Why the Apple-FBI Feud Affects YOU!

feudWhile the eyes of everyone in the technology sector watched the Apple-FBI feud about a key to unlock a terrorist’s iPhone, you should have been watching too. You might wonder why this situation affected you, and the reason is simple. If the government can unlock an allegedly locked phone’s operating system for one phone, it has the potential to unlock anyone’s phone. It’s a slippery slope as to reasons, but there are other things you should consider in this discussion.

What data do you store on your smartphone or other mobile devices? Like most people, you probably store your calendar and the phone numbers, email addresses, and street addresses of your family and friends. But do you store your bank name and account information? Do you store credit card information? Do you store your medical history, medications, surgeries, and list of doctors? Do you have an app that stores all of your passwords? How many apps do you use that can, and possibly do, access your device’s information? Do you enable your GPS so that your location can be tracked as you move from place to place?

When you consider all the information you store on your device or devices, do you really think they should contain so much confidential or personally identifiable information (PII)? What happens if your device is lost or stolen? The potential risk of having your data fall into the wrong hands is the same situation as having your phone unlocked by a government employee.

According to David Pierson, tech reporter for the LA Times, (http://www.latimes.com/business/technology/la-fi-tn-apple-fbi-explainer-20160329-snap-htmlstory.html), “This fight between the world’s biggest company by market cap and federal law enforcement likely won’t be the last of its kind. For tech companies, there’s one clear takeaway: Security can never be strong enough. And for investigators, the case will only reinforce the push for a bigger digital crime-fighting toolbox. Expect an arms race in encryption tools that will continue to frustrate law enforcement – perhaps until legislation sets guidelines for both sides.”

Perhaps, this situation is the impetus you need to re-evaluate the data stored on your device. Use it to do a spring cleaning of sorts and remove the data that you don’t access on a regular basis. Delete apps you don’t use on a regular basis. Review privacy policies of apps you regularly use.

Make your mobile device something that works for you, rather than a mini version of you and your confidential data.

Image Credit: Stuart Miles via FreeDigitalPhotos.net

Posted in data protection, Data Security, Mobile Computing, Online Privacy, Online Security, Privacy Rights, Tech Equipment, Terms of Service | Leave a comment

Five Social Media #Security Tips

SMSecurityTipsMany of the previous posts on this blog have been geared toward midsize businesses to assist them with their information security strategies and to keep their data safe. However, with the widespread use of social media, this post focuses on security concerns when an individual uses social media.

Recently, I visited a grocery store in Southern California, and the unimaginable happened. All computer systems went down. The cashiers said customers could pay with cash – no credit or debit cards. While I paid for my items in cash, I wondered, what if this crisis happened at a Starbucks store where many customers use their Starbucks app to pay for their favorite latte? What procedures does Starbucks have in place? How would this situation impact the security of mobile pay?

With those questions in mind, here are five security tips to keep in mind as you navigate social media on a personal level:

Everyone loves Angry Birds and Farmville, but before you download the next great mobile app, ask yourself, what stood out from the Privacy Terms? Did you even read the Privacy Terms? Did you read the terms of service? These terms are important and should not be ignored. They relay important information regarding the type of information that an app accesses on your smartphone: contacts, calendar, photos, etc. Do you really want a game’s developers to access your confidential information? If the app is free, ads will probably bombard you, and even worse, your data is at risk.

While you may be aware that Coca-Cola has trademarked the names of all of its other brands, do you use the same name across all of your social media channels? I know people who use one account name for Facebook, another for Twitter, and a totally different version of their name for LinkedIn. While this may make sense, if you have a middle initial included on one site, or a nickname included on another site, what you think is clever may actually be a goldmine of data to a hacker. I highly recommend that you choose a single profile name and then be consistent as you set up all of your social networks. If you use a variety of account names, i.e., different iterations of your name, it becomes easier for a hacker to impersonate you because YOU have not provided consistency in using your name.

Everyone knows that “123456” and “password” are ridiculous options, but so are your pet’s name, your street address, and your favorite color. Think complex, perhaps, adding numbers and letters into an easy-to-remember phrase. Always use lower and upper case letters, and special characters, make the password at least 12 digits in length. If you’re unsure as to the strength of a password, use the Microsoft Password Checker. And, no matter how easy it seems, don’t use the same passwords for all social sites. Tweak them according to the site, but make sure they are different. If someone hacks your account, you don’t want all of your sites hacked.

When you sign up for a social media account, most of the time, you are asked to provide an email address. Before you hand over your main email address though, consider creating a gmail or yahoo email address specifically for your social media activities. If a hacker gains access to your social media account, and your email is compromised, your life doesn’t end. You can always forward the gmail/yahoo account’s emails to your main address/account.

Are your Facebook and Twitter accounts connected? Are your Pinterest and Facebook accounts connected? Are your LinkedIn and SlideShare accounts connected? Is your blog connected to Google Plus? There may be reasons why you want to connect one or more sites, but the marketing gurus would all agree that you should post different content on all your sites, so why would you want to connect the accounts? I won’t chime in on the content angle, but from the security angle, I definitely think the sites should not be connected. Again, if one is hacked, the likelihood of the connected sites rises exponentially, and anyone who follows you will see content that may not be appropriate. You never know the objective of a hacker, so it’s best to err on the side of caution and disconnect accounts. Use them separately.

And lastly…
Remember the quote from Scott Nealy that “You have zero privacy.” Once you post something online, it has the potential to be online forever. So, think before you post. Do you really want that photo to be seen by your boss or by your grandmother? Ask yourself that question before posting anything.

Before Facebook (yes, kids, we really had a life before Mark Zuckerberg), we didn’t share everything online. We didn’t announce our trips while we were away from home. We didn’t post photos of babies before they left the hospital. And we didn’t post every single status update. So, bottom line, think before posting, and maybe, it would be helpful to consider consequences if a security breach happened and a hacker accessed your account – would you be in crisis mode, or just shake it off because none of your sensitive data was posted? Hopefully, after reading this post and reviewing your content, you can answer, the latter.

If you want to read a painful account of a Twitter hack, meet Mat Honan:

What’s your fave social media security tip? Please chime in.

Image Credit: Master isolated images via FreeDigitalPhotos.net

Posted in Cybersecurity, data protection, Data Security, Email, Social Media | Tagged , , , , | Leave a comment

When Making Your New Year’s Resolutions, Don’t Forget Your InfoSec Resolutions


There are the common New Year’s resolutions like unplugging more often, planning more vacations or staycations, reading more books, writing a book, and losing weight. But, in today’s connected and always plugged in world, it’s easy to ignore technology. So, in keeping with the spirit of the season, here are five resolutions that should not only be part of a list of resolutions to celebrate the New Year but should also be part of a regular security awareness plan for every midsize business.

If you have one key password or several, change them every couple of months or at least quarterly. Use Microsoft’s Password Strength Checker (https://www.microsoft.com/security/pc-security/password-checker.aspx) to determine the strength of your password, and don’t forget to use lower case letters, capital letters, and symbols – and preferably 10 or more characters. Don’t use any information that other people could figure out about you, such as, the names of significant others, kids, pets, or streets. And if you have so many passwords that you cannot remember them all, consider using a cloud-based password manager program. Check out reviews online before downloading or purchasing.

Abbreviated links may be synonymous with social media, but don’t click on any short links before seeing the link it its entirety first. Here are two options to convert an abbreviated link back to its full link: http://checkshorturl.com and http://urlxray.com. Here’s an example of what can happen if you don’t check out a link before clicking: a co-worker clicked on a link she thought was sent by a reputable person, but the abbreviated link led her straight to a contaminated site, and before she knew it, her computer had been compromised, and her hard drive had to be reformatted. Her IT admin was not happy, but at least, the entire network was not affected. Learn from this person’s mistake – and don’t let it happen to you or your business.

Do you have important spreadsheets on your computer: anything from a list of passwords to a confidential customer list? No matter what important files you may have, consider password-protecting them. This will add a layer of protection to the information in the event that a breach happens – and be realistic, a breach will happen eventually.

ALWAYS use virus protection. Always allow auto-updates. For an additional layer of security, consider Malwarebytes Anti-Malware. (http://www.malwarebytes.org) It’s always good to have a second opinion of a file’s security.

Everyone who knows me knows that this is my mantra, but I know people who swore that they had no need to back up their systems. With electrical surges, storms, tsunamis, earthquakes, etc., who wouldn’t agree that it’s better to be prepared than to have to re-create all your files and documents? And what about photos, illustrations, or other images? Today, most of us keep photos on our computers, laptops, tablets, and smartphones. If your system got corrupted, how would you recreate those photos and images? How would a business recreate its archives containing years of product images? So, once a week, or even more often, back up your entire system. Even if you’re not a system admin, add the back up to your smartphone or other mobile device calendar.

If you follow these practices on a regular basis, and not just at New Year’s, you’ll be one step ahead of the cyber criminals who want access to your data or to turn your system into a tool for cybercrime. Happy New Year, and make it cybercrime-free.

Image Credit: Stuart Miles via FreeDigitalPhotos.net

This post was brought to you by IBM for MSPs. Dedicated to providing valuable insight from industry thought leaders, PivotPoint offers expertise to help you develop, differentiate, and scale your business.

wordpress blog stats
Posted in Business Process, BYOD, Cloud Computing, corporate data, Cybersecurity, Data Breach, data protection, Data Security, Disaster Recovery, Management and Technology, Network Security, Online Security, Tech Equipment | Tagged , , , , | Leave a comment

Three Security Concerns for 2016

protect against databreachesAs we near the end of 2015, what will 2016 look like in the information security sector? Undoubtedly there be an increase in data breaches across all industries, but will businesses take the high road and inform their customers and the media immediately upon learning of a breach? Will they do so only if it is required by industry compliance regulations, or will they attempt to downplay the breach? While many midsize businesses will hopefully increase their infosec budgets and talent pools, there are three areas that will definitely take center stage.

BYOD, or in other words, Bring Your Own Device to Work, is no longer a phenomenon. Today, BYOD plays a large part of most businesses’ infrastructure – due to ease of use and cost savings. However, despite those positive reasons for BYOD adoption, IT and security personnel now have to look at the extra bandwidth that these devices consume and the security issues that arise from an individual’s device hygiene – download behavior, system updates, and antivirus, to name a few. Will companies consider mobile device management (MDM) as a way to protect their networks from BYOD issues?

Mobile malware is on the rise and will continue to be a problem, especially for Android users. The majority of malware is aimed at Android and is becoming harder to spot. For those with Android devices – especially for those who use their devices in business settings – the threat of malware is very real.

“While it’s true that other mobile devices like those produced by Apple are not immune to malware, it’s a fact that the vast majority of mobile malware hits Android devices – 97% of it.”

The rise in the use of mobile payments is now becoming a larger concern and is giving hackers another way to monetize their actions. So by targeting Android devices with specific malware, bad actors can create a “target rich” environment pointed directly at commerce on a national and global scale.

Since Internet of Things, also known as IoT, vendors lack a security knowledge base and don’t think of securing their devices, there will be an increase in the number of attack vectors. IP cameras, SOHO routers, smart TV’s, and other appliances are just the beginning. With IoT, economies of scale will result in lower prices and a dramatic rise in attack surfaces. Once a vulnerability is discovered in one device, it opens the door for others with that device to attack as well. One problem with IoT is that device manufactures have either not figured out or are ignoring the importance of software/firmware patches. So far, companies are being reactive and not proactive. A user should not have to log in to his/her router or device software to discover that a patch has been released. Patching should be handled in the same manner as Microsoft does it. When new vulnerabilities have been discovered, new patches are released, delivered, and installed on reboot. Given the number of devices that will soon be online, the responsibility to provide patches should fall on manufacturers who sell equipment – not the end-users.

In addition, all IoT devices are gathering information about users. Since laws are far behind today’s reality, gaining access to the data stored by these devices may not be as hard to obtain as accessing other devices.

CIA Director David Petraeus believes that, “Even mundane appliances like your dishwasher could soon be used to gather intelligence about you. Appliances including dishwashers, coffee makers and clothes dryers all now connect to the Internet. This helps the manufacturers troubleshoot performance and improve energy efficiency, and it gives owners the chance to order a fresh cup of coffee or a dry bin of clothes from their phone, computer or tablet…Knowing when you make your coffee sounds innocuous enough, but that little piece of data could help snoopers geo-locate you, and learn your habits and schedule for all manner of malfeasance.”

In the words of White Hat Hacker Barnaby Jack, “When you actually look at these devices, the security vulnerabilities are quite shocking.”

According to Raimund Genes, Chief Technology Officer of Trend Micro, “We anticipate 2016 to be a very significant year for both sides of the cybercrime equation. Governments and enterprises will begin to see the benefit of cybersecurity foresight, with changes in legislation and the increasing addition of cybersecurity officers within enterprises. In addition, as users become more aware of online threats, attackers will react by developing sophisticated, personalized schemes to target individuals and corporations alike.”

So, keeping all of these security concerns in mind, if your business has a data breach during 2016, how soon will you alert your customers? Will you write a letter to customers and post it on your website, send an email, and notify the media? In the event that you find yourself in this position, here are a few examples of communications to stakeholders:

• Starwood:

• Avis:

• Dow Jones:

• Bed Bath & Beyond:

• UCLA Health:

How will your business deal with these three areas during 2016 and what other issues are concerns to your business or industry? Please chime in.

To learn about the latest data breaches, visit the Privacy Rights Clearinghouse
“Empowering Consumers. Protecting Privacy.”

Image Credit: hin255 via FreeDigitalPhotos.net

This post was brought to you by IBM for MSPs. Dedicated to providing valuable insight from industry thought leaders, PivotPoint offers expertise to help you develop, differentiate, and scale your business.

wordpress blog stats
Posted in Business Process, BYOD, corporate data, Data Breach, data protection, Data Security, Internet of Things, Mobile Malware | Tagged , , , , | Leave a comment

Five Tips for #CyberMonday

cybermondayWith #CyberMonday here, be careful – translation, very careful –  about your online activities today. For those of you who plan to make purchases either at lunch, break time, or at the end of the work day until midnight sales end, here are five tips to stay safe on the largest online activity day of the year.

[1] Make sure your desktop computer, laptop, smartphone, or mobile device has some form of anti-virus protection.

[2] If you enter your credit card or other personal information online, make sure that the website in the browser starts with HTTPS and not just HTTP, because the HTTPS encrypts the information you enter (credit card details, etc.)

[3] Do your research before you buy. Check out reputable sites such as Amazon.com to make sure you’re paying a legitimate price for your item. Also, don’t make any purchases from a site that doesn’t have a privacy policy – there should be an explanation as to how the site uses your personal information.

[4] Once you make a purchase, you may notice an influx of emails in your inbox. Since it’s the holiday season, be careful when you click on what looks like an email confirmation for your purchase. It’s possible that a spam email could contain a virus once you click “open.”

[5] Some sites request a password. Use a different password than what you use for your email addresses and social sites. And remember, you can choose to use an eCommerce site as a “guest” and not store any credit card information.

Lastly, remember to always log off from a site once you complete your transaction.

Happy #CyberMonday – shop smart and stay safe!


Image Credit: Debbie Laskey via BrandingandMore.net.

Posted in Cybersecurity, data protection, Email, Mobile Computing, Online Privacy, Online Security, Social Media | Tagged , , , , | Leave a comment

Does Your Mobile Strategy Include Mobile Capture Technology?

MobileRiskThanks to evolving technology, it seems as if some form of new technology is introduced every week. One new technology is referred to as mobile captures. No, this doesn’t mean taking a photo of something from your smartphone or mobile device. Also referred to as a mobile imaging solution, a mobile capture is software specifically loaded onto your smartphone or mobile device that allows you to use your camera to take a photo of a document to perform a variety of tasks. These tasks facilitate commercial transactions, such as, depositing a check, paying a bill, enrolling in a new service, obtaining a quote, and much, much more.

Mobile capture capability turns smartphones into information capture devices with more dynamic apps that meet customers where they are, when they want to be engaged, and on their preferred channel.

“Mobile technology is at the epicenter of this disruption,” according to Michael Reh of Bangalore-based Infosys Finacle, “transferring as it does, more power to end-users. The next generation of banking customers has high expectations from banking, spilling over from their experience with digitally progressed verticals, such as, retailing or telecom. They will take their business to the providers that fulfill their expectations of what banking should be: seamless, convenient, personalized, and needless to say, completely digital. Increasingly, those providers will be niche players with mobile and mobile-only offerings – think payments, P2P (Peer-to-Peer computing or networking) and small business loans, and even deposits – that will disintermediate and disengage traditional banks from their customers.”

Check out these stats courtesy of MitekSystems:

*By 2016, mobile banking will grow by 300 percent – fueling that growth will be mobile deposit and mobile photo bill pay.

*By 2016, the number of customers depositing checks with their smartphones will expand from 12 million to 48 million.

*By 2016, the number of customers paying bills with smartphones will grow from 14 million to 57 million.

*Nearly 1 in 5 is expected to use smartphone deposit checks by 2016 – up from 1 in 20 in 2012.

And these stats about Millennials:

*83 percent of millennials think mobile capture will be part of all mobile transactions in the next five years.

*68 percent of millennials got their first exposure to mobile capture with Mobile Deposit.

*Millennials want more mobile capture across industries: retail, insurance, credit cards, healthcare, and education.

According to Kevin Craine of Craine Communications Group, “58 percent of American adults use a smartphone, over 40 percent own a tablet, and mobile computing grew by over 80 percent just last year alone.” These incredible statistics show how critical it is for companies to embrace mobile capture, the ability to capture document images and upload them on the fly.

If you are wondering why, the answer is simple. Mobile capture is quickly becoming an important differentiator, especially for companies in the traditionally document-intensive industries including banking, law, accounting, insurance, healthcare, and government operations.

Consider the amount of paperwork involved in the loan process for a piece of property or the amount of paperwork when purchasing or leasing a new automobile. What happens if you leave the bank only to receive a phone call that you need one remaining piece of documentation? That’s where your smartphone comes in handy. Simply take a photo of the document, click on a link in an email, and upload the image. The result is better service and the elimination of a delay in the process.

Ask before you offer mobile captures. The first thing is, if there are compliance rules you are required to follow, that alone can determine if you are able to offer this capability. Will mobile capture capability deliver business value? Do you have a repository in place to store images coming in, and how will your business manage them once they arrive? What about image quality control? In terms of ROI, how much efficiency will be improved as a result of adding mobile capture capability to your business?

Lastly and most importantly, what kind of security measures will be in place? If an employee in the field with mobile capture capability loses his or her smartphone, what procedures are in place to secure the data? How about accessing that data? You must make certain to implement the same encryption, password protection, and other data security measures that you provide to all other internal processes.

With so much important information loaded onto smartphones, take the time to protect the info on your device. Here are three easy tips:

[1] APPLY A SCREEN LOCK: With so much personal information stored on our mobile devices, it is unwise to leave them open for anyone to access. Unfortunately, only half of smartphone owners use a lock code. A simple password, pattern, or fingerprint lock creates a barrier to anyone who tries to access your data.

[2] PRACTICE SAFE WEB SURFING/DOWNLOADING: Just like your computer, your mobile device is susceptible to malware. The process of keeping a clean phone requires many of the same habits as keeping a clean computer: avoid unsafe websites, do not open email attachments or links from unknown senders, and stay away from apps from unknown publishers and alternative app stores.

[3] ACTIVATE REMOTE WIPE CAPABILITIES: If someone does steal your smartphone, remote wipe programs can make it impossible for them to access your information even if they know or guess your password. As a business, you should keep administrative control over employee smartphones that have this capability so that network access can be shut off immediately if a smartphone is lost or stolen.

Image Credit: Stuart Miles via FreeDigitalPhotos.net

Inspiration for this post: “Are You Ready for Mobile Capture?”

This post was brought to you by IBM for MSPs. Dedicated to providing valuable insight from industry thought leaders, PivotPoint offers expertise to help you develop, differentiate, and scale your business.

wordpress blog stats
Posted in Business Process, Mobile Computing, Online Privacy, Online Security, Tech Equipment | Tagged , , , , | 1 Comment

Don’t Forget Security When Considering a Merger or Acquisition

security keyboard imageIn today’s competitive era, businesses all want to stand apart from the competition. Some businesses may provide a truly unique product or service, some may have a celebrity endorsement, and some may sport a memorable name. But as businesses become more successful, another option for further growth is in the arena of mergers and acquisitions.

According to Wikipedia, “Mergers and acquisitions (M&A) are both aspects of strategic management, corporate finance and management dealing with the buying, selling, dividing and combining of different companies and similar entities that can help an enterprise grow rapidly in its sector or location of origin, or a new field or new location, without creating a subsidiary, other child entity or using a joint venture. M&A can be defined as a type of restructuring in that they result in some entity reorganization with the aim to provide growth or positive value…From a legal point of view, a merger is a legal consolidation of two companies into one entity, whereas an acquisition occurs when one company takes over another and completely establishes itself as the new owner.”

While legal and accounting experts are part of all M&A deals, the expert that should always be part of the discussion and due diligence is the CISO (Chief Information Security Officer), or if a business does not have a designated security professional, that hole should be filled by someone with expertise in the information security arena.

During the due diligence process prior to a merger or acquisition, make sure that the business places a value on data security, information security, and data protection. Asking these questions may change your mind about moving forward with the merger or acquisition:
[1] Who is responsible for security?
[2] What protocols are in place to protect customer data?
[3] Have any data breaches happened?
[4] What were the protocols and timeframes for alerting customers, other stakeholders, and the media?
[5] What were the changes that were made following any data breaches? What were the lessons learned?
[6] If a breach were to happen during the due diligence phase, who will have financial responsibility?
[7] Are your computer systems compatible? If not, how soon can they be made compatible or identical? When two systems are joined together and are dissimilar, the potential for a breach is more likely due to the vulnerabilities created when two incompatible systems merge.

According to Scott Koller, lawyer at BakerHostetler, “The problem is that cybersecurity is not taken as seriously as it should be, or there is an under-appreciation of the risk. I think it is now on people’s radar, whereas before it may have been an afterthought.”

Unfortunately, according to Koller, too many people have a “check-box” mentality when it comes to information security. Does a business have a firewall? Check. Does a business use anti-virus protection? Check. Does a business back-up regularly? Check. Are there duplicate back-ups? Check. Then, however, the due diligence process moves on to another topic, instead of delving deeper into the information security areas of protection.

According to Ron Arden, vice president and CMO at Fasoo, “An acquirer need to understand the assets and liabilities it is acquiring, and look at adequate security as a business risk, just as leases, debt, and potential litigation are liabilities.”

So the next time you’re in the merger/acquisition market, be sure to include a thorough review of the information security risk before signing on the dotted line.

Image Credit: Stuart Miles via FreeDigitalPhotos.net

For more tips on this topic:

This post was brought to you by IBM for MSPs. Dedicated to providing valuable insight from industry thought leaders, PivotPoint offers expertise to help you develop, differentiate, and scale your business.

wordpress blog stats
Posted in Business Process, corporate data, data protection, Data Security, Management and Technology, Network Security | Tagged , , , , , | Leave a comment

Does Your Business Offer Mobile Payments?

mobilepaymentThere are many ways that your business can stand out. Your brand can have a unique name, think Google, Zappos, or Amazon. You can create a new way to provide your product and inject innovation into a stagnant industry, think Starbucks for the coffee industry or Saturn for the automobile industry (although it was short-lived, it was still a trailblazer). Or, you can stay ahead of the curve when it comes to technology. One example is with mobile payments. Instead of paying with cash, check, or credit cards, a consumer can use a mobile phone to pay for a wide range of services.

With the abundance of smartphones, it seems as a natural progression for people to use smartphones to make payments. However, only a small percentage of smartphone users (early adapters) are doing this now. But once there is a clear technology winner among the competing companies (Apple Pay, Android Pay, and Samsung Pay) and better quality security measures are put into place, more people will use the technology. Today we stand at a crossroads similar to the VHS vs. Betamax battle from several decades ago.

Not all companies use all of these technologies to allow customers to make payments yet. So where you may purchase a latte at Starbucks with Apple Pay, you may not be able to do the same at Best Buy. If the theory behind these devices is to be able to help you track your spending on the fly, it will be hard to do that if you cannot use your device everywhere you shop.

Starbucks allows customers to pay with their smartphones at check-out with the use of an optical scanner. The scanner reads a user’s smartphone screen and deducts money from a Starbucks card or the Starbucks app.

Some companies, such as, Dunkin’ Donuts, have joined the mobile payment party through the use of their own app. This particular app stores money on a Dunkin’ Donuts card that is connected to a customer’s smartphone. Users authorize their payment via the phone and scan the smartphone screen over an optical laser reader at checkout. These apps keep your data outside of your “wallet” and put them generically into the cloud instead of storing them on your device – which brings up another set of security issues.

These advances have yet to reach critical mass. Questions that still need to be answered are: What if one’s smartphone is compromised due to a malware attack? The device is still in the person’s possession but one or all of his or her credit cards are compromised and his or her bank accounts have been compromised as well. How do we handle what should now be considered an issue of non-repudiation since the device was in the user’s possession at all times? That person could have very easily conducted the fraud on themselves. Now, these cool capabilities don’t sound so impressive. In fact, instead, there are some serious consequences.

According to a recent survey by Experian, sponsored by the Ponemon Institute, technology and risk management executives believe that mobile-related payments technology will increase the risk of a data breach at a time when the retail and banking industries are still recovering from major retail breaches over the past two years and are currently preparing for the EMV liability shift in the U.S. (EMV stands for Europay, MasterCard, and Visa, the three companies which originally created the standard for smart payment credit cards; now managed by EMVCo, a consortium with control split equally among Visa, MasterCard, JCB, American Express, China UnionPay, and Discover.)

Experian and Ponemon surveyed nearly 25,000 technology and information security, risk management, product development, and other professionals involved in the payments systems within their organizations. The survey results were part of a report called “Data Security in the Evolving Payments Ecosystem,” and final results were based on 748 completed questionnaires.

Survey respondents reported that the most likely mobile innovations to increase the risk of a data breach are mobile payments in stores (59 percent), e-wallets for retailers (58 percent), mobile payments on devices and apps (57 percent), and mobile payments on NFC (54 percent). (NFC stands for near field communication and is the set of protocols that enable electronic devices to establish radio communication with each other by touching the devices together or bringing them into proximity.)

According to Michael Bruemmer, Vice President of Experian Data Breach Resolution, “There are opposing spheres in this argument [of innovation and security]. There are the people that want to expand and use technological innovation and take advantage of that in the implementation, but then you have the clashing interest with the security folks who are saying, ‘Wait, new tech is great, but it’s only as great as the security you build in.’”

In the midsize market, it will be important to analyze the pros and cons of instituting a mobile payment option. Therefore, ask these questions first:
* Who are your customers?
* What are the best methods to reach your customers?
* Based on the demographics of your existing and potential customer base, are they tech-savvy enough to be comfortable using mobile payments?
* What security protocols will be implemented to protect customer data?
* What will the action plan be if a data breach happens?

In the words of American businessman Nicholas Negroponte, “Computing is not about computers anymore. It’s about living.” So, to modify a line from the famous Capital One Credit Card ads, “What’s in your smartphone wallet?”


To read more on this subject, check out “Mobile Payments: Innovative, But with Security Concerns”

Image Credit: Mapichai via FreeDigitalPhotos.net

This post was brought to you by IBM for MSPs. Dedicated to providing valuable insight from industry thought leaders, PivotPoint offers expertise to help you develop, differentiate, and scale your business.

wordpress blog stats
Posted in Cloud Computing, Cybersecurity, Internet of Things, Mobile Computing, Online Security, Tech Equipment | Tagged , , | Leave a comment

Does Your Business Think Like A Tech Company?

technologyHow often does your business stand out from the competition? Is your business an industry leader or just one among dozens or even hundreds in your industry? Does your leadership team dream of being the Google, Microsoft, Apple, or Amazon of your industry? I read a recent post about the banking industry that offered an interesting perspective. Perhaps, there’s an easy way to accomplish this: Think like a tech company.

“Technology companies are forcing the evolution of the banking industry, compelling traditional financial institutions to emulate [tech firms’] attributes.” Ashley Veasey, Barclays Africa Group CIO, explained, “Banks need to start thinking and working like technology companies, and use innovative thinking and big data to better understand their customers.”

As YOUR business grows, how much time, budget, and strategic planning are applied toward your customer data, or in the lingo of tech companies, big data? Wikipedia defines big data as “Data sets so large or complex that traditional data processing applications are inadequate. Challenges include analysis, capture, data curation, search, sharing, storage, transfer, visualization, and information privacy. The term often refers simply to the use of predictive analytics or other certain advanced methods to extract value from data, and seldom to a particular size of data set. Accuracy in big data may lead to more confident decision-making. And better decisions can mean greater operational efficiency, cost reduction, and reduced risk.”

Here are some statistics that may convince you to understand your data, according to Forbes columnist Bernard Marr:

[1] This year, over 1.4 billion smartphones will be shipped – all packed with sensors capable of collecting all kinds of data, not to mention the data that users created themselves.

[2] By 2020, there will be over 50 billion smart connected devices in the world, all developed to collect, analyze, and share data.

[3] By 2020, at least 33 percent of all data will pass through the cloud (a network of servers connected over the Internet).

[4] For a typical Fortune 1000 company, just a 10 percent increase in data accessibility will result in more than $65 million additional net income.

[5] At the moment, less than 0.5 percent of all data is ever analyzed and used.

How much strategic planning is applied toward the process of innovative thinking to better understand your customers? According to Wikipedia, “Innovation can be viewed as the application of better solutions that meet new requirements, inarticulated needs, or existing market needs. This is accomplished through more effective products, processes, services, technologies.”

If your business strives to stay ahead of the competition – no matter the industry – you should start thinking like a tech company. With all the screens available to customers, i.e., desktops, laptops, and smartphones, and all the communication vehicles available for outreach, i.e., email and texts, no one is ever truly unplugged. This means that your business should consider all the ways that customers can connect and engage with your business.

As these connections happen, does your business capture customer data in a secure manner? How many systems are in place to safeguard the data? What happens if a data breach happens? What are the procedures to alert customers and the media?

So let’s return to the banking industry. To quote Alistair Peterson, Frost & Sullivan Africa Director of Growth Implementation Solutions, “Traditional banks cannot survive without becoming agile in their ability to develop customer experiences that surprise and delight through the use of various technologies. It is called the omni-channel experience, and traditional banks need to be at the vanguard or these new technologies.”

Your business doesn’t have to think like a bank, but I strongly recommend that you consider technology industry attributes. Your business longevity could be at stake.


Inspiration for this post:
“Banks Must Think Like Tech Companies”

“Big Data: 20 Mind-Boggling Facts Everyone Must Read”

Image Credit: Stuart Miles via FreeDigitalPhotos.net

This post was brought to you by IBM for MSPs. Dedicated to providing valuable insight from industry thought leaders, PivotPoint offers expertise to help you develop, differentiate, and scale your business.

wordpress blog stats
Posted in Big Data, Business Process, Cloud Computing, corporate data, Management and Technology | Tagged , , | Leave a comment

How to Make Sure Your Brand Is Not #1 When It Comes to Cybersecurity Breaches

cybersecuritybreachAccording to a recent post in NetworkWorld by Maria Korolov, the Massachusetts Institute of Technology (MIT) scored at the bottom in a cybersecurity survey of 485 large colleges and universities. For a prestigious university known internationally for producing talented individuals in the fields of technology, mathematics, statistics, and science taught by intelligent and knowledgeable professors, how did such a negative score happen?

SecurityScorecard, a security risk benchmarking platform, analyzed the educational institutions based on web application security, network security, endpoint security, IP reputation, patching, and other security indicators. (The full report can be downloaded for free by clicking here.)

SecurityScorecard’s Chief Research Officer Alex Heid explained, “When we dug in, we found that there are a lot of exposed passwords, old legacy systems, and a bunch of administrative subdomains that seem to have been forgotten about. It’s common at colleges for students and faculty to move on and forget to shut down old projects.”

This report serves as a lesson to all industries and all sizes of businesses. First, no matter what INDUSTRY you’re in, you’re vulnerable. Don’t assume that you’re immune because you aren’t a financial institution, government entity, health organization, retail outlet, or educational institution. Second, no matter what SIZE your business is, you’re vulnerable. Hackers can, and are, everywhere. A mom-and-pop or family-run business is just as vulnerable as a publicly-traded Fortune 500 business – and just as vulnerable as all sizes in between.

But the most important lesson to learn from this report is that small and relatively obscure brands are just as vulnerable as the big and well-known brands. We learned this when the breaches occurred with Target, Anthem, United Airlines, UCLA Health System, and Mandarin Oriental hotels. Many experts thought these big businesses were immune. They were wrong.

Naturally, as all marketing experts say, you want your brand to be an industry leader. But in this instance, don’t let your brand be an industry leader when it comes to cybersecurity breaches. Instead, spend the time to implement these five recommendations:

The older a piece of software becomes, the greater the chance that hackers will discover vulnerabilities. Patch management helps alleviate this issue because as vulnerabilities are found, they are patched by the developer. Although an internal threat can bring a payload in-house through USB, DVD, or other bootable media that can attack a particular vulnerability. A patched vulnerability gives one less attack surface for a hacker to try in his/her attempt to gain a foothold.

Unfortunately, the biggest risk to security is us. Human beings have a tendency to be sloppy with security protocols. As security personnel, we are taught that the best passwords consist of lower and uppercase letters, numbers, and special characters. Yet, people will always stick with the simplest things so that they can remember them.

Make sure that you’ve trained employees about what to look for when opening email messages. Since many breaches happen as a result of opening email messages and attachments that should never have been opened, instruct employees to instantly delete emails that come from people they don’t recognize or receive email attachments from employees or people outside the company that they weren’t expecting.

Implement a disaster recovery plan so that all employees know who will access corporate data – and which data – in the event of a disaster and the amount of time that data may not be accessible – if at all, and the procedures to recover data after the disaster.

Accept the fact that a breach may happen. But, if you back up your data on a regularly-set schedule depending on the value of your data and how often it is changed or updated, the re-creation of your data will not be one of your business’ headaches.

Since consumers can learn about breaches as soon as they happen, businesses should take responsibility and inform the public as soon as possible. The Privacy Rights Clearinghouse features a Chronology of Data Breaches and is updated daily. Here’s the link:

In case you’re wondering, the highest scoring university may surprise you: Merced Community College in Merced, California.

Image Credit: Stuart Miles via FreeDigitalPhotos.net.

This post was brought to you by IBM for MSPs. Dedicated to providing valuable insight from industry thought leaders, PivotPoint offers expertise to help you develop, differentiate, and scale your business.

wordpress blog stats
Posted in Cloud Computing, corporate data, Cybersecurity, Data Breach, data protection, Data Security, Disaster Recovery, Email, Management and Technology, Network Security | Tagged , , , , | Leave a comment