Cars Hit a Cybersecurity Speedbump at the #LAAutoShow

speedbumpsAs a technology blogger and gearhead, I was fortunate to get up close and personal to the newest cars and technologies during one of the media days before this year’s Greater Los Angeles Auto Show. What I found, however, was rather scary.

As a whole, the auto industry is launching technologies to “make life easier” for the driver. In your car, you can have anything from remote start, lock and unlock to specific times scheduled for remote start, park assist, and navigation. Some of these capabilities are accessible from a smartphone, and some are built directly into the vehicle.

As someone who also teaches cybersecurity, all of this new technology makes me shudder. Why is this? Because not all concerns regarding the security of vehicle telematics have yet to be addressed. (Telematics is the technology of sending, receiving, and storing information relating to remote objects – like vehicles – via telecommunication devices.)

One of the pre-show media perks was a presentation called, “Cybersecurity Next Steps: Securing the Future.” While the subject of hacking and ransomware came up, malware did not. Some might argue that these are the same thing, but they’re different. While ransomware would hold your car’s controls hostage until you pay, malware would do nefarious things just because it’s designed to do so. Or, it may let a bad actor get access to your vehicle through a back door and allow him to steal the information stored in your vehicle or on your smartphone. Remember from an earlier paragraph, you can access some technology for your car via your smartphone.

Since cars are now multiple computers, imagine if your car starts rebooting, that is, restarting itself in the middle of your driveway, or worse, on the freeway. Or, with drive-by-wire systems, your steering starts to falter or locks up – or worse, your brakes lock up.

The Internet of Things (IoT) may cause many of these headaches. Any device plugged into the Internet and then plugged into your network, in other words, your car, is susceptible to the transference of infection, also known as an attack vector. For example, if your phone gets infected, and you plug it into your car’s entertainment system, it’s possible that your car could also get infected. Currently, there are very few vehicles that have their driver control systems firewalled from their entertainment systems.

Bottom line: In the rush to get these new technologies to market to make life “easier,” manufacturers are using a “get it to market first, and we’ll fix it later mentality.” The problem is, addressing these issues once vehicles are on the road is too late.

Posted in Cybersecurity, Internet of Things, Mobile Malware, Tech Equipment | Leave a comment

When Art Imitates Life – A Review of “I.T.” the Movie

i-t-_themovieRecently, I saw “I.T.” the movie starring Pierce Brosnan as a visionary CEO named Mike Regan. In the movie, Regan is planning to take his company public, and soon after the movie begins, Regan makes a presentation to a large group at his office, but the presentation goes sideways electronically. An IT expert is called in to help, but too often these days, the IT expert is a temporary employee. This IT temp saves the day and gets all the technology working again, so the presentation is able to move forward. Regan is grateful and becomes friendly with the IT temp. The problem, though, is that this techie is a psycho, and when he’s unable to date Regan’s daughter, he becomes determined to destroy Regan’s life.

Thanks to our connected world, the psycho techie does a pretty good job of causing harm to Regan and his way of life, and here’s how: Regan lives in a smart house, he drives an expensive car with the newest infotainment system, and he works in an office with top-of-the-line networking capabilities.

As we know, access negates all other forms of security – and access is what this IT guy got. Regan invited him to his house to check out the speed of the network. But because the house was a smart house and everything was connected, the IT guy was able to gain access to all functions within the house – and he installed a back door. The control pads in the walls were used as cameras for the security systems, music devices, and access to HVAC controls.

In addition, Regan invited the IT guy to sit in the driver’s seat of his extravagant car, and under the guise of giving Regan an “upgrade” to his infotainment system, the IT guy gained access to the car. As the movie progresses, the IT guy is shown seated in his “lair” with at least six large monitors watching the Regan family go about their daily lives. When the daughter goes into the shower, she takes her tablet into the bathroom to listen to music, and IT guy activates the camera. He then posts what he sees online for the world to see.

And all of this is happening without Regan’s knowledge. But once he realizes what’s happening, the IT guy starts the psychological torture. He locks down the house, turns devices on and off, makes music scream out of the speakers, and turns the water on and off. When Regan escapes his house to go to the office, the IT guy speaks to him through his car speaker system and taunts him. If that weren’t bad enough, the IT guy then takes control of the car and crashes it inside a tunnel.

Back at the office, the IT guy enters the company’s network through an electronic back door that he had set up when he worked there. He sends emails to all of the shareholders giving them some bad news about the company. The company has a difficult time disputing the announcement because it came from their IP address. Then, documents arrive at the Securities and Exchange Commission (SEC) showing that Regan’s company had engaged in fraud – it didn’t matter that the documents were fake. But the result was that the SEC stopped the IPO. And the kicker: everything looked authentic because all came from the company’s servers.

By the end of the movie, everything was fixed. But you can substitute this scary psycho IT guy for a malware-laden email that puts a back door into your network or a link that takes you to an infected website. You can also substitute a poorly-made wireless password, or any poorly-made password for that matter, that can be easily cracked. Just like a vampire, once the bad guy is invited into your network, he’s nearly impossible to get out.

New devices are coming online every day, and most of them contain little in the way of security. Millions and millions of Internet of Things (IoT) devices are being added to our homes and to our cars. Our connected homes may offer a convenience to us, the consumers, but more importantly, they offer huge value to the bad guys.

The bottom line is, always be vigilant. NEVER give access to anyone or anything that you’re unsure about. Convenience for you might turn into a goldmine for the bad guys, which might then turn into a major headache, identity theft, or worse, for you.

Image Credit:  Theatrical poster by Source (WP:NFCC#4), Fair use     

Posted in Disaster Recovery, Internet of Things, Mobile Computing, Network Security, Online Privacy, Online Security, Tech Equipment | Leave a comment

Why the Apple-FBI Feud Affects YOU!

feudWhile the eyes of everyone in the technology sector watched the Apple-FBI feud about a key to unlock a terrorist’s iPhone, you should have been watching too. You might wonder why this situation affected you, and the reason is simple. If the government can unlock an allegedly locked phone’s operating system for one phone, it has the potential to unlock anyone’s phone. It’s a slippery slope as to reasons, but there are other things you should consider in this discussion.

What data do you store on your smartphone or other mobile devices? Like most people, you probably store your calendar and the phone numbers, email addresses, and street addresses of your family and friends. But do you store your bank name and account information? Do you store credit card information? Do you store your medical history, medications, surgeries, and list of doctors? Do you have an app that stores all of your passwords? How many apps do you use that can, and possibly do, access your device’s information? Do you enable your GPS so that your location can be tracked as you move from place to place?

When you consider all the information you store on your device or devices, do you really think they should contain so much confidential or personally identifiable information (PII)? What happens if your device is lost or stolen? The potential risk of having your data fall into the wrong hands is the same situation as having your phone unlocked by a government employee.

According to David Pierson, tech reporter for the LA Times, (, “This fight between the world’s biggest company by market cap and federal law enforcement likely won’t be the last of its kind. For tech companies, there’s one clear takeaway: Security can never be strong enough. And for investigators, the case will only reinforce the push for a bigger digital crime-fighting toolbox. Expect an arms race in encryption tools that will continue to frustrate law enforcement – perhaps until legislation sets guidelines for both sides.”

Perhaps, this situation is the impetus you need to re-evaluate the data stored on your device. Use it to do a spring cleaning of sorts and remove the data that you don’t access on a regular basis. Delete apps you don’t use on a regular basis. Review privacy policies of apps you regularly use.

Make your mobile device something that works for you, rather than a mini version of you and your confidential data.

Image Credit: Stuart Miles via

Posted in data protection, Data Security, Mobile Computing, Online Privacy, Online Security, Privacy Rights, Tech Equipment, Terms of Service | Leave a comment

Five Social Media #Security Tips

SMSecurityTipsMany of the previous posts on this blog have been geared toward midsize businesses to assist them with their information security strategies and to keep their data safe. However, with the widespread use of social media, this post focuses on security concerns when an individual uses social media.

Recently, I visited a grocery store in Southern California, and the unimaginable happened. All computer systems went down. The cashiers said customers could pay with cash – no credit or debit cards. While I paid for my items in cash, I wondered, what if this crisis happened at a Starbucks store where many customers use their Starbucks app to pay for their favorite latte? What procedures does Starbucks have in place? How would this situation impact the security of mobile pay?

With those questions in mind, here are five security tips to keep in mind as you navigate social media on a personal level:

Everyone loves Angry Birds and Farmville, but before you download the next great mobile app, ask yourself, what stood out from the Privacy Terms? Did you even read the Privacy Terms? Did you read the terms of service? These terms are important and should not be ignored. They relay important information regarding the type of information that an app accesses on your smartphone: contacts, calendar, photos, etc. Do you really want a game’s developers to access your confidential information? If the app is free, ads will probably bombard you, and even worse, your data is at risk.

While you may be aware that Coca-Cola has trademarked the names of all of its other brands, do you use the same name across all of your social media channels? I know people who use one account name for Facebook, another for Twitter, and a totally different version of their name for LinkedIn. While this may make sense, if you have a middle initial included on one site, or a nickname included on another site, what you think is clever may actually be a goldmine of data to a hacker. I highly recommend that you choose a single profile name and then be consistent as you set up all of your social networks. If you use a variety of account names, i.e., different iterations of your name, it becomes easier for a hacker to impersonate you because YOU have not provided consistency in using your name.

Everyone knows that “123456” and “password” are ridiculous options, but so are your pet’s name, your street address, and your favorite color. Think complex, perhaps, adding numbers and letters into an easy-to-remember phrase. Always use lower and upper case letters, and special characters, make the password at least 12 digits in length. If you’re unsure as to the strength of a password, use the Microsoft Password Checker. And, no matter how easy it seems, don’t use the same passwords for all social sites. Tweak them according to the site, but make sure they are different. If someone hacks your account, you don’t want all of your sites hacked.

When you sign up for a social media account, most of the time, you are asked to provide an email address. Before you hand over your main email address though, consider creating a gmail or yahoo email address specifically for your social media activities. If a hacker gains access to your social media account, and your email is compromised, your life doesn’t end. You can always forward the gmail/yahoo account’s emails to your main address/account.

Are your Facebook and Twitter accounts connected? Are your Pinterest and Facebook accounts connected? Are your LinkedIn and SlideShare accounts connected? Is your blog connected to Google Plus? There may be reasons why you want to connect one or more sites, but the marketing gurus would all agree that you should post different content on all your sites, so why would you want to connect the accounts? I won’t chime in on the content angle, but from the security angle, I definitely think the sites should not be connected. Again, if one is hacked, the likelihood of the connected sites rises exponentially, and anyone who follows you will see content that may not be appropriate. You never know the objective of a hacker, so it’s best to err on the side of caution and disconnect accounts. Use them separately.

And lastly…
Remember the quote from Scott Nealy that “You have zero privacy.” Once you post something online, it has the potential to be online forever. So, think before you post. Do you really want that photo to be seen by your boss or by your grandmother? Ask yourself that question before posting anything.

Before Facebook (yes, kids, we really had a life before Mark Zuckerberg), we didn’t share everything online. We didn’t announce our trips while we were away from home. We didn’t post photos of babies before they left the hospital. And we didn’t post every single status update. So, bottom line, think before posting, and maybe, it would be helpful to consider consequences if a security breach happened and a hacker accessed your account – would you be in crisis mode, or just shake it off because none of your sensitive data was posted? Hopefully, after reading this post and reviewing your content, you can answer, the latter.

If you want to read a painful account of a Twitter hack, meet Mat Honan:

What’s your fave social media security tip? Please chime in.

Image Credit: Master isolated images via

Posted in Cybersecurity, data protection, Data Security, Email, Social Media | Tagged , , , , | Leave a comment

When Making Your New Year’s Resolutions, Don’t Forget Your InfoSec Resolutions


There are the common New Year’s resolutions like unplugging more often, planning more vacations or staycations, reading more books, writing a book, and losing weight. But, in today’s connected and always plugged in world, it’s easy to ignore technology. So, in keeping with the spirit of the season, here are five resolutions that should not only be part of a list of resolutions to celebrate the New Year but should also be part of a regular security awareness plan for every midsize business.

If you have one key password or several, change them every couple of months or at least quarterly. Use Microsoft’s Password Strength Checker ( to determine the strength of your password, and don’t forget to use lower case letters, capital letters, and symbols – and preferably 10 or more characters. Don’t use any information that other people could figure out about you, such as, the names of significant others, kids, pets, or streets. And if you have so many passwords that you cannot remember them all, consider using a cloud-based password manager program. Check out reviews online before downloading or purchasing.

Abbreviated links may be synonymous with social media, but don’t click on any short links before seeing the link it its entirety first. Here are two options to convert an abbreviated link back to its full link: and Here’s an example of what can happen if you don’t check out a link before clicking: a co-worker clicked on a link she thought was sent by a reputable person, but the abbreviated link led her straight to a contaminated site, and before she knew it, her computer had been compromised, and her hard drive had to be reformatted. Her IT admin was not happy, but at least, the entire network was not affected. Learn from this person’s mistake – and don’t let it happen to you or your business.

Do you have important spreadsheets on your computer: anything from a list of passwords to a confidential customer list? No matter what important files you may have, consider password-protecting them. This will add a layer of protection to the information in the event that a breach happens – and be realistic, a breach will happen eventually.

ALWAYS use virus protection. Always allow auto-updates. For an additional layer of security, consider Malwarebytes Anti-Malware. ( It’s always good to have a second opinion of a file’s security.

Everyone who knows me knows that this is my mantra, but I know people who swore that they had no need to back up their systems. With electrical surges, storms, tsunamis, earthquakes, etc., who wouldn’t agree that it’s better to be prepared than to have to re-create all your files and documents? And what about photos, illustrations, or other images? Today, most of us keep photos on our computers, laptops, tablets, and smartphones. If your system got corrupted, how would you recreate those photos and images? How would a business recreate its archives containing years of product images? So, once a week, or even more often, back up your entire system. Even if you’re not a system admin, add the back up to your smartphone or other mobile device calendar.

If you follow these practices on a regular basis, and not just at New Year’s, you’ll be one step ahead of the cyber criminals who want access to your data or to turn your system into a tool for cybercrime. Happy New Year, and make it cybercrime-free.

Image Credit: Stuart Miles via

This post was brought to you by IBM for MSPs. Dedicated to providing valuable insight from industry thought leaders, PivotPoint offers expertise to help you develop, differentiate, and scale your business.

wordpress blog stats
Posted in Business Process, BYOD, Cloud Computing, corporate data, Cybersecurity, Data Breach, data protection, Data Security, Disaster Recovery, Management and Technology, Network Security, Online Security, Tech Equipment | Tagged , , , , | Leave a comment

Three Security Concerns for 2016

protect against databreachesAs we near the end of 2015, what will 2016 look like in the information security sector? Undoubtedly there be an increase in data breaches across all industries, but will businesses take the high road and inform their customers and the media immediately upon learning of a breach? Will they do so only if it is required by industry compliance regulations, or will they attempt to downplay the breach? While many midsize businesses will hopefully increase their infosec budgets and talent pools, there are three areas that will definitely take center stage.

BYOD, or in other words, Bring Your Own Device to Work, is no longer a phenomenon. Today, BYOD plays a large part of most businesses’ infrastructure – due to ease of use and cost savings. However, despite those positive reasons for BYOD adoption, IT and security personnel now have to look at the extra bandwidth that these devices consume and the security issues that arise from an individual’s device hygiene – download behavior, system updates, and antivirus, to name a few. Will companies consider mobile device management (MDM) as a way to protect their networks from BYOD issues?

Mobile malware is on the rise and will continue to be a problem, especially for Android users. The majority of malware is aimed at Android and is becoming harder to spot. For those with Android devices – especially for those who use their devices in business settings – the threat of malware is very real.

“While it’s true that other mobile devices like those produced by Apple are not immune to malware, it’s a fact that the vast majority of mobile malware hits Android devices – 97% of it.”

The rise in the use of mobile payments is now becoming a larger concern and is giving hackers another way to monetize their actions. So by targeting Android devices with specific malware, bad actors can create a “target rich” environment pointed directly at commerce on a national and global scale.

Since Internet of Things, also known as IoT, vendors lack a security knowledge base and don’t think of securing their devices, there will be an increase in the number of attack vectors. IP cameras, SOHO routers, smart TV’s, and other appliances are just the beginning. With IoT, economies of scale will result in lower prices and a dramatic rise in attack surfaces. Once a vulnerability is discovered in one device, it opens the door for others with that device to attack as well. One problem with IoT is that device manufactures have either not figured out or are ignoring the importance of software/firmware patches. So far, companies are being reactive and not proactive. A user should not have to log in to his/her router or device software to discover that a patch has been released. Patching should be handled in the same manner as Microsoft does it. When new vulnerabilities have been discovered, new patches are released, delivered, and installed on reboot. Given the number of devices that will soon be online, the responsibility to provide patches should fall on manufacturers who sell equipment – not the end-users.

In addition, all IoT devices are gathering information about users. Since laws are far behind today’s reality, gaining access to the data stored by these devices may not be as hard to obtain as accessing other devices.

CIA Director David Petraeus believes that, “Even mundane appliances like your dishwasher could soon be used to gather intelligence about you. Appliances including dishwashers, coffee makers and clothes dryers all now connect to the Internet. This helps the manufacturers troubleshoot performance and improve energy efficiency, and it gives owners the chance to order a fresh cup of coffee or a dry bin of clothes from their phone, computer or tablet…Knowing when you make your coffee sounds innocuous enough, but that little piece of data could help snoopers geo-locate you, and learn your habits and schedule for all manner of malfeasance.”

In the words of White Hat Hacker Barnaby Jack, “When you actually look at these devices, the security vulnerabilities are quite shocking.”

According to Raimund Genes, Chief Technology Officer of Trend Micro, “We anticipate 2016 to be a very significant year for both sides of the cybercrime equation. Governments and enterprises will begin to see the benefit of cybersecurity foresight, with changes in legislation and the increasing addition of cybersecurity officers within enterprises. In addition, as users become more aware of online threats, attackers will react by developing sophisticated, personalized schemes to target individuals and corporations alike.”

So, keeping all of these security concerns in mind, if your business has a data breach during 2016, how soon will you alert your customers? Will you write a letter to customers and post it on your website, send an email, and notify the media? In the event that you find yourself in this position, here are a few examples of communications to stakeholders:

• Starwood:

• Avis:

• Dow Jones:

• Bed Bath & Beyond:

• UCLA Health:

How will your business deal with these three areas during 2016 and what other issues are concerns to your business or industry? Please chime in.

To learn about the latest data breaches, visit the Privacy Rights Clearinghouse
“Empowering Consumers. Protecting Privacy.”

Image Credit: hin255 via

This post was brought to you by IBM for MSPs. Dedicated to providing valuable insight from industry thought leaders, PivotPoint offers expertise to help you develop, differentiate, and scale your business.

wordpress blog stats
Posted in Business Process, BYOD, corporate data, Data Breach, data protection, Data Security, Internet of Things, Mobile Malware | Tagged , , , , | Leave a comment

Five Tips for #CyberMonday

cybermondayWith #CyberMonday here, be careful – translation, very careful –  about your online activities today. For those of you who plan to make purchases either at lunch, break time, or at the end of the work day until midnight sales end, here are five tips to stay safe on the largest online activity day of the year.

[1] Make sure your desktop computer, laptop, smartphone, or mobile device has some form of anti-virus protection.

[2] If you enter your credit card or other personal information online, make sure that the website in the browser starts with HTTPS and not just HTTP, because the HTTPS encrypts the information you enter (credit card details, etc.)

[3] Do your research before you buy. Check out reputable sites such as to make sure you’re paying a legitimate price for your item. Also, don’t make any purchases from a site that doesn’t have a privacy policy – there should be an explanation as to how the site uses your personal information.

[4] Once you make a purchase, you may notice an influx of emails in your inbox. Since it’s the holiday season, be careful when you click on what looks like an email confirmation for your purchase. It’s possible that a spam email could contain a virus once you click “open.”

[5] Some sites request a password. Use a different password than what you use for your email addresses and social sites. And remember, you can choose to use an eCommerce site as a “guest” and not store any credit card information.

Lastly, remember to always log off from a site once you complete your transaction.

Happy #CyberMonday – shop smart and stay safe!


Image Credit: Debbie Laskey via

Posted in Cybersecurity, data protection, Email, Mobile Computing, Online Privacy, Online Security, Social Media | Tagged , , , , | Leave a comment

Does Your Mobile Strategy Include Mobile Capture Technology?

MobileRiskThanks to evolving technology, it seems as if some form of new technology is introduced every week. One new technology is referred to as mobile captures. No, this doesn’t mean taking a photo of something from your smartphone or mobile device. Also referred to as a mobile imaging solution, a mobile capture is software specifically loaded onto your smartphone or mobile device that allows you to use your camera to take a photo of a document to perform a variety of tasks. These tasks facilitate commercial transactions, such as, depositing a check, paying a bill, enrolling in a new service, obtaining a quote, and much, much more.

Mobile capture capability turns smartphones into information capture devices with more dynamic apps that meet customers where they are, when they want to be engaged, and on their preferred channel.

“Mobile technology is at the epicenter of this disruption,” according to Michael Reh of Bangalore-based Infosys Finacle, “transferring as it does, more power to end-users. The next generation of banking customers has high expectations from banking, spilling over from their experience with digitally progressed verticals, such as, retailing or telecom. They will take their business to the providers that fulfill their expectations of what banking should be: seamless, convenient, personalized, and needless to say, completely digital. Increasingly, those providers will be niche players with mobile and mobile-only offerings – think payments, P2P (Peer-to-Peer computing or networking) and small business loans, and even deposits – that will disintermediate and disengage traditional banks from their customers.”

Check out these stats courtesy of MitekSystems:

*By 2016, mobile banking will grow by 300 percent – fueling that growth will be mobile deposit and mobile photo bill pay.

*By 2016, the number of customers depositing checks with their smartphones will expand from 12 million to 48 million.

*By 2016, the number of customers paying bills with smartphones will grow from 14 million to 57 million.

*Nearly 1 in 5 is expected to use smartphone deposit checks by 2016 – up from 1 in 20 in 2012.

And these stats about Millennials:

*83 percent of millennials think mobile capture will be part of all mobile transactions in the next five years.

*68 percent of millennials got their first exposure to mobile capture with Mobile Deposit.

*Millennials want more mobile capture across industries: retail, insurance, credit cards, healthcare, and education.

According to Kevin Craine of Craine Communications Group, “58 percent of American adults use a smartphone, over 40 percent own a tablet, and mobile computing grew by over 80 percent just last year alone.” These incredible statistics show how critical it is for companies to embrace mobile capture, the ability to capture document images and upload them on the fly.

If you are wondering why, the answer is simple. Mobile capture is quickly becoming an important differentiator, especially for companies in the traditionally document-intensive industries including banking, law, accounting, insurance, healthcare, and government operations.

Consider the amount of paperwork involved in the loan process for a piece of property or the amount of paperwork when purchasing or leasing a new automobile. What happens if you leave the bank only to receive a phone call that you need one remaining piece of documentation? That’s where your smartphone comes in handy. Simply take a photo of the document, click on a link in an email, and upload the image. The result is better service and the elimination of a delay in the process.

Ask before you offer mobile captures. The first thing is, if there are compliance rules you are required to follow, that alone can determine if you are able to offer this capability. Will mobile capture capability deliver business value? Do you have a repository in place to store images coming in, and how will your business manage them once they arrive? What about image quality control? In terms of ROI, how much efficiency will be improved as a result of adding mobile capture capability to your business?

Lastly and most importantly, what kind of security measures will be in place? If an employee in the field with mobile capture capability loses his or her smartphone, what procedures are in place to secure the data? How about accessing that data? You must make certain to implement the same encryption, password protection, and other data security measures that you provide to all other internal processes.

With so much important information loaded onto smartphones, take the time to protect the info on your device. Here are three easy tips:

[1] APPLY A SCREEN LOCK: With so much personal information stored on our mobile devices, it is unwise to leave them open for anyone to access. Unfortunately, only half of smartphone owners use a lock code. A simple password, pattern, or fingerprint lock creates a barrier to anyone who tries to access your data.

[2] PRACTICE SAFE WEB SURFING/DOWNLOADING: Just like your computer, your mobile device is susceptible to malware. The process of keeping a clean phone requires many of the same habits as keeping a clean computer: avoid unsafe websites, do not open email attachments or links from unknown senders, and stay away from apps from unknown publishers and alternative app stores.

[3] ACTIVATE REMOTE WIPE CAPABILITIES: If someone does steal your smartphone, remote wipe programs can make it impossible for them to access your information even if they know or guess your password. As a business, you should keep administrative control over employee smartphones that have this capability so that network access can be shut off immediately if a smartphone is lost or stolen.

Image Credit: Stuart Miles via

Inspiration for this post: “Are You Ready for Mobile Capture?”

This post was brought to you by IBM for MSPs. Dedicated to providing valuable insight from industry thought leaders, PivotPoint offers expertise to help you develop, differentiate, and scale your business.

wordpress blog stats
Posted in Business Process, Mobile Computing, Online Privacy, Online Security, Tech Equipment | Tagged , , , , | 1 Comment

Don’t Forget Security When Considering a Merger or Acquisition

security keyboard imageIn today’s competitive era, businesses all want to stand apart from the competition. Some businesses may provide a truly unique product or service, some may have a celebrity endorsement, and some may sport a memorable name. But as businesses become more successful, another option for further growth is in the arena of mergers and acquisitions.

According to Wikipedia, “Mergers and acquisitions (M&A) are both aspects of strategic management, corporate finance and management dealing with the buying, selling, dividing and combining of different companies and similar entities that can help an enterprise grow rapidly in its sector or location of origin, or a new field or new location, without creating a subsidiary, other child entity or using a joint venture. M&A can be defined as a type of restructuring in that they result in some entity reorganization with the aim to provide growth or positive value…From a legal point of view, a merger is a legal consolidation of two companies into one entity, whereas an acquisition occurs when one company takes over another and completely establishes itself as the new owner.”

While legal and accounting experts are part of all M&A deals, the expert that should always be part of the discussion and due diligence is the CISO (Chief Information Security Officer), or if a business does not have a designated security professional, that hole should be filled by someone with expertise in the information security arena.

During the due diligence process prior to a merger or acquisition, make sure that the business places a value on data security, information security, and data protection. Asking these questions may change your mind about moving forward with the merger or acquisition:
[1] Who is responsible for security?
[2] What protocols are in place to protect customer data?
[3] Have any data breaches happened?
[4] What were the protocols and timeframes for alerting customers, other stakeholders, and the media?
[5] What were the changes that were made following any data breaches? What were the lessons learned?
[6] If a breach were to happen during the due diligence phase, who will have financial responsibility?
[7] Are your computer systems compatible? If not, how soon can they be made compatible or identical? When two systems are joined together and are dissimilar, the potential for a breach is more likely due to the vulnerabilities created when two incompatible systems merge.

According to Scott Koller, lawyer at BakerHostetler, “The problem is that cybersecurity is not taken as seriously as it should be, or there is an under-appreciation of the risk. I think it is now on people’s radar, whereas before it may have been an afterthought.”

Unfortunately, according to Koller, too many people have a “check-box” mentality when it comes to information security. Does a business have a firewall? Check. Does a business use anti-virus protection? Check. Does a business back-up regularly? Check. Are there duplicate back-ups? Check. Then, however, the due diligence process moves on to another topic, instead of delving deeper into the information security areas of protection.

According to Ron Arden, vice president and CMO at Fasoo, “An acquirer need to understand the assets and liabilities it is acquiring, and look at adequate security as a business risk, just as leases, debt, and potential litigation are liabilities.”

So the next time you’re in the merger/acquisition market, be sure to include a thorough review of the information security risk before signing on the dotted line.

Image Credit: Stuart Miles via

For more tips on this topic:

This post was brought to you by IBM for MSPs. Dedicated to providing valuable insight from industry thought leaders, PivotPoint offers expertise to help you develop, differentiate, and scale your business.

wordpress blog stats
Posted in Business Process, corporate data, data protection, Data Security, Management and Technology, Network Security | Tagged , , , , , | Leave a comment

Does Your Business Offer Mobile Payments?

mobilepaymentThere are many ways that your business can stand out. Your brand can have a unique name, think Google, Zappos, or Amazon. You can create a new way to provide your product and inject innovation into a stagnant industry, think Starbucks for the coffee industry or Saturn for the automobile industry (although it was short-lived, it was still a trailblazer). Or, you can stay ahead of the curve when it comes to technology. One example is with mobile payments. Instead of paying with cash, check, or credit cards, a consumer can use a mobile phone to pay for a wide range of services.

With the abundance of smartphones, it seems as a natural progression for people to use smartphones to make payments. However, only a small percentage of smartphone users (early adapters) are doing this now. But once there is a clear technology winner among the competing companies (Apple Pay, Android Pay, and Samsung Pay) and better quality security measures are put into place, more people will use the technology. Today we stand at a crossroads similar to the VHS vs. Betamax battle from several decades ago.

Not all companies use all of these technologies to allow customers to make payments yet. So where you may purchase a latte at Starbucks with Apple Pay, you may not be able to do the same at Best Buy. If the theory behind these devices is to be able to help you track your spending on the fly, it will be hard to do that if you cannot use your device everywhere you shop.

Starbucks allows customers to pay with their smartphones at check-out with the use of an optical scanner. The scanner reads a user’s smartphone screen and deducts money from a Starbucks card or the Starbucks app.

Some companies, such as, Dunkin’ Donuts, have joined the mobile payment party through the use of their own app. This particular app stores money on a Dunkin’ Donuts card that is connected to a customer’s smartphone. Users authorize their payment via the phone and scan the smartphone screen over an optical laser reader at checkout. These apps keep your data outside of your “wallet” and put them generically into the cloud instead of storing them on your device – which brings up another set of security issues.

These advances have yet to reach critical mass. Questions that still need to be answered are: What if one’s smartphone is compromised due to a malware attack? The device is still in the person’s possession but one or all of his or her credit cards are compromised and his or her bank accounts have been compromised as well. How do we handle what should now be considered an issue of non-repudiation since the device was in the user’s possession at all times? That person could have very easily conducted the fraud on themselves. Now, these cool capabilities don’t sound so impressive. In fact, instead, there are some serious consequences.

According to a recent survey by Experian, sponsored by the Ponemon Institute, technology and risk management executives believe that mobile-related payments technology will increase the risk of a data breach at a time when the retail and banking industries are still recovering from major retail breaches over the past two years and are currently preparing for the EMV liability shift in the U.S. (EMV stands for Europay, MasterCard, and Visa, the three companies which originally created the standard for smart payment credit cards; now managed by EMVCo, a consortium with control split equally among Visa, MasterCard, JCB, American Express, China UnionPay, and Discover.)

Experian and Ponemon surveyed nearly 25,000 technology and information security, risk management, product development, and other professionals involved in the payments systems within their organizations. The survey results were part of a report called “Data Security in the Evolving Payments Ecosystem,” and final results were based on 748 completed questionnaires.

Survey respondents reported that the most likely mobile innovations to increase the risk of a data breach are mobile payments in stores (59 percent), e-wallets for retailers (58 percent), mobile payments on devices and apps (57 percent), and mobile payments on NFC (54 percent). (NFC stands for near field communication and is the set of protocols that enable electronic devices to establish radio communication with each other by touching the devices together or bringing them into proximity.)

According to Michael Bruemmer, Vice President of Experian Data Breach Resolution, “There are opposing spheres in this argument [of innovation and security]. There are the people that want to expand and use technological innovation and take advantage of that in the implementation, but then you have the clashing interest with the security folks who are saying, ‘Wait, new tech is great, but it’s only as great as the security you build in.’”

In the midsize market, it will be important to analyze the pros and cons of instituting a mobile payment option. Therefore, ask these questions first:
* Who are your customers?
* What are the best methods to reach your customers?
* Based on the demographics of your existing and potential customer base, are they tech-savvy enough to be comfortable using mobile payments?
* What security protocols will be implemented to protect customer data?
* What will the action plan be if a data breach happens?

In the words of American businessman Nicholas Negroponte, “Computing is not about computers anymore. It’s about living.” So, to modify a line from the famous Capital One Credit Card ads, “What’s in your smartphone wallet?”


To read more on this subject, check out “Mobile Payments: Innovative, But with Security Concerns”

Image Credit: Mapichai via

This post was brought to you by IBM for MSPs. Dedicated to providing valuable insight from industry thought leaders, PivotPoint offers expertise to help you develop, differentiate, and scale your business.

wordpress blog stats
Posted in Cloud Computing, Cybersecurity, Internet of Things, Mobile Computing, Online Security, Tech Equipment | Tagged , , | Leave a comment