Minimize breach response cost

Minimize breach response cost with operational strategy

Minimize breach response cost
Policies and procedures need to defined and be in place in order to minimize breach response cost

While the costs of a data breach can vary widely on a case-by-case basis, CIOs who understand the drivers behind the expense will be better positioned to take steps needed to protect their organization.

Here are 6 way to minimize breach response cost:

  1. Eliminate data you do not need.
    You can potentially dramatically reduce your exposure by destroying records of past customers.  You cannot lose data if you do not save it. In 2015 one company served 69 million customers, yet when they were breached that year, they exposed 78 million records. The extra nine million records most likely come from former customers. Each of these individuals had to be notified and offered credit monitoring, driving up costs.
  • Do not store street address if there is no real business requirement.
    When a breach occurs, companies are typically required to notify affected individual via old-fashioned, handwritten “snail mail.” But they can use alternative methods of notification, such as email or public announcement if they do not have a valid mailing address. Physical, written notifications can cost up to $2 per person, and the cost quickly adds up. It may be worth asking twice what the business need for those customer addresses is and considering not capturing these addresses to reduce the exposure to notification requirements.
  • Utilize logs to prove proof a breach or data loss did not occur.
    One industry study shows that in 44% of incidents, public notification is not required. To avoid notification, companies must prove that, even if they were attacked, no records were improperly accessed. To do so, they use systems logs. Without logs, a company may be forced to assume a breach occurred because it cannot prove otherwise.
  • Follow PCI rules and protect credit card data.
    For breaches that involve credit card data, reimbursing card companies for fraudulent transactions can amount to a staggering cost, from $3-$30 or more per card. New chip cards are designed to reduce fraud, and early data show they are having the intended effect – MasterCard reported a 54% reduction in counterfeit card fraud costs at retailers who have switched to chip cards.
  • Use experts who know the breach response landscape.
    Your breach response effort is not a good time to reinvent the wheel. Missteps happen fast and have serious consequences. Credit monitoring alone can cost $5 to $30 per person. Data breach specialists, such as PR consultants or data privacy lawyers, often have seen as many as hundreds of data breaches and are highly practiced at helping you craft a genuine story that keeps confusion – and costs – down.
  • Be prepared for additional audits and compliance reviews.
    In the wake of a breach, a company may be audited and investigated by a number of regulatory agencies. While it’s not guaranteed to occur, it is likely, and there are simple steps you can take to prevent sensational fines if it does. To start, CIOs and  CFOs should be strong advocates for the implementation of the security controls recommended by external auditors or by regulators themselves.

Top 5 Hot Jobs

Top 5 Hot Jobs

Chief Digital Office (CDO) & Chief Mobility Officer (CMO) Hot C-Level Jobs

Top 5 Hot Jobs – CDO & CMO Hot C-Level Jobs that are not only new but also hot.  In the case of Chief Digital Officer (CDO), we have found that one in five companies now have some in that role.  In addition, half of those enterprises hired the incumbent in the last 12 months. The case is not quite as strong for the Chief Mobility Officer (CMO) as we found that only one in ten organizations have an individual other that the CIO assuming those responsibilities.

Top 5 hot jobs
Chief Digital Officer is one of the hottest jobs in the technology arena. Other hot jobs are Chief Mobility Officer (CMO), Digital Brand Manager, Data Scientist, and Social Media Specialist.

Many of the hot new jobs often report to the operational side of the business, instead of the traditional IT organization under the authority of the CIO.  Part of the reason for that is that almost half of all IT functions report up thru the financial side of the enterprise, not the operational side.

The five hot new jobs are listed below and have links to pages describing the major roles and responsibilities they have:

All of these jobs have one thing in common.  They are addressing the issues, roles, and responsibilities of the new age marketplace.  Without the Internet, e-commerce, and mobile users there would be no need for these positions.

But, as it is these are the new jobs that have been created by these new technologies and changes that have taken place.

Order IT Job DescriptionSample job description

Telecommuting Top 10 Reasons Why

Telecommuting Top 10 Reasons Why

Telecommuting Top 10 Reasons Why include the following:

  1. Flexible Work Hours – If employees telecommute then their schedules become more flexible.
  2. Reduce costs – telecommuters can save money on transportation costs such as gas, parking, public transportation, work clothes, and dry cleaning bills. Employers can save money by reducing overhead and retaining employees.
  3. Ease the strain on employees -telecommuters have greater flexibility to plan non-work-related activities around their business schedule instead of searching for the time in the early morning, late evening, or during lunch.
  4. More Productive – telecommuters will save the time they now take to commute to their place of employment.
  5. Minimize Non-Work Distractions – At times employees in an office setting can be distracted from their work by untimely interruptions from peers, impromptu meetings, or pulled away onto other projects. Telecommuters may find themselves more productive.
  6. Better Morale – Working from home usually means telecommuter have more time with their family.
  7. Green Solution  – Working from home part or full-time reduces the auto emissions and decreases gas consumption.
  8. Stay Healthy – Working from home decreases the stress caused by inflexible hours, commuting time and costs, continual rushing to unmet family needs, sitting idle during a commute and provides time to exercise or pursue endeavors of particular interest to you.
  9. Potential Tax Deductions – Income deductions are available for home-based work-related expenses such as fax, scanner, phone, computer and office supplies.
  10. Reduce the Need for Outsourcing – Working from home helps keep jobs domestic and reduces need or desire for business and industry to contract with other countries for work that can be done at sites other than the main office.
Order Telecommuting PolicyDownload Selected Pages

10 Best Practices for managing cyber-attack

10 Best Practices for managing cyber-attack

10 Best Practices for managing cyber-attack
10 Best Practices for IT Infrastructure are contained in this bundle of policies and procedures

10 Best Practices for managing cyber-attack have never been more important than today. They are:

  1. Stay calm, prioritize and don’t point fingers
  2. Assign response responsibility to a single point of contact
  3. Have both an incident response plan and a disaster recovery plan in place
  4. Take detail backups regularly – store backups on non-connected sites
  5. Have a business continuity plan in place with solutions that do not depend on the existing networks and data
  6. Have a PR/media and legal operational plan in place before the event
  7. Immediately notify customers
  8. Manage user/customer expectations
  9. Conduct a postmortem
  10. Implement policies and procedures that focus on infrastructure security
Order IT Infrastructure PoliciesDownload Selected Pages

 

10 steps to a raise

10 steps to a raise as the IT Job Market Improves

10 Steps To A Raise - IT Salary Survey
10 Steps To A Raise – IT Salary Survey provides data on 73 unique positions in over 100 metropolitan areas in the US and Canada.

10 steps to a raise is a program that anyone can follow.  They are easy and something that IT pros (and others) can implement fairly quickly.  However the results may take some time.

  1. Make users love you
  2. Understand where the CIO and company are moving
  3. Learn how to implement and apply the latest technology
  4. Get certification or first hand experience
  5. Market your skills
  6. Have and use the latest technology and tools
  7. Provide peers with insight and training on your area of expertise
  8. Fit into the organization as a team player
  9. Be a focal point in the latest technologies
  10. Network with IT Pros in other organizations that have the same technical responsibilities

Janco and eJobDescription.com has conducted salary surveys of the IT Job market since 1989. The data from this survey has been published in the Computer Industry Almanac, the Wall Street Journal, the New York Times, eWeek, and many other business and industry publications. In addition over the years it has been featured on CNN, the Wall Street Journal, and several national and international media outlets.

The salary survey is updated twice a year; once in January and then again in July. Janco and eJobDescription.com not only look at base salaries, they also report on total compensation.

Read on…

Top 10 tips to minimize wild fires

Top 10 tips

Fire season is just around the corner. With the wet winter, when the ground days out this summer the danger to life and property will be great. These are must follow tips.

Top 10 tips that business can follow to minimize the risk of wild fires around their sites and remote offices.

  1. Have a clear area of at least 100 yards around the business park.
  2. Keep lawns hydrated and maintained. Dry grass and shrubs are fuel for wildfire.
  3. Landscape with native and less-flammable plants. When landscaping, choose slow-growing, carefully placed shrubs and trees so the area can be more easily maintained.
  4. Create a ‘fire-free’ area within ten feet of the property, using non-flammable landscaping materials such as rocks, pavers and/or high-moisture content annuals and perennials.
  5. Have no tall vegetation immediately adjacent to structures.
  6. Clear leaves and other debris from gutters, eaves, porches and decks. This helps prevent embers from igniting the property.
  7. Remove dead vegetation from around the property, especially within 50 feet of the premises.
  8. Remove flammable materials from within 50 feet of the property’s foundation and outbuildings.
  9. If you have trees on your property, prune so the lowest branches are 6 to 10 feet from the ground and none overhang the structure.
  10. Don’t let debris and lawn cuttings linger. Dispose of these items quickly to reduce fuel for fire.

Order Disaster Recovery Business Continuity Template Download Selected Pages Disaster Recovery Business Continuity Template

Women CIOs comprise over 20% of all CIO roles

Women CIOs  hold over 20% of all CIO roles according to data analyzed by Janco Associates

Women CIOs – In the process of capturing public data on CIO compensation, Janco has found that well over 1 out of 5 CIOs is a women.

Women CIOs and other C-Level positions

According to the CEO of Janco Associates, at least two thirds of large public companies doing CIO searches require the recruiter to include women in the candidate pool. Further, when “all else is equal”, between a male candidate and a female one, companies are tending to choose the latter specifically to enhance the diversity of perspectives on the management team.

Unfortunately, even with this data, there are still too few women in senior, experienced roles to populate the candidate pools of all diversity-minded companies. So it’s not enough to decide at the CIO level to hire a woman. The relevant decisions must be made and opportunities offered earlier, at the developmental stage of potential finance leaders.

Companies need to provide more mentors who can share wisdom about things like where to invest time and ways to be motivated.

For those with leadership potential who prioritize family and stability over always making the best career move, the path to the C-suite may be inherently more difficult in CEO and finance than in other functions, like IT and human resources.

Tech Savy Young Hires Talent Shortage

Tech savy young hires talent Shortage is real for many enterprises

Shortage of Young IT Talent makes the promotion process falter

Tech savy young hires talent shortage is widely discussed among CIOs. The shrinking unemployment rate has drained the talent pool in many corporate IT functions and industries, and companies continually complain that they can’t find qualified staff. For Information Technology departments, the problem is different: If they were looking solely for the technical skills they wanted years ago, they would be overwhelmed with candidates. Today, though, such skills are table stakes, and the focus is on finding people who stand out because they have other desired qualities as well.

Download Selected Pages

Given companies’ increasing reliance on data in decision-making, demand is soaring for a demonstrated aptitude for analytics. Even more important for the long-term success of new hires, however, are assorted “soft” skills that allow them to communicate and collaborate with others, as well as influence others’ attitudes and behaviors.

According to some CIO, there is not a shortage of finance talent per se, but there is a shortage of people who have both technical expertise and these additional skills that will enable them to work well inside an organization.

Given this shortage, IT departments are aggressively positioning themselves as employers of choice. And they can’t allow themselves the luxury of easing up on that quest, since their competitors are doing the same thing.

What are CIOs and CFOs looking for

CIOs and CFOs are telling Janco Associates they want Information Technology students who know how important application strategy will be in any IT function and who show a willingness to embrace and explore analytical tools and methods. Students don’t necessarily need to know how to code.  Many companies that are successfully hiring young candidates with prowess in analytics are looking beyond traditional sources like business schools and accounting firms.

The problem is that demand for those candidates far outpaces supply. CIO should be looking for people who may not have the desired business background or professional experience but who possess the analytical skills IT pros need now and in the future.

10 point DR power checklist

10 point DR power checklist defined in Janco DR/BC Template

10 point DR power checklist — After an event that disrupts a network, availability of power to recover and run the network often is critical.  Below is a 10 item check list of what to consider in your disaster recovery – business continuity plan.

  1. Electricity, water, broken wires do not mix.  Before anything else validate that the power source and power distribution systems are dry and functional before power is turned on.
  2. Understand the minimum power requirements to be operational.   Have a clear understanding of a facility’s critical loads.
  3. Have an adequate fuel supply to operate backup power sources. Make smart fuel and technology choices, considering things such as if natural gas pipeline service were to be disrupted in your community. Make sure that you have sufficient fuel storage capacity onsite for an extended outage.
  4. Set reasonable response times for standby generator.  Frequent outages of a few seconds, a few minutes, or more, can have significant cost implications for businesses. While some other generators take up to two minutes to engage, diesel-powered generators are uniquely able to provide full load power within 10 seconds of a grid outage.
  5. Maintain your equipment and test it operations. Standby generators should be exercised periodically to ensure they will operate as designed in the event of an outage.
  6. Understand your environment and geography.  Even the best generators won’t work underwater when subjected to extreme flooding.  Check unit location for protection from flooding and ensure you use the proper gauge extension cord.
  7. Set up generators in an “open environment”. Use generators or other gasoline or charcoal-burning devices such as heaters in an open area or outside near an open window. Carbon monoxide fumes can build up and poison people.
  8. Quarterly review your load.  Know when there are any new demands or critical circuits to protect.  If you’ve added new computers or other power-hungry devices, consider updating switchgear.
  9. Meet all mandated compliance requirements. Make sure you have the proper permits and records on operations.
  10. Optionally contract for a rental power source.  Consider a rental generator power for use in the event of an extended outage.

Order Disaster Plan TemplateOrder Disaster Plan TemplateDisaster Plan Sample

Top 10 WYOD Best Practices

Top 10 WYOD Best Practices expand beyond BYOD

Tio 10 WYOD Best Practices - Policy
WYOD Policy that address all of the issues generated by this technology.

Top 10 WYOD Best Practices – Employees bringing their own smartphones into the workplace started the BYOD trend requiring enterprises to deal with the serious security implications that come from these devices. The decision for employees to wear their own device (WYOD), such as an apple watch that can link to your Wi-Fi; capture audio, video and data; store; and transmit poses similar problems for IT departments.  Employees and individuals outside of the enterprise can use these devices, sometimes discretely, to access and share business content.

This puts corporate data and infrastructure at risk, and reinforces the need for IT managers to focus on securing the content, rather than the device that’s in use. Wearable devices simply add another level of access and security concern to what we’ve already seen with the BYOD trend.

Here are top 10 best practices for WYOD:

  1. Have a strategy for how, when and why WYOD devices can be used
  2. Implement an acceptable use policy
  3. Identify the connectivity options that are available to both internal and external users
  4. Approved devices should be easily connected to the available secure access points
  5. Define a management process for the WYOD devices
  6. Plan for the activity WYOD devices will add to the network
  7. Make collaboration tools a priority
  8. Secure the end points and isolate sensitive/confidential information and locations
  9. Be prepared for little to no advance notice on upgrades
  10. Formalize your 7 x 24 support

For more information on this go to WYOD Policy.

10 CIO questions

10 CIO questions as they move forward

There are 10 burning questions that CIOs need to have answers to.

10 CIO questions

The chief information officer’s (CIO) role, responsibilities and influence is growing in today’s boardroom. And the CIOs job itself is expanding as well. The CIOs of the next decade face many challenges. The CIOs who will succeed will have a common set of skills.

The 10 CIO questions are:

  1. Can the CIO and IT organization sustain technology hype and deliver value?
  2. How secure is the data of the enterprise and its customers and suppliers?
  3. What is the next core systems evolution that the CIO and IT organization going to undertake?
  4. How and when will drones be used with the enterpriser?
  5. What are the implication of “industry giants” like Goggle going to impact the operations of the enterprise?
  6. Can Blockchain (a distributed database that maintains a continuously-growing list of ordered records called blocks that interconnect enterprise data) be implemented within the enterprise?
  7. Can enterprise’s product designs keep up with opportunities from technology?
  8. Will vendor consolidation continue?
  9. Is digital distribution and marketplace about to take over?
  10. Are KPI metrics and  analytics investment paying off?

CIO Role – CTO Responsibilities read on…

Order CIO Job Description

Top 10 steps to an effective IT organization

Top 10 rules of the road for CIOs when creating IT organizations

Top 10 rules of the road for CIOs as they build a modern IT function.  The organizational structure must support the goals of the organization and be consistent with its culture and capabilities. Well-defined reporting structures are based on the IT and business direction; take into account organizational barriers; and consider the effect of combining or separating the functions that are targeted for change.

Order CIO Job Description
  1. Limit the span of control for professional staff that report directly to the CIO – The number of direct reports should be limited to between 5 to 7 direct reports of professional resources.
  2. Minimize the depth of the organization from the CIO to the technologists (developers and planners) from the CIO to the staff doing the work.
  3. Parallel the overall IT organizational structure to the operating structure of the enterprise
  4. Create career paths for IT specialists into enterprise operational functions
  5. Have an operational management, quality control, and customer service function that can provide direct feedback to the CIO.
  6. Integrate strategic planning, security, and business continuity planning into the overall organizational management processes
  7. Create positions within the organization which non-IT professionals can take to create bridges to enterprise operations and productivity
  8. Integrate human resource planning and training with the corporate human resources group
  9. Create an industry relations function that looks at what competitors are doing with technology
  10. Build bridges to independent IT functions within operational units to keep abreast with what pragmatic technology solutions they are building independent of the CIO’s organization.

 CIO CTO Role

Top 10 tips improve social networking security

Top 10 tips and best practices to improve social networking security

Top 10 tips improve social networking security – These best practices will improve social networking security and protect the enterprise’s social networking reputation.

  1. Educate employees – Educating employees of best practices can help improve the overall security of the business. Awareness through seminars, workshops, and other programs help educate how attackers use social media to target a brand via individual employees.
  2. Have employees use different passwords for different system – Encourage users to have multiple unique passwords. This can be support by implementing a cloud based password management system.
  3. Mandate strong passwords – Make it a requirement to have unique strong passwords.
  4. Have employees change passwords regularly – One every three or four months communicate with employees to tell them it is time to change their passwords.
  5. Do not share accounts – For social accounts that represent the enterprise only have one user per each and the linking e-mail account should be one that is in the enterprise domain and will remain with the enterprise in case the employee leaves or is terminated
  6. Implement two factor authentication – Many of the larger social networks provide two-factor authentication, commonly in the form of a code sent to their smartphone or email each time a new device or browser attempts to login to the account.
  7. Educate employees to NOT open email attachments or go to links where the originator is not known – Stress the practices of carefully reviewing URL links before clicking to make sure the company and site name are spelled correctly. Cybercriminals will often blast out links that are very similar to a real address adding, subtracting or rewording parts to differentiate them.
  8. Utilize antivirus and security software – . No matter how careful a user is, there’s always the risk of accidentally engaging with a malicious link – and just one unfortunate click can lead to months of recovery time.
  9. Don’t friend people you do not know – Companies should encourage employees to thoroughly vet a friend request before hitting “accept”. They should check to see if other colleagues are also connected to the account. If the account seems suspicious or you don’t know the individual, ignore or report the user, and refrain from clicking on any links they may have sent.
  10. Validate and verify – just because it is on the Internet does not make it true.

Order Policy Download Selected Pages

Top 10 Smartphone Features to be added

Top 10 Smartphone Features to be added

Top 10 Smartphone features to be added in the next new devices.

  1. New designs: Samsung looking at a folding smartphone, Apple face lift to phone hardware and core application
  2. Faster processors: Qualcomm has announced the Snapdragon 835, which could be installed in some premium Android smartphones from top mobile companies. Some may opt for Mediatek’s Helio X30, which has 10 CPU cores
  3. Virtual reality: It’ll be possible to plug handsets into Google’s DayDream View VR headset to watch movies, play games, or roam VR worlds.
  4. Improved LTE: LTE speeds will get a serious boost with new modem technologies. Smartphones like the Galaxy S7 and Apple’s iPhone 7 can download data over LTE networks at a maximum speed of 600Mbps (bits per second), and upload data at 150Mbps.
  5. USB port upgrade: USB-C will replace the aging micro-USB 2.0 ports in Android handsets. USB-C is extremely versatile — beyond charging, it can be used to connect mobile devices to high-definition monitors, headphones, flash drives, and external storage devices.
  6. More Wireless Audio (Bluetooth): This means the extra headache of buying and recharging wireless headsets, but getting rid of the headphone jack could result in thinner and lighter handsets with better battery life.
  7. Quicker charging: Smartphones will charge much faster with USB-C cables, which can carry more power to a battery.
  8. Smarter phones: Augmented reality smartphones can recognize objects, map out rooms, and present relevant information about objects in sight on a handset’s screen. Smartphones can already recognize images and speech recognition via online services, but deep-learning enhancements could bring those capabilities offline.
  9. Faster Bluetooth: Bluetooth 5 wireless upgrade which will have two times the speed and four times the range of its predecessor
  10. More Removable Storage – Currently, internal storage tops out at 256GB and SD storage at 512GB, but SanDisk this year showed a prototype 1TB SD card.

IT Infrastructure Policies and Procedures

One of the best ways to communicate and understand a company and its operating culture is through its policies. Designing and writing policy and communicating it effectively is an essential skill for professionals to have. By having policy carefully developed and communicated, employees will clearly know what the organization expects from them, the degree of control and independence they will have, and what the benefits and consequences are in regard to adhering to policy.

IT Infrastructure PoliciesDownload Selected Pages

Wall Street Journal quotes Janco forecast

Wall Street Journal quotes Janco IT Job Market forecast

The Wall Street journal quotes Janco for the 6th time this year. That is a record for the firm and its CIO.  In addition, there are two more months to go.

You can go to their blog at http://blogs.wsj.com/cio/tag/janco-associates/ and see the quotes.

IT Job Market Growth for 2016 versus 2015
IT Job Market Growth for 2016 versus 2015

The topics reported on this year come under the following titles:

  1. IT Job Growth Down in October: Analysis – CIO Journal
  2. Compensation Up for Top-Earning CIOs: Analysis – CIO Journal
  3. IT Hiring Down in September –  WSJ Economy
  4. IT Hiring Rebounds in June, but Overall Growth Remains Slow –  WSJ Economy
  5. IT Job Growth Hit Five-Year Low in April –  WSJ Economy
  6. IT Hiring Continues to Slide – CIO Journal

With this latest quote Janco is now viewed by many enterprises as the go to sources for IT job market and IT salary information.  This keeps it in line with the long-term identification of Janco and its CIO as a leader in the field of IT management information.

Janco continues to keep tabs on the IT Job Market, IT Compensation, and trends that impact the overall infrastructure and strategy of IT and the CIO who are in charge. With this in mind Janco has identified 3 common skills that sucessful CIOs have.

  1. Successful CIOs are both visionary and pragmatic\
  2. Successful CIOs focus on ROI improvement of IT
  3. Successful CIOs inspire the enterprise and expand the business impact of IT

Order CIO Job Description