IN THIS ISSUE
One for the Record Books
featuring Joe Roberto,
Don't Get Taken by Brute Force
Tana's Tech Tip
VCK-SQL Data Entry Webinar: Register today!
Who Should Receive
"The ASI Archive"?
If you know someone at your office who should be receiving "The ASI Archive," please take a moment to register them and we'll be sure to add them to our distribution list.
Tana's Tech Tip
Shedding a light on....Lights
LED lights that is!
ASI's mobile computer of choice, the Intermec CN3, uses a variety of LED lights on the device itself to indicate performance status.
Here are some you should be aware of:
A Green LED indicates:
The CN3 has successfully decoded a barcode.
A Blue LED indicates:
The CN3 is suspending or resuming with the display turned off.
A Blinking Orange LED indicates:
The CN3 is notifying you of a pending alarm or message, such as a calendar alarm.
Click here for more examples and a better understanding of LED status indicators. The full CN3 Help Manual is also available on the ASI website in the User Area of the Support Section. Please note your username and password are required to access this area. If you have additional questions or would like more information about the CN3, an ASI Support Specialist will be happy to help you.
Register for ASI WebShare Webinars
WebShare provides ASI Users with online webinar training sessions including step-by-step instruction and review of neat features offered by ASI's many records and information management software solutions.
Register today for the next WebShare webinar.
VCK-SQL Data Entry
November 16, 2011
10am-11am & 2pm-3pm EDT
Visit the ASI Learning Center for loads of educational and support information available online and onsite.
November 2-4, 2011
PRISM/NAID/ARMA Joint European Conference
November 7-9, 2011
ASI Learning Center
Loads of educational and support information available online and onsite.
issue you need assistance with? Get help today by visiting our
online Support Center with FAQ's and more. Don't see an answer
to your problem? Create a support trouble ticket. One of our
support staff will respond within 24 hours, plus you can view
the status of your support question at any time simply by
Are you using
ASI Mobile Yet?
Email to find out how you can benefit from arming your drivers with technology.
THE 411 ON ASI
Please send any payments, hardware and
other correspondence to:
Andrews Software, Inc.
W. Snowville Road
Cleveland, OH 44141
One for the Record Books
Scott Bidwell, President/COO
As I made my way to the convention center for the ARMA Expo last week, I was thinking how appropriate it was that the ARMA Annual Conference & Exposition be held in Washington, D.C., a city whose information output is known to far exceed what can reasonably be absorbed. Whether the majority of the information holds much relevance is up for debate. Of course, it is the substance and format of the information that determines how it is to be handled from a records and information management perspective.
This is an area where I think ARMA really delivers for its members. This year's event featured compelling conference sessions and found creative ways to share the latest information on RIM practices and protocols with attendees. As an exhibitor, ARMA's Annual Conference provides a unique event where Andrews Software is able to showcase its software solutions and connect, not only with records center, media vault and shred company owner/operators, but also have an opportunity to engage directly with THEIR customers – conversations that can often lead to more meaningful software features and enhancements for the RIM service providers who comprise our target market.
Next week's calendar includes another event of distinction, the PRISM/NAID-Europe/ARMA Joint Symposium in London, England. We're proud to not only be attending the event as an exhibitor, but also as a sponsor, along with other vendors of note such as this month's Gimme 5 interviewee, Joe Roberto of Shred-Tech. We'll be enthusiastically sharing and also absorbing information pertinent to a growing and maturing European RIM market. We hope to see you there!
Back to Top
Gimme 5 with
Joe Roberto, Shred-Tech
This month's "Gimme 5" expert is Joe Roberto, Vice President of Sales and Marketing for Shred-Tech where he
oversees the company's worldwide sales and marketing initiatives and dealer activities.
We asked Joe to address some of the key factors facing shred operators today from security to environmental concerns and beyond. Whether your business is mobile or plant-based, you're sure to gather fresh insight from his perspective.
1. The privacy and security of records is one of the top critical issues for business today. Can plant-based and mobile shredding address security concerns equally effectively? If not, why? If so, what are the key equipment features and best practices that help ensure the security of records being destroyed?
Many feel mobile shredding provides a higher degree of security, mainly due to the fact that the document destruction is done onsite without the potential exposure and risk that may occur during transportation or when sitting in a warehouse. Although onsite shredding may offer some clients greater peace of mind, in reality, when proper protocols and procedures are in place, both plant-based and mobile shredding are extremely secure. Clients of plant-based operations should know how their information is being transported and when the shredding will occur. For both, the type of machinery being used is important. We’re also seeing more requests for smaller shred sizes so advising clients that their information is shredded in accordance with industry-recommended guidelines is critical. At the end of the day, it’s up to the owner/manager to ensure the shred operation has industry-standard processes and protocols in place and educate their clients and prospects on what these are and why they matter.
2. Shred-Tech has provided state-of-the-art destruction systems and equipment for nearly four decades. Over the years, what factors have affected the most change in how the destruction industry does business?
Number one would be government legislation. Businesses are held more responsible for protecting the information they create or collect. The destruction industry has stepped up to respond to these increased regulatory requirements that affect how the industry and its clients conduct business. A second factor would be the role of media in building awareness. Stories of corporate espionage and identity theft have brought privacy and security concerns to the public’s attention, which has drawn attention to the importance of secure destruction services. I’d also say that the expansion of large, multi-national corporations into document destruction helped legitimize the industry for the business community.
3. You mention legislation being a critical factor in how the industry does business. What are the key pieces of legislation that shred operators should be paying attention to and educating their clients about?
I suspect most shred operators are aware of HIPPA, FACTA, and so forth. I think it’s perhaps more important that a destruction company ensure its employees are educated on legislation and the value and importance of secure destruction practices. We have found NAID to be a critical part of this for our company. Each Shred-Tech sales associate is put through NAID’s Certified Secure Destruction Specialist (CSDS) accreditation. The value is that, while the employee becomes more informed, it also demonstrates an in-depth knowledge of all aspects of the secure destruction industry to clients and prospects. This helps them feel more confident and secure that they are working with a professional shred company.
4. The green initiative presents challenges as well as opportunities for the shredding industry. There must be a number of ways the industry is able to tackle this issue for positive environmental returns, but also as a selling point. What are some of the equipment features that can assist a shred operator in its own green initiatives?
Whether its paper, wood, plastic, etc., today and since its beginning, the destruction industry works hand–in-hand with recycling. There are specific ways the industry continues to minimize its environmental impact, particularly emissions. With EPA 2010, manufacturers are doing everything possible to reduce emissions, for example, increasing shredding throughput with minimal increase in power requirements. It took 9 gallons of fuel to shred 2,000 pounds (1 ton) of paper per hour on an old International chassis used in the mid-1990’s. Today, we can shred that same amount of paper using just over 2 gallons of fuel and the Shred-Tech MDS-35GTR model will shred even more using less than 2 gallons per ton shredded. The benefit is reduced emissions per ton shredded. Features like predictive idle, which detects an empty hopper and automatically shuts off the engine also lower emissions and reduce fuel consumption. These are features that shred operators probably don’t mention to their customers very often, but they can be quite impactful. It also gives the customer or prospect another good reason to do business with that particular shred company.
5. This is one of the toughest, most unstable periods for business, particularly in the U.S., but globally as well. Are you willing to make any predictions regarding the future of the industry?
The document destruction industry has proven to be reasonably recession-proof and resilient. This is due, in part, to the fact that it is seen as more of an essential service. Not a lot about destruction is seen as discretionary, with the exception of purges which can be delayed if necessary. My forecast is that there will be ongoing consolidation. Large companies will continue to grow larger, but there will always be the next wave of entrepreneurs getting into the business. I don’t expect that growth will continue at the same pace as was seen from 2001-2007. I do think the industry will grow at a faster rate than the economy overall, which is a great reason to get into this business.
We'd like to thank Joe for sharing his insights and information. If you'd like to learn more about Shred-Tech, visit www.shred-tech.com. Joe can be reached directly at firstname.lastname@example.org or visit with him at the upcoming PRISM/NAID-Europe/ARMA European Conference next month where Shred-Tech UK is both an event exhibitor and sponsor.
Back to Top
Don't Get Taken by Brute Force
Earlier this month, Sony Corporation announced that 60,000 PlayStation and 33,000 Sony Online Entertainment network accounts had been compromised by a massive brute force attack. This isn't the first incident for Sony. In April, the company suffered one of the biggest data breach incidents (by volume of records) in history when a far more damaging hack compromised 77 million account-holders. If a major corporation like Sony is vulnerable to such attacks, what are the rest of us to do?
First, let's define what comprises a brute force attack. In its simplest definition, a brute force attack uses automated tools to discover a password by systematically trying every possible combination of letters, numbers and symbols until they discover the one correct combination that works. They're essentially forcing their way to user-only authorized areas of a system, such as FTP accounts, e-mail accounts, databases, script-based administration areas and root or any shell access.
What can you do to protect your company from a brute force attack? The good news is that brute attacks are easy to detect. The bad news is that they are not so easy to prevent. For example, many HTTP brute force tools can relay requests through a list of open proxy servers. Each request appears to come from a different IP address, so you aren't able to block these attacks simply by blocking the IP address. To further complicate things,
Account lockouts seem to be a logical strategy to thwart such hack attacks, but not always practical since some tools try a different username and password on each attempt, so you can't lock out a single account for failed password attempts. Other techniques you might want to consider are:
- Restrict the amount of login attempts that a user can perform.
- Ban a user's IP after multiple failed login attempts.
- For advanced users who want to protect their accounts from attack, give them the option to allow login only from certain IP addresses.
- Assign unique login URLs to blocks of users so that not all users can access the site from the same URL.
- Use a CAPTCHA to prevent automated attacks (a CAPTCHA is a program that allows you to distinguish between humans and computers.
- Instead of completely locking out an account, place it in a lockdown mode with limited capabilities.
Brute force attacks are surprisingly difficult to stop completely. Attackers can often circumvent many of these techniques by themselves, but by combining several techniques, you can significantly limit brute-force attacks. It's also important that users follow basic rules for strong passwords: use long unpredictable passwords, avoid dictionary words, avoid reusing passwords, and change passwords regularly.
How do you know if your system is being targeted?
Here are some ways you might detect a brute force attack:
- Many failed logins from the same IP address
- Logins with multiple usernames from the same IP address
- Logins for a single account coming from many different IP addresses
- Excessive usage and bandwidth consumption from a single use
- Failed login attempts from alphabetically sequential usernames or passwords
- Logins with suspicious passwords hackers commonly use, such as ownsyou (ownzyou), washere (wazhere), zealots, hacksyou, and the like
Back to Top
If you know someone at your office who should be receiving The ASI Archive, please take a moment to register them and we'll be sure to add them to our distribution list. If you would like to no longer receive the newsletter please click here.