Don’t Forget Security When Considering a Merger or Acquisition

security keyboard imageIn today’s competitive era, businesses all want to stand apart from the competition. Some businesses may provide a truly unique product or service, some may have a celebrity endorsement, and some may sport a memorable name. But as businesses become more successful, another option for further growth is in the arena of mergers and acquisitions.

According to Wikipedia, “Mergers and acquisitions (M&A) are both aspects of strategic management, corporate finance and management dealing with the buying, selling, dividing and combining of different companies and similar entities that can help an enterprise grow rapidly in its sector or location of origin, or a new field or new location, without creating a subsidiary, other child entity or using a joint venture. M&A can be defined as a type of restructuring in that they result in some entity reorganization with the aim to provide growth or positive value…From a legal point of view, a merger is a legal consolidation of two companies into one entity, whereas an acquisition occurs when one company takes over another and completely establishes itself as the new owner.”

While legal and accounting experts are part of all M&A deals, the expert that should always be part of the discussion and due diligence is the CISO (Chief Information Security Officer), or if a business does not have a designated security professional, that hole should be filled by someone with expertise in the information security arena.

During the due diligence process prior to a merger or acquisition, make sure that the business places a value on data security, information security, and data protection. Asking these questions may change your mind about moving forward with the merger or acquisition:
[1] Who is responsible for security?
[2] What protocols are in place to protect customer data?
[3] Have any data breaches happened?
[4] What were the protocols and timeframes for alerting customers, other stakeholders, and the media?
[5] What were the changes that were made following any data breaches? What were the lessons learned?
[6] If a breach were to happen during the due diligence phase, who will have financial responsibility?
[7] Are your computer systems compatible? If not, how soon can they be made compatible or identical? When two systems are joined together and are dissimilar, the potential for a breach is more likely due to the vulnerabilities created when two incompatible systems merge.

According to Scott Koller, lawyer at BakerHostetler, “The problem is that cybersecurity is not taken as seriously as it should be, or there is an under-appreciation of the risk. I think it is now on people’s radar, whereas before it may have been an afterthought.”

Unfortunately, according to Koller, too many people have a “check-box” mentality when it comes to information security. Does a business have a firewall? Check. Does a business use anti-virus protection? Check. Does a business back-up regularly? Check. Are there duplicate back-ups? Check. Then, however, the due diligence process moves on to another topic, instead of delving deeper into the information security areas of protection.

According to Ron Arden, vice president and CMO at Fasoo, “An acquirer need to understand the assets and liabilities it is acquiring, and look at adequate security as a business risk, just as leases, debt, and potential litigation are liabilities.”

So the next time you’re in the merger/acquisition market, be sure to include a thorough review of the information security risk before signing on the dotted line.

Image Credit: Stuart Miles via

For more tips on this topic:

This post was brought to you by IBM for MSPs. Dedicated to providing valuable insight from industry thought leaders, PivotPoint offers expertise to help you develop, differentiate, and scale your business.

wordpress blog stats
Posted in Business Process, corporate data, data protection, Data Security, Management and Technology, Network Security | Tagged , , , , , | Leave a comment

Does Your Business Offer Mobile Payments?

mobilepaymentThere are many ways that your business can stand out. Your brand can have a unique name, think Google, Zappos, or Amazon. You can create a new way to provide your product and inject innovation into a stagnant industry, think Starbucks for the coffee industry or Saturn for the automobile industry (although it was short-lived, it was still a trailblazer). Or, you can stay ahead of the curve when it comes to technology. One example is with mobile payments. Instead of paying with cash, check, or credit cards, a consumer can use a mobile phone to pay for a wide range of services.

With the abundance of smartphones, it seems as a natural progression for people to use smartphones to make payments. However, only a small percentage of smartphone users (early adapters) are doing this now. But once there is a clear technology winner among the competing companies (Apple Pay, Android Pay, and Samsung Pay) and better quality security measures are put into place, more people will use the technology. Today we stand at a crossroads similar to the VHS vs. Betamax battle from several decades ago.

Not all companies use all of these technologies to allow customers to make payments yet. So where you may purchase a latte at Starbucks with Apple Pay, you may not be able to do the same at Best Buy. If the theory behind these devices is to be able to help you track your spending on the fly, it will be hard to do that if you cannot use your device everywhere you shop.

Starbucks allows customers to pay with their smartphones at check-out with the use of an optical scanner. The scanner reads a user’s smartphone screen and deducts money from a Starbucks card or the Starbucks app.

Some companies, such as, Dunkin’ Donuts, have joined the mobile payment party through the use of their own app. This particular app stores money on a Dunkin’ Donuts card that is connected to a customer’s smartphone. Users authorize their payment via the phone and scan the smartphone screen over an optical laser reader at checkout. These apps keep your data outside of your “wallet” and put them generically into the cloud instead of storing them on your device – which brings up another set of security issues.

These advances have yet to reach critical mass. Questions that still need to be answered are: What if one’s smartphone is compromised due to a malware attack? The device is still in the person’s possession but one or all of his or her credit cards are compromised and his or her bank accounts have been compromised as well. How do we handle what should now be considered an issue of non-repudiation since the device was in the user’s possession at all times? That person could have very easily conducted the fraud on themselves. Now, these cool capabilities don’t sound so impressive. In fact, instead, there are some serious consequences.

According to a recent survey by Experian, sponsored by the Ponemon Institute, technology and risk management executives believe that mobile-related payments technology will increase the risk of a data breach at a time when the retail and banking industries are still recovering from major retail breaches over the past two years and are currently preparing for the EMV liability shift in the U.S. (EMV stands for Europay, MasterCard, and Visa, the three companies which originally created the standard for smart payment credit cards; now managed by EMVCo, a consortium with control split equally among Visa, MasterCard, JCB, American Express, China UnionPay, and Discover.)

Experian and Ponemon surveyed nearly 25,000 technology and information security, risk management, product development, and other professionals involved in the payments systems within their organizations. The survey results were part of a report called “Data Security in the Evolving Payments Ecosystem,” and final results were based on 748 completed questionnaires.

Survey respondents reported that the most likely mobile innovations to increase the risk of a data breach are mobile payments in stores (59 percent), e-wallets for retailers (58 percent), mobile payments on devices and apps (57 percent), and mobile payments on NFC (54 percent). (NFC stands for near field communication and is the set of protocols that enable electronic devices to establish radio communication with each other by touching the devices together or bringing them into proximity.)

According to Michael Bruemmer, Vice President of Experian Data Breach Resolution, “There are opposing spheres in this argument [of innovation and security]. There are the people that want to expand and use technological innovation and take advantage of that in the implementation, but then you have the clashing interest with the security folks who are saying, ‘Wait, new tech is great, but it’s only as great as the security you build in.’”

In the midsize market, it will be important to analyze the pros and cons of instituting a mobile payment option. Therefore, ask these questions first:
* Who are your customers?
* What are the best methods to reach your customers?
* Based on the demographics of your existing and potential customer base, are they tech-savvy enough to be comfortable using mobile payments?
* What security protocols will be implemented to protect customer data?
* What will the action plan be if a data breach happens?

In the words of American businessman Nicholas Negroponte, “Computing is not about computers anymore. It’s about living.” So, to modify a line from the famous Capital One Credit Card ads, “What’s in your smartphone wallet?”


To read more on this subject, check out “Mobile Payments: Innovative, But with Security Concerns”

Image Credit: Mapichai via

This post was brought to you by IBM for MSPs. Dedicated to providing valuable insight from industry thought leaders, PivotPoint offers expertise to help you develop, differentiate, and scale your business.

wordpress blog stats
Posted in Cloud Computing, Cybersecurity, Internet of Things, Mobile Computing, Online Security, Tech Equipment | Tagged , , | Leave a comment

Does Your Business Think Like A Tech Company?

technologyHow often does your business stand out from the competition? Is your business an industry leader or just one among dozens or even hundreds in your industry? Does your leadership team dream of being the Google, Microsoft, Apple, or Amazon of your industry? I read a recent post about the banking industry that offered an interesting perspective. Perhaps, there’s an easy way to accomplish this: Think like a tech company.

“Technology companies are forcing the evolution of the banking industry, compelling traditional financial institutions to emulate [tech firms’] attributes.” Ashley Veasey, Barclays Africa Group CIO, explained, “Banks need to start thinking and working like technology companies, and use innovative thinking and big data to better understand their customers.”

As YOUR business grows, how much time, budget, and strategic planning are applied toward your customer data, or in the lingo of tech companies, big data? Wikipedia defines big data as “Data sets so large or complex that traditional data processing applications are inadequate. Challenges include analysis, capture, data curation, search, sharing, storage, transfer, visualization, and information privacy. The term often refers simply to the use of predictive analytics or other certain advanced methods to extract value from data, and seldom to a particular size of data set. Accuracy in big data may lead to more confident decision-making. And better decisions can mean greater operational efficiency, cost reduction, and reduced risk.”

Here are some statistics that may convince you to understand your data, according to Forbes columnist Bernard Marr:

[1] This year, over 1.4 billion smartphones will be shipped – all packed with sensors capable of collecting all kinds of data, not to mention the data that users created themselves.

[2] By 2020, there will be over 50 billion smart connected devices in the world, all developed to collect, analyze, and share data.

[3] By 2020, at least 33 percent of all data will pass through the cloud (a network of servers connected over the Internet).

[4] For a typical Fortune 1000 company, just a 10 percent increase in data accessibility will result in more than $65 million additional net income.

[5] At the moment, less than 0.5 percent of all data is ever analyzed and used.

How much strategic planning is applied toward the process of innovative thinking to better understand your customers? According to Wikipedia, “Innovation can be viewed as the application of better solutions that meet new requirements, inarticulated needs, or existing market needs. This is accomplished through more effective products, processes, services, technologies.”

If your business strives to stay ahead of the competition – no matter the industry – you should start thinking like a tech company. With all the screens available to customers, i.e., desktops, laptops, and smartphones, and all the communication vehicles available for outreach, i.e., email and texts, no one is ever truly unplugged. This means that your business should consider all the ways that customers can connect and engage with your business.

As these connections happen, does your business capture customer data in a secure manner? How many systems are in place to safeguard the data? What happens if a data breach happens? What are the procedures to alert customers and the media?

So let’s return to the banking industry. To quote Alistair Peterson, Frost & Sullivan Africa Director of Growth Implementation Solutions, “Traditional banks cannot survive without becoming agile in their ability to develop customer experiences that surprise and delight through the use of various technologies. It is called the omni-channel experience, and traditional banks need to be at the vanguard or these new technologies.”

Your business doesn’t have to think like a bank, but I strongly recommend that you consider technology industry attributes. Your business longevity could be at stake.


Inspiration for this post:
“Banks Must Think Like Tech Companies”

“Big Data: 20 Mind-Boggling Facts Everyone Must Read”

Image Credit: Stuart Miles via

This post was brought to you by IBM for MSPs. Dedicated to providing valuable insight from industry thought leaders, PivotPoint offers expertise to help you develop, differentiate, and scale your business.

wordpress blog stats
Posted in Big Data, Business Process, Cloud Computing, corporate data, Management and Technology | Tagged , , | Leave a comment

How to Make Sure Your Brand Is Not #1 When It Comes to Cybersecurity Breaches

cybersecuritybreachAccording to a recent post in NetworkWorld by Maria Korolov, the Massachusetts Institute of Technology (MIT) scored at the bottom in a cybersecurity survey of 485 large colleges and universities. For a prestigious university known internationally for producing talented individuals in the fields of technology, mathematics, statistics, and science taught by intelligent and knowledgeable professors, how did such a negative score happen?

SecurityScorecard, a security risk benchmarking platform, analyzed the educational institutions based on web application security, network security, endpoint security, IP reputation, patching, and other security indicators. (The full report can be downloaded for free by clicking here.)

SecurityScorecard’s Chief Research Officer Alex Heid explained, “When we dug in, we found that there are a lot of exposed passwords, old legacy systems, and a bunch of administrative subdomains that seem to have been forgotten about. It’s common at colleges for students and faculty to move on and forget to shut down old projects.”

This report serves as a lesson to all industries and all sizes of businesses. First, no matter what INDUSTRY you’re in, you’re vulnerable. Don’t assume that you’re immune because you aren’t a financial institution, government entity, health organization, retail outlet, or educational institution. Second, no matter what SIZE your business is, you’re vulnerable. Hackers can, and are, everywhere. A mom-and-pop or family-run business is just as vulnerable as a publicly-traded Fortune 500 business – and just as vulnerable as all sizes in between.

But the most important lesson to learn from this report is that small and relatively obscure brands are just as vulnerable as the big and well-known brands. We learned this when the breaches occurred with Target, Anthem, United Airlines, UCLA Health System, and Mandarin Oriental hotels. Many experts thought these big businesses were immune. They were wrong.

Naturally, as all marketing experts say, you want your brand to be an industry leader. But in this instance, don’t let your brand be an industry leader when it comes to cybersecurity breaches. Instead, spend the time to implement these five recommendations:

The older a piece of software becomes, the greater the chance that hackers will discover vulnerabilities. Patch management helps alleviate this issue because as vulnerabilities are found, they are patched by the developer. Although an internal threat can bring a payload in-house through USB, DVD, or other bootable media that can attack a particular vulnerability. A patched vulnerability gives one less attack surface for a hacker to try in his/her attempt to gain a foothold.

Unfortunately, the biggest risk to security is us. Human beings have a tendency to be sloppy with security protocols. As security personnel, we are taught that the best passwords consist of lower and uppercase letters, numbers, and special characters. Yet, people will always stick with the simplest things so that they can remember them.

Make sure that you’ve trained employees about what to look for when opening email messages. Since many breaches happen as a result of opening email messages and attachments that should never have been opened, instruct employees to instantly delete emails that come from people they don’t recognize or receive email attachments from employees or people outside the company that they weren’t expecting.

Implement a disaster recovery plan so that all employees know who will access corporate data – and which data – in the event of a disaster and the amount of time that data may not be accessible – if at all, and the procedures to recover data after the disaster.

Accept the fact that a breach may happen. But, if you back up your data on a regularly-set schedule depending on the value of your data and how often it is changed or updated, the re-creation of your data will not be one of your business’ headaches.

Since consumers can learn about breaches as soon as they happen, businesses should take responsibility and inform the public as soon as possible. The Privacy Rights Clearinghouse features a Chronology of Data Breaches and is updated daily. Here’s the link:

In case you’re wondering, the highest scoring university may surprise you: Merced Community College in Merced, California.

Image Credit: Stuart Miles via

This post was brought to you by IBM for MSPs. Dedicated to providing valuable insight from industry thought leaders, PivotPoint offers expertise to help you develop, differentiate, and scale your business.

wordpress blog stats
Posted in Cloud Computing, corporate data, Cybersecurity, Data Breach, data protection, Data Security, Disaster Recovery, Email, Management and Technology, Network Security | Tagged , , , , | Leave a comment

Does Your Business Have a Cloud Computing Usage Policy?

cloud and rainMany businesses have a Bring Your Own Device (BYOD) to Work policy, a risk management policy, and some businesses are even tech-savvy enough to have a social media policy. Some businesses go one step further and introduce and review all these policies during the onboarding process for new employees. But while many businesses expect employees to collaborate on work either while in the same office or remotely, they are placing their data at risk if they don’t have a cloud computing usage policy.

In simple terms, cloud computing is the process of using a network of remote servers hosted on the Internet to store, manage, and process data, rather than using a local server or a personal computer.

According to Wikinvest, “Cloud computing allows consumers and businesses to use applications without installation and access their personal files at any computer with Internet access. This technology allows for much more efficient computing by centralizing data storage, processing, and bandwidth. A simple example of cloud computing is Yahoo email, Gmail, or Hotmail. All [the user needs] is an Internet connection [to] start sending emails. The server and email management software is all on the cloud (Internet) and is totally managed by the cloud service provider Yahoo, Google, etc. The consumer gets to use the software alone and enjoy the benefits. The analogy is, ‘If you need milk, would you buy a cow?’”

What should you consider as you create a cloud computing usage policy? Here are five key items:

Which members of your team should access the documents stored in the cloud? If you grant universal access to the stored documents, you may be giving away keys to your data. Think about your data as if it were in a vault. How much you spend on the vault is determined by how much your data is worth. There are different levels of need for access – for example, some Vice Presidents may have greater need than IT managers, or vice-versa. You are not obligated to provide the same level of access to all employees. It’s called “least privilege.”

How often do your employees add documents to the cloud? If your team uploads data on a daily or weekly basis, then the cloud may be an important way for your team to interact and work. But if your team only accesses the cloud once a month, you need to reconsider the cloud as an efficiency tool. Is it really worth the cost?

Have you decided on the parameters of using the cloud? For example, there may be specific types of documents that should reside in the cloud rather than others. Do employees store Word documents, Excel spreadsheets, pie charts, PowerPoint presentations, photos, etc.? For your employees to understand the benefits of using the cloud and to be proactive in protecting your business’ confidential data, they need training. Maybe you use a hybrid system where your confidential documents, such as intellectual property, are kept in-house and your other documents are kept in the cloud. Unfortunately, there are too many businesses that allow their employees to store whatever they wish in the corporate cloud. This can become a sticky legal issue if it is found that the employee is using it to store illegal information, other companies’ intellectual property, or any type of data that can place your company in a position to be sued.  Establish rules that must be followed and let the employee know that any wavering from the acceptable use policy will be grounds for termination. Be sure to have your attorney approve the document and make sure all employees read it and sign it. A part of an employee’s training is to educate him or her on the use of public cloud sites. Train employees to understand that uploading corporate data into their public cloud site is unacceptable. And finally, you must establish a password policy that everyone must follow: at least 10 characters comprised of uppercase, lowercase, numbers, and special characters – or use biometrics. Run this policy through active directory so it is enforceable. Don’t leave it up to individual users.

How necessary is it to keep your documents in the cloud and do they remain there indefinitely? If it is a team project and the project is finished, does it really need to remain in the cloud? There should be a defined lifespan for the data to reside in the cloud. Maybe confidential docs should only reside there as long as they are being worked on – and non-confidential docs can remain indefinitely. But the one thing to remember is that the cloud is never permanent. Very few providers will last for years – or the fees that your company will be charged will become exorbitant. Think about a guest in your home: that person stays for a limited amount of time (hopefully) and then leaves. The same rule should apply with the cloud – store your documents there, work on them, and then do what your cloud policy says to do.

Did you know that most cloud based companies do not back up your data? They will do it for themselves, but if you want to retrieve your data, especially from a long time ago, you may be out of luck. You may be able to retrieve it, but it will cost you a lot of money. If you need to recover deleted data, such as, purged email from a long time ago, you might find your SaaS or PaaS providers like, Google Apps, Microsoft Office 365, Amazon Web Services, etc., unable or unwilling to help. Recently, a new use for “the cloud” has come about. It is called cloud to cloud backup and recovery. It is automatic and saves all of your data from whatever PaaS or SaaS you are using. My mantra of “It is not if you lose your data, but when” has unfortunately rung true many times for many people. Using cloud to cloud backup and recovery might just make that saying obsolete. That is of course, if it is set up and managed correctly.

Remember, clouds can burst, and you don’t want your data raining down somewhere it doesn’t belong.

Image Credit: Stuart Miles via

This post was brought to you by IBM for MSPs. Dedicated to providing valuable insight from industry thought leaders, PivotPoint offers expertise to help you develop, differentiate, and scale your business.

wordpress blog stats
Posted in Business Process, BYOD, Cloud Computing, Cybersecurity, Data Breach, data protection, Data Security, Management and Technology, Network Security, Telecommuting | Tagged , , , | Leave a comment

Don’t Forget Security When Developing Corporate Mobile Apps – Time for Another Look


About a year ago, I wrote a post about the importance of security when developing mobile device apps. As part of the post, I also discussed the importance of security when evaluating the “bring your own device” to work (BYOD) phenomenon and the growth of the Internet of Things (IoT). Today, a year later, it’s time for another look.

If you’re creating an app, are you using tools provided by a managed service provider (MSP) allowing multiple people in multiple places to work on it? Does the MSP charge by the seat for the tools to be used, or is it a group license? Today, businesses try to offer apps on both the Android and iOS platforms, so you need to make sure that tools for both platforms are available. Most importantly, before launch, test your app over a wide range of devices and employ as many testers as possible.

Now, how many businesses have apps specifically designed for their industry? Recent developments, especially in the healthcare sector, require customized apps to better serve the needs of their stakeholders, in their case, patients and medical care professionals. In addition, healthcare organizations are also finding that off-the-shelf apps don’t always meet their needs. A side benefit to creating a customized app is that a business can release it in the general marketplace and create another revenue stream.

As the BYOD phenomenon further evolves, businesses are finding that apps may not exist that work both for their organization’s devices and their employees’ devices. This propels businesses to develop apps to perform on a myriad of devices.

Of course, this leads us to the elephant in the room: users’ privacy concerns. What information does your app require in order to download it? In an industry with compliance issues, one must be sure that the requirements for regulatory environments are met.

If you’re putting your app into the open market, how is cost determined? Is user information more carefully guarded if the app has a cost associated with it (data saved to the cloud) or some usability is deactivated if the app is offered for free? For example, apps that track your health and well-being: if the app is paid for, is the data being used offering real-time health status versus a free version of the app that may only provide limited use.

If your business has created an app, how do you measure its success? By the number of downloads? By the number of reviews? By the number of in-app purchases? Or by some other metric? However, don’t ever forget that you have an obligation to your users to protect their confidential information – regardless of if they paid for the app or got it for free.

Lastly, consider this scenario. What if your app is hacked? What measures are in place to protect your users’ information? Do you have a protocol in place to notify users of the breach? Do you have a procedure in place that will take the app down and rebuild it? Don’t enter the app market if these questions aren’t answered first.

Image Credit: KROMKRATHOG via

This post was brought to you by IBM for MSPs. Dedicated to providing valuable insight from industry thought leaders, PivotPoint offers expertise to help you develop, differentiate, and scale your business.

wordpress blog stats
Posted in BYOD, Data Breach, Data Security, Internet of Things, MSP, Privacy Rights | Tagged , , , , | Leave a comment

The Managed Service Provider (MSP) Quandary: They’re Only as Good as You Allow Them to Be

mspWhen I hear of managed service providers (MSPs), I think of services in a compartmentalized box or a box of Legos. While that may be a simplistic view of what a MSP is, it actually fits because that’s how companies tend to use them. They take parts that they want from a box and leave others that they don’t want. And as an end-user chooses a product or service from the box, the pieces are attached together to form an organization’s total service solution. This process is used whether it is a small company or a Fortune 500 company.

After an organization’s needs have been met, and after the service level agreements (SLAs) have been signed by the appropriate departments within an organization, then the work begins. But, the relationship can become problematic even when the relationship begins under the best of circumstances. A business relationship can spiral out of control very quickly because the organization may not believe that the MSP is doing its job correctly, or even worse, the organization blocks the MSP from doing its job.

There’s an old saying in the tech industry: “Working with computers would be great if it weren’t for the clients.”

When a business is paying for services, you would think that it would listen to its hired service provider, but that is not always the case. This is sometimes the case for services that cost above and beyond the price of the MSP. For example, through monitoring, it is determined that more cloud storage is needed, or a system critical server is about to fail. The organization says, “We don’t need that right now.” Translation: “We don’t want to pay for that right now.”

So the MSP team has issued the warning and laid out the evidence to support its findings, but the organization fails to act. So what happens when systems fail? You guessed it. The organization blames the MSP for not being adamant about the problem before the crisis erupted.

Or, the organization fails to listen to the MSP for no apparent reason. For example, a major organization receives a call from its MSP that monitors security. This MSP calls the security manager at the organization and tells the main contact that there’s a high probability of a major breach. Instead of taking immediate action, which might include checking the security infrastructure and searching for holes, the security manager ignores the warning. So what happens? A breach happens, and it causes millions and millions of dollars in damages.

But, let’s not forget. The MSP did the job that it was paid to do – a job that cost this organization a lot of money per year, and a major breach happened because the organization failed to act on intelligence that the MSP had provided. This error in judgment not only cost the organization money – but most likely, its reputation as well.

So before hiring an MSP, consider this. How much is its advice worth to you? Are you going to listen when the MSP gives advice, or will you listen ONLY when you want to? Granted, there are some MSPs that just want to take your money and provide lousy service, but for the most part, MSPs are honest. MSPs offer important services that your organization cannot handle due to manpower, space, equipment, or infrastructure issues such as the inability to manage disaster recovery, backup, and other infrastructure limitations.

The right MSP that’s the right fit for your business can help make your business run smoother and recovery much quicker.

Image Credit: Pakorn via

This post was brought to you by IBM for MSPs. Dedicated to providing valuable insight from industry thought leaders, PivotPoint offers expertise to help you develop, differentiate, and scale your business.

wordpress blog stats
Posted in Business Process, Cloud Computing, corporate data, Data Breach, data protection, Data Security, MSP, Network Security | Tagged , , , | Leave a comment

5 Must-Ask Questions Before Adding the Cloud to Your Infrastructure

cloudcomputingIn a previous post, I asked, “Is Your Business Ready for the Cloud?” Five key issues were detailed to assist midsize businesses before making the decision to move to the cloud.

But once your leadership and IT teams make the decision to move data to the cloud, your next step should be to sign a vendor agreement with your cloud provider. Don’t move forward without having your leadership and IT teams review the agreement in its entirety, and even better, include your legal team in the review process.

According to the IBM Center for Applied Insights:
“By 2016, cloud computing will matter more to business leaders than to those in IT. According to a recent study conducted by the IBM Center for Applied Insights, cloud’s importance to business users is expected to grow to 72 percent, exceeding its importance to IT users at a mere 58 percent.

While it may not generate the same breathless excitement it once did when the technology first emerged, “The Cloud” has undoubtedly become ubiquitous. As the technology matures and lingering security concerns dissipate, even the most conservative businesses have jumped on the cloud bandwagon. According to a study released in 2013 by the IBM Institute for Business Value, 64 percent of CIOs plan to invest in cloud over the next few years.

And as cloud technology continues to mature, how companies use cloud will also continue to evolve. What was once primarily used for cutting costs is growing into so much more. Today’s companies are increasingly looking to the cloud to not only improve efficiency, but also to innovate and create.”

What was once only for storage now includes the following technologies:

[1] SaaS = Software-as-a-Service: using a product such as an Office-like suite of software in the cloud environment.

[2] IaaS = Infrastructure-as-a-Service:  a form of cloud computing that provides virtualized resources over the Internet. The definition includes such offerings as virtual server space, network connections, bandwidth, IP addresses, and load balancers.

[3] PaaS = Platform-as-a-Service: a service that can be defined as a computing platform that allows the creation of web applications quickly and easily.

[4] DRaaS = Disaster-Recovery-as-a-Service: businesses that do not have the time or resources to manage a disaster recovery plan and regular service can outsource this process.

As you review a cloud computing agreement, also known as the service level agreement (SLA), make sure to ask these five critical questions and listen, really listen to the responses:

[1] What happens if there is a data breach?

[2] What procedures are in place to mitigate a data breach?

[3] How quickly do you handle credential changes, for example, when an employee is promoted, hired, or fired?

[4] Do the terms of the SLA reflect an understanding of compliance regulations when it comes to physical data storage requirements? For example, depending on industry and regulations (healthcare, financial, etc.), data may sometimes have to be stored within the state where business is conducted.

[5] What security measures does the cloud vendor put in place to protect its data and data centers? This means physical security as well as internal, electronic, and web facing.

So, has your business moved to the cloud yet, and if yes, what was your best cloud story, good or bad? Since others can learn from your experiences, please chime in.

Image Credit: digitalart via

This post was brought to you by IBM for MSPs. Dedicated to providing valuable insight from industry thought leaders, PivotPoint offers expertise to help you develop, differentiate, and scale your business.

wordpress blog stats
Posted in Cloud Computing, corporate data, Data Breach, data protection, Data Security | Tagged , , , | Leave a comment

12 Timeless Password Tips for Improved Security


According to Splashdata, the #1 and #2 most commonly used passwords are “123456” and “password,” so the creation of strong passwords is one way that users can be proactive in fighting security breaches. Since passwords are the core of an overall security plan, here are my favorite password-related tips. When using a managed service provider, it’s just as critical to follow these guidelines because any time data travels to a third party, it can become more vulnerable.


Make sure your passwords are complex. Use lower case and upper case letters, numbers, spaces, and symbols. Make sure the password length is longer than eight characters – Microsoft recommends at least 14 characters. Don’t use common or uncommon words from the dictionary or real names. Don’t spell your name backwards, use words with common spelling errors, or repeated sequences of the same numbers or letters. Create a phrase or sentence. If you are curious how strong your password is, check it out at How Secure Is My Password or use the Microsoft Password Checker. You can also learn how your password stacks up with the Password Strength Checker – this site evaluates the strength of your upper and lower case letters, numbers, symbols, etc.


Create a different password for each website you use or wherever you access your data. Don’t use the same password for Facebook, Twitter, LinkedIn, Google+/YouTube, Pinterest, Instagram, etc., because if someone gains access to one account, the hacker could then gain access to all of your social networking sites – contact information, photos, family member names, etc. Also, if you use passwords to access online banking, medical data, or other confidential information, create unique passwords to access each site.


If you don’t want to remember your passwords because they are too long and complex (hopefully), or if you would like an online site to generate passwords for you, check out LastPass. With LastPass, you will only need to remember one master password to log onto the site. LastPass automatically saves your log-ins and passwords for all sites that you visit – after you enter them both the first time, they are saved and encrypted in LastPass. Once you return to the website, LastPass will enter your password and user name automatically, which will serve as protection against keyloggers (software that records keystrokes when a user logs on to a specific website with the intent to steal information). There is a free version as well as a premium version – and the download is available for Windows, Mac, and Linux. While there have been security breaches on LastPass, LastPass remains the leader in the web password manager space.


If you store important documents on your home computer with bank account information, tax information, and social security numbers, make sure to add a password to them. If your computer ever gets stolen, the passwords will add another layer of security to your information.


If you are asked security questions as an additional component of password creation, don’t use easy answers. For example, don’t use your birthday, spouse’s first name, mother’s maiden name, your car license plate, or city where you live. For many hackers and even those who know the right websites to search, these pieces of data can be easy to find.


Whenever you sign up on a new site or get assigned a new site to access, there is often a default password. Often, we are so busy that we forget to change the default password – not a good idea. Before you do anything on the site, go first to the settings area and create a new password.


Since most businesses require users to change their passwords every 90 days, changing your personal passwords several times a year is a good idea.


Always be sure to log off of the site that you’re accessing because bad guys can steal your passwords. Even if you close your browser, your visit is still active. Logging off from the site will immediately end your session on the site. While you should always delete your cookies, history, and cache, you can either manually do this or set your browser settings to automatically delete when you close your browser.


Don’t give your IT Department a heart attack and write your passwords on a Post-It note attached to your monitor, under your keyboard, in a drawer, etc. While this sounds obvious, people think no one will notice or that the note will just be placed on the screen for a few moments. If you do this, you are handing your data to a thief on a silver platter – don’t do it.


Does your business have a password policy? If your business is progressive, you will read and sign harassment, privacy, BYOD, and social media policies. But due to the importance of passwords, make friends with your IT department. Go the extra mile: always change passwords when asked and always set up your password according to company policy. If corporate policy allows, set up a screensaver to activate after a short period of inactivity to protect anything on the screen.


Don’t use your email address as a username (unless corporate policy dictates that you must) – and don’t make your password the same as your username. If you are accessing a business-owned account, then access is terminated once you leave your position. And if you use a personal email address, once you leave the position, the business has no way to access the account. Personal email addresses are easier to hack.


Don’t ever click on the “remember password” option in your browser. Unlike passwords saved in LastPass, they are not protected by encryption and are open for bad guys to see if they get ahold of your browser. To quote Dana Molina of SureTech, “If your device is ever stolen, you’ve just invited a thief into your home, removed their shoes, and given them a foot massage.”

Do you have a tip to add to the list?

Image Credit:  digitalart via

This post was brought to you by IBM for MSPs. Dedicated to providing valuable insight from industry thought leaders, PivotPoint offers expertise to help you develop, differentiate, and scale your business.

wordpress blog stats
Posted in Business Process, Data Security, Network Security, Tech Equipment | Tagged , , , | 1 Comment

Television’s Role in the Conversation about Cybersecurity


Have you noticed all the recent storylines about cybercrime on television? Several episodes of “The Good Wife” focus on technology issues ranging from hacked emails to online privacy to ransomware (a type of malware that restricts access to the computer system it infects and demands a ransom paid to the creator of the malware in order for the restriction to be removed). And of course, the latest version of the CSI franchise is titled “CSI: Cyber,” whereby all episodes focus on online crime.

This increased attention on cybercrime and resulting emphasis on cybersecurity are definitely a positive move in the right direction. The attention is much appreciated by the technology industry overall, but specifically by professionals in the infosecurity arena, who talk about cybersecurity awareness on a daily basis. This is because a large part of our jobs has become alerting leadership teams and Boards of Directors about the consequences of data breaches and the importance of implementing security awareness programs and business continuity programs.

With a spotlight shining on cybercrime, Twitter conversations and Facebook posts increase around these TV shows and actors. And with an increase in interest in these important matters, the result may be that your business may be just a little safer – thanks to television.

You never know when an employee will receive an email from an unknown source, and in a split second will make a decision NOT to open the email because he/she doesn’t recognize the sender. The employee recalls an episode from a TV show that showed how an entire company’s email system was hacked and customer database was breached from a virus in a single email. Your employee made a decision based on a TV show.

Of course, a possibility of so much cybercrime on TV may be that the bad guys get some ideas. What TV starts, sometimes, the bad guys will finish.
Image Credit: Digitalart via

Posted in Cybersecurity, Data Breach, Data Security, Disaster Recovery, Email, Management and Technology, Network Security, Online Security | Tagged , , , , | 1 Comment