5 Must-Ask Questions Before Adding the Cloud to Your Infrastructure

cloudcomputingIn a previous post, I asked, “Is Your Business Ready for the Cloud?” Five key issues were detailed to assist midsize businesses before making the decision to move to the cloud.

But once your leadership and IT teams make the decision to move data to the cloud, your next step should be to sign a vendor agreement with your cloud provider. Don’t move forward without having your leadership and IT teams review the agreement in its entirety, and even better, include your legal team in the review process.

According to the IBM Center for Applied Insights:
“By 2016, cloud computing will matter more to business leaders than to those in IT. According to a recent study conducted by the IBM Center for Applied Insights, cloud’s importance to business users is expected to grow to 72 percent, exceeding its importance to IT users at a mere 58 percent.

While it may not generate the same breathless excitement it once did when the technology first emerged, “The Cloud” has undoubtedly become ubiquitous. As the technology matures and lingering security concerns dissipate, even the most conservative businesses have jumped on the cloud bandwagon. According to a study released in 2013 by the IBM Institute for Business Value, 64 percent of CIOs plan to invest in cloud over the next few years.

And as cloud technology continues to mature, how companies use cloud will also continue to evolve. What was once primarily used for cutting costs is growing into so much more. Today’s companies are increasingly looking to the cloud to not only improve efficiency, but also to innovate and create.”

What was once only for storage now includes the following technologies:

[1] SaaS = Software-as-a-Service: using a product such as an Office-like suite of software in the cloud environment.

[2] IaaS = Infrastructure-as-a-Service:  a form of cloud computing that provides virtualized resources over the Internet. The definition includes such offerings as virtual server space, network connections, bandwidth, IP addresses, and load balancers.

[3] PaaS = Platform-as-a-Service: a service that can be defined as a computing platform that allows the creation of web applications quickly and easily.

[4] DRaaS = Disaster-Recovery-as-a-Service: businesses that do not have the time or resources to manage a disaster recovery plan and regular service can outsource this process.

As you review a cloud computing agreement, also known as the service level agreement (SLA), make sure to ask these five critical questions and listen, really listen to the responses:

[1] What happens if there is a data breach?

[2] What procedures are in place to mitigate a data breach?

[3] How quickly do you handle credential changes, for example, when an employee is promoted, hired, or fired?

[4] Do the terms of the SLA reflect an understanding of compliance regulations when it comes to physical data storage requirements? For example, depending on industry and regulations (healthcare, financial, etc.), data may sometimes have to be stored within the state where business is conducted.

[5] What security measures does the cloud vendor put in place to protect its data and data centers? This means physical security as well as internal, electronic, and web facing.

So, has your business moved to the cloud yet, and if yes, what was your best cloud story, good or bad? Since others can learn from your experiences, please chime in.

Image Credit: digitalart via FreeDigitalPhotos.net.

This post was brought to you by IBM for MSPs. Dedicated to providing valuable insight from industry thought leaders, PivotPoint offers expertise to help you develop, differentiate, and scale your business.

wordpress blog stats
Posted in Cloud Computing, corporate data, Data Breach, data protection, Data Security | Tagged , , , | Leave a comment

12 Timeless Password Tips for Improved Security


According to Splashdata, the #1 and #2 most commonly used passwords are “123456” and “password,” so the creation of strong passwords is one way that users can be proactive in fighting security breaches. Since passwords are the core of an overall security plan, here are my favorite password-related tips. When using a managed service provider, it’s just as critical to follow these guidelines because any time data travels to a third party, it can become more vulnerable.


Make sure your passwords are complex. Use lower case and upper case letters, numbers, spaces, and symbols. Make sure the password length is longer than eight characters – Microsoft recommends at least 14 characters. Don’t use common or uncommon words from the dictionary or real names. Don’t spell your name backwards, use words with common spelling errors, or repeated sequences of the same numbers or letters. Create a phrase or sentence. If you are curious how strong your password is, check it out at How Secure Is My Password or use the Microsoft Password Checker. You can also learn how your password stacks up with the Password Strength Checker – this site evaluates the strength of your upper and lower case letters, numbers, symbols, etc.


Create a different password for each website you use or wherever you access your data. Don’t use the same password for Facebook, Twitter, LinkedIn, Google+/YouTube, Pinterest, Instagram, etc., because if someone gains access to one account, the hacker could then gain access to all of your social networking sites – contact information, photos, family member names, etc. Also, if you use passwords to access online banking, medical data, or other confidential information, create unique passwords to access each site.


If you don’t want to remember your passwords because they are too long and complex (hopefully), or if you would like an online site to generate passwords for you, check out LastPass. With LastPass, you will only need to remember one master password to log onto the site. LastPass automatically saves your log-ins and passwords for all sites that you visit – after you enter them both the first time, they are saved and encrypted in LastPass. Once you return to the website, LastPass will enter your password and user name automatically, which will serve as protection against keyloggers (software that records keystrokes when a user logs on to a specific website with the intent to steal information). There is a free version as well as a premium version – and the download is available for Windows, Mac, and Linux. While there have been security breaches on LastPass, LastPass remains the leader in the web password manager space.


If you store important documents on your home computer with bank account information, tax information, and social security numbers, make sure to add a password to them. If your computer ever gets stolen, the passwords will add another layer of security to your information.


If you are asked security questions as an additional component of password creation, don’t use easy answers. For example, don’t use your birthday, spouse’s first name, mother’s maiden name, your car license plate, or city where you live. For many hackers and even those who know the right websites to search, these pieces of data can be easy to find.


Whenever you sign up on a new site or get assigned a new site to access, there is often a default password. Often, we are so busy that we forget to change the default password – not a good idea. Before you do anything on the site, go first to the settings area and create a new password.


Since most businesses require users to change their passwords every 90 days, changing your personal passwords several times a year is a good idea.


Always be sure to log off of the site that you’re accessing because bad guys can steal your passwords. Even if you close your browser, your visit is still active. Logging off from the site will immediately end your session on the site. While you should always delete your cookies, history, and cache, you can either manually do this or set your browser settings to automatically delete when you close your browser.


Don’t give your IT Department a heart attack and write your passwords on a Post-It note attached to your monitor, under your keyboard, in a drawer, etc. While this sounds obvious, people think no one will notice or that the note will just be placed on the screen for a few moments. If you do this, you are handing your data to a thief on a silver platter – don’t do it.


Does your business have a password policy? If your business is progressive, you will read and sign harassment, privacy, BYOD, and social media policies. But due to the importance of passwords, make friends with your IT department. Go the extra mile: always change passwords when asked and always set up your password according to company policy. If corporate policy allows, set up a screensaver to activate after a short period of inactivity to protect anything on the screen.


Don’t use your email address as a username (unless corporate policy dictates that you must) – and don’t make your password the same as your username. If you are accessing a business-owned account, then access is terminated once you leave your position. And if you use a personal email address, once you leave the position, the business has no way to access the account. Personal email addresses are easier to hack.


Don’t ever click on the “remember password” option in your browser. Unlike passwords saved in LastPass, they are not protected by encryption and are open for bad guys to see if they get ahold of your browser. To quote Dana Molina of SureTech, “If your device is ever stolen, you’ve just invited a thief into your home, removed their shoes, and given them a foot massage.”

Do you have a tip to add to the list?

Image Credit:  digitalart via FreeDigitalPhotos.net.

This post was brought to you by IBM for MSPs. Dedicated to providing valuable insight from industry thought leaders, PivotPoint offers expertise to help you develop, differentiate, and scale your business.

wordpress blog stats
Posted in Business Process, Data Security, Network Security, Tech Equipment | Tagged , , , | 1 Comment

Television’s Role in the Conversation about Cybersecurity


Have you noticed all the recent storylines about cybercrime on television? Several episodes of “The Good Wife” focus on technology issues ranging from hacked emails to online privacy to ransomware (a type of malware that restricts access to the computer system it infects and demands a ransom paid to the creator of the malware in order for the restriction to be removed). And of course, the latest version of the CSI franchise is titled “CSI: Cyber,” whereby all episodes focus on online crime.

This increased attention on cybercrime and resulting emphasis on cybersecurity are definitely a positive move in the right direction. The attention is much appreciated by the technology industry overall, but specifically by professionals in the infosecurity arena, who talk about cybersecurity awareness on a daily basis. This is because a large part of our jobs has become alerting leadership teams and Boards of Directors about the consequences of data breaches and the importance of implementing security awareness programs and business continuity programs.

With a spotlight shining on cybercrime, Twitter conversations and Facebook posts increase around these TV shows and actors. And with an increase in interest in these important matters, the result may be that your business may be just a little safer – thanks to television.

You never know when an employee will receive an email from an unknown source, and in a split second will make a decision NOT to open the email because he/she doesn’t recognize the sender. The employee recalls an episode from a TV show that showed how an entire company’s email system was hacked and customer database was breached from a virus in a single email. Your employee made a decision based on a TV show.

Of course, a possibility of so much cybercrime on TV may be that the bad guys get some ideas. What TV starts, sometimes, the bad guys will finish.
Image Credit: Digitalart via Freedigitalphotos.net

Posted in Cybersecurity, Data Breach, Data Security, Disaster Recovery, Email, Management and Technology, Network Security, Online Security | Tagged , , , , | Leave a comment

A Cheat Sheet to Translate InfoSecurity for Key Business Units

infosecAs a result of working with many different business units over the last decade, I’ve developed my ability to help companies by bridging the business and technology gap – and align technology strategies with business objectives. Toward that end, I have devised scenarios detailed below that translate infosecurity concepts into languages that team members can understand based on their specialty areas.

My goal is to initiate a dialogue between business unit managers so that we may work as a team to mitigate internal and external threats. The truth is, without awareness, buy-in, and participation by all business units, companies will not engage all employees in the company-wide objective of practicing infosecurity. Throughout this post, I talk about “IT departments,” but remember that this department encompasses a lot of different areas of expertise. The IT department of the old days no longer means simply fixing computers and setting up networks.

Since this team is responsible for building brand equity, communicating competitive advantages, and interacting with members of the media, they speak a totally different language than those of us in the IT space. So, in order to train these folks to be smart computer users, I use this situation: You write a 20-page annual report, tweak all of the graphics, add all the financial data, and are ready to send the file to the printer. The IT department is called in to check the marketing files held on the shared server for the marketing department because at some point, someone in the marketing department found a graphic from an insecure website at home and transferred it via USB drive or BYOD device. Since that user did not have up-to-date malware protection on his/her own device when the image was uploaded to the document, the virus attached to the document. Now, not only is the file corrupted, files from other departments also have the potential to become corrupted. And, to add insult to injury, the entire project has to be re-done.

This is the group of team members who live on the road and in the field. They need their tech tools to work 24/7/365. A major challenge is the use of BYOD in today’s business environment. So not only do employees have work product on their laptops or other devices, but they also have personal information too. Because these devices have multiple purposes, there’s a better chance that they will either be, A) stolen or B) infected. The more time that those products spend in the open, the greater the possibility of theft. The more they are used for personal pleasure, the less their malware signatures may be kept up to date, the less vigilant the user may be. People tend to drop their guard when it comes to personal devices.

Finally, every device, especially those containing confidential sales data, should be encrypted. While encryption may be better tolerated in a business environment rather than on a personal device, that is no excuse not to use it on personal devices used for business. People tend to want to whip out their devices for taking pictures or sending texts and they don’t want to deal with having to input a password before gaining access to a device. As a result, people may try to disable password-protection, which defeats the reason that a password was added to a device in the first place.

So, here is a situation that they can easily understand: You are driving to an important meeting with a prospective customer, and upon arrival at the meeting, you get a phone call from a customer with a question. Still in your car, you turn on your device to check the customer’s account. But wait. Instead of starting normally, it shows a blue screen of death or its equivalent. What happened? Perhaps, all of those social media games or apps that you have been playing on your device opened a door to a virus or malware. Of course, there are countless other possibilities, but for employees who work on the road, their systems need to be as clean as possible.

This is the group of team members who answer phones and respond to emails, for the majority of companies. Their job is to provide solutions to customer complaints or issues. So, their computers, phones, and all other tech tools ranging from smartphones to mobile devices need to be in top-notch condition. Here’s a situation that these team members would prefer to avoid at all costs: A customer calls and complains about a certain product or product feature. Now, while you (the customer service rep) are on the phone with the customer, your system crashes, and you cannot access your product spec list, your email – in order to communicate with your customer, or your CRM system. After the IT department checked out your machine, some unpleasant information was discovered. Your browser indicated that you spent a large amount of time logging into Facebook and other social media sites several times during the day, and unfortunately, these unsanctioned activities welcomed a virus or two or three.

These team members deal with all aspects of a company’s financials, so all of their software must be virus-free. Here is a scenario that members of this department have nightmares about: In the middle of payroll preparations, the entire system goes down. The IT department doesn’t have a quick fix. The toll-free customer service department for the software doesn’t have a quick fix. And, if a solution is not reached soon, payroll will not happen. Now, while this scenario may have nothing to do with a company’s network, the IT department must jump on the problem immediately and intervene as a liaison and partner with the software customer service department. Of course, in the background, if the IT department is doing their job correctly, and the business unit has been working with IT, which is just as important, there should be backups and a disaster recovery plan that will get department back up and running quickly. But priority one in this situation is for the finance group and the IT department to work together and understand one another.

Whatever name you give this department, it is responsible for all personnel activities ranging from hiring to firing to team building to holiday parties, etc. One might think that the computers housed in this department would be kept under lock and key, since they house all employee records. But often, that is not the case. Here is a situation that really happened not too long ago: An employee from HR left for the day without closing and locking his office door. Some consultants that worked in another department entered the HR office and unplugged the laptop and then walked out of the building with it. While this seems like a simple theft, passwords to access the hard drive and encryption to scramble it could have stopped access to data. But there were no network passwords on the machine, and it was not encrypted. Identity theft occurred for the hundreds of employees whose files and performance reviews were housed on that specific machine.

Imagine you have a hot new product in the pipeline and it might possibly be the next technology game changer, for example, the next iPod. You have all of your tech specs, design info, and all of your manufacturing processes on a network that’s not airgaped. Someone in your department downloads a free game, which turns out to be a Trojan that creates a back door into your network, or in other words, a way to get into systems without the proper authorization. One day, you come into the office, and all of your data is corrupted, and nowadays even worse, it’s been disseminated on the Internet or stolen by a person or nation state. No regular backups were made, and poof, two years of your life as well as the next “product of the year” goes down the drain. This is an example of corporate espionage at its worst and the reason why no one should be allowed to download unauthorized materials from the Internet on any office computer. This is where the IT department needs to really shine by learning how to teach different business units about security awareness.

The bottom line is that we, as infosecurity professionals, must speak with other business units in their own languages. If we can achieve this, then employees in other business units will understand why security is important to them, how security relates to them, and how they will be affected when breaches happen. And once, all business units work as a team, the business is better protected.

Image Credit: David Castillo Dominici via FreeDigitalPhotos.net

This post was brought to you by IBM for Midsize Business and opinions are my own. To read more on this topic, visit IBM’s Midsize Insider. Dedicated to providing businesses with expertise, solutions and tools that are specific to small and midsized companies, the Midsize Business program provides businesses with the materials and knowledge they need to become engines of a smarter planet.

wordpress blog stats
Posted in Data Security, Network Security, Tech Equipment, Management and Technology, BYOD, Data Breach | Tagged , , , | 1 Comment

Cloud vs. Mobile: Can They Co-Exist?

cloud computing

IBM recently published an Infographic featuring the following statistics: “68% of top CISOs and security leaders see security in the cloud and data privacy as a critical business concern yet 76% are worried about the theft of mobile devices and the loss of sensitive corporate data.” These stats would indicate that cloud and mobile devices/mobile data cannot co-exist. Yet, for the small and medium business (SMB) market, cloud computing and mobile device management (MDM) have become synonymous with doing business.

Many businesses that comprise the SMB market have adopted, integrated, and even welcomed mobile devices into their day-to-day operations. Often, this is because leadership teams believe that the cost of doing business will go down if employees provide their own mobile devices. There is no denying that business is easier when employees can access their spreadsheets and other documents from off-site and non-business hours from their smartphones and tablets.

Some businesses have gone the extra mile and created and implemented mobile device management plans – or in other words, business continuity plans if and when something unforeseen happens. This means that the businesses are prepared if an employee’s device is lost or stolen, or if the worst case scenario happens and someone either sells the data to a competitor or the network gets hacked through the device.

But is cloud computing a fit for every business? Certainly, it’s important to consider what industry your business is in and what compliance issues your industry must face. Some industries are more appropriate for capturing data in the cloud, and some are not. For instance, medical patient data is still a relatively new area within the infosecurity arena, and there are too many ramifications if a single practitioner, for example, a psychiatrist, places all of her data in the cloud via her smartphone – and then loses her smartphone that isn’t encrypted. This falls under the HIPAA regulations which are becoming very strict. On the other hand, it may make sense for real estate firms to store data about their properties so that other agents can access property info.

Above all, if your business is contemplating using the cloud, answer these questions first and make sure your entire leadership team understands the answers:
•    What is your strategy for storing data in the cloud?
•    What data will be stored in the cloud?
•    Who will have access to the data in the cloud?
•    How long will data be stored and accessible in the cloud?
•    Will the business provide mobile devices?
•    What security procedures are in place to protect the data stored and/or accessed on employee devices?
•    What are the ramifications if data is hacked?
•    What procedures are in place to rectify the situation if data is hacked?
•    What compliance regulations must you follow?

What other questions would you add to this list? Please chime in.

View IBM’s Infographic here:

Image Credit: iprostocks via FreeDigitalPhotos.net

This post was brought to you by IBM for Midsize Business and opinions are my own. To read more on this topic, visit IBM’s Midsize Insider. Dedicated to providing businesses with expertise, solutions and tools that are specific to small and midsized companies, the Midsize Business program provides businesses with the materials and knowledge they need to become engines of a smarter planet.

wordpress blog stats
Posted in BYOD, Cloud Computing, Data Security, Mobile Computing | Tagged , , , , | 2 Comments

Is Privacy More Important to the Media, Businesses or Consumers?


There is no denying that businesses need to be more diligent in protecting their customers’ data, but with all the data breaches publicized in the mainstream media, who cares more about privacy? What do you think: businesses or consumers?

Despite the many data breaches, consumers continue to provide their Personally Identifiable Information (PII) to medium size businesses. At the top of the list, this confidential information may include full name (first and last), home address, phone numbers, and email address. Depending on the business, requested information may also include social security number, date of birth, place of birth, gender, passport number, driver’s license number and state, vehicle registration plate, financial transactions, bank accounts, credit card numbers, criminal background, fingerprints, medical history, name of schools attended, and current employer or previous employers.

What is different about protecting PII compared to any other data and how should PII be protected? According to the “Guide to Protecting the Confidentiality of PII” published by the National Institute of Standards and Technology of the U.S. Department of Commerce:

“In many cases, protection of PII is similar to protection of other data and includes protecting the confidentiality, integrity, and availability of the information. Most security controls used for other types of data are also applicable to the protection of PII. For PII, there are several privacy specific safeguards, such as, anonymization, minimization of PII collection, and de-identification. In addition to protection requirements for PII, there are other requirements for the handling of PII. The Fair Information Practices provide best practice guidelines, such as, Purpose Specification, Use Limitation, Accountability, and Data Quality. Moreover, the factors for assigning a confidentiality impact level to PII are different than other types of data. Breaches to the confidentiality of PII harm both the organization and the individual. Harm to individuals should be factored in strongly because of the magnitude of the potential harm, such as identity theft, embarrassment, and denial of benefits.”

But, consider this, many – and some might argue too many – consumers willingly and without much thought to how their PII may be used and stored provide their PII to businesses. What happens every time someone visits a supermarket? Their rewards card gets scanned, and the store IMMEDIATELY knows who they are, where they live, what their phone number is, what their email address is, and most importantly, what they purchased. The same thing happens at gas stations, restaurants, and other brick and mortar venues – as well as online.

Does your business have a rewards or loyalty program? If yes, what PII do you request? Do you explain why you request specific PII? How do you communicate with consumers to let them know you value their privacy and data as much as they do? How often do you communicate with your consumers to update the information and update your review and/or purge of PII?

Answers to these and related questions should be a high priority and involve your entire leadership team. These discussions should not be delegated to the network admins of your IT department because when a breach happens, you, as a member of the leadership team, don’t want to be surprised. You will want to vividly recall all the protocols you put into place, the bullet points and/or press release drafts you wrote, and the key media people you want to reach out to.

Above all, you want your business to be proactive and transparent to consumers. Your decisions will allow your business to be in a better position to survive a breach.

Read More:

PII definition by Wikipedia:

Guide to Protecting the Confidentiality of PII published by the NIST of U.S. Dept. of Commerce:

“Why Big Companies All Have Loyalty Programs”

“Survey Shows You Don’t Care About Privacy As Much As You Think You Do” by Joshua Steimle (@donloper)

Privacy Rights Clearinghouse – to learn about the latest data breaches:
Image Credit: Supertrooper via FreeDigitalPhotos.net

This post was brought to you by IBM for Midsize Business and opinions are my own. To read more on this topic, visit IBM’s Midsize Insider. Dedicated to providing businesses with expertise, solutions and tools that are specific to small and midsized companies, the Midsize Business program provides businesses with the materials and knowledge they need to become engines of a smarter planet.

wordpress blog stats
Posted in Data Breach, Data Security, Management and Technology, Privacy Rights | Tagged , , , | Leave a comment

What Can Your Business Learn about #Privacy from the UK Direct Marketing Association?

dataIt seems as if a day doesn’t go by without notification by the media of a major data breach. If you’re a member of the C-Suite of a midsize business, you probably spend a good deal of time thinking about how to protect your data as well as your business reputation.

I recently read some surprising news from a British marketing group (1) and offer it as a lesson for all businesses – no matter where your corporate headquarters may be located and how many offices you may have. In August 2014, the UK Direct Marketing Association released a new privacy code of practice to address customer concerns about data privacy. The link for the entire code is provided below (2), but the code focuses on five key principles:

[1] Put your customer first
[2] Respect privacy
[3] Be honest and fair
[4] Be diligent with data
[5] Take responsibility

While we all receive too much direct mail, this attention to our privacy brings the discussion about customer data to the forefront. As a result, there can only be positive outcomes:

[1] Businesses will implement stricter protocols regarding data protection
[2] Businesses will implement quicker disaster recovery procedures
[3] Businesses will alert customers immediately upon learning of a breach – as opposed to having the media share the news
[4] Businesses will inform law enforcement agencies
[5] Businesses will call in third-party forensics teams to determine the size of the breach and develop protocols to mitigate future breaches

If you suspect a breach or just want to keep current on the latest breaches, visit the list provided by the Privacy Rights Clearinghouse, whose tagline is “Empowering Consumers. Protecting Privacy.” (3)

Lastly, here’s something else I found surprising: if a member of the UK’s Direct Marketing Association breaks this new privacy code, the member will be expelled from the association. Don’t you think all businesses would spend more time and money protecting their customers’ data if there were more significant ramifications than just the equivalent of a slap on the wrist by the media? I welcome you to chime in.
(1) UK Marketing Trade Body Unveils New Code to Address Privacy Concerns:

(2) UK DMA Privacy Code:

(3) Privacy Rights Clearinghouse:

Image Credit: Courtesy of Stuart Miles via FreeDigitalPhotos.net

This post was brought to you by IBM for Midsize Business and opinions are my own. To read more on this topic, visit IBM’s Midsize Insider. Dedicated to providing businesses with expertise, solutions and tools that are specific to small and midsized companies, the Midsize Business program provides businesses with the materials and knowledge they need to become engines of a smarter planet.

wordpress blog stats
Posted in Data Breach, Data Security, Management and Technology, Privacy Rights | Tagged , , , , | Leave a comment

Top 10 Tips to Share with Employees During Cyber Security Awareness Month (#NCSAM)


There is no dispute that data breaches are becoming more common, and as a result, online safety and the protection of personally identifiable information (PII) are hot topics in the mainstream media. Therefore, the month of October presents an excellent opportunity for all businesses, especially midsize businesses, to remind employees about their responsibilities when it comes to protecting corporate data.

Here are my top ten tips to share with employees during Cyber Security Awareness Month:

[1] Complex Passwords
All passwords should be at least 10 characters and include lower and upper case letters, numbers, and symbols. If your employees need assistance in creating complex passwords, share this password strength evaluator from Microsoft’s Safety and Security Center:

[2] Browser Security
Make sure that employees use secure browsers when accessing company webmail from offsite and with mobile devices, which means that the browser is HTTPS and not HTTP. Also use a sandbox program that will keep viruses and malware from entering the computer through the browser. A few examples of sandboxing include Sandboxie, VirutalBox, and BitBox.

[3] Abbreviated Links
Before clicking on any abbreviated links, determine the entire URL. Here’s a site to assist your team: http://urlxray.com/

[4] Emails and Attachments
Make it a practice to NOT open emails and attachments (especially JPEGs) from unknown senders, and do not use Preview Pane, because it’s akin to opening emails.

[5] BYOD Policy
Implement a Bring Your Own Device (BYOD) policy and train employees on the why’s and why not’s. And, make sure that your leadership team also abides by the policy. In addition, the leadership team and IT Department should create the policy together.

[6] Social Media Policy
Implement a social media policy and train employees so that everyone understands who maintains the official voice of the company on all social media platforms. Make sure that departments understand who maintains the social platforms because you don’t want departments fighting it out in public. Also include a statement if employees are required to include “Views are my own” in their bios if they reference the company name in their profiles. Above all, remind employees that once they post something online, it takes on a life of its own and cannot be removed. Therefore, it’s critical that they abide by the mantra that they should not post anything that they would not want their boss or grandmother to see online.

[7] Disaster Recovery Plan
Implement a disaster recovery plan and train employees on a regular basis so that everyone knows how to access corporate data in the event of a disaster and the planned amount of time that data may not be accessible.

[8] Cloud Computing
In today’s era when everyone uses the cloud, develop a plan for what employees can store in the cloud. There should be a policy for storage and for access. For example, it may make sense for some documents to be stored in the cloud so that many employees can access the same document, but it may not make sense for entire departments to access the document or for some documents to even be stored in the cloud.

[9] Non-Approved Software
Seen any good games lately? I’m sure your IT Department has. Employees always try to circumnavigate sysadmin protocols and download unapproved software. Make sure that your company’s user permissions are not strong enough to allow any downloading of software before it is reviewed and approved by the IT Department. You certainly don’t want any mysterious software to cause havoc to your network.

[10] Back Up
Lastly, remember, it’s not if you lose your data, but when, so back up, back up, back up.

Here’s to a safe Cyber Security Awareness Month!

To learn about how your team can participate in activities throughout October, visit the website of the Department of Homeland Security:

The National Cybersecurity Alliance’s mission is to educate and empower a digital society to use the Internet safely and securely at home, work, and school – protecting the technology that individuals use, the networks they connect to, and our shared digital assets. Learn more at:

“A Penny for Your Privacy?” by Chris Taylor and Ron Webb via @HarvardBiz


Image Credit: ddpavumba via FreeDigitalPhotos.net

This post was brought to you by IBM for Midsize Business and opinions are my own. To read more on this topic, visit IBM’s Midsize Insider. Dedicated to providing businesses with expertise, solutions and tools that are specific to small and midsized companies, the Midsize Business program provides businesses with the materials and knowledge they need to become engines of a smarter planet.

wordpress blog stats
Posted in Business Process, BYOD, Cloud Computing, Cybersecurity, Data Security, Disaster Recovery, Management and Technology, Mobile Computing, Network Security, Social Media | Tagged , , | 2 Comments

Are You Integrating Security into Your Celebration of #CXDay?

Security for CX DayIs the first Tuesday of October marked as a special date on your calendar? If not, the significance around social channels will alert you to this hashtag. The second Tuesday in October is #CXDay, and according to Annette Franz (@CXJourney on Twitter), “It’s a celebration of customer experience professionals, those folks who work tirelessly to design and deliver a great customer experience to their customers. The day is meant to continue to raise awareness of the importance of the customer experience.”

My grad school studies were in marketing, so while my professional focus may not be customer service or marketing, I am able to clearly see the alignment between the marketing and technology functions within a business. First, who are the IT Department’s customers? While we often don’t think about this, we in the IT world serve employees within other internal departments: Human Resources, Finance, Research and Development, Manufacturing, Marketing/PR, Sales, Customer Service, Legal, etc. On the other side of the coin, we also serve customers by maintaining the hardware and software to bring products or services to external customers since we maintain the web servers, websites, and networks that support them. So, when you think about it, we really are a piece of the pie that delivers service.

As a midsize business, how will you celebrate Customer Experience Day? Will you send your customers an email thanking them for their business? Will you send them a discount on a future purchase of your product or service? Will you hold a party or some other big function to recognize and thank your customers? Or, will you give your employees movie tickets or cash bonuses?

No matter how you recognize the customer experience that your business provides, don’t forget to integrate SECURITY. The core of recognizing your customers is showing them that you value them and their business – and the most important way you can do that is to protect their data. In today’s era of data breach announcements hitting the news almost on a daily basis, show that you truly value your customers. Let them know on Customer Experience Day how you protect their data – send them an email highlighting your data protection policies, your online privacy policy, and your data recovery policy. Knowledge is power, therefore, letting your customers know how you protect their data may keep them from suing you later.

Since it gets harder and harder to stand apart from the competition, use Customer Experience Day as a way to stand out. Integrate security into your celebration and let your customers know that their data protection is just as important to YOU as it is to THEM.

To see how you can participate in #CXDay, click here:

Image Credit: Stuart Miles via FreeDigitalPhotos.net

This post was brought to you by IBM for Midsize Business and opinions are my own. To read more on this topic, visit IBM’s Midsize Insider. Dedicated to providing businesses with expertise, solutions and tools that are specific to small and midsized companies, the Midsize Business program provides businesses with the materials and knowledge they need to become engines of a smarter planet.


Posted in Business Process, Data Breach, Data Security | Tagged , , , | Leave a comment

Don’t Forget Security When It Comes to E-Waste

ewasteWith school back in session and Halloween just around the corner, the December holidays will soon be here. And with December holidays quickly approaching, it’s time to start dreaming about all the new technology purchases on your holiday shopping list. But as you dream, what will you do with all your current devices? As you wonder where you’ll take your outdated smartphones, tablets, and desktops, either conduct a Google search for your nearest e-waste drop-off location or use a convenient app on your smartphone to find a location. But, whatever you do, take security precautions.

The term “E-Waste” applies to electronic equipment that is at the end of its useful life and cannot be thrown away by conventional means: TV’s, computers, laptops, monitors, printers, cell phones, VCR’s, copier machines, fax machines, scanners, DVD players, cameras, keyboards, mice, speakers, computer backup batteries, computer wire/cables, ink cartridges (empty or full), motherboards, servers, stereos, radios, and electronic games. TV’s and computer monitors cannot be thrown into landfills due to their lead content. In 2008, there was 4.6 billion pounds of e-waste in the United States, but less than 900 million pounds (19%) of that waste was recycled.

There are places where you can drop off your equipment. Goodwill is one option and offers e-waste drop-off sites throughout North America. Another option is All Green Electronics Recycling with locations throughout the United States – and is based in Southern California. All Green picks up electronics from homes and offices and also recycles the e-waste. All Green’s competitive advantage is that it offers data destruction options ranging from low-cost data wipes to certifications required for the U.S. Government and military.

But before you say goodbye to your equipment, here are five quick security wipe reminders:

[1] For hard-drives in desktop computers, laptops, or tablets: remove the hard-drives and use a screwdriver, pliers, and hammer to take them apart and break the disks inside the case – that’s the only way to completely destroy the data. For external hard drives, destroy or use a military-grade wiping software – but a truly dead hard drive is one that has been taken apart.

[2] For cell phones: break the inside chips.

[3] For smartphones: use the security wipe features already on the phones. See your product guide for details. There are also apps available for this purpose for iOS, Android, and Blackberry.

[4] For copy and fax machines: remove flash memory and destroy.

[5] For all other equipment, check manufacturers’ websites to find out recommended ways to purge the memory.

Security is a serious business whether you’re a tech professional, a midsize business, or a tech enthusiast. Since you don’t want any of your data ending up in the wrong hands, do whatever you can to protect yourself. Don’t let the holidays bring you an unwanted gift: either your data ending up in the wrong hands or a case of identity theft.


Image Credit: digitalart via FreeDigitalPhotos.net

This post was brought to you by IBM for Midsize Business and opinions are my own. To read more on this topic, visit IBM’s Midsize Insider. Dedicated to providing businesses with expertise, solutions and tools that are specific to small and midsized companies, the Midsize Business program provides businesses with the materials and knowledge they need to become engines of a smarter planet.

wordpress blog stats
Posted in Data Security, Network Security, Tech Equipment | Tagged , , , | Leave a comment