The Business-Technology Weave


October 31, 2011  12:28 PM

The Human-Technology Weave Revisited

David Scott David Scott Profile: David Scott

 

Regular readers may recall this article from February.  It was a bit of whimsy… something a little different.

 

But now there’s an interesting story about a man with a smartphone dock in his arm.  Well, it’s a prosthetic arm – but this is an exciting application of imagination for sure.  And, some would say, it’s a start to a much more personal integration of technology to human beings.

 

The man in question is Trevor Prideaux and he was born without a left arm.  With his Nokia C7 comfortably and handily docked in his fiberglass/laminate forearm, he has the ready ability to text and call.  He’s had a prosthetic arm since he was three years old.  Trevor believes his phone-in-arm solution is the first time this has been done in the world.

 

You can see how it might be difficult for him to hold the phone with the prosthetic hand, and text with the other.  But with the phone securely in his forearm, he can text with ease.  Also, when he receives a call, he can put his forearm up to his ear, or undock the phone and hold it.

 

Technicians at The Exeter Mobility Centre in England built a prototype arm in 5 weeks time – they made a fiber cast of the phone, and then built a cradle into the limb. 

 

Amazingly, when he contacted Apple to see if he could get a blank iPhone casing to test out his idea, Apple refused his request, according to the Daily Mail.  Folks at his local phone shop agreed to help him, and he was ultimately put in touch with Exeter.

 

In considering Trevor’s forward posture, consider this too:  As processing power is able to be put into smaller and smaller components, and as data densities increase – thus also occupying smaller spaces – there will come a point of diminishing return in the normal application of technology:  The ability to build devices that are too small to hold, too small to type on, and too small to keep track of. 

 

But that threshold is exactly what is leading to a Human-Technology Weave – the integration of circuits and content repositories that may tether directly to the body and brain.

 

And that is a whole ‘nother Weave.

 

NP:  Oh, Mother, I’m Wild!  Jack Kaufman, original Victor 78rpm record on a 1912 Red Mahogany Victrola.

October 29, 2011  2:52 PM

IT and Business: Talking Past One Another

David Scott David Scott Profile: David Scott

 

Surveys tell us that business and IT folks talk past one another all the time, with the resultant blown budgets, failed projects, late projects, ill-fitting solutions, and other bad outcomes.

 

A neighbor of mine is a graphics artist/layout specialist for 3 newspapers and various magazines, both online and print.  He works in a consolidated graphics company that these publications utilize.

 

It’s a 24×7 operation.  It’s a sophisticated company, with the latest equipment and computers.  The people working there are no slouches, in terms of their abilities to get pubs ready for press.  But there is one slight remiss.

 

They didn’t have an IT Department at their disposal.  Oh, they had IT support:  An IT Director.  One… IT Director.  One who was on call 24×7.  Yeah.

 

The business skimped on IT support in terms of personnel, and thus other ramifications came to bear.  Many readers can probably guess what ultimately came to be.

 

But first:  The Director made reasonable requests for help over the course of time.  A case was made for an assistant, who would have been a one-person HelpDesk, essentially – but also backup to the Director and vice-versa:  coverage for cases of illness, travel, meetings, periods of high volumes of work, etc.  But the request was denied.  Affordability was an issue.  “Later” was a nice deferment:  “We recognize you’re stretched and we’re going to take this up with ________  [the CEO / the Board / the Steering Committee / the Magic 8-Ball] soon.

 

The IT Director was too busy providing day-to-day support, and handling various exigencies, and many, many standard and best practices either went out the window, or were never really mounted in the first place.  One of the critical issues became lack of documentation.

 

What you likely saw coming was total burn-out for this person.  Aside from the midnight, 3 a.m., and other random phone calls, the “typical” day was one of straddling dozens of bases and trying to provide adequate coverage:  Vendors, budget, upgrades, new installations, migrations, desktop support, backoffice support, reports, justifications…

 

He left. 

 

And now my neighbor has difficulty doing his job.  A support vendor is onsite, but is struggling with systems and procedures absent documentation and real understanding.  While the vendor figures things out, support is virtually non-existent still.

 

Perhaps the IT Director didn’t make the case for help strongly enough; perhaps he didn’t articulate things in match to the risks that were accruing.  For their part, the business side of things didn’t take seriously the need to, at the very least, have a backup person in a large facility (there are over 100 personnel at this company) that requires steady, daily, support – to say nothing of the requirement for an IT leader who is able to break free for proper strategic planning, and for meeting with business associates for assessment of requirements and expectations.

 

In addition to specific meetings between business and IT, for specific projects and issues, they should plan on a quarterly meeting for assessing just where things are, and where business intends (and needs) to go.  That agenda is easily crafted by both over the course of the quarter.

 

I call this meeting, and its participants, the BIT team (the Business-Implementation Team).  Its structure and culture helps to influence everything the business does in an IT sense between quarterly meetings too.

 

It’s kind of a handy thing… and business and IT do a lot less talking past one another.

 

On this day (Oct. 29th):  In 1682, William Penn, founder of Pennsylvania, landed at what is now Chester, PA.


October 29, 2011  10:55 AM

HP to Keep Its PC Business After All: Do I keep HP?

David Scott David Scott Profile: David Scott

 

This past August, HP announced it would discontinue its smartphone and tablet products, in addition to considering discontinuing its PC business.

 

The move was precipitated by HP’s acquisition of the British company Autonomy, and a seeming shift to emphasis on software.  However, HP will now keep its PC arm, formally the Personal Systems Group (PSG).

 

HP’s chief, Meg Whitman, has stated, “HP is committed to PSG, and together we are stronger.”

 

I’m happy with this statement, as I am typing this article on a reasonably new HP laptop.  I also have an HP printer.  In the case of my earlier problems with this laptop, paired with this considered spin-off or sale of the PSG, I continue to wonder if there was some slippage in quality or focus as regards their PC line.

 

That would be unfortunate, as HP is presently the number one manufacturer of personal computers in the world.  They achieved $40.7 billion in revenues for 2010.

 

Still, I’ve been informally surveying people I know, people I do business with, and reading a lot of praise and criticism on the web.  We must recognize that any product has diametric conditions of people who are fans of the product, and those how have nothing but horror stories.  But HP seems to attract unusually strong opinions.

 

I know that I was disappointed with a 10-month-old laptop that had a hardware failure.  I was also not impressed with HP’s customer service:  From technician(s) to Corporate Office.  A tipping point for me might be HP’s recent, seeming, indecision regarding their commitment to the PC line, coupled with another consideration.

 

That consideration is Apple, but more specifically, the Unix-core that solidifies their operating system.  That… and the fact that Apple is not likely to consider… and reconsider… jettisoning a big chunk of their product line (and associated customers).

 

NP:  Thelonius Monk, Epistrophy, at Starbucks (a nice surprise hearing this here)

 


October 27, 2011  2:44 PM

HP Experience Yields Appreciation of New Areas of Risk, Pt. II: Apple vs. PC

David Scott David Scott Profile: David Scott

 

Please see my prior post if you haven’t already. 

 

My situation with my HP laptop had me speaking and listening to a number of people.  Folks of various stripes were happy to weigh in:  Colleagues, clients, vendors, and friends.  In the course of discussion, I heard a number of stories about HP specifically, and about the PC realm generally.

 

A trusted colleague is also a friend and a client.  More years ago than I care to remember,  I hired him as an intern in the Fortune500 world.  I now serve as a virtual Operations Manager in his startup business.  He made the switch to Apple about a year ago.

 

It took him about three months to get used to the interface and operation of the Apple world.  This has been my main reason for resisting Apple.  It was foreign to me, and it struck me as being less efficient… or perhaps intuitive.  But in his case, he did get used to it, and he’s much happier with it.

 

Secondly, he told me that Apple has brick-and-mortar stores.  Imagine:  You can take a defective or failing product right to the store, and deal with an actual person.  Wow – what a concept!

 

Last, he had a “real-world” case to relate, particularly in relation to the second point.  Quite recently, his company had an older laptop that developed a problem with the screen.  They took it to the brick-and-mortar store to see what the repair would cost – for all they knew, it might not even be worth a repair.  To their surprise, Apple replaced the screen because they had the part laying about, at no charge.  They had it back next day.  Realize:  This laptop was long out of warranty. 

 

That is customer service.  Apple in this case is a bona-fide solutions partner.  They would seem to have an understanding that their products support and enable business.  That when a product or solution fails, the support to business fails – and that is a hardship.  Business enters a zone of risk.

 

My (crumbling) resistance to Apple was also based on a widespread industry belief from years past:  Apple was for artists and designers; PCs were for empirical business and related operations and management.  That line has probably blurred, or disappeared – but I’d like to know what you think.

 

I would welcome other’s experiences in the realm of Apple and PC.  I’m certainly thinking…

 

On This Day (Oct.27th):  Fred Waller patents water skis. 


October 26, 2011  2:34 PM

An Experience with HP Yields Appreciation for New Area of Risk

David Scott David Scott Profile: David Scott

I’ve been involved with various risks and manifestations of bad outcomes – things such as breaches, malware, human error, exposures, loss – and related protections and solutions for quite some time.  However, I experienced something new to me – after all this time.  I think readers will want to know about a recent incident involving Hewlett-Packard (HP). 

 

I consider HP a solutions partner:  My primary computer – a laptop – is provided by them, and  my expectations are that the device is sound, will last for a reasonable period of time, and that it will serve my business interests. 

 

But it seems this solutions partner has at least one policy that:  1)  Describes a bad outcome, and 2)  Provides a subsequent, deliberate, compounding of it.  Specifically, if there is a hardware or other failure, and the troubleshooting and fix require a reformatting of the hard drive, HP will only perform a highly selective backup/restoration.  This is as opposed to what I do for my customers – clients.  You see, I provide a best practice standard. 

 

Best practice would be, wherever possible, a comprehensive backup and restoration – and return of all assets – hardware, software, data – content -  to the customer.  A set of business assets (hardware and content) should be readily preserved, and returned extant to the customer.

 

But recently, my primary HP laptop failed me:  It refused to charge the battery.  At first, it was a random condition – I’d be working away, and suddenly I would receive a warning that I had 10% remaining capacity on the battery, and that I should either:  1) Plug in, 2) Replace the battery, or 3) Shut down.

 

The first time was rather a shock, being that I was plugged in, and in the middle of critical client work.  I rebooted and, interestingly enough, the laptop indicated it was in a charging condition, as shown by the icon in the system tray.  But then I had a day where it wouldn’t charge, and no amount of coaxing would change the condition:  Different outlets, wiggling the adapter’s plug-in to the laptop, reboots, etc.

 

I called HP, being that I was within my one-year warranty.  After 40 minutes of troubleshooting, they advised that I send the laptop to them for service.  At that moment, it suddenly started charging.  I held off – although I did solicit the custom box they send to you, for use in returning equipment.

 

Over the course of a couple weeks, the laptop was always plugged in, and the battery was primarily at 100% – however, there were those days where the battery discharged, and I was stuck.  Ultimately, one morning, the battery drained and I was fed up.  I resigned myself to sending the laptop in for service.  Fortunately, I have weekly comprehensive whole-drive backups, nightly selective backups to thumb for critical client work, and a backup Dell laptop – older but functional.

 

When my box arrived for packing and return, it contained something inside in addition to the FedEx mailing label:  There was a disclaimer statement requiring my signature – approximately:

 

Should HP determine that a reinstallation of your computer’s operating system (OS) be necessary, a reformat of your hard drive will be performed.  The only data that will be backed up and restored upon completion will be the contents of the following folders:  My Documents, My Pictures, and My Videos.  If you wish to retain information that resides in folders other than these, you should do a complete backup before sending the computer in for service.

 

I spoke with two technicians who agreed with me that the stated policy of this company was that they would, under conditions of reformatting, willfully destroy data by not backing it up.  I also had great difficulty understanding them:  The calls had poor fidelity, and accents were a bar to efficient communication.  I can also add that a representative in HP’s corporate office confirmed the policy regarding the lack of comprehensiveness in preserving customer assets (again, critical content).

 

I remain surprised that in 2011, a major computer manufacturer would compound an extreme consumer liability and inconvenience:  That of losing the use of hardware for some measure of days to a week-plus – by also putting data at risk.  I say “at risk,” because many people either don’t do backups, or, find that upon “recovery” they didn’t do quite the comprehensive job they needed to do.  HP is already performing a measure of backup in these circumstances (the “My” folders) – why not go the whole route? 

 

And… would this be considered an area of risk, whereby a “solutions” partner hasn’t evolved to where they respect and value customers’ content as much as those customers do?  I certainly consider it a risk.  What other corners are being cut?

 

I can understand potential liability for HP:  They may be in receipt of a computer that has corrupt data.  Upon backup/restoration/return, a consumer may attempt to fault them for corrupting data.  This could easily be handled by a statement, “All reasonable means will be employed to backup and restore data where OS reinstalls are determined necessary, however, no guarantees are made for content’s backup and recovery, as HP can make no determination nor guarantee for content’s wellness upon receipt.”  HP receives hardware failures in “as is” condition, and would only have to attempt to return hardware and content in the same “as is” state. 

 

That would be completely understandable, given that any particular computer’s problem might have had a negative impact to the completeness or wellness of its content.  But, to simply refuse a good-faith attempt at a complete backup – when HP is doing a measure of backup anyway, is quite surprising.

 

I should also mention that I desired to speak to an elevated circle at HP – something beyond their off-shore areas of tech support.  I only stumbled on a means of contacting the office of their CEO from a site called ComputerHope.com.  I can’t vouch for the site’s usefulness or utility other than from my extremely narrow use:  They provided the means to send an e-mail to that office of the CEO, and I got a phonecall, whereupon I discussed my laptop’s problems, and the schedule of estimated repair.  The laptop did come back to me on the 21st, as opposed to the estimated return of the 26th?  It could have been coincidence.  Perhaps ComputerHope is worth bookmarking.

 

Next in Pt. II:  Apple’s general treatment of customers seems to be better, as relayed by those customers to me.  I’m going to explore Apple’s general attitude in this area.  More to follow…

 

NP:  Rory Gallagher, on CD! (I know; this is heresy).


October 23, 2011  12:54 PM

Massachusetts and Breach: Yielding a Comprehensive Understanding of Risk

David Scott David Scott Profile: David Scott

According to the Massachusetts state attorney general’s office, approximately 2 million residents have had their personal information compromised just in the past 20 months.  Electronic data breaches, about 25% of which were due to intentional hacking, amounted to almost 1,200 incidents. 

Beyond hacking, breach of data can include:  Unintended exposures by “insiders” through accidental dissemination; lack of solid authenticating protections, allowing the “stumble” to sensitive data by “outsiders”; and of course other things such as the exposure of data through loss of portable devices like outboard drives, thumbdrives, smartphones, laptops, etc.  A new wrinkle regarding data’s security evidenced itself to me, however, when thinking about MA – but first -

Massachusetts’ Attorney General Martha Coakley released notices – notices that her office receives as required by a 2007 state law.  Any company doing business in the state must inform customers and state regulators about any breach that may result in identity theft.  The law followed a huge 2007 breach at retailer TJX Companies, when 45.6 million cardmembers’ data was stolen over an 18 month period. 

Initially, TJX refused to reveal the size and scope of the breach, but finally came clean and divulged how massive it was, and notified credit and debit cardholders.  That breach and delay led to MA’s present law requiring notification.

Today, the law’s yield is sobering:  One in three people suffered compromise of data – in a mere 20 months.

In reading about the situation in Massachusetts, I began a mental exercise to explore other risks to data, and sound business standing:  Things beyond the typical insecure posture due to ignorance, or lack of planning, and things that result in hack, loss, and resultant breach.  Are there other general areas of unsurveyed risk? 

ou bet there are.

There are bad outcomes for data that don’t involve breach, of course:  There’s corruption.  There’s  accidental deletion (between backups, or in light of no backups).  And… other things…

What of a hardware/software vendor who would deliberately lose your data, within a warranty window, by virtue of a stated, official, policy of selective (vs. comprehensive) backup and restoration?

More to follow…

NP:  Led Zeppelin, eponymous, original vinyl LP


October 17, 2011  8:10 AM

Blackberry (RIM) Outage Provides an Important Lesson to Us All

David Scott David Scott Profile: David Scott

 

By now most here have heard about Research In Motion’s (RIM) outages, which affected approximately 30 to 40 million Blackberry users.

 

That’s about half of all Blackberry subscribers worldwide.  Affected areas included the U.S., Canada, Europe, the Middle East, India, Africa, and Latin America.  Not a pretty picture for a company that, according to the Financial Times of London, advertises a 99.999% network reliability rating (no mention of who the rating entity is, however) – and it’s particularly poor timing being that competition just increased by virtue of the debut of the new iPhone model. 

 

Of particular concern is that RIM was reporting the problem as fixed the first day’s night, after reports of initial outages in Europe, Africa and the Middle East.  By next day, however, outages and service disruptions were spreading:  RIM was forced to correct its position, and report that the disruption was the failure of a “core switch” – responsible for routing traffic across what I guess we must assume is the near-totality of RIM’s network.  Hmmm… I’m wondering if this “core-switch” issue is an over-simplification of an infrastructure failure… or the alternative?

 

The alternative, and the face assumption, would be that this was a single-point-of-failure type of incident.  In other words, there was a core-switch, with no attendant parallel piece of backup infrastructure, process, and data traffic.  When that switch popped… data dropped.  I am so sorry for that rhyme.  No I’m not   “:^ ) 

 

I find it difficult to believe that this was a single-point issue – but you never know.  It well might have been:  I’ve seen many surprising things in the businesses I survey and counsel.  But the RIM/Blackberry incident, and its high-profile newsworthiness, makes for a great lesson.  And – it came just in time for October’s National Cyber-security Awareness Month (here in the U.S.).

 

Cyber-security is not just about thwarting malware, hacks, breaches, thefts, viruses and other malfeasance that is initiated by nefarious human activity.  Cyber-security includes basic best-practices regarding infrastructure wellness and backstopping.  Survey your environment for single-points-of-failure areas:  Servers, process, infrastructure, connectivities, data.  Also, include the human element:  If someone is sick or injured, and they’re removed from the environment for an extended period, do you have someone who can step in to their duties?  If not someone internal, then an identified vendor.  Are positions and procedures well-documented?

 

Think about it.  And RIM – are you listening?

 

NP:  Interplay, Bill Evans, jazz24.org


October 13, 2011  9:37 AM

Insecure Security: A Lesson from the Air Force for Your Org

David Scott David Scott Profile: David Scott

 

Sorry – I couldn’t resist.  The title of this post makes sense when we examine a recent situation affecting our military.  First, I’m a veteran, and I’m proud of our forces and of my past service.  Today’s critique is made in the spirit of the necessity for (quick) improvements in the realm of security. 

 

Also, for business and individual readers, please realize that if an occurrence like this can happen in the military, just what might be the vulnerabilities and possibilities within your organizations?  At your desktop?

 

The military serves to protect us, and to win wars against aggressors and threats.  They secure us.  However, a very recent event made a significant breach to the military’s own security:  Hence, insecure security.  A virus infected the cockpits of two types of drones:  Predator and Reaper.  This virus, as the military is referring to it (I might prefer “malware” in this case) is logging keystrokes. 

 

The virus is stubborn:  “We keep wiping it off, and it keeps coming back.  We think it’s benign.  But we just don’t know.”  This, according to a source familiar with the infection, according to Wired.com.  But… how can a keystroke monitoring “virus” – which can’t be “wiped” – be “benign?  It can’t.

 

Further, terms like “wiped” mean nothing to me.  If you’re attempting to remove a virus, a term like “remove” might be a little more empirical – or at least, “attempted removal.”  I wipe my windshield.  Not to sound too critical – I just want to bring us all to best practices, which includes best communications, identifications, and solutions.

 

There is another very, very, disturbing situation regarding this occurrence, and it’s a good lesson for the “local” organization – that is, yours.  Officials where the virus was impacting, Creech Air Force Base in Nevada, knew about it for weeks – but didn’t report it to anyone.  Air Forcs cyber-security specialists therefore knew nothing, weren’t able to do anything, and further, other elements of the military were left at risk.

 

In 2011, that is beyond unacceptable – it is a manifestation of the highest risk and danger.  The network specialists who defend the specific air force team affected learned of the virus from an online entity, Danger Room, according to Wired.com.  Rather amazing. 

 

The four-star general who oversees the Air Force’s networks has been briefed on the infection, thanks to Danger Room’s exposure, and a larger understanding of the problem by virtue of Air Force personnel stumbling on the report by Danger Room.  Can anything be more ridiculous?

 

The lesson for the local organization?  Survey for risk, malware, virsues, breaches, thefts…  report what you find.  For managers, directors, CXOs… get proactive monitoring in place, and exercise it.  Revisit your Acceptable Use Policy – hopefully you have one – and update it.  If you don’t have one, get a documented policy in place that tells folks what they can do with systems, what they cannot do, and what they should watch for.  The AUP ties closely with the Security Policy – and both should make strong reference as to where anomalies should be reported, and when:  That is, immediately. 

 

Particularly for orgs with multiple locations, share your knowledge, and IT teams should leverage their collective knowledge.  But even for simple, sole-location, orgs – please recognize that many formal policies often go lacking. 

 

Get an updated set of policies and activities going for the rush of challenges to modern security.

 

NP:  Hot Tuna, Final Vinyl, original LP.  Found this a few days ago; real nice version of “Hesitation Blues” to open, and I like the entire album.


October 11, 2011  8:17 AM

Security Postures: Time to start pedaling faster

David Scott David Scott Profile: David Scott

 

Back in my misspent youth, us kids used to ride our bikes as fast as we possibly could, trying to leave group members behind.  The slowpokes invariably whined… “Hey!”… “Wait up!”… and if we could actually get someone to cry, so much the better!  We’d laugh maniacally, looking back over our shoulders at our hapless slower counterparts.  Oh, the inhumanity! 

 

My father once saw a group led by me, leaving my little brother behind – and he heard my brother’s protestations.  Upon return to home, I was punished – banished to my room for some measure of time – with the stern counsel of my father, “Never leave your brother behind.”

 

Some folks and organizations are pedaling pretty fast these days, in trying to stay up with, and ahead of, the pack in matters of security:  Trying to keep up with best and burgeoning practices, and trying to stay ahead of new threats and potentials of harm.  But many surprising entities are at the back, and if they ain’t cryin’ yet, they soon may be.

 

Consider this:  “Cyber-cops” in the U.S. were surprised, caught off-guard, by a case of cyber-espionage thought to be unprecedented in scope and size.  It’s been described as a five year hacking scheme (five years!), as mounted and exercised by a single “state actor.”  The espionage targeted computer systems of the U.S. government, United Nations, defense firms and private industries.  The state actor is thought to be China, but that info hasn’t been released.

 

Hmmm… did some measure of government agency discover the hacking?  Perhaps some U.N. security expert?  Or surely one of those leading defense or private industries had some proactive, forward thinking, cybercop scanning and discovering the breaches (after five years!)?  Sorry to report, but it was McAfee.  According to Fox News, McAfee’s vice president of threat research, Dmitri Alperovitch, said “Even we were surprised by the enormous diversity of the victim organizations and were taken aback by the audacity of the perpetrators.”

Mr. Alperovitch’s report indicated 72 victims of the spying, 49 of which were American agencies and firms, during which massive losses of information occurred – there is potential for a huge economic threat.  We must recognize too that state actors don’t rest – just because this five year effort has been busted, they’re constantly evolving their spying means and mechanisms.  A U.S. official has confirmed the espionage and theft, and as pertains to McAfee’s report, told Fox “The report is fairly accurate.”

If McAfee’s report is correct, our government didn’t learn of a successful multiyear cyber-spying effort from its own internal cyber-police, but from McAfee.  What’s embarrassing, and scary, is that Janet Napolitano, head of the Department of Homeland Security, became aware of the McAfee report – and large scale breach – only on the same day the report was released to the press.  She further said, “We obviously will evaluate it and look at it and pursue what needs to be pursued.”  Obviously.  The White House has been briefed, so too has the U.S. Cyber Command at Ft. Meade, MD, and on and on…  lotsa people pedaling on this block, you see. 

Just not very fast:  National Security Agency director General Keith Alexander serves as the head of the Pentagon’s new Cyber Command.  He has stated that our military may not have the present capability to safeguard Pentagon networks from cyber-attack.  “The Department has a shortfall of cyber force capacity to plan, operate, and defend its networks and ensure freedom of action and maneuver for our nation in cyberspace.  Additionally, we are still discussing across the Administration how to best defend against a ‘Cyber 9/11′ that affects our critical infrastructure and beyond.”

Private industry is vulnerable too:  Lockheed Martin was the victim of a cyber hack earlier this year, as well as others. 

What does this mean for you?  Beyond “state actors” (such as China), and dedicated teams targeting private industry (such as the insiders referenced in yesterday’s article), there are malicious hackers who are simply out for fun.  They’re looking for websites and networks to hack just for the opportunity to wreak havoc.  All of these levels are pedaling at a fast clip, looking to breach, steal, and harm – and likely… laughing maniacally with each success, at the expense of those at the back of the pack.

How fast are you pedaling?

On this day (Oct. 11th):  The Juliana, 1st steam-powered ferryboat, begins operation in 1811.

 

 

 


October 10, 2011  5:19 PM

Security Vulnerabilities Leach Further and Further “Inside”

David Scott David Scott Profile: David Scott

 

Today, most organizations continue to think of security as an “us” vs. “them” proposition.

 

Outside breaching entities try to punch their way in to networks, websites, data stores, etc., and we have firewalls, encryption, evolving practices, and so on, to prevent intrusions and thefts.

 

This mindset no longer serves, and hasn’t for awhile.  Of course, a long-standing “inside” threat has been that of human error, which can lead to breach.  But there’s more – oh so much more…

 

Authorities in New York City have busted the largest identity theft ring ever.  Members have been charged with stealing the credit card information over a period of 16 months of thousands of Americans and Europeans.

 

The insider threat here?  Many of the stolen credit card numbers were stolen by company staff persons who had access to cardholders’ numbers:  People employed at stores, restaurants, banks, etc., using skimming devices.  Imagine going out to dinner, paying with your card, and finding all manner of unauthorized charges in the ensuing weeks or months… would you have associated those charges – that breach – with a particular dinner out?  Not likely.

 

But further, for any business, whether restaurant, bank, lawn service – anything – recognize that vetting employees and their associated honesty now takes on another dimension.  Not only do you have to monitor for theft of physical assets or cash at-hand, but you must monitor the ethical practices of employees regarding credit, and use of electronic systems.  Many organizations do this, and have for years.  Many, many, more do not – particularly in the realm of small-to-medium (SMB) business.

 

This particular ID theft ring also specialized in the creation and use of counterfeit credit cards.  The counterfeit cards were dispensed to collusive shoppers, who used the cards to purchase high-value items for resale, sometimes over the ‘net. 

 

Recognize too that the ability to replicate swipe strips, holographic authenticators, complicated engraving… is becoming more basic and affordable – and that is daunting.

 

To business, and individuals, I again say:  View every activity through a security prism:  Assess every activity, and every plan, from a security perspective.  Run frequent reports and track accounting very closely.

 

Stay safe.

 

NP:  Cannonball & Coltrane, LP.


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: