As many of you know, I made the decision several months ago to switch to a totally web-based email system. Of course my preference was Google's Gmail so naturally I went with Google Apps for my domain.

6 months later - I don't regret it at all.

There are just too many advantages to name them all, but let me list a few:

• All my email - everywhere. I have migrated email dating back to 2004 up to Google's servers. This means I can search my archives anywhere I have a connection.
• Searching using the power of Google - Lets just say that searching with other email systems is silly compared to Google's. I can find anything I need quickly and efficiently.
• Labels - only when needed. Rather than put 1 email in 1 folder (traditional way), you can put multiple labels on the same email. Efficient and just works.
• Unbelievably powerful filtering for dealing with email.
• SPAM filtering that is top-notch.
  
• Integrated calendar, RTM Tasks, Chat w/ SMS, Google Docs - shall I go on?
• Ability to easily backup my email using a local client (Thunderbird) or one of several apps such as Gmail Backup.
• Easily export or import contacts.
• IMAP and POP support if needed (for backup, etc).
• Persistent SSL connections now.
  

So far these are the only disadvantages I've found.

• No offline email unless I have a current backup in Thunderbird. Not really a big deal though.
• Attachments are 1 at a time. That can be a pain - but I can always use Thunderbird with IMAP for multiple attachments if needed.

Once you start using Google (Gmail or Google Apps), there is really no turning back. Yes, the interface is simple looking - but that is part of its beauty.

What if Google fails or has an issue?
I periodically backup my email locally and those are backed up online. There have only been a few times that Google has had problems. Compared to previous issues with ISP's, etc, Google comes out a winner again.

Labels: email, gmail, google apps

Well it's been a while since I posted. Between customers, teaching, the elections, deer season, etc, finding time to post has been challenging!

Over the last couple of days, I've received 2 email that almost appeared legitimate for a PayPal Dispute Resolution. To give you some background, I've used PayPal since 2001 and rarely had any issues. Of course, I have a simple rule that I follow since PayPal is not a bank nor FDIC insured:

I don't keep any more money in PayPal than I can afford to lose.

Naturally, PayPal is a large target for scams since they are pretty much the only game in town other than Google Checkout. In the course of using PayPal, I've only had 2 disputes so I am familiar with the dispute resolution process and what the notification emails look like. That is why I did a double-take on these emails.

Of course, I checked out the emails thoroughly, figured out the scam, and decided to blog about them. For good measure, I also logged into my PayPal account just to check, but the important is that I went to www.paypal.com and logged in - not relied on a link in an email!

I've posted on phishing schemes and scams before, but I wanted to caution everyone again. Please be cautious whenever you receive one of these. If you receive one from a bank and you bank online (which you should for safety), then simply go directly to your bank site and login. Call your bank. Don't click links in emails that you don't trust absolutely!

Also, use FireFox and OpenDNS on your computer and home (or business) network. These 2 things will greatly enhance your security.

Labels: email, paypal, phishing

This "white paper" was created to present to several clients of mine. I'm posting it to my blog so that it can be reviewed and maybe raise some questions as to how you handle your home and business information.

PDF Copy Here

Company policy concerning safety and security of data

• How important is your data?
• What is the company policy about sharing data?
• What workers / contractors have access to what data?
• What would you do if that data were leaked to a competitor?
• Do you allow users to surf MySpace, FaceBook, or similar sites? How do you know?

“Over 90 percent of the Webpages that are spreading Trojan horses and spyware are legitimate sites, some belonging to household brands and Fortune 500 companies, Sophos reports. Most have been hacked through SQL injection.” - source: Sophos.com

“Cross-site scripting

AJAX also increases the possibility of so-called cross-site scripting flaws, which occur when the site developer doesn't properly code pages, experts said. An attacker can exploit this type of vulnerability to hijack user accounts, launch information-stealing phishing scams or even download malicious code onto users' computers, experts have said. Big-name Web companies such as Microsoft, eBay, Yahoo and Google have all experienced cross-site scripting flaws on their Web sites.” - source: Cnet.com

"Certification" method to insure all outside pc's (ex: laptops) are clean and malware free

• How do you know if the pc's are infected or not?

• What is the policy on maintaining anti-virus and safe surfing habits?

Secure Backup Method

• What is your backup method?

• Have you practiced recovery from disaster?

• Do you use imaging software to recover the OS and applications?

• Are your backup files secure?

Data Encryption on Laptops and Remote Devices

• Are your laptops and remote devices utilizing data encryption?

• How much is your data worth if it gets into the hands of a competitor or criminal?

There is some evidence that cyber criminals are now specifically targeting laptop users, encouraged to do so by the finding that corporate laptops hold an average $525,000 worth of sensitive data. - source: Bahn, October 2007

Company Email and Consistency

• Do your workers use their personal Yahoo or AOL accounts for email?

• Do you want your clients to have an image of your company with potentially suggestive email addresses? (ex: cutiegirl69@yahoo.com)

• What will you do if a lawsuit and discovery injunction requires that you are able to provide all communications?

Further Resources:

The Growing Importance of E-Discovery on Your Business

http://www.google.com/a/help/intl/en/security/pdf/importance_e_Discovery.pdf

Business Guide to Compliance

http://www.google.com/a/help/intl/en/security/pdf/WP44-BMGuide.pdf

The Impact of the new FRCP Amendments on your Business

http://www.google.com/a/help/intl/en/security/pdf/WP42-FRCP_0107.pdf

Protecting Off-Network/Laptop Users

http://www.google.com/a/help/intl/en/security/pdf/off_network_workers.pdf

2007 Annual Study: Cost of a Data Breach

http://www.ponemon.org/press/PR_Ponemon_2007-COB_071126_F.pdf

Labels: backup, email, encryption