Bitch, I am the end user. I am the client. I am the IT department because the company has one employee at the moment. When it's firing on all cylinders it'll have four. But the liability is the same. The problems are the same. The issues are the same. I don't work in IT, don't want to work in IT, don't want to touch IT. But I'm the IT department 'cuz if it isn't me, it's my wife. So I am talking about bouncing between the office phone and the cell phone because HIPAA doesn't care and VoIP, Skype, EHR, it's all HIPAA, it's all on CAT5, and it's all my problem. So talk dismissively about filesystem level snapshotting system and know that me, Mr. I am not good with computer, can successfully recover from the fact that Synology wiped my network stores due to a bug... but that I'm 100% entitled to resent IT workers that get all up in my business for feeling guilty for not wanting to devote my life to learning how to recover data from errant Synology NAS boxes. Because THAT is the issue: I just wanna run my fucking blacksmith shop, but you want me to be prepared for the Inquisition.I never stated anything about your wife's cellphone. I'm talking about server administration.
Unless your blacksmith shop deals in 9.3 million SSNs, none of what I'm talking about nor what I've argued about applies to your business. If your blacksmith shops deals with 9.3 million SSNs, then you should hire tech staff. I'm talking about major corporations who give no shits. I'm talking about Dell, who have repeatedly shown they don't care (internally). I'm talking about Sony, Target, and I'm talking about Home Depot, and I'm talking about all of these breaches that are occurring. These organizations need to be held accountable. You are not a target to hackers, so I don't care what happens to your data. Going back to my rollercoaster/theme park example, your organization is a 10ft waterslide. Unless you built it out of jello I can't imagine a scenario that it matters. This whole article is about healthcare, not blacksmithing, and I focused on the article's field, not yours. I stated that the healthcare industry, IE: Health Insurance Providers who are large organizations, likely have no need to worry about ransomware on their servers because they are large organizations who would be doing many forms of backups anyway. Small businesses absolutely have to worry about ransomware, and I'm not preparing you for the inquisition. If you have to abide by HIPAA because you indirectly provide health insurance to your employees, you are not going to be affected by ransomware either because you are going to be paying another organization to provide the health insurance. They have copies of that data as well. That being said, I don't think the large portions of HIPAA would require much out of your because it's more about the health insurance providers and the health care providers, they are the ones that have the sensitive information like what illnesses people have. IF the law states otherwise, that you have to lock down systems like crazy, I think that's as stupid as you do. What I'm against isn't people who get roped in because they have to, like you. I am against people who intentionally choose IT as their career path, get a degree in IT, get certifications, etc, and then land in a position in a large corporation or government where they get paid some ridiculous salary and then coast to retirement. Everything in your statement made me think that you were in large scale data security operations. When you said blacksmith the first time, I had no idea that was meant literally. My point is working for an organization where you are handling 9.3 million SSNs and falling back on "insurance" and saying "screw technology, we'll just insulate each other legally" is fucking over the consumer harder than anything else. That's why I said I agree with and would recommend data breach insurance, too, just wanted to point out the issues with large corporations falling back on these massive safety nets without looking at or caring about the consequences. Again, I think for the most part we agree with most things in this discussion, it's just constantly that you keep escalating things into personal attacks very quickly, then I fall into the role of defending my positions or attacking you further. It's a toxic mindset to think everyone is out to get you, believe me, I'm the one that has been repeatedly treated for it.
I don't think you're out to get me. I think you're reciting the archetypal brogrammer whistle-in-the-dark litany of tragedy-befalls-the-incompetent. And I think you honestly have no idea why it's pissing me off, and I think that's what's wrong with the IT industry. Are you ready? Those of us who can't just whip out a "filesystem-level snapshotting system" (or worse: those of us who have one, have been forced to recover one multiple times and know how peril-fraught that endeavor tends to be) know we're incompetent. We know that tragedy will befall us. But when you live by this mantra of "those who are prepared suffer no slings and arrows" you are A) accusing us of being unprepared B) insinuating that the misfortune we know is just around the corner is something we DESERVE. Here's what I know: for every needlessly open port in a corporate firewall, there's a pointy-haired boss whose golf buddy told him he could run a Minecraft server on DSM. That's the problem with insisting that proper hygiene will save the day: you have to enroll THE ENTIRE COMPANY in either (1) understanding and conscientiously practicing IT pro-level hygiene or (2) locking all your shit down to the point that nobody can accidentally let in the monster. (1) is bullshit. You're arguing that strenuously. I keep pointing out that I shouldn't have to know this shit and you keep pointing out that there, there, I don't have to, this is a monster with bigger teeth than I need to worry about. So clearly, the idea that all of us need to be 100% on the IT tip is ludicrous. But (2) is bullshit, too. Your users are going to make mistakes. Nerf up their world to the point where they can't and they'll resent the access control. They'll evade it. They'll defeat it. And then there'll be that pointy-haired boss, who needs you to blow a hole in the firewall so that he can install something tedious like a whatsapp desktop client so he can liason with his overseas paramour without his wife scanning his Facebook Messenger. And you have no power over that guy. He'll fire you. So now your perfect hygiene has been blown to shit. And now the port is open. And now the network is exposed. How compartmentalized is it? Compartmentalized enough? How deep can they get? Worked with a guy. Not a bad drafter. Goofball. This was at a company, back in the early '00s, and our IT guy/AV consultant/My Boss determined that in order to avoid viruses, we wouldn't be allowed to use the Internet from our desktops. Draconian? Sure. Effective? Well... "Bob" managed to look up on his lunch break how to poke a hole in the Windows firewall so he could stream internet radio from this one station. And we all knew it. My boss knew it. But we let it go. Until we got a virus that ate half our work product and of course we were on LTO that didn't come back from the dead. Bob got fired. Not because he was bad at CAD but because he'd poked a hole in the firewall. Two months later we figured out that Bob had fuckall to do with the virus; the head of the company had opened a .exe attachment (see, we were forced to run Pegasus Mail because it's invulnerable to AciveX... right? riiiight). Had the head of the company been told not to open .exe attachments? Yer damn skippy. Was our data still gone? Hell to the yes. You think we hired "Bob" back? And see, you don't even know what you're talking about. I've said more than a few times that it's my wife's medical office I care about. I've said more than a few times that ransomware fucked up a few hospitals because they were running DSM. I've pointed out that I'm running Synology at home. Know what advice we got when Synolocker hit? "Turn off your Diskstations." Let's hear it for high availability. So here I am - in the medical field, providing IT, attempting to keep our noses HIPAA-clean, and being told - BY YOU - that you don't need to worry about ransomware because it only fucks with the unprepared and those of us small fry who are facing the exact same problems on the exact same scale as Sony shouldn't be offended when you excoriate companies for wanting a non-technical solution to a truly intractable problem. How big do you think Home Depot's network is? What does the topology look like? How many points of access are there? How many weaknesses, cloned across a million stores? And does any of that even matter? Every.Single.Phone.Hack has been the result of social engineering. 'nuther story. My father built the first network the Department of Energy ever had. Literally soldered comparators onto the Nixie sockets. And for all my memory he's always been arrogant about security. It's not like he's got the launch codes but he's got some shit. He's got monitors that still run CPM and he's got them on the network - there's a dual dialup setup with a ciphered timetable that pokes a hole in the firewall for 15 seconds at some point during the day and squirts his data in. It's as close to airgapped as you can get. Some shit from his division got out anyway. How? One of his physicists had TS:SCI on a laptop at home and meth-heads broke in and stole it. They found it in a trailer park 30 miles away. I'm escalating things into personal attacks because you don't get it. Your attitude is why, as a profession, nobody likes IT professionals. On the one hand, you insist that we need not be competent. On the other hand, you insist that competence is the only ward against tragedy. It's patronizing at best and delusional at worst. For every massive hack there's an employee who thought he was doing the right thing... and an IT professional exasperated by the idiot lesser minions he's forced to interact with.
You never once said that. Twice you claimed it was a blacksmith office, and other times you said it was an "office". You continuously put words and arguments into my mouth. Every argument you've ever had against IT including the ones you just stated I've had myself against other IT workers and I've tried to explain that. The only thing you've gotten right is that I think that if you have sensitive data, you should protect it. Because sensitive data is like a loaded gun. If you have a loaded gun, you should be trained to use it properly without killing people accidentally. That's not a controversial statement even to gun nuts. I've witnessed what improperly used sensitive data causes. It turns people living in houses into people living in the streets. Personal attacks are not what a place for civil discussions are for, which is what this place is supposed to be about. You paint me into a corner that I don't really occupy, and then you attack me relentlessly and I have to defend myself with equal force. Even if I were to say something that were disagreeable, it's not a proper way to have a debate. You and other people keep turning "debates" into these venting sprees where you group whatever select group of people you once had a bad experience with and say it's the whole group's problem. Muslims, black people, white people, police, whatever. Our civilization has completely lost it's mind, and the diagnosed insane people are sitting on the sidelines thinking, "why are we called insane again?" I'm done with this, and I'm done with you. You can say it's because it's my attitude or I'm an elitist asshole I don't care. You can turn all of Hubski against me, I don't care about that either, because Hubski isn't the place for civilized debate that it claims to be. It's Reddit and Twitter with a different skin. Welcome to my hush, filter, and mute lists. Because that's what it's for: trolls. I'm done feeding the troll. And I'm done being bullied around.I've said more than a few times that it's my wife's medical office I care about.
I'm escalating things into personal attacks because you don't get it. Your attitude is why, as a profession, nobody likes IT professionals. On the one hand, you insist that we need not be competent. On the other hand, you insist that competence is the only ward against tragedy. It's patronizing at best and delusional at worst.