October 23, 2012

Law Practice Magazine

March 2006

Volume 32 Number 2 | PAGE: 20 | BY: Erik J. Heels


Even for the hardiest among us, it's a challenge to keep track of how—or even what—we're doing with the technology in our offices. Try this list of topics to help you gauge the state of things.

I know how to measure marketing: by the sales it produces. I know how to measure administration: by how much money the firm makes. I know how to measure client satisfaction: by how many other people clients refer. But I don’t know how to measure success when it comes to technology. (It’s tough even for a self-confessed techno-geek like me.)

I recently decided I needed something that I could refer to periodically to see how I’m doing technology-wise. I looked for some type of information technology self-audit on the Internet—and failed to find anything useful. So I chose to create my own. But organizing the audit became problematic. So many computer problems, so little time. How might an anal-retentive hacker organize his information technology audit? Alphabetically, of course. So here, with entries from A to Z, are the elements of my information technology audit (which sounds cooler than “IT audit” or “computer audit”), along with recommendations for how to make your own computing life better and safer.

Asset Management. Each piece of computer hardware that you own is an asset. You should keep track of it all, including the purchase date, the price and the relevant features. Putting this information in a spreadsheet or a database will help you plan to replace old equipment before it needs repairing. I keep PCs for an average of about three years, for example, and Macintoshes an average of about six years.

Backup. It is critical to back up your key data, onsite and offsite, in a manner that makes it easy to restore the data if and when you need to. For example, I back up each PC’s “Documents and Settings” folder daily with Connected.com. Whenever a file or folder is accidentally deleted, restoring data with Connected.com is quick and painless. Remember, backups are useless if you cannot restore easily.

Computers. It can pay to keep a spare computer at the ready for emergencies. I enjoy installing, testing and uninstalling software. But on Windows XP machines, the registry will invariably get so messed up that certain programs will no longer run. In the latest instance of this problem, the USPTO’s software that I use ceased working because of registry issues. The only solution was to reinstall Windows, which I opted not to do. The easier course was to replace that computer (it was barely three years old) with two new Dell computers. I now keep one as a development machine, the other as a production machine, and I log all changes to each computer. If you’re certain you can keep your Windows machine from becoming corrupted, Mr. Gates, you probably shouldn’t bother keeping a spare one around.

Desktop OSs. You can simplify your computing life by minimizing the number of operating systems that you have to support. While many people use just a single OS, others like to run multiple ones. But do you really need to run Windows, FreeBSD, Linux and Mac OS? I recently asked myself that question. My long-term plan is to bring my Web and e-mail servers, which are currently running under FreeBSD, in-house and replace them with a Linux server. Until then, I put Linux on the shelf. I can get my UNIX-like OS fix from FreeBSD and Mac OS X.

Emergency Planning. If the sprinklers go off in your building and short out all of your computers, who do you call? If your Web server gets hacked into while you’re away on vacation, does your office know what to do? At my firm, we do not outsource any of our IT support, but we do have IT vendors as backups in case of emergency. As the firm continues to grow, it will likely make sense to outsource more functions as well.

Firewalls. To prevent unauthorized access to your network, you can use a hardware-based firewall, a software-based firewall, or both. There is a variety from which to choose. I personally find Windows Firewall annoying, so we use a hardware-based firewall in my firm.

Gigabytes. How much disk space are you using on your computers? Do you know how much disk space you use per year? Will you have enough during the three-year life of a given PC? It is easy to buy too little—or too much—disk space. The good news is that it is cheap and is only getting cheaper. Terabyte disks are already on the market and are becoming more common.

Hosting. How do you know if your Web site is really up and running today? If your e-mail host goes offline, do you have a contingency plan? It pays to use a service provider with good service and a good track record. I have been using the hosting service Verio for about a decade, and I am always impressed that the company notifies me in advance of even the smallest routine maintenance issues.

Internet Access. I have a router that provides broadband connectivity via DSL with a dial-up backup. That way, if my broadband connection were to go down, I could get my office online via the dial-up backup. I have never had to use a backup Internet access provider, and I could certainly have two broadband providers to minimize the risk of an outage. But I have been spoiled by reliable connectivity (though I keep an AOL disk in my backpack just in case).

Junk E-mail. You can handle spam by having it filtered and deleted on the server. Or you can have it delivered to your client computers and let the computer’s user deal with it. Because I do not want any false positives, I filter all e-mail on the server with the utility SpamAssassin and the Subject lines of subjected spam messages are rewritten. On the client side, Eudora can check for the SpamAssassin-tagged messages and also use its own junk mail rules to filter out spam.

Keys. Who has keys to your office? When were the locks last changed? Have they been changed since you moved into the space? Physical security can be the weak link in any computer security system, yet it is often overlooked as an element of technology management. It does you no good to have rock-solid passwords if someone can walk into your office and walk out with a server.

Licenses. You should maintain hard and soft copies of all your software licenses and receipts. In my technology library, I keep one shelf for each computer (and one box or envelope for each piece of software) with all of this information, so it is easy to find when I need it.

Memory. As with disk space, you should buy what you need, but it is easy to get carried away with buying too much. It is also easy to try to cut corners and not buy enough. I generally have about six applications running at any given time. My old machine had 1.5 GB of RAM, but I was rarely using more than a third of that. My new computer has “only” 1.0 GB of RAM, and (you can check my math) I rarely use more than half of that.

New Software Versions. With the exception of antivirus and anti-spyware utilities (which update and scan daily), I do not automatically update my software when a new release comes out. You can waste a lot of time updating from version 1.4 to version 1.5 of something. My plan for the year is to update systems quarterly. You can use software such as VersionTracker Pro to keep track of program updates, although I’ve found VersionTracker’s user interface to be annoying, intrusive and nonintuitive.

Old Computers. It is less expensive to replace computers every three years than it is to deal with maintenance and upgrades. The best way to get rid of old computers is to sell them on eBay or donate them to charity. Be sure to wipe the hard disks clean before you do so. Also, Dell will let you ship one clunker back to them (for about $25 extra) for each new system that you purchase from Dell.

Passwords. A good password is one that you can remember, that other people can’t guess, and that doesn’t have to be written down. Personally, I have felt like a victim under IT policies that required me to change passwords every so often or required goofy combinations of letters and numbers, sometimes that I wasn’t even allowed to choose. Under such policies, you could always open a co-worker’s top drawer and find a sticky note with the person’s password on it. One good tool that gets it right is the Java Password Generator.

QWERTY Keyboards. Are you using an ergonomically evil straight keyboard? Or are you using a carpal tunnel syndrome-avoiding curved keyboard? (Okay, I had a hard time coming up with the “Q” item.)

RTFM. Your computing quality of life will increase dramatically if you read the ( ahem) friendly manual. You know, there are people who actually document software for a living. You should read what they have to say.

Spyware. In addition to running anti-spyware software daily, you should also update the software itself each and every day. Read the documentation to learn how to run the program from the command line. Then you can set up a “scheduled task” (in Windows) or a “cron job” (in OS X or Linux) to automate the job. Better yet, run two anti-spyware programs. I run Ad-Ware SE Professional and Spybot daily.

Telecommuting. VNC software, which is free and cross-platform, will allow you to remotely connect to one computer from another. You can tunnel a VNC connection over an SSH program to set up a secure way to access work computers from home, which is ideal for telecommuting.

UPS. Are all your computers protected by an uninterruptible power supply in the event the power goes out in your building? If you use laptops, their batteries will provide a built-in backup for power failures, but desktops can be vulnerable. I admit that this issue has been on my “to-do” list for a long time. But we have been spoiled with good electric service.

Viruses. Having a good, up-to-date program to protect against computer viruses needs to be a top priority. Every day, on every computer, I scan for viruses and update the antivirus software. Last year I switched from Norton AntiVirus to McAfee after the Norton software started acting like a virus itself. McAfee is not perfect (it has too many URLs, updates are nonintuitive, and it requires Internet Explorer for some features to work), but it will do.

Wireless Networks. If you’re using a wireless network at work, make sure the network is not wide open. Unprotected networks can be used by neighbors or hacked into by malevolent parties. Change the password from something other than the default password, turn on WEP encryption, and turn off the service set identifier (SSID) so you’re at least not broadcasting the name of your network to the world. (Note: See Dan Pinnington’s Tip & Tricks on page 26 to learn how to configure the security settings on your router.

XML. Do you care about the long-term usability of your data? Are you storing your data in proprietary data formats? Or are you storing it in future-friendly XML-based formats such as those used by OpenOffice, a free replacement for MS Office?

Y2K. Are you still using (or worse, buying) software that the vendor touts as Y2K-compliant? If so, it is time to upgrade.

Zombies. Zombies are computers that are infected with malware (nasty programs designed to disrupt or damage a system), and they are poised to strike at certain times, based on the commands of a malicious hacker. If you have zombie computers in your office, you’ve got problems that even an A-to-Z technology audit can't fix.

Erik J. Heels is the principal of Clock Tower Law Group, a patent and trademark firm in Maynard, MA. He provides news and commentary on the intersection of law and technology at www.lawlawlaw.com.