Well, it happened to me: My laptop’s operating system corrupted and I had to re-install it.
Fortunately, I had a comprehensive backup, which made me whole once I reinstalled the O/S.
I’m a self-employed consultant, so it would have been a bit embarrassing had I not been able to recover. Perhaps it would have even been professionally crippling: Loss of client information, billing records, data… even business reputation.
In the case of lost data and associated problems, even large enterprises and sizable medium-scale businesses get bit. We frequently hear about these situations in the news: Remember the Heartland Payment Systems data breach? How about something from this month? Health Net, Inc. has a data breach investigation going on affecting 1.9 million patient records. Ouch.
It’s interesting to Google “Largest Data Breach” and “Most Recent Data Breaches”… have a look at what comes up. Another interesting area of perusal is The Chronology of Data Breaches, as reported by The Privacy Rights Clearinghouse (PRC).
I’d forgotten that March 6th through 12th was the 13th annual National Consumer Protection Week – but better late than never. The PRC still has their Top 5 Privacy Tips for that week headlined, as well as tips for privacy protection during tax season, best practices regarding identity theft perils, and others. It’s a handy reference – check in from time-to-time.
As to small business: I know several small business owners and operators. For many, backups are… well… almost an afterthought. They’re performed sporadically, they’re not comprehensive enough, stuff is overlooked, and suddenly… something happens and critical data and business information is lost.
It’s simple enough to procure an outboard drive; “storage is cheap,” as we like to say. You can easily get a backup routine scheduled with simple-to-use software. At a minimum, just kick off a whole-drive backup manually – run it overnight.
Even for personal laptops/computers that aren’t involved in business use: You can’t imagine all the stored passwords and IDs that you’ve forgotten, for such things as social networking, banking, downloads, blogging, etc., etc.
Don’t wait: Back up.
On This Day: In 1960, the first patent for lasers was granted to Arthur Schawlow and Charles Townes.
And why not? Everything gets more expensive as time goes by. In fact, cost of breaches has risen for each of the past three years.
Symantec, folks who ought to know, says the average cost of a breach is around $3 million a year per business breached. If that sounds like a lot, realize that some businesses suffer losses of 10s of millions.
Of course, ever more breaches require ever more security awareness training and education for employees: More cost.
Too, the organization must survey its firewalls, virus and malware protections for currency and comprehension, and just generally expend precious business resources (time, attention, money, assessments for returns, to say nothing of repairs to reputation and breached systems…), thus robbing energy and focus from that main thrust that should occupy any business: Business.
Most breaches and loss or corruption of data are due to human error: Blame the employees. Nah: Actually, there’s enough blame to go around. Management/leadership (both IT and Business leadership) must put the proper emphasis on security and associated awareness.
One way IT can help: Send out a regularized (once a month?) Security Quiz. You can ask such things as “If a web site asks you to… should you….?” You get the idea; come up with a dozen questions. You’d be surprised how lax interns are, in spite of tight IT security orientations, delivered upon hire and start. Not to pick on interns (they probably get picked on enough); regular staff can be pretty abysmal in their actions and activities too. Give away some nominal surprise for the winner: a free day off? Use your imagination – coordinate with HR and management – evaluate the returns. Does the environment seem safer?
Don’t forget data’s liability in the era of portability: USB sticks, laptops, smartphones… Even e-mail is an element of portability: Do not let staff conduct business via personal e-mail accounts, facebook, YouTube, etc. And make a determination, and publication, of expectations for appropriate use of official e-mail. If you don’t spell out the “dos” and “don’ts,” you’ll reap all sorts of silly, expensive, results.
Unfortunately, in the era of all-access, all-the time, breach and business reputation are always in play.
Stay on the responsible forward edge.
NP: How Deep is the Ocean – Ron Affif, jazz24.org
Security is always a delicate balance: You need to provide efficient access, but only to those that are allowed that access.
Because there are a growing number of mobile devices, and more people utilizing them, there is more potential for breach – it’s just a numbers game, really. Your networks require ever more attention: In matters of security solutions and updates; watchfulness for any day-to-day breach; and investigation of any suspect activity. At the same time, access has to be readily available to those authentic users, sustaining their productivity – and they must be be productive within a fully educated posture, based on well-communicated security policies.
First, before a user even authenticates, remember to have the device authenticate. The network must recognize the device, allow it, and further – have your network survey it for currency in updates, patches and policy. Now you’re swingin’.
Also, mobile devices use mobile-broadband, the same networks as mobile phones. Here, it is basically essential to employ a virtual-private-network (VPN) – and also for any access coming through the public internet. Generally, you want to encrypt any data/communications between devices which transmit through public broadband or internet.
The addition of firewalls is another layer of security. They can be comprised of software, hardware, or both – and essentially emplace filters and authenticating standards before letting devices and/or data through.
Remember that any security procedures and policies are only effective so long as the organization enforces them. The organization must invest in security, in more ways than one. More than monetary, it is the organization’s acknowledgement that security is paramount, and that people will be held accountable to security standards. Regularized training and awareness sessions must be adhered to, and all modern and effective security measures must be undertaken in match to the accelerative nature of outside demands and threats.
Get on a schedule of regularized updates in all regards: Organization, people, process, systems, data, communications, education… Also, be certain to weave Business and IT leaders’ understandings and sanctions in creating and adhering to mutually defined and understood goals.
NP: I Can’t Get Started, Cannonball Adderely, jazz24.org
No matter how tight your security policies, no matter how regularized your security training, no matter how careful your workforce – mobile devices are going to get lost.
Smartphones, laptops, tablets, cameras, flash drives, and anything that’s not nailed down is susceptible to being left at the airport, in the back seat of a cab, or on a table somewhere in a food court… as but a few examples. And that’s just the possibilities involving loss through negligence – oversight, in leaving a locale without all of your possessions firmly in tow.
What of theft? As difficult as it is to believe, people actually take things that don’t belong to them! This is something you have to actively guard against – not just by maintaining your eyes on portable devices, particularly when you’re using them in public spaces, but in another important way.
It’s not so much the device itself that poses great risk – it’s merely any device’s potential manifest of harm, in the absence of appropriate controls when in the hands of an unauthorized person.
A device harbors content: That is, the data any particular device contains. Unauthorized physical access to the device cannot always be effected, as in the case of loss, so all other up-to-date methods of security must be employed. The device must be password protected. You might even consider fingerprint and card readers for total authentication and access. Further, the data residing on the device should be encrypted.
Risk is also posed through the access that the device represents: To your network, to your central data repositories, to your business intelligence, to your client information, to your employee information, to sensitive and confidential data, to proprietary solutions and systems, and on and on and on…
Another security measure to consider, which would protect both data and the device’s potential for directing harm to whatever it logs into, is to enable a remote-erase (wiping) solution. When a device goes missing, a trigger is pulled at the home office, sending a signal to the device to essentially destruct all data and mechanics of login.
March 12th: On this day in 1912, the Girl Guides (Girl Scouts) was founded by Juliette Gordon Low
Small and Medium Business (SMB) can really benefit from mobile readiness. Beyond the obvious reasons (the idea of “readiness” and a paired security posture hardly needs to be sold), the SMB market can capture and leverage a whole population of assets that essentially have no overhead. No TCO, no appreciable Time to Value (TtV); they’re here now, in that they’re often owned and maintained by people as personal assets: Things such as smartphones and laptops.
Of course, often enough these devices are provided by SMB too, as tools of any particular job; but there does exist a ready population that can be exploited – and that must be protected.
Whatever devices (and associated users) desire to access your data, systems, and tools – you must take inventory and qualify access before you greenlight it. Assess whether a particular user really needs remote access – is it going to be an efficient enhancement to work? Will it be productive? Does supervision agree that access is desirable? Is a strong case being made?
Then the risks can be weighed against the benefits – and there are always risks. Mobile devices will harbor sensitive data – and that data can easily be lost. Also, mobile devices transmit updated data back into your central repositories – on your network: filestores that represent the content feeding your mission critical applications. Things such as the organization’s sensitive financial information; customer databases and records, sensitive correspondence – you name it. You must ensure sourced mobile data is healthy, accurate, and whole.
Mobile devices also represent a portal through which malware may enter the organization. Therefore, an entire regime of recurring user education is necessary, and a standard schedule for review of devices for compliances and updated protections for malware, etc., is absolutely essential.
When devices are lost, it is imperative that users alert IT – lost devices can allow unauthorized access to the network; IT must immediately bar a device’s ability to access upon loss. And while on that subject, beware devices that have unsecured remote access – that is, no password or stored password, allowing the “greased entry” upon a simple switch-on of the device.
Let’s keep rolling on this…
NP: The “In” Crowd – The Ramsey Lewis Trio, jazz24.org.
Once upon a time, all an IT manager had to do was to secure an infrastructure and allied systems and tools that existed inside the “four walls” of the organization. That is, some measure of a computer room (speaking in a virtual sense; any of these elements could stripe through multiple buildings, offices, allied agencies, etc.), fileserver(s), a wiring closet or two, a computer workstation population, and so on…
A few forward individuals, either by power, station, or adventurousness, dialed-in to the network. Wow! I remember jokes in the workplace: Who the heck wants to bring the office home?
Today, we’re approaching universal connectivity. There are so many mobile devices, and associated mobile apps – paired with new data-densities, new bandwidth and processing power considerations – that business is everywhere.
The challenge to business and IT leaders alike is not just protection to organization assets and daily production, but the challenge includes spec’ing up to accommodate present and future demands for the mobile workforce. It also includes more than that…
It goes well beyond: You must document allowances, as far as which classes of users have mobile access, when, and how. And you must consider the blended environment of personal vs. business assets. Keep in mind that folks access your organization’s central computing and data assets from personal computers, laptops, phones, tablets, etc. The avenues for breach are many, in that you do not have an exclusive measure of control over these devices, and their associated “wellness” in terms of virus protection, malware protections, etc., etc.
Security demands are high. You must guard against spam, spyware, malware, viruses… denial-of-service attacks, whether directed or random. In this environment, it is prudent to consider data encryption for mobile devices. Today, you must safeguard sensitive organization data on mobile devices: Information is always vulnerable to theft and loss, but never more so when it’s repository is mobile and susceptible to loss itself.
More on this in the coming days…
March 10th: On this day in 1933, Nevada becomes the 1st state to regulate narcotics.
I’m not sure there are words to adequately express the true problem that this article illuminates: Douglas County Students Disciplined Over Facebook Post.
It is naturally disturbing that these students, in 2011, are not aware of social networking perils, the global wallop of the internet’s speed and comprehensibility, as well as aspects of damage to reputations. That, plus legal liabilities involving defamation.
But in a more basic and general sense – what of simple honesty, decency, and good character – how do 12-year-olds today think it is ok to label a teacher a pedophile; a rapist; as bipolar?
Or perhaps a better question is: What allows them to unthinkingly do this? Answer: The “realm of risk” allows them this latitude. In the realm of risk, unmanaged possibilities become probabilities. We can see how universal this important BTW warning is – and how wide its applicability: No one set proper expectations and limits on these kids’ online posts.
Kids say mean things; cruel things; stupid things. I did when I was young, and likely you did too. Today’s kids will do those things in the internet age’s equivalent of our neon lights – unless someone tells them not to, and spells out the consequences.
What of school policy? The modern requirements for school policy mandate a section concerning defamation of teachers, administrators, etc., regardless of forum; whether occurring on school grounds with school resources, or elsewhere. Today’s electronic enablements make this a no-brainer.
What of elementary education? It has to include coverage of internet communications and general use. If schools are in the business of teaching children the difference between “bad touches” and “good touches,” there sure is an appropriate need to be filled regarding electronic communication in 2011 – particularly given the parents’ reactions in the included article.
That is the most dismaying thing. Kids do not possess wisdom and experience – caring parents and educators help that along. But in this case, the parents are devoid of wisdom and experience – actually defending their kids within the most egregious defamations possible.
Go check your kids. They’re kids.
On this day: In 1959, Groucho, Chico and Harpo Marx make their final TV appearance together.
“Business success” really means “profitable endeavors.”
Even a non/not-for-profit organization has to deliver products and services that generate value and revenue. So, anything you do – your business – requires efficient work and deliveries.
Business goals have to meet marketplace demands. You have to develop something that people want: Otherwise it doesn’t matter how effectively you try to deliver. Absent delivery of something meaningful to market, it won’t matter now efficiently you produce it; it doesn’t matter how carefully you try to pump ROI by shortening TtV and by driving down TCO.
These days there is very rapid technological change. Customer expectations are very high – new, innovative, products are hitting the market all the time. Further, existing products are improved quickly, and “last year’s model” becomes antiquated and unattractive rather fast.
Phones, computers, cars, the speed at which we self-check out of a grocery store – ever more comprehensive services, ever-quicker deliveries and payouts; moving on to the next area of life and business.
The same holds true for your place of employ.
Vendors are shortening product lifecycles by, partly, simultaneously delivering new products to market. Don’t be fooled into buying too far ahead, or into something you don’t particularly need. Faster printers on the market? Great. But – are your present printers fast enough? Has anyone complained? Better to assess their remaining, anticipated, useful life. Also, perhaps some areas can retain slower printers… some printing is rather leisurely – someone gets around to picking up the output eventually…
Make sure you’re procuring, and investing in, the right business assets – at the right time. Make the basis for upgrades or new purchases in accordance with a holistic view of budgets and business objectives. Something interesting I observed at a company recently: When they upgrade their workstation and laptop populations, they do it as a complete, 100%, replacement of the old computers.
However, I did things a bit differently: I rolled existing computers down into positions that didn’t need the fastest, latest, greatest… you can establish a heirarchy.
I guess that goes against the grain of treating everyone “the same” – but, some people have offices, some have cubicles, and… in my world, some have faster computers than others.
You can project up to the maximum challenge of huge enterprise endeavors. Manage projects according to this principle: Look for the right timings, the right products, the right scale of rollout vs. limits, and above all – be certain the solution serves. In other words, be certain you’re investing in the right stuff, and make better decisions on where to apply limited financial resources and that allied potential.
Serve business – serve successful business.
NP: The Cannonball Adderly Quintet in San Francisco – original 1959 Riverside LP.
You’ve been at your position for three years or more. Things aren’t too bad: You work in an office environment; perhaps you have your own office (if not, see below); your hands stay reasonably clean; no one has yelled at you or physically assaulted you in quite some time; coffee’s not too bad; and so on and so forth…
But… but something’s missing. You want more challenge. Maybe a little more prestige. Some daylight to open ground – so that you have a reasonable chance for advancing your career. You deserve more pay (how do I know this? Because I deserve more pay, that gal over there deserves more pay, and you deserve more pay – ok?). :^ )
Before I became an author – and a professional blogger, and an independent person with my own clients – I worked directly in the field of Information Technology. Some of my early environments were pretty grim: The dark days of the ‘80s, early ‘90s… when all too frequently governance and management were largely clueless.
Well, that may be an exaggeration…
… but only in giving them too much credit: They were often dumb. (Of course, I’m using the word “dumb” in a neutral, academic, sense – not in a pejorative one: They were ignorant). Good people in all other regards, but here in the weave, we are nothing if not empirical.
Those early days of mine were ok, though, because that’s what taught me the absolute necessity for having a tight, mutually supporting, business-technology weave.
During those days, and in running up against significant ignorance, often overcoming it, and sometimes repeatedly smacking against it, I discovered something. I could generally glean all I needed to know from a specific organization in about 3 years: That is to say, general knowledge about leadership, its enablements, its limits, my place in it or against it, politics, business-IT relationships, etc.
Also, 3 years is about the minimum to avoid too much “churn” on your resume. If I wasn’t particularly happy – or just getting bored/stale – I simply changed jobs. Sometimes it was four years, five… The job market notwithstanding, you can simply go fishing… if something interesting comes up, take it.
Now please recognize: I always continued giving 100% when dissatisfied and looking. In fact, most of my employers couldn’t imagine me leaving – and several tried to entice me to come back within months of going. In spite of a few discussions, I never did go back– if you leave, recognize that you are leaving to be gone.
Every move was a step up; in responsibility and pay. Bigger office. Bigger environments, projects, challenges. If you decide to climb a ladder, be certain of your “rungs” – that they’re solid, and leading ever upward. Particularly for my more junior, SMB-oriented, readers: If you’ve never had your own office, and you’re interviewing somewhere, particularly for a leadership position, do not be afraid to ask, “Does this position come with an office?”
Don’t let fear hold you back. Most often, the only way “up” is “out.” There’s not a thing wrong with that…
Something missing in your career? Gauge the strength of your legs, and start climbing…
Thought for the day: “To be one’s self, and unafraid whether right or wrong, is more admirable than the easy cowardice of surrender to conformity.” – Irving Wallace
Any organization’s leaders (senior governance, management, board[s]) should have content awareness – but many don’t. (Of course, the entire organization needs to have content awareness, but the emphasis in today’s post will be on leadership).
Content, from an information perspective, is data the organization harbors, or contains (hence, “content”). Any data, electronic or hardcopy – irrespective of system or vessel – has to be managed for security, control, access, and use. Whether that’s data contained in F&A systems, core application and database systems, word processing, presentation programs, on portable drives, in filing cabinets – anything and everything – it must be managed with a 360o awareness.
We spoke of metadata the other day. It may seem a burden to tag every piece of content in your organization with appropriate metadata – but recognize: With a Content Management System (CMS), the assignation of metadata can be automated. The CMS merely rakes through the content, looks for key information based on controls that the organization sets, and fills in a metadata template which is forever linked to that content.
Such metadata fields could include:
– Source (Author, outside agency, etc.)
– Purpose of data
– Key departments, contributors, stakeholders…
– Authorizations (who is allowed to see/use; who is allowed to edit)
– Disposition instructions: Archive and/or destruct dates
– Applicable regulations (internal, external, or both) for dispositions
– Date and time of creation
– Any file manipulations such as encryption, passwording, etc.
Metadata can be anything the organization assigns for the control of data. You determine your own handles and controls for data.
Increasingly, organizations of all sizes must not only protect data, they must have ready access to it. They cannot afford to overlook any particular information-asset. Further, they must know how to dispose of content, in avoiding a glut of information that becomes difficult to sort through – slowing systems, corrupting databases, delivering out-of-date data that no longer has meaning or relevancy.
Content awareness – weave it into your organization.
NP: Sonny Rollins, Saxophone Colossus, on… CD. I know, I know… when I get home, I’m going to cleanse by playing an original Charlie Parker LP on Dial… maybe followed by Oscar Peterson at Carnegie Hall…