet and flushed a couple of times.
Road Kill - A woman placed her laptop on top of her car while she got in.
She forgot about the laptop, which slid off the back of her car, and she
then reversed straight over it and reported hearing a 'crunch.'
Runway Wreckage - A laptop computer was run over by an airplane. Even
Ontrack's recovery engineers don't understand how it happened, but that was
the customer's explanation.
"Computer malfunction remains the predominant cause of data loss, but
careless mistakes that could easily be prevented make up a large percentage
of the reasons we're given for data loss," said Jim Reinert, senior director
of Software and Services for Ontrack Data Recovery. "Data can disappear as a
result of natural disaster, system fault or computer virus, but human error,
including 'computer rage,' seems to be a growing problem."