IT Blog

Explore the NanoSoft IT Blog for valuable insights and thought leadership on industry best practices in managed IT services and enterprise IT trends.

What is an algorithm, anyway?


“The Algorithm” is impenetrable. It’s mysterious, it’s all-knowing, it’s omnipotent. Except that it’s not.

An algorithm is a simple concept that, today, has many complex manifestations. Algorithms’ central and opaque position at the heart of social networks like Facebook cause some to view algorithms in general with a sort of mystical reverence. Algorithms have become synonymous with something highly technical and difficult to understand, that is either an arbiter of objective truth, or, on the other end of the spectrum, something wholly untrustworthy.

But when people refer to “the algorithm” — whether Facebook’s or another tech company’s recommendation algorithm, or just “algorithms” in general — do they really know what it means? Judging by how widely the term is used and misused, most likely not. As Mashable embarks on our exploration of algorithms, we wanted to get something straight right off the bat: What is an algorithm, anyway?

Mashable spoke with Pedro Domingos, a computer science professor at the University of Washington who has also written a book about the ever-growing role algorithms play in our lives. Before you go being alternatively impressed by or distrusting of the next computer algorithm you encounter, get back to basics on the concept that’s powering our world.

1. An algorithm is a set of very specific instructions

How to bake a cake, find the sum of two plus two, or even run a country according to the U.S. Constitution are all examples of algorithms. Why? Because, according to Domingos, the definition of an algorithm is “a sequence of instructions.” That’s it!

Today, an algorithm usually refers to “a sequence of instructions that tells a computer what to do.” A computer program is an algorithm, written in a computer programming language, that a computer can understand and execute.

Algorithms written for computers also have to be extremely precise, often using the instructions “if,” “then,” and “else.” For example, a self-driving car might run on an algorithm for navigating that says “IF the directions say turn left, THEN turn left.” See how specific you have to be to make a computer follow a seemingly simple set of instructions?

In the popular imagination, recommendation algorithms have come to dominate our idea of what an algorithm is. That is, when many people think about or refer to algorithms, they’re referencing something like what TV show Netflix thinks you might like, or which international travelers belong on the no-fly list. While these are extremely complicated algorithms, at their hearts, they’re still just a set of instructions a computer follows to complete a specified task.

“With computers, the algorithm can get vastly more complex,” Domingos said. “Addition is an algorithm that’s defined in a few lines of text. Computers can have algorithms that take millions of lines to define.”

2. People wrote and used algorithms long before computers even existed

As early as the Babylonian era, humans were writing algorithms to help them do the mathematical equations that allowed them to manage their agricultural society.

“There were algorithms before computers, because you don’t need a computer to execute an algorithm, the algorithm can be executed by a person,” Domingos said.

Algorithms using computers first rose to prominence in the mid-20th century, when the military began writing formulas for, say, determining where to aim a missile at a moving object. The concept then moved into business administration, with computers running formulas for administering payroll and such, and in science, for tracking the movements in the sky.

A turning point for modern algorithms came when Larry Page and Sergei Brin wrote the Google PageRank algorithm. Instead of just relying on information within a page to determine how relevant it was to a search term, the search engine algorithm incorporated a host of other signals that would help it surface the best results. Most notably, how many other links pointed to the article, and how reputable those articles were, based on how many links pointed to those pages, and so on. That was a powerful sign of relevance. And the rest is history.

WATCH: This is how algorithms work

3. Today, you can find algorithms everywhere

While we might think of algorithms as mathematical equations, algorithms, according to Domingos, “can compute anything from anything, there might be no numbers involved at all.” One prominent and extremely complex algorithm is the algorithm that governs the Facebook News Feed. It’s an equation that Facebook uses to determine what pieces of content to show its users as they scroll; in other words, a set of instructions to decide what goes on the News Feed.

“There’s no end of things that Facebook could put on your News Feed but it has to choose.”

“There’s no end of things that Facebook could put on your News Feed but it has to choose,” Domingos said. “And it’s usually a combination of things like how much do you care about the people that produced directly or indirectly that post? How close are they to you in your social network, how relevant it is in its own terms because of the subject, and also how recent.”

Facebook, Google, Amazon, and other big tech companies all rely on algorithms to serve content and products to their customers. But there are also algorithms throughout your life that you might not be aware of.

For example, Domingos explained that an algorithm governs how your dishwasher knows when it’s time to transition from washing to drying, or how your car regulates fuel intake and knows when its tank is full while at the gas station, or how shadows appear in a digitally animated movie to perfectly replicate the sun in the real world.

“Clearly, every time you interact with the computer, or you’re on the internet, there’s algorithms involved,” Domingos said. “But these days algorithms are also involved in just about everything.”

4. The most complex algorithms use machine learning

As we learned, an algorithm typically has to be written in “excruciating detail” for a computer to understand what to do. However, that’s not the case when the people who write algorithms incorporate machine learning — a type of artificial intelligence — which leads to the most sophisticated algorithms.

“In traditional programming, a human being has to write down every little detail of what the other has to do, and that is very time consuming, very costly,” Domingos said. “Machine learning is the computer discovering its own algorithms instead of being told what to do.”

Put another way, machine learning is when a programmer feeds a program some raw data as a starting point, then submits the end point of what an organized, classified version of that data looks like, and leaves it up to the program to figure out how to get from point A to point B. Consider an onion: A human who knows how to cook can turn that onion from a pungent raw sphere into strips of caramelized goodness. In a traditional algorithm, a programmer would write every single step of the cooking instructions. But in an algorithm developed by artificial intelligence, given the end point as a goal, the program would figure out how to get from raw to caramelized itself. Hence, the machine learned.

These types of algorithms become even more powerful when a human being wouldn’t know how to get from point A to point B. For example, a human process like being able to recognize that a cat is a cat takes so much complicated brain power that it would be impossible to write out step by step. But by giving a program a bunch of images of a cat, and images that are not a cat, and showing the desired endpoint as categorizing a cat image as a cat, the computer can learn to execute that process itself.

“It’s the computer learning to program itself instead of having to be programmed by people.”

“It’s the computer learning to program itself instead of having to be programmed by people,” Domingos said. “This, of course, is extraordinarily powerful when it works, because now you can, you know, create very powerful, very complex algorithms with very little human intervention.” It’s also very funny when it doesn’t work.

5. Despite the term’s recent cache, algorithms aren’t magic

Thanks to the sheer amount of data algorithms process, it might seem like they’re all-knowing mystery boxes built to reveal secrets. However, remember that an algorithm just means a set of instructions. What’s more, humans create algorithms, which means they can be flawed.

“There’s also a lot of misconceptions about algorithms, partly because people don’t really see what’s going on inside the computer,” Domingos said. “A very common one is that people think that algorithms are somehow perfect.”

Domingos explained that programmers spend enormous amounts of time fixing mistakes in algorithms so that the lines of code produce the appropriate results. However, humans don’t always catch those mistakes. What’s more, an algorithm is based around the output a human wants to see, or what that human is optimizing for. Take a hiring algorithm, which ostensibly should find the best candidate for a job. If a human sets the instructions to look at qualifications that aren’t necessarily relevant to a job (say, university pedigree), just because the algorithm then says “candidate A is the best person,” doesn’t make it the truth.

Often, that’s because of bias. And problems with bias can get even worse with algorithms that utilize artificial intelligence.

“In traditional programming you have to worry about the biases of the programmer,” Domingos said. “In machine learning, mainly, you have to worry about the biases that come from the data.”

For example, a hiring algorithm powered by machine learning might use as its starting point a bunch of resumes of candidates, and as its output the resumes of people who were hired in the past. However, most tech companies are not racially diverse. So an automated algorithm that makes hiring recommendations could mirror that real world inequality.

Studies have shown that artificial intelligence can mirror the gender and race stereotypes of the humans that train them. In one study, an algorithm that produced word associations used the entirety of the English language on the web as its training data to learn associations between words. Thanks to the biases that exist in our world, the algorithm determined that female names were more associated with the arts, while male names were more associated with math and science. Studies like these show that algorithms are not inherently neutral, perfect, or malevolent: They simply do what the humans and data that train them say to do. In short, they’re just as flawed as we are.

6. Algorithms are ushering in a technological revolution

Algorithms may be imperfect, but they are nonetheless transforming our world.

“All these things that we take for granted like the web and social media, and on and on, they wouldn’t exist without algorithms,” Domingos said.

“Algorithms are doing for mental work what the Industrial Revolution did for manual work.” 

As these automated sets of instructions become more and more widespread — from your dishwasher to the government’s supercomputers — humans have the ability to exercise our knowledge more quickly and efficiently than ever before. Domingos views that as nothing short of revolutionary.

“Algorithms are doing for mental work what the Industrial Revolution did for manual work,” Domingos said. “Algorithms are the automation of intelligence. And if you think about that, this is a very powerful thing: to do something that used to take, you know, human thinking and labor to do, now can be done by an algorithm.”

Algorithms are here to stay. But how we design them — biased or equitable, helpful or harmful — and how much we unquestionably accept their presence, is up to us.

Improving lives with technology – HSE lighthouse project

The ‘Lighthouse Projects’ are in the clinical disciplines of the chronic diseases Epilepsy, Haemophilia and Bipolar Disorder. The epilepsy Lighthouse project is a partnership between a number of organisations – RSCI, HSE, eHealth Ireland, Epilepsy Ireland, Beaumont Hospital and Ergo. There are many positive outcomes and benefits for patients as well as healthcare professionals associated with using information technology within health.

The Challenge

Providing Individualised Services and Care in Epilepsy (PISCES) is a Lighthouse Project with a number of partners including HSE, eHealth Ireland, Epilepsy Ireland, RCSI and Beaumont. In the past there was no way for patients, academics or clinicians around Ireland to record their medical details electronically which created numerous problems.

The Solution

The PISCES Project is about using technologies to promote a model of precision, proactive and personalised healthcare for the more than 40,000 people with epilepsy across Ireland. The solution developed is an Electronic Patient Record (EPR) and Patient Portal App focused exclusively on the needs of epilepsy patients. The patient portal is a mobile-first, cloud-based solution. No matter where care is delivered, information can be collected, added to the care record and accessed by the care team regardless of geographic location or care setting. The project also involves the development of a BI solution which enables clinicians to securely use aggregated patient data to analyse and gather insights for the wider patient community to inform future care and population health.

Clinicians now have a streamlined view of patient information through the Electronic Patient Record (EPR) – a single source of truth where all patient medical information can be recorded and accessed from anywhere nationwide. As part of the EPR, genetic data can be easily interpreted, and documenting decisions and agreed actions has been simplified.

Via: ErgoGroup.ie

Tips to make your workforce a security front line

Cyber security is something that is constantly on our mind here at Unit. This is because, according to Bloomberg, cyber security related issues costs companies around $400 Billion a year on average.

One of the easiest ways to curb these losses in your business is to train your employees to create a more secure email environment. Staff plays a crucial part in the security of your company, and employees who are unaware of the onslaught of cyber threats are a liability to the safety of your company’s data.

It is therefore of utmost importance that they are always up-to-date on the best procedures to keep the company safe.

In an effort to save you and your company from the horrors of a cyber-attack, here is a list of tips that help safeguard your business.

  • Never open links or attachments from unknown persons.
  • Don’t respond to emails that request a password change and require you to divulge personal information — no matter how official the source appears.
  • Ensure antivirus and anti-spy software is updated on your computer.
  • Encrypt any emails containing sensitive data before sending.
  • Don’t use your company email address to send and receive personal emails.
  • Don’t automatically forward company emails to a third-party email system.
  • Create strict standards for company-related Mobile Device usage

Mobile Devices have become an important tool of the workforce, and with them comes another wave of cyber threats. Making sure your employees have password-protected devices, encrypt emails, and download approved security applications to help keep the mobile data safe is very important.

Unit offers Mobile Device Management that will help with many of these safety features, including the ability to remotely wipe mobile devices. Contact us for all your security or Office 365 needs.

Scan & index manager delivers productivity at beaumont hospital

Beaumont Hospital is a large academic teaching hospital 5km north of Dublin City centre. They provide emergency and acute care services across 54 medical specialties to a local community of some 290,000 people, while employing over 3,000 staff.

The Challenge

An inefficient filing system at Beaumont hindered healthcare workers who needed to be able to access patient records quickly and easily. Staff reverted to keeping paper records that were stored off-site. If a doctor or nurse needed to see them for a returning patient or if they were needed for a legal claim, then the file had to be physically retrieved from the archive and collected by courier; a time consuming process.

The Solution

With Ergo’s Scan & Index Manager documents were digitised and indexed in Microsoft SharePoint for easy search and retrieval. Implementation was risk-free and well planned because Ergo built the system at its headquarters first, replicating the Beaumont environment off-site before deploying it into the hospital.

The implementation of Ergo’s Scan and Index Manager system has delivered tangible productivity gains and cost savings for Beaumont Hospital. Doctors, nurses and administrators have robust systems that enable them to retrieve files in around 10 seconds compared to 30 minutes with the old system.

Via: ErgoGroup.ie

5 creative ways to address gaps in IT resources and talent

In a recent Indeed survey of more than 1,000 hiring managers and recruiters, more than half (53 percent) of respondents have hired tech talent despite candidates not meeting the job description requirements. That may be a good thing for businesses in need of IT resources to fill gaps in their talent pool. While that alludes to the fact that businesses are working hard to meet their needs for IT talent in what must be creative ways, here are five of those ways that businesses can employ to fill the gaps in IT resources and talent.

#1: Training People with Transferable Skills/Hiring Recent Grads

Businesses can meet their IT needs by training people within the organization who have transferable skills: for instance, an IT-savvy employee who can learn a new computer language to meet the job requirement. Bringing interns into the organization is a perfect chance to feel out a cultural fit—their ability to learn and adapt and measure how they’d work with the existing team.

Another way that businesses can fill tech roles by turning to internal training to fill talent gaps is by hiring college graduates with two- or four-year degrees in computer science or even technical trade school graduates. This requires growing them into the level of mid-level techs who bring value, which can take a year or more.

#2: Support and Mentor Programs

Companies having a hard time finding tech talent should create a mentor program and work with more junior IT team members to put them on a skills track. The first six months of the mentor program is an investment, with team members learning new skills quickly. At the six-month or one-year point, they begin creating value for the company but still need the advice of senior leadership to grow and to avoid pitfalls.

#3: Internal Training, Certification

If you have competent IT generalists but need them to have specific training, it can pay to invest in the certification training that they need as long as they have the aptitude and ambition and are a good fit for the company long-term. The potential downside is that investing in IT personnel training doesn’t always continue to pay off, as they may leave at a certain point and take the training that you provided with them to another, higher-paying job.

#4: Sharing IT Talent with Other Businesses

Another approach that may be possible is that other, non-competitive businesses that you work with, such as vendors or businesses operating in the same building, may have part-time tech staff that you can work with and whose consulting-time costs can be shared with their employer. This may be feasible if your business is relatively small and its IT needs are basic.

It does present some drawbacks, as they may not be available when there is a problem, even though they may be on call. Other challenges are, they may be IT generalists rather than specialists, so they may not have the skills to handle more complex IT needs.

#5: Strategic IT Staffing Through Augmentation.

All of these solutions can be quite costly, and depending on your IT needs, it may be a long time before you see the return on investment at some type of break-even point. In today’s digital era, IT needs are a combination of current network and IT system maintenance, monitoring, and management. Additionally, it is about IT strategy development and implementation for technology solutions that will meet future business needs. This is true regardless of the size of your business, so with part-time IT staff or even in-house IT personnel, their skill sets and numbers may not be sufficient to effectively bridge the IT resources gap.

Gaps in IT can lead to major problems in terms of network downtime, slow business technology processes, and cyber attacks due to poor security patches and software update scheduling. With today’s deadline-driven IT demands and time-compressed project cycles, the ability to augment a core IT staff with on-demand advanced-skills professionals can dramatically increase a company’s competitive advantage.

By having an external managed IT services partner (MSP) to deal with day-to-day IT support, as well as long-term evolution, the organization can tap into highly skilled IT consultative support. The best of these MSPs provide a broad and interconnected suite of services that are bolstered by an understanding of how to develop and fulfill a defined IT strategy that is aligned with business goals and culture.

The support of an MSP can effectively bridge the gaps in IT personnel, as well as tool needs for monitoring, maintenance, security, and vendor relationships for the inevitable investments in new IT solutions. The right MSP can provide all of the specialized personnel you need, when you need them, under a set price contract that can be adjusted for expanding or temporary needs. You also get a consultant that can help you develop a sound IT, cybersecurity, and virtualization strategy to prepare your business for future needs in ways that foster agility, growth, and flexibility.

The top 13 benefits of proactive managed services vs reactive break-fix

Small and medium-sized businesses (SMB) have to juggle many priorities and daily demands. Acquiring and retaining customers. Avoiding inefficiency. Delivering excellent customer service. Managing costs. Hiring employees. Meeting government regulations. Keeping current with industry trends.

Technology can help SMBs streamline their processes, improve employee productivity, and maintain a competitive edge. But technology comes with its share of challenges, especially as mobile devices continue to take over and computing needs rapidly change.

That’s where managed services come in. Defined as specialized IT support delivered according to a clearly described service-level agreement over a fixed period of time for a low and predictable cost, managed services are the safest bet in today’s tech environment. Especially when compared with reactive or break-fix IT services.

Stability and Expertise

Predictable IT costs. Managed services convert variable IT costs tied to the break-fix or reactive mode of support into the stable costs of proactive support. This allows business owners to budget effectively and pay what they can afford on a set schedule rather than getting hit with unexpected bills when tech problems arise.

Legitimate training. On top of hiring and training an IT staff, the cost of ongoing education and certification can break a small business owner’s bank. And if you’re not well versed in the IT world, how can you ensure an IT employee is actually qualified? Don’t let undertrained tech “experts” fool you into thinking they can solve all of your problems.

Real-world experience. And while certifications are important, so is experience. Leading managed service providers encounter very few problems they haven’t seen before, while an in-house IT employee often remains narrowly focused on a small set of problems. You’d rather an experienced doctor solve your physical ailments, right? The same goes for an IT support team.

Reduced Risk, Leveled Playing Field

A safe bet. Since market trends, government regulations, financial conditions, and technologies all change quickly, every business investment carries a certain amount of risk. Working with a trusted MSP that can assume and manage much of this risk for you is a major advantage that comes with specific industry knowledge and years of experience.

A real competitive edge. Most small to medium-sized businesses can’t afford to match the strong in-house support services that larger companies enjoy. Working with an MSP, however, gives small companies enterprise-level solutions by providing the kind of access and expertise that large companies enjoy. Managed cost structures and economies of scale like that can give your company a major advantage.

Compliance that counts. Is your firewall capable of fending off attacks? Do you audit your workstations and servers regularly? Has your company implemented PCI security standards and worked to maintain those standards? Small to medium-sized businesses have more ways than ever to handle commerce via credit and debit cards, e- commerce, wire transfers, and more. But with this increased transaction sphere comes a stronger need for due diligence. Employing a managed services provider allows your business to minimize the risks associated with maintaining client data and other sensitive information, the misuse of which can cause serious harm to your business.

Break-Fix: High Cost, Low Value

“Hey Margaret!” Many small firms deal with IT this way: relying on a non-IT employee to handle day-to-day IT problems. Margaret never asked for this role — it just evolved in her direction. But the impact of her being asked to fix co-workers’ urgent issues is not often calculated; nor is the likelihood that her lack of formal IT knowledge can lead to more expensive repair bills in the future.

“I got a guy.” Small companies that have recognized the flaw in the “Hey Margaret!” support strategy attempt to solve the problem by engaging an experienced technical support specialist on a part-time, fixed hourly rate basis. Yet the “I got a guy” guy may maintain upwards of a dozen part-time clients in order to make a decent living, and he may not always be available when a business owner absolutely needs him. In this scenario, the company does get a more technically competent solution. But it’s also at the mercy of an independent operator with competing demands for his time and attention.

“Call in the Geek Squad!” Since the business owner usually only sees the “I got a guy” guy when there is a problem, mayhem ensues when frantic calls go unanswered. Then, the business owner has no choice but to open the yellow pages and look for help, often settling for the first company that can respond to the immediate need. While these techies may indeed provide relief for failed hard drives and other desktop issues, they often do not have the skills to support complex networks or understand a business’ specific needs.

“Hire an IT person — pronto!” When the lack of immediate availability becomes an issue (or when the “I got a guy ” and the “Geek Squad” fail resolve to an issue), the business owner finally decides to hire an in-house resource that can respond to user complaints. The new hire is immediately handed a long list of issues to resolve. Unfortunately for both the internal IT resource and the company, the list never gets shorter and the internal IT support is forever in “react” mode, responding to the most severe problem and seldom getting ahead.

Managed Services: Low Cost, High Value

Proactive approach = resolution before crisis. Monitoring and maintenance software can identify problems before they affect employee productivity. And everyone can rest easier knowing that resolution occurs before situations turn into “white-hot” emergencies.

Uniform application of the optimal resource. The lowest-cost, most highly credentialed resources are applied to recognized issues first, while bigger problems are escalated to higher-skilled resources tin a fluid and seamless manner so that resolution can be quickly achieved.

Fast response regardless of priority. With multiple levels of on-site and remote IT support available, problems can be addressed simultaneously rather than in sequential order. The proactive approach also ensures the ultimate in responsiveness: resolving issues while they’re still disguised and before they’re detected by the end user. The immediate impact is improved productivity; the longer-term impact is a more tech-literate staff that’s better able to leverage the company’s technology investment.

The Final Word

None of the issues faced by small to medium-sized businesses — relentless competition, technological complexity, the never-ending need to do more with less — are going to disappear anytime soon. So the value of a high-quality, low-cost solution to these issues will only grow. That’s why CMIT Solutions has spent years tailoring a variety of managed services that can help boost efficiency and productivity for your business.

The break/fix approach to IT support has not only failed to meet the needs of SMBs, it has damaged the relationship between technicians and the small businesses they serve. Small businesses feel vulnerable because they don’t understand their technicians’ jargon-heavy language, heavy workload, and unpredictable costs. Meanwhile, technicians feel overworked and under appreciated, locked in a loop of repetitive, high-stress tasks as they run from one crisis to the next, unable to work on more satisfying projects that could offer lasting value to the business.

Only a radical change in IT support philosophy and delivery can make the break/fix model obsolete and deliver greater efficiency and productivity to SMBs at a lower, more predictable cost. Technology is integral to the success of a small to medium-sized business, and CMIT Solutions understands that.

Via: Cmitsolutions.com

Dynamics 365: a game changer for dairygold operations

Located in the rich fertile Golden Valleys of Munster, Dairygold has a long and proud history of producing quality-assured, sustainable gold standard cheese and dairy ingredients. With three imperative divisions that drive and support our farmers and business, Dairygold are able to offer clients and consumers full traceability, unrivalled quality and product excellence.

The Challenge

The central focus of a new CRM system was to allow Dairygold to improve customer and supplier relationships. The Co-Operative was previously dependent of on field staff returning to the office to file a paper-based records of customer interactions.

The Solution

Designed and delivered by Ergo, the Customer Relationship Management (CRM) components in Microsoft Dynamics 365 were identified as the best way to meet Dairygold’s requirements and to garner a better understanding of farmers and their needs. The new CRM system provides Dairygold with relevant information in a timely manner helping to overcome some of the challenges the teams have encountered when working remotely in rural Ireland.

Ergo’s CRM solution has allowed Dairygold to record important items of information, enabling a more enhanced service. All the information is uploaded directly by their staff from any location, solving the challenge of working with customers and suppliers in remote areas.

Via: ErgoGroup.ie

4 ways compsec pros protect their computers

Computer and network security: Everyone knows they should be doing it better, but no one really knows all the best ways to do it. The computer security profession is a large and varied one, so — obviously — opinions vary about best practices and solutions. But believe it or not, everyone agrees on the single-most effective way to keep your computer safe in our digital era: Don’t use a computer.

Unfortunately, that’s not really practical for most people. So instead, we snooped around for what measures computer security professionals use to secure their own machines. (Obviously, one of the best measures is not to release all of your security methods, so we got the cream of the crop.) The skills and knowledge of being an expert computer security professional can take years to learn, but it’s always possible to glean a few tidbits of knowledge from the pros.

Take online security seriously and respond quickly

News outlets were buzzing after an article published on medium.com nailed Panera Bread to the wall for failing to address a massive user data breach for eight months. That breach allowed anyone to view customers’ full names, addresses, dietary preferences, and email addresses. Their IT team didn’t fix it and their leadership didn’t handle it when it was brought to their attention. That’s not exactly the example to follow.

Whether you’re speaking in terms of public relations, data security, or loss of productivity, there’s never been a more important time to take digital security seriously. You wouldn’t leave your car running in a parking lot while you went inside for half an hour, so don’t leave your (and potentially your customers’) data vulnerable online.

Update your software — now, not later!

We were actually surprised by this consensus opinion. It’s so simple, yet, we’ve all been guilty of clicking “Remind me Later” when some program wants to update. There’s a reason that software is updating: Its team of dedicated, expert programmers have patched something. Many times, it’s a security loophole or some part of the program that allows a vulnerability into your system.

With that said, do something you might never have done — read the release notes. Figure out exactly what the update intends to fix, and then head to the forums. See what other people are saying about the risks involved with the update. If you’re already behind a version, then take a moment to weigh whether or not to update to, yes, yet, another version that might also have holes. That’s what the pros do.

Remember when security experts found a flaw in High Sierra? That’s the perfect example. You might have dodged a bullet by not updating, but not without checking the news.

It may be hard to believe that one of the most important lessons of online and network security is performing software updates as soon as possible, but it’s one of the best ways to keep your computer and network safe. It’s almost always a hassle, but it’s definitely always worth it.

Be miserly with your permissions!

Every CompSec pro is privy to the basic, fundamental rule of network security: The Principle of Least Privilege, which basically asks “how few permissions can you give each user?” Yeah, needing to ask your IT team to turn on your speakers because of insufficient permissions is incredibly annoying — no one knows better than the IT team. But by keeping everyone’s permissions as restricted as possible, you minimize potential problems, including your own.

Imagine your network like a house and a hack like a break-in.

Example 1: You have valuables in every room of the house, but there are no doors to those rooms. Whether a thief breaks in through the window, the garage, or by picking the front door, they can get at everything by breaking in once.

Example 2: Every room in the house has a locked door, and all valuables are placed inside safes. If our thief gets into one room, they can’t get to the hallway and into another room, and they might not even get anything out of that room.

Obviously, it seems a little paranoid to live that way. But, let’s face it, CompSec pros are a little paranoid. Keep your “rooms” locked, put your valuables in a safe place, and when you throw a party, close it all up. In other words, administer your network with multiple user permission levels and restrict accesses carefully, based on how few permissions can be doled out.

Prepare for the worst: Do your backups

You know what the scariest part of working in 2018 is? It’s entirely possible that next time you turn on your computer, every file on it could be lost. There are hacks that hold your hard drive irretrievably hostage, there are environmental disasters that ruin your servers… even a simple burglary can make accessing your data impossible. Are you prepared for that?

Performing a backup of essential files and storing that backup somewhere geographically different from your hard drive could mitigate most security failures. There’s a lot to learn about how to keep computers and networks safe, but knowing how to retrieve stolen, lost or hacked files could be a lot easier and maybe just as important.

Update software, backup your data, and restrict user accesses – those three steps alone could potentially save you and your company hundreds of hours and millions of dollars. But in all of these examples, what you and your network security team should be asking is, “Do we even know what our company’s policy is?” These tips don’t even scratch the surface of everything there is to learn about computer and network security, but good security starts by asking questions and finding out the answers.

Last tip: With all that said, don’t feel bad if you’re doubting your company or team is doing enough with security measures. When asked, “What do security professionals do to secure their personal computers?,” almost all network security professionals have the same answer: Not enough. You can always do more, so get started today!

Via: CBTNuggets