Does Your Business Think Like A Tech Company?

technologyHow often does your business stand out from the competition? Is your business an industry leader or just one among dozens or even hundreds in your industry? Does your leadership team dream of being the Google, Microsoft, Apple, or Amazon of your industry? I read a recent post about the banking industry that offered an interesting perspective. Perhaps, there’s an easy way to accomplish this: Think like a tech company.

“Technology companies are forcing the evolution of the banking industry, compelling traditional financial institutions to emulate [tech firms’] attributes.” Ashley Veasey, Barclays Africa Group CIO, explained, “Banks need to start thinking and working like technology companies, and use innovative thinking and big data to better understand their customers.”

As YOUR business grows, how much time, budget, and strategic planning are applied toward your customer data, or in the lingo of tech companies, big data? Wikipedia defines big data as “Data sets so large or complex that traditional data processing applications are inadequate. Challenges include analysis, capture, data curation, search, sharing, storage, transfer, visualization, and information privacy. The term often refers simply to the use of predictive analytics or other certain advanced methods to extract value from data, and seldom to a particular size of data set. Accuracy in big data may lead to more confident decision-making. And better decisions can mean greater operational efficiency, cost reduction, and reduced risk.”

Here are some statistics that may convince you to understand your data, according to Forbes columnist Bernard Marr:

[1] This year, over 1.4 billion smartphones will be shipped – all packed with sensors capable of collecting all kinds of data, not to mention the data that users created themselves.

[2] By 2020, there will be over 50 billion smart connected devices in the world, all developed to collect, analyze, and share data.

[3] By 2020, at least 33 percent of all data will pass through the cloud (a network of servers connected over the Internet).

[4] For a typical Fortune 1000 company, just a 10 percent increase in data accessibility will result in more than $65 million additional net income.

[5] At the moment, less than 0.5 percent of all data is ever analyzed and used.

How much strategic planning is applied toward the process of innovative thinking to better understand your customers? According to Wikipedia, “Innovation can be viewed as the application of better solutions that meet new requirements, inarticulated needs, or existing market needs. This is accomplished through more effective products, processes, services, technologies.”

If your business strives to stay ahead of the competition – no matter the industry – you should start thinking like a tech company. With all the screens available to customers, i.e., desktops, laptops, and smartphones, and all the communication vehicles available for outreach, i.e., email and texts, no one is ever truly unplugged. This means that your business should consider all the ways that customers can connect and engage with your business.

As these connections happen, does your business capture customer data in a secure manner? How many systems are in place to safeguard the data? What happens if a data breach happens? What are the procedures to alert customers and the media?

So let’s return to the banking industry. To quote Alistair Peterson, Frost & Sullivan Africa Director of Growth Implementation Solutions, “Traditional banks cannot survive without becoming agile in their ability to develop customer experiences that surprise and delight through the use of various technologies. It is called the omni-channel experience, and traditional banks need to be at the vanguard or these new technologies.”

Your business doesn’t have to think like a bank, but I strongly recommend that you consider technology industry attributes. Your business longevity could be at stake.


Inspiration for this post:
“Banks Must Think Like Tech Companies”

“Big Data: 20 Mind-Boggling Facts Everyone Must Read”

Image Credit: Stuart Miles via

This post was brought to you by IBM for MSPs. Dedicated to providing valuable insight from industry thought leaders, PivotPoint offers expertise to help you develop, differentiate, and scale your business.

wordpress blog stats
Posted in Big Data, Business Process, Cloud Computing, corporate data, Management and Technology | Tagged , , | Leave a comment

How to Make Sure Your Brand Is Not #1 When It Comes to Cybersecurity Breaches

cybersecuritybreachAccording to a recent post in NetworkWorld by Maria Korolov, the Massachusetts Institute of Technology (MIT) scored at the bottom in a cybersecurity survey of 485 large colleges and universities. For a prestigious university known internationally for producing talented individuals in the fields of technology, mathematics, statistics, and science taught by intelligent and knowledgeable professors, how did such a negative score happen?

SecurityScorecard, a security risk benchmarking platform, analyzed the educational institutions based on web application security, network security, endpoint security, IP reputation, patching, and other security indicators. (The full report can be downloaded for free by clicking here.)

SecurityScorecard’s Chief Research Officer Alex Heid explained, “When we dug in, we found that there are a lot of exposed passwords, old legacy systems, and a bunch of administrative subdomains that seem to have been forgotten about. It’s common at colleges for students and faculty to move on and forget to shut down old projects.”

This report serves as a lesson to all industries and all sizes of businesses. First, no matter what INDUSTRY you’re in, you’re vulnerable. Don’t assume that you’re immune because you aren’t a financial institution, government entity, health organization, retail outlet, or educational institution. Second, no matter what SIZE your business is, you’re vulnerable. Hackers can, and are, everywhere. A mom-and-pop or family-run business is just as vulnerable as a publicly-traded Fortune 500 business – and just as vulnerable as all sizes in between.

But the most important lesson to learn from this report is that small and relatively obscure brands are just as vulnerable as the big and well-known brands. We learned this when the breaches occurred with Target, Anthem, United Airlines, UCLA Health System, and Mandarin Oriental hotels. Many experts thought these big businesses were immune. They were wrong.

Naturally, as all marketing experts say, you want your brand to be an industry leader. But in this instance, don’t let your brand be an industry leader when it comes to cybersecurity breaches. Instead, spend the time to implement these five recommendations:

The older a piece of software becomes, the greater the chance that hackers will discover vulnerabilities. Patch management helps alleviate this issue because as vulnerabilities are found, they are patched by the developer. Although an internal threat can bring a payload in-house through USB, DVD, or other bootable media that can attack a particular vulnerability. A patched vulnerability gives one less attack surface for a hacker to try in his/her attempt to gain a foothold.

Unfortunately, the biggest risk to security is us. Human beings have a tendency to be sloppy with security protocols. As security personnel, we are taught that the best passwords consist of lower and uppercase letters, numbers, and special characters. Yet, people will always stick with the simplest things so that they can remember them.

Make sure that you’ve trained employees about what to look for when opening email messages. Since many breaches happen as a result of opening email messages and attachments that should never have been opened, instruct employees to instantly delete emails that come from people they don’t recognize or receive email attachments from employees or people outside the company that they weren’t expecting.

Implement a disaster recovery plan so that all employees know who will access corporate data – and which data – in the event of a disaster and the amount of time that data may not be accessible – if at all, and the procedures to recover data after the disaster.

Accept the fact that a breach may happen. But, if you back up your data on a regularly-set schedule depending on the value of your data and how often it is changed or updated, the re-creation of your data will not be one of your business’ headaches.

Since consumers can learn about breaches as soon as they happen, businesses should take responsibility and inform the public as soon as possible. The Privacy Rights Clearinghouse features a Chronology of Data Breaches and is updated daily. Here’s the link:

In case you’re wondering, the highest scoring university may surprise you: Merced Community College in Merced, California.

Image Credit: Stuart Miles via

This post was brought to you by IBM for MSPs. Dedicated to providing valuable insight from industry thought leaders, PivotPoint offers expertise to help you develop, differentiate, and scale your business.

wordpress blog stats
Posted in Cloud Computing, corporate data, Cybersecurity, Data Breach, data protection, Data Security, Disaster Recovery, Email, Management and Technology, Network Security | Tagged , , , , | Leave a comment

Does Your Business Have a Cloud Computing Usage Policy?

cloud and rainMany businesses have a Bring Your Own Device (BYOD) to Work policy, a risk management policy, and some businesses are even tech-savvy enough to have a social media policy. Some businesses go one step further and introduce and review all these policies during the onboarding process for new employees. But while many businesses expect employees to collaborate on work either while in the same office or remotely, they are placing their data at risk if they don’t have a cloud computing usage policy.

In simple terms, cloud computing is the process of using a network of remote servers hosted on the Internet to store, manage, and process data, rather than using a local server or a personal computer.

According to Wikinvest, “Cloud computing allows consumers and businesses to use applications without installation and access their personal files at any computer with Internet access. This technology allows for much more efficient computing by centralizing data storage, processing, and bandwidth. A simple example of cloud computing is Yahoo email, Gmail, or Hotmail. All [the user needs] is an Internet connection [to] start sending emails. The server and email management software is all on the cloud (Internet) and is totally managed by the cloud service provider Yahoo, Google, etc. The consumer gets to use the software alone and enjoy the benefits. The analogy is, ‘If you need milk, would you buy a cow?’”

What should you consider as you create a cloud computing usage policy? Here are five key items:

Which members of your team should access the documents stored in the cloud? If you grant universal access to the stored documents, you may be giving away keys to your data. Think about your data as if it were in a vault. How much you spend on the vault is determined by how much your data is worth. There are different levels of need for access – for example, some Vice Presidents may have greater need than IT managers, or vice-versa. You are not obligated to provide the same level of access to all employees. It’s called “least privilege.”

How often do your employees add documents to the cloud? If your team uploads data on a daily or weekly basis, then the cloud may be an important way for your team to interact and work. But if your team only accesses the cloud once a month, you need to reconsider the cloud as an efficiency tool. Is it really worth the cost?

Have you decided on the parameters of using the cloud? For example, there may be specific types of documents that should reside in the cloud rather than others. Do employees store Word documents, Excel spreadsheets, pie charts, PowerPoint presentations, photos, etc.? For your employees to understand the benefits of using the cloud and to be proactive in protecting your business’ confidential data, they need training. Maybe you use a hybrid system where your confidential documents, such as intellectual property, are kept in-house and your other documents are kept in the cloud. Unfortunately, there are too many businesses that allow their employees to store whatever they wish in the corporate cloud. This can become a sticky legal issue if it is found that the employee is using it to store illegal information, other companies’ intellectual property, or any type of data that can place your company in a position to be sued.  Establish rules that must be followed and let the employee know that any wavering from the acceptable use policy will be grounds for termination. Be sure to have your attorney approve the document and make sure all employees read it and sign it. A part of an employee’s training is to educate him or her on the use of public cloud sites. Train employees to understand that uploading corporate data into their public cloud site is unacceptable. And finally, you must establish a password policy that everyone must follow: at least 10 characters comprised of uppercase, lowercase, numbers, and special characters – or use biometrics. Run this policy through active directory so it is enforceable. Don’t leave it up to individual users.

How necessary is it to keep your documents in the cloud and do they remain there indefinitely? If it is a team project and the project is finished, does it really need to remain in the cloud? There should be a defined lifespan for the data to reside in the cloud. Maybe confidential docs should only reside there as long as they are being worked on – and non-confidential docs can remain indefinitely. But the one thing to remember is that the cloud is never permanent. Very few providers will last for years – or the fees that your company will be charged will become exorbitant. Think about a guest in your home: that person stays for a limited amount of time (hopefully) and then leaves. The same rule should apply with the cloud – store your documents there, work on them, and then do what your cloud policy says to do.

Did you know that most cloud based companies do not back up your data? They will do it for themselves, but if you want to retrieve your data, especially from a long time ago, you may be out of luck. You may be able to retrieve it, but it will cost you a lot of money. If you need to recover deleted data, such as, purged email from a long time ago, you might find your SaaS or PaaS providers like, Google Apps, Microsoft Office 365, Amazon Web Services, etc., unable or unwilling to help. Recently, a new use for “the cloud” has come about. It is called cloud to cloud backup and recovery. It is automatic and saves all of your data from whatever PaaS or SaaS you are using. My mantra of “It is not if you lose your data, but when” has unfortunately rung true many times for many people. Using cloud to cloud backup and recovery might just make that saying obsolete. That is of course, if it is set up and managed correctly.

Remember, clouds can burst, and you don’t want your data raining down somewhere it doesn’t belong.

Image Credit: Stuart Miles via

This post was brought to you by IBM for MSPs. Dedicated to providing valuable insight from industry thought leaders, PivotPoint offers expertise to help you develop, differentiate, and scale your business.

wordpress blog stats
Posted in Business Process, BYOD, Cloud Computing, Cybersecurity, Data Breach, data protection, Data Security, Management and Technology, Network Security, Telecommuting | Tagged , , , | Leave a comment

Don’t Forget Security When Developing Corporate Mobile Apps – Time for Another Look


About a year ago, I wrote a post about the importance of security when developing mobile device apps. As part of the post, I also discussed the importance of security when evaluating the “bring your own device” to work (BYOD) phenomenon and the growth of the Internet of Things (IoT). Today, a year later, it’s time for another look.

If you’re creating an app, are you using tools provided by a managed service provider (MSP) allowing multiple people in multiple places to work on it? Does the MSP charge by the seat for the tools to be used, or is it a group license? Today, businesses try to offer apps on both the Android and iOS platforms, so you need to make sure that tools for both platforms are available. Most importantly, before launch, test your app over a wide range of devices and employ as many testers as possible.

Now, how many businesses have apps specifically designed for their industry? Recent developments, especially in the healthcare sector, require customized apps to better serve the needs of their stakeholders, in their case, patients and medical care professionals. In addition, healthcare organizations are also finding that off-the-shelf apps don’t always meet their needs. A side benefit to creating a customized app is that a business can release it in the general marketplace and create another revenue stream.

As the BYOD phenomenon further evolves, businesses are finding that apps may not exist that work both for their organization’s devices and their employees’ devices. This propels businesses to develop apps to perform on a myriad of devices.

Of course, this leads us to the elephant in the room: users’ privacy concerns. What information does your app require in order to download it? In an industry with compliance issues, one must be sure that the requirements for regulatory environments are met.

If you’re putting your app into the open market, how is cost determined? Is user information more carefully guarded if the app has a cost associated with it (data saved to the cloud) or some usability is deactivated if the app is offered for free? For example, apps that track your health and well-being: if the app is paid for, is the data being used offering real-time health status versus a free version of the app that may only provide limited use.

If your business has created an app, how do you measure its success? By the number of downloads? By the number of reviews? By the number of in-app purchases? Or by some other metric? However, don’t ever forget that you have an obligation to your users to protect their confidential information – regardless of if they paid for the app or got it for free.

Lastly, consider this scenario. What if your app is hacked? What measures are in place to protect your users’ information? Do you have a protocol in place to notify users of the breach? Do you have a procedure in place that will take the app down and rebuild it? Don’t enter the app market if these questions aren’t answered first.

Image Credit: KROMKRATHOG via

This post was brought to you by IBM for MSPs. Dedicated to providing valuable insight from industry thought leaders, PivotPoint offers expertise to help you develop, differentiate, and scale your business.

wordpress blog stats
Posted in BYOD, Data Breach, Data Security, Internet of Things, MSP, Privacy Rights | Tagged , , , , | Leave a comment

The Managed Service Provider (MSP) Quandary: They’re Only as Good as You Allow Them to Be

mspWhen I hear of managed service providers (MSPs), I think of services in a compartmentalized box or a box of Legos. While that may be a simplistic view of what a MSP is, it actually fits because that’s how companies tend to use them. They take parts that they want from a box and leave others that they don’t want. And as an end-user chooses a product or service from the box, the pieces are attached together to form an organization’s total service solution. This process is used whether it is a small company or a Fortune 500 company.

After an organization’s needs have been met, and after the service level agreements (SLAs) have been signed by the appropriate departments within an organization, then the work begins. But, the relationship can become problematic even when the relationship begins under the best of circumstances. A business relationship can spiral out of control very quickly because the organization may not believe that the MSP is doing its job correctly, or even worse, the organization blocks the MSP from doing its job.

There’s an old saying in the tech industry: “Working with computers would be great if it weren’t for the clients.”

When a business is paying for services, you would think that it would listen to its hired service provider, but that is not always the case. This is sometimes the case for services that cost above and beyond the price of the MSP. For example, through monitoring, it is determined that more cloud storage is needed, or a system critical server is about to fail. The organization says, “We don’t need that right now.” Translation: “We don’t want to pay for that right now.”

So the MSP team has issued the warning and laid out the evidence to support its findings, but the organization fails to act. So what happens when systems fail? You guessed it. The organization blames the MSP for not being adamant about the problem before the crisis erupted.

Or, the organization fails to listen to the MSP for no apparent reason. For example, a major organization receives a call from its MSP that monitors security. This MSP calls the security manager at the organization and tells the main contact that there’s a high probability of a major breach. Instead of taking immediate action, which might include checking the security infrastructure and searching for holes, the security manager ignores the warning. So what happens? A breach happens, and it causes millions and millions of dollars in damages.

But, let’s not forget. The MSP did the job that it was paid to do – a job that cost this organization a lot of money per year, and a major breach happened because the organization failed to act on intelligence that the MSP had provided. This error in judgment not only cost the organization money – but most likely, its reputation as well.

So before hiring an MSP, consider this. How much is its advice worth to you? Are you going to listen when the MSP gives advice, or will you listen ONLY when you want to? Granted, there are some MSPs that just want to take your money and provide lousy service, but for the most part, MSPs are honest. MSPs offer important services that your organization cannot handle due to manpower, space, equipment, or infrastructure issues such as the inability to manage disaster recovery, backup, and other infrastructure limitations.

The right MSP that’s the right fit for your business can help make your business run smoother and recovery much quicker.

Image Credit: Pakorn via

This post was brought to you by IBM for MSPs. Dedicated to providing valuable insight from industry thought leaders, PivotPoint offers expertise to help you develop, differentiate, and scale your business.

wordpress blog stats
Posted in Business Process, Cloud Computing, corporate data, Data Breach, data protection, Data Security, MSP, Network Security | Tagged , , , | Leave a comment

5 Must-Ask Questions Before Adding the Cloud to Your Infrastructure

cloudcomputingIn a previous post, I asked, “Is Your Business Ready for the Cloud?” Five key issues were detailed to assist midsize businesses before making the decision to move to the cloud.

But once your leadership and IT teams make the decision to move data to the cloud, your next step should be to sign a vendor agreement with your cloud provider. Don’t move forward without having your leadership and IT teams review the agreement in its entirety, and even better, include your legal team in the review process.

According to the IBM Center for Applied Insights:
“By 2016, cloud computing will matter more to business leaders than to those in IT. According to a recent study conducted by the IBM Center for Applied Insights, cloud’s importance to business users is expected to grow to 72 percent, exceeding its importance to IT users at a mere 58 percent.

While it may not generate the same breathless excitement it once did when the technology first emerged, “The Cloud” has undoubtedly become ubiquitous. As the technology matures and lingering security concerns dissipate, even the most conservative businesses have jumped on the cloud bandwagon. According to a study released in 2013 by the IBM Institute for Business Value, 64 percent of CIOs plan to invest in cloud over the next few years.

And as cloud technology continues to mature, how companies use cloud will also continue to evolve. What was once primarily used for cutting costs is growing into so much more. Today’s companies are increasingly looking to the cloud to not only improve efficiency, but also to innovate and create.”

What was once only for storage now includes the following technologies:

[1] SaaS = Software-as-a-Service: using a product such as an Office-like suite of software in the cloud environment.

[2] IaaS = Infrastructure-as-a-Service:  a form of cloud computing that provides virtualized resources over the Internet. The definition includes such offerings as virtual server space, network connections, bandwidth, IP addresses, and load balancers.

[3] PaaS = Platform-as-a-Service: a service that can be defined as a computing platform that allows the creation of web applications quickly and easily.

[4] DRaaS = Disaster-Recovery-as-a-Service: businesses that do not have the time or resources to manage a disaster recovery plan and regular service can outsource this process.

As you review a cloud computing agreement, also known as the service level agreement (SLA), make sure to ask these five critical questions and listen, really listen to the responses:

[1] What happens if there is a data breach?

[2] What procedures are in place to mitigate a data breach?

[3] How quickly do you handle credential changes, for example, when an employee is promoted, hired, or fired?

[4] Do the terms of the SLA reflect an understanding of compliance regulations when it comes to physical data storage requirements? For example, depending on industry and regulations (healthcare, financial, etc.), data may sometimes have to be stored within the state where business is conducted.

[5] What security measures does the cloud vendor put in place to protect its data and data centers? This means physical security as well as internal, electronic, and web facing.

So, has your business moved to the cloud yet, and if yes, what was your best cloud story, good or bad? Since others can learn from your experiences, please chime in.

Image Credit: digitalart via

This post was brought to you by IBM for MSPs. Dedicated to providing valuable insight from industry thought leaders, PivotPoint offers expertise to help you develop, differentiate, and scale your business.

wordpress blog stats
Posted in Cloud Computing, corporate data, Data Breach, data protection, Data Security | Tagged , , , | Leave a comment

12 Timeless Password Tips for Improved Security


According to Splashdata, the #1 and #2 most commonly used passwords are “123456” and “password,” so the creation of strong passwords is one way that users can be proactive in fighting security breaches. Since passwords are the core of an overall security plan, here are my favorite password-related tips. When using a managed service provider, it’s just as critical to follow these guidelines because any time data travels to a third party, it can become more vulnerable.


Make sure your passwords are complex. Use lower case and upper case letters, numbers, spaces, and symbols. Make sure the password length is longer than eight characters – Microsoft recommends at least 14 characters. Don’t use common or uncommon words from the dictionary or real names. Don’t spell your name backwards, use words with common spelling errors, or repeated sequences of the same numbers or letters. Create a phrase or sentence. If you are curious how strong your password is, check it out at How Secure Is My Password or use the Microsoft Password Checker. You can also learn how your password stacks up with the Password Strength Checker – this site evaluates the strength of your upper and lower case letters, numbers, symbols, etc.


Create a different password for each website you use or wherever you access your data. Don’t use the same password for Facebook, Twitter, LinkedIn, Google+/YouTube, Pinterest, Instagram, etc., because if someone gains access to one account, the hacker could then gain access to all of your social networking sites – contact information, photos, family member names, etc. Also, if you use passwords to access online banking, medical data, or other confidential information, create unique passwords to access each site.


If you don’t want to remember your passwords because they are too long and complex (hopefully), or if you would like an online site to generate passwords for you, check out LastPass. With LastPass, you will only need to remember one master password to log onto the site. LastPass automatically saves your log-ins and passwords for all sites that you visit – after you enter them both the first time, they are saved and encrypted in LastPass. Once you return to the website, LastPass will enter your password and user name automatically, which will serve as protection against keyloggers (software that records keystrokes when a user logs on to a specific website with the intent to steal information). There is a free version as well as a premium version – and the download is available for Windows, Mac, and Linux. While there have been security breaches on LastPass, LastPass remains the leader in the web password manager space.


If you store important documents on your home computer with bank account information, tax information, and social security numbers, make sure to add a password to them. If your computer ever gets stolen, the passwords will add another layer of security to your information.


If you are asked security questions as an additional component of password creation, don’t use easy answers. For example, don’t use your birthday, spouse’s first name, mother’s maiden name, your car license plate, or city where you live. For many hackers and even those who know the right websites to search, these pieces of data can be easy to find.


Whenever you sign up on a new site or get assigned a new site to access, there is often a default password. Often, we are so busy that we forget to change the default password – not a good idea. Before you do anything on the site, go first to the settings area and create a new password.


Since most businesses require users to change their passwords every 90 days, changing your personal passwords several times a year is a good idea.


Always be sure to log off of the site that you’re accessing because bad guys can steal your passwords. Even if you close your browser, your visit is still active. Logging off from the site will immediately end your session on the site. While you should always delete your cookies, history, and cache, you can either manually do this or set your browser settings to automatically delete when you close your browser.


Don’t give your IT Department a heart attack and write your passwords on a Post-It note attached to your monitor, under your keyboard, in a drawer, etc. While this sounds obvious, people think no one will notice or that the note will just be placed on the screen for a few moments. If you do this, you are handing your data to a thief on a silver platter – don’t do it.


Does your business have a password policy? If your business is progressive, you will read and sign harassment, privacy, BYOD, and social media policies. But due to the importance of passwords, make friends with your IT department. Go the extra mile: always change passwords when asked and always set up your password according to company policy. If corporate policy allows, set up a screensaver to activate after a short period of inactivity to protect anything on the screen.


Don’t use your email address as a username (unless corporate policy dictates that you must) – and don’t make your password the same as your username. If you are accessing a business-owned account, then access is terminated once you leave your position. And if you use a personal email address, once you leave the position, the business has no way to access the account. Personal email addresses are easier to hack.


Don’t ever click on the “remember password” option in your browser. Unlike passwords saved in LastPass, they are not protected by encryption and are open for bad guys to see if they get ahold of your browser. To quote Dana Molina of SureTech, “If your device is ever stolen, you’ve just invited a thief into your home, removed their shoes, and given them a foot massage.”

Do you have a tip to add to the list?

Image Credit:  digitalart via

This post was brought to you by IBM for MSPs. Dedicated to providing valuable insight from industry thought leaders, PivotPoint offers expertise to help you develop, differentiate, and scale your business.

wordpress blog stats
Posted in Business Process, Data Security, Network Security, Tech Equipment | Tagged , , , | 1 Comment

Television’s Role in the Conversation about Cybersecurity


Have you noticed all the recent storylines about cybercrime on television? Several episodes of “The Good Wife” focus on technology issues ranging from hacked emails to online privacy to ransomware (a type of malware that restricts access to the computer system it infects and demands a ransom paid to the creator of the malware in order for the restriction to be removed). And of course, the latest version of the CSI franchise is titled “CSI: Cyber,” whereby all episodes focus on online crime.

This increased attention on cybercrime and resulting emphasis on cybersecurity are definitely a positive move in the right direction. The attention is much appreciated by the technology industry overall, but specifically by professionals in the infosecurity arena, who talk about cybersecurity awareness on a daily basis. This is because a large part of our jobs has become alerting leadership teams and Boards of Directors about the consequences of data breaches and the importance of implementing security awareness programs and business continuity programs.

With a spotlight shining on cybercrime, Twitter conversations and Facebook posts increase around these TV shows and actors. And with an increase in interest in these important matters, the result may be that your business may be just a little safer – thanks to television.

You never know when an employee will receive an email from an unknown source, and in a split second will make a decision NOT to open the email because he/she doesn’t recognize the sender. The employee recalls an episode from a TV show that showed how an entire company’s email system was hacked and customer database was breached from a virus in a single email. Your employee made a decision based on a TV show.

Of course, a possibility of so much cybercrime on TV may be that the bad guys get some ideas. What TV starts, sometimes, the bad guys will finish.
Image Credit: Digitalart via

Posted in Cybersecurity, Data Breach, Data Security, Disaster Recovery, Email, Management and Technology, Network Security, Online Security | Tagged , , , , | 1 Comment

A Cheat Sheet to Translate InfoSecurity for Key Business Units

infosecAs a result of working with many different business units over the last decade, I’ve developed my ability to help companies by bridging the business and technology gap – and align technology strategies with business objectives. Toward that end, I have devised scenarios detailed below that translate infosecurity concepts into languages that team members can understand based on their specialty areas.

My goal is to initiate a dialogue between business unit managers so that we may work as a team to mitigate internal and external threats. The truth is, without awareness, buy-in, and participation by all business units, companies will not engage all employees in the company-wide objective of practicing infosecurity. Throughout this post, I talk about “IT departments,” but remember that this department encompasses a lot of different areas of expertise. The IT department of the old days no longer means simply fixing computers and setting up networks.

Since this team is responsible for building brand equity, communicating competitive advantages, and interacting with members of the media, they speak a totally different language than those of us in the IT space. So, in order to train these folks to be smart computer users, I use this situation: You write a 20-page annual report, tweak all of the graphics, add all the financial data, and are ready to send the file to the printer. The IT department is called in to check the marketing files held on the shared server for the marketing department because at some point, someone in the marketing department found a graphic from an insecure website at home and transferred it via USB drive or BYOD device. Since that user did not have up-to-date malware protection on his/her own device when the image was uploaded to the document, the virus attached to the document. Now, not only is the file corrupted, files from other departments also have the potential to become corrupted. And, to add insult to injury, the entire project has to be re-done.

This is the group of team members who live on the road and in the field. They need their tech tools to work 24/7/365. A major challenge is the use of BYOD in today’s business environment. So not only do employees have work product on their laptops or other devices, but they also have personal information too. Because these devices have multiple purposes, there’s a better chance that they will either be, A) stolen or B) infected. The more time that those products spend in the open, the greater the possibility of theft. The more they are used for personal pleasure, the less their malware signatures may be kept up to date, the less vigilant the user may be. People tend to drop their guard when it comes to personal devices.

Finally, every device, especially those containing confidential sales data, should be encrypted. While encryption may be better tolerated in a business environment rather than on a personal device, that is no excuse not to use it on personal devices used for business. People tend to want to whip out their devices for taking pictures or sending texts and they don’t want to deal with having to input a password before gaining access to a device. As a result, people may try to disable password-protection, which defeats the reason that a password was added to a device in the first place.

So, here is a situation that they can easily understand: You are driving to an important meeting with a prospective customer, and upon arrival at the meeting, you get a phone call from a customer with a question. Still in your car, you turn on your device to check the customer’s account. But wait. Instead of starting normally, it shows a blue screen of death or its equivalent. What happened? Perhaps, all of those social media games or apps that you have been playing on your device opened a door to a virus or malware. Of course, there are countless other possibilities, but for employees who work on the road, their systems need to be as clean as possible.

This is the group of team members who answer phones and respond to emails, for the majority of companies. Their job is to provide solutions to customer complaints or issues. So, their computers, phones, and all other tech tools ranging from smartphones to mobile devices need to be in top-notch condition. Here’s a situation that these team members would prefer to avoid at all costs: A customer calls and complains about a certain product or product feature. Now, while you (the customer service rep) are on the phone with the customer, your system crashes, and you cannot access your product spec list, your email – in order to communicate with your customer, or your CRM system. After the IT department checked out your machine, some unpleasant information was discovered. Your browser indicated that you spent a large amount of time logging into Facebook and other social media sites several times during the day, and unfortunately, these unsanctioned activities welcomed a virus or two or three.

These team members deal with all aspects of a company’s financials, so all of their software must be virus-free. Here is a scenario that members of this department have nightmares about: In the middle of payroll preparations, the entire system goes down. The IT department doesn’t have a quick fix. The toll-free customer service department for the software doesn’t have a quick fix. And, if a solution is not reached soon, payroll will not happen. Now, while this scenario may have nothing to do with a company’s network, the IT department must jump on the problem immediately and intervene as a liaison and partner with the software customer service department. Of course, in the background, if the IT department is doing their job correctly, and the business unit has been working with IT, which is just as important, there should be backups and a disaster recovery plan that will get department back up and running quickly. But priority one in this situation is for the finance group and the IT department to work together and understand one another.

Whatever name you give this department, it is responsible for all personnel activities ranging from hiring to firing to team building to holiday parties, etc. One might think that the computers housed in this department would be kept under lock and key, since they house all employee records. But often, that is not the case. Here is a situation that really happened not too long ago: An employee from HR left for the day without closing and locking his office door. Some consultants that worked in another department entered the HR office and unplugged the laptop and then walked out of the building with it. While this seems like a simple theft, passwords to access the hard drive and encryption to scramble it could have stopped access to data. But there were no network passwords on the machine, and it was not encrypted. Identity theft occurred for the hundreds of employees whose files and performance reviews were housed on that specific machine.

Imagine you have a hot new product in the pipeline and it might possibly be the next technology game changer, for example, the next iPod. You have all of your tech specs, design info, and all of your manufacturing processes on a network that’s not airgaped. Someone in your department downloads a free game, which turns out to be a Trojan that creates a back door into your network, or in other words, a way to get into systems without the proper authorization. One day, you come into the office, and all of your data is corrupted, and nowadays even worse, it’s been disseminated on the Internet or stolen by a person or nation state. No regular backups were made, and poof, two years of your life as well as the next “product of the year” goes down the drain. This is an example of corporate espionage at its worst and the reason why no one should be allowed to download unauthorized materials from the Internet on any office computer. This is where the IT department needs to really shine by learning how to teach different business units about security awareness.

The bottom line is that we, as infosecurity professionals, must speak with other business units in their own languages. If we can achieve this, then employees in other business units will understand why security is important to them, how security relates to them, and how they will be affected when breaches happen. And once, all business units work as a team, the business is better protected.

Image Credit: David Castillo Dominici via

This post was brought to you by IBM for Midsize Business and opinions are my own. To read more on this topic, visit IBM’s Midsize Insider. Dedicated to providing businesses with expertise, solutions and tools that are specific to small and midsized companies, the Midsize Business program provides businesses with the materials and knowledge they need to become engines of a smarter planet.

wordpress blog stats
Posted in BYOD, Data Breach, Data Security, Management and Technology, Network Security, Tech Equipment | Tagged , , , | Leave a comment

Cloud vs. Mobile: Can They Co-Exist?

cloud computing

IBM recently published an Infographic featuring the following statistics: “68% of top CISOs and security leaders see security in the cloud and data privacy as a critical business concern yet 76% are worried about the theft of mobile devices and the loss of sensitive corporate data.” These stats would indicate that cloud and mobile devices/mobile data cannot co-exist. Yet, for the small and medium business (SMB) market, cloud computing and mobile device management (MDM) have become synonymous with doing business.

Many businesses that comprise the SMB market have adopted, integrated, and even welcomed mobile devices into their day-to-day operations. Often, this is because leadership teams believe that the cost of doing business will go down if employees provide their own mobile devices. There is no denying that business is easier when employees can access their spreadsheets and other documents from off-site and non-business hours from their smartphones and tablets.

Some businesses have gone the extra mile and created and implemented mobile device management plans – or in other words, business continuity plans if and when something unforeseen happens. This means that the businesses are prepared if an employee’s device is lost or stolen, or if the worst case scenario happens and someone either sells the data to a competitor or the network gets hacked through the device.

But is cloud computing a fit for every business? Certainly, it’s important to consider what industry your business is in and what compliance issues your industry must face. Some industries are more appropriate for capturing data in the cloud, and some are not. For instance, medical patient data is still a relatively new area within the infosecurity arena, and there are too many ramifications if a single practitioner, for example, a psychiatrist, places all of her data in the cloud via her smartphone – and then loses her smartphone that isn’t encrypted. This falls under the HIPAA regulations which are becoming very strict. On the other hand, it may make sense for real estate firms to store data about their properties so that other agents can access property info.

Above all, if your business is contemplating using the cloud, answer these questions first and make sure your entire leadership team understands the answers:
•    What is your strategy for storing data in the cloud?
•    What data will be stored in the cloud?
•    Who will have access to the data in the cloud?
•    How long will data be stored and accessible in the cloud?
•    Will the business provide mobile devices?
•    What security procedures are in place to protect the data stored and/or accessed on employee devices?
•    What are the ramifications if data is hacked?
•    What procedures are in place to rectify the situation if data is hacked?
•    What compliance regulations must you follow?

What other questions would you add to this list? Please chime in.

View IBM’s Infographic here:

Image Credit: iprostocks via

This post was brought to you by IBM for Midsize Business and opinions are my own. To read more on this topic, visit IBM’s Midsize Insider. Dedicated to providing businesses with expertise, solutions and tools that are specific to small and midsized companies, the Midsize Business program provides businesses with the materials and knowledge they need to become engines of a smarter planet.

wordpress blog stats
Posted in BYOD, Cloud Computing, Data Security, Mobile Computing | Tagged , , , , | 2 Comments