--> View Past Issues | AutoPower HOME | AutoPower Support
(available stories below)
Today you will meet some of the staff that works for you at AutoPower and get some tips on Computer Security from our VP of Technology, Michael Libbe.
Ever wonder what that person looks like that helps you out or gives you direction on a problem? Ever wonder who they really are? In this months enewsletter we would like you to meet and get to know some the people that work with you and for you at AutoPower.
Recently, Michael Libbe, Vice President of Technology, was interviewed by Truck Parts & Service magazine for an article on computer security. In this months enewsletter we are providing you a portion of that interview.
TELL US ABOUT YOUR BACKGROUND.
I was born in Detroit Michigan. I'm married with 5 children. I received an Associate degree in Business and Accounting from Oakland Community College, BA in Humanities from Michigan State University. I was employed for 20 years as a Programmer/Analyst by clothing wholesaler called Broder Brothers, specialized in Order Entry, I/C and WMS development and support. In my free time I enjoy golf, basketball, playing music with friends and being a Dad.
WHAT DOES YOUR WORK ENTAIL?
As a Support Programmer, we handle the maintenance of our Universe programs. We help our customers keep pace with the changing needs of their business environment. We assist in tailoring our software to meet our customer's particular needs.
WHAT WERE YOUR EARLY HOPES, ASPIRATIONS, AND ANTICIPATED HIGH POINTS THAT LED YOU TO THIS LINE OF WORK?
I saw computer programming as a way to help people become more productive and accurate in the execution of their every-day tasks. Computer programming allows a complicated problem to be solved once and then have that solution applied many times going forward. That potential is what drew me into this profession.
WHAT DO YOU MOST VALUE ABOUT YOUR ASSOCIATION WITH AUTOPOWER?
There are two essential facets of my association with AutoPower that I value the most. The work is challenging and the people are friendly, professional and very team oriented. It has been much easier to be 'The new kid on the block' because of all the friendly assistance I have received from virtually the entire staff. I am very grateful to have been given the opportunity to work with so many fine people.
TELL US A LITTLE BIT ABOUT YOU.
I was born in Los Angeles, but I've been a Florida boy most of my life. I'm very involved with the local community and spend quite a bit of time with my church family. I enjoy playing bass guitar and singing as a backup vocalist on Sunday services and performing with my friends in our band "The Deepest Red". I'm still learning Cello, but hope to be performing that in the next 6 months. As for work, I've been in the technology industry for a little over 7 years now and have had experience in the medical, and banking software industries supporting their technology. When I'm not out performing or working, I can usually be caught out playing paintball, or inside playing video games with my friends. As of late though, my spare time is going towards making my new house into a home.
WHAT FIRST ATTRACTED YOU TO AUTOPOWER?
In two words Tom Hill, I've worked for Tom before at a bank for 2.5 years. I find him to be a man of integrity and a great manager. He cares for his people and takes care of them. So when I found out that there was a position available here at AutoPower, and a chance to work for him again, I applied right away. I knew that if Tom believed AutoPower was a great place to work, then I would definitely want to be there right behind him.
WITHOUT BEING TOO HUMBLE, WHAT STRENGTHS DO YOU BRING TO AUTOPOWER AND ITS CUSTOMER SERVICE MISSIONS TO?
I am without exception, chipper. Nothing daunts me or is impossible to me, and I think that helps a lot when we face great challenges. Being able to go through tough times with a great attitude is so necessary when our work deals with what would normally be considered the negatives of software and computer development. I'm also very quick when it comes to learning, and that is essential here where the customers systems are ever evolving and changing to meet their needs.
WHAT DO YOU MOST VALUE ABOUT YOUR ASSOCIATION WITH AUTOPOWER?
It would be the relationships I have developed with the staff and the customers. Everyone has been a pleasure even in the face of some difficult times and challenges. We all have our rough moments now and then, but overall, we have a good customer base and a good staff.
Q: WHAT ARE THE COMPUTER SECURITY ISSUES FACING OUR HEAVY-DUTY AFTERMARKET?
A: There are many computer security risks in the world today. Arguably the 3 most prevalent issues would include the introduction of viruses, Trojans and worms in a network, unauthorized outside access to a network, and employee theft of information. The introduction of a virus, Trojan or worm is the most common intrusion we see in the market today. Far too many distributors take for granted that they are immune from these destructive programs.
Unauthorized access to a network can come from two primary sources. A hacker can use the distributor's high-speed Internet connection to gain access to their primary business server or to an individual PC on the network. Wireless hacking doesn't get as much exposure in the news media as Internet hacking, but it is equally dangerous. An unprotected wireless network is an invitation for someone to access the network, collect valuable confidential data or introduce a program to disable or destroy the network.
The least acknowledged security risk is employee theft of information. Far too many networks are vulnerable to employees who can access sensitive data and take it with them at the end of a shift.
Q: HOW CAN THESE ISSUES BE PREVENTED?
A: Each of these three risks has a unique set of procedures that should be followed to minimize or eliminate risk. Most businesses have virus protection using a powerful and reputable virus protection software package. However, many of these businesses fail to do the simple tasks required to make these tools work. Many businesses fail to setup the program to automatically update the virus definitions on a daily basis. Businesses also fail to setup the software to automatically scan the PC or server on a daily basis. This daily update and scan is critical for identifying new viruses and stopping them before they can do any damage. Simply loading the software and taking the default settings is not enough to adequately protect a network.
Many businesses also fail to install an adequate firewall to protect their network from intrusion. If you order a DSL or cable circuit for your business, or even a high-speed T1 circuit, it will not come with a firewall. A hardware firewall is the best tool for protecting an entire network. For small businesses with just 1 or 2 PC's, software firewalls are usually adequate to protect their confidential business information. Both hardware and software firewalls are becoming easier for the general public to install, but just like the virus scan software they must be configured for optimum protection for each individual network, PC or server. Simply un-boxing the firewall and plugging it into the network isn't going to give you the level of protection that today's business requires to protect themselves from a serious threat.
Beyond a firewall, business systems should be setup with strong password rules. Passwords should be more than a common word, or worse, the same as the user login. Ideally, password security should be setup to force the user to use 6 or more letters and numbers in a password. You should also setup the password requirements to require letters, numbers and at least 1 special character. These passwords are much harder to crack thereby protecting your system from hackers. Password rules should also be established within the server policies to require that the user change passwords every 90 days and not allow the user to reuse the same password within 6 months.
With the proliferation of Wireless Fidelity (WiFi) connectivity, some businesses have created a functional wireless network to allow their employees to connect their laptops to the system without requiring the usual wiring and connectivity. These networks can be a tremendous productivity booster, but if they are not properly secured, then they are wide open to anyone connecting to your network. All wireless devices have the ability to implement Wired Equivalent Privacy (WEP). WEP is an easy-to-use encryption protocol that provides good security for a wireless network. WiFi Protected Access (WPA) is a step above WEP and provides a more robust and powerful encryption technology to protect wireless networks. With a properly enabled WEP or WPA security protocol on a wireless network, the network is essentially invisible to anyone without the proper passwords to access the network.
Employee theft is a unique security risk because the employee must have access to the network in order to perform his or her job duties. The AutoPower System provides tools to allow the system manager to limit access to certain aspects of the business system or the network. By limiting the menu options that an employee can use, you limit the ability for the employee to learn of business information that is not relevant to their day-to-day job. Further, these limits prevent the employee from printing a customer list, price list or other confidential information and walking out the door with it. These tools are extremely easy to implement and should not be ignored in a company of any size.
Employee passwords should also be changed often. If you assign a password and never change it, that password is likely to become known to more than just the password owner over time. Once a high-level password becomes known, the data it was meant to protect can potentially be compromised. The AutoPower system can be setup to force users to change their login passwords periodically at a given interval. While this may seem inconvenient, it is far easier to deal with than the loss of key confidential data.
Q: HOW SHOULD THESE ISSUES BE HANDLED IF PREVENTION IS NOT POSSIBLE OR PROPERLY IMPLEMENTED?
A: All businesses should have a backup plan in place should any of these security issues befall them. For viruses and hackers, having daily backups is a requirement, but just having the backup is not enough. The business should check the validity of the backup on a daily basis. It is not uncommon for the backup device to fail to backup properly. If care is not taken to verify the backup process has completed and to verify that the tape is good, then the backup may not be available when it is needed. Businesses should also rotate their backup media periodically. Tapes used in a tape backup are only good for about a year or so. They should be replaced annually or when a problem occurs more than once with the same tape. The backup is only as good as the media, which it is stored on.
Distributors should also keep the most recent backup tape offsite overnight. If your building suffered from a fire or flood, new hardware can be brought in fairly quickly to help recover the business. However, if the daily backup is lost in the fire or flood, then the business has to be completely rebuilt from manual records. In the case of both a fire and flood, this may be impossible. By having the backup offsite, you can typically recover a business in a matter of a few days.
Businesses should also have a backup plan in place to continue the business while the server is compromised. For some distributors, this might mean going to a more traditional manual method while the server is repaired and the security risk removed. For larger distributors, this might mean a hot-spare system or other alternative to bring their business back up as quickly as possible.
The most important safeguard to a security risk is to have the backing of a reputable company that can help you through the crisis. Distributors are experts at selling automotive and truck parts. They generally lack the staff and training to deal with computer issues such as these, and in some cases can make the situation worse before it gets better. Having a relationship with an organization that staffs or contracts with the professionals required to help resolve a crisis is critical.