Does your phone system have an automated attendant and/or voice mail?
Does your phone system allow out-of-the-country calls?
If your answer is either "Yes" or "I don't know" to these questions, you should take a few minutes RIGHT NOW to check your phone system or you could someday be liable for thousands of dollars in long distance charges.
Phone hackers systematically search for an automated phone system. (You may have a live operator or receptionist answer the phone during the day, but isn't it a different story after hours?) When they find one, they methodically search for voice mail boxes and the passcodes to those voice mail boxes, one of which may be yours. Right? The one with the passcode 1234 or 0000? Or extension 3340 with passcode 3340?
The hackers have time on their side, because most businesses are closed more hours than open. Long stretches of night and weekend hours give phone hackers plenty of time to try hundreds or thousands of combinations before they hit the jackpot. And, after succeeding, there's plenty of time for phone calls.
How about an $8000 jackpot over a single weekend? That's the cost of long distance calls a two-person accounting firm faced recently. Most of the calls were to Pakistan and Iran. Some were to former Soviet republics. All were very far away.
So here are some action recommendations:
(1) Require your staff to use "strong" passwords, preferably six or more digits.
(2) Disallow or restrict outgoing international calls if possible.
(3) Delete old, unused or unnecessary mailboxes.
(4) Safeguard all "superuser" or main system passwords and change them frequently.
(5) Ask your long distance vendor about restrictions they may be able to impose.
(6) Review phone traffic from time-to-time.
Tuesday, September 13, 2005
Monday, September 05, 2005
Budgeting for I.T. (part 1)
For many organizations, September and October are the time to plan budgets for the upcoming year. If you are engaged in the budget process and your organization does not employ a full time Information Technology administrator with extensive business and technical credentials, you need outside assistance (to put it bluntly).
Planning for I.T. involves much more than estimating how many new PCs to purchase or when to install upgrades to the accounting system. If those questions come up early in the process, it's likely that you are still thinking of I.T. as a cost center, and are focusing on how to reduce expenditures. This is the wrong approach--even if there's a serious preexisting cost problem.
Nowadays, I.T. is a "productivity center" for your organization. A productivity center has some elements of a cost and a profit center. (For nonprofits, the only way to think of I.T. is in terms of productivity. I hope you're doing so.) And management can "drive" productivity in ways that it cannot influence cost or profit.
How do you begin to manage your I.T. resources as a productivity center? First, conduct a Network Assessment. An assessment should uncover productivity leaks, expose security issues, understand your data management practices and take a look at assets and resources.
In every office, there are productivity leaks. Very often, the reward for fixing productivity leaks is great compared to the cost of ignoring them.
Another important deliverable is to uncover data safety and expose network security problems and prioritize their remediation. These are distinct practices, but related to each other.
More on budgeting for Information Technology in the next post.
Planning for I.T. involves much more than estimating how many new PCs to purchase or when to install upgrades to the accounting system. If those questions come up early in the process, it's likely that you are still thinking of I.T. as a cost center, and are focusing on how to reduce expenditures. This is the wrong approach--even if there's a serious preexisting cost problem.
Nowadays, I.T. is a "productivity center" for your organization. A productivity center has some elements of a cost and a profit center. (For nonprofits, the only way to think of I.T. is in terms of productivity. I hope you're doing so.) And management can "drive" productivity in ways that it cannot influence cost or profit.
How do you begin to manage your I.T. resources as a productivity center? First, conduct a Network Assessment. An assessment should uncover productivity leaks, expose security issues, understand your data management practices and take a look at assets and resources.
In every office, there are productivity leaks. Very often, the reward for fixing productivity leaks is great compared to the cost of ignoring them.
Another important deliverable is to uncover data safety and expose network security problems and prioritize their remediation. These are distinct practices, but related to each other.
More on budgeting for Information Technology in the next post.
Subscribe to:
Posts (Atom)
