Minimize breach response cost with operational strategy
While the costs of a data breach can vary widely on a case-by-case basis, CIOs who understand the drivers behind the expense will be better positioned to take steps needed to protect their organization.
Here are 6 way to minimize breach response cost:
Eliminate data you do not need.
You can potentially dramatically reduce your exposure by destroying records of past customers. You cannot lose data if you do not save it. In 2015 one company served 69 million customers, yet when they were breached that year, they exposed 78 million records. The extra nine million records most likely come from former customers. Each of these individuals had to be notified and offered credit monitoring, driving up costs.
Do not store street address if there is no real business requirement.
When a breach occurs, companies are typically required to notify affected individual via old-fashioned, handwritten “snail mail.” But they can use alternative methods of notification, such as email or public announcement if they do not have a valid mailing address. Physical, written notifications can cost up to $2 per person, and the cost quickly adds up. It may be worth asking twice what the business need for those customer addresses is and considering not capturing these addresses to reduce the exposure to notification requirements.
Utilize logs to prove proof a breach or data loss did not occur.
One industry study shows that in 44% of incidents, public notification is not required. To avoid notification, companies must prove that, even if they were attacked, no records were improperly accessed. To do so, they use systems logs. Without logs, a company may be forced to assume a breach occurred because it cannot prove otherwise.
Follow PCI rules and protect credit card data.
For breaches that involve credit card data, reimbursing card companies for fraudulent transactions can amount to a staggering cost, from $3-$30 or more per card. New chip cards are designed to reduce fraud, and early data show they are having the intended effect – MasterCard reported a 54% reduction in counterfeit card fraud costs at retailers who have switched to chip cards.
Use experts who know the breach response landscape.
Your breach response effort is not a good time to reinvent the wheel. Missteps happen fast and have serious consequences. Credit monitoring alone can cost $5 to $30 per person. Data breach specialists, such as PR consultants or data privacy lawyers, often have seen as many as hundreds of data breaches and are highly practiced at helping you craft a genuine story that keeps confusion – and costs – down.
Be prepared for additional audits and compliance reviews.
In the wake of a breach, a company may be audited and investigated by a number of regulatory agencies. While it’s not guaranteed to occur, it is likely, and there are simple steps you can take to prevent sensational fines if it does. To start, CIOs and CFOs should be strong advocates for the implementation of the security controls recommended by external auditors or by regulators themselves.
eCommerce obsoleting traditional retail – Infrastructure needs to change
eCommerce obsoleting traditional retail with brick and mortar businesses impacted the most.
eCommerce is changing the way both business and consumers shop. Retailing is changing at lightning speed coupled with an ever-tightening decision horizon, changing consumer expectations and an unrelenting flood of data. eCommearace is disrupting classic retail models.
Traditional infrastructure models for merchandising, supply chain, and store operations are now triggered autonomously by novel and unexpected sources that are facilitated by artificial intelligence, machine learning, and voice and IoT sensors connected to a digital core.
Consumer wearables, smart appliances and homes, driverless vehicles, drones, virtual reality headsets, and online games are becoming points of brand interactions – from demand to execution. What has served retailing well in the past now is a serious liability with it being unable to drive business success.
By 2020, 83% of mobile users globally will use their device to access the Internet
By 2020, there will be 75 billion connected devices
By 2025, the Internet of Things (IoT) will have potential economic impact of $4 trillion – $11 trillion a year, with impact in retail up to $1.2 trillion
By 2025, augmented reality (AR) and virtual reality (VR) will represent up to $182 billion market opportunity
Chief Digital Office (CDO) & Chief Mobility Officer (CMO) Hot C-Level Jobs
Top 5 Hot Jobs – CDO & CMO Hot C-Level Jobs that are not only new but also hot. In the case of Chief Digital Officer (CDO), we have found that one in five companies now have some in that role. In addition, half of those enterprises hired the incumbent in the last 12 months. The case is not quite as strong for the Chief Mobility Officer (CMO) as we found that only one in ten organizations have an individual other that the CIO assuming those responsibilities.
Many of the hot new jobs often report to the operational side of the business, instead of the traditional IT organization under the authority of the CIO. Part of the reason for that is that almost half of all IT functions report up thru the financial side of the enterprise, not the operational side.
The five hot new jobs are listed below and have links to pages describing the major roles and responsibilities they have:
All of these jobs have one thing in common. They are addressing the issues, roles, and responsibilities of the new age marketplace. Without the Internet, e-commerce, and mobile users there would be no need for these positions.
But, as it is these are the new jobs that have been created by these new technologies and changes that have taken place.
FCC anti-net neutrality results in thousands robo-comments
FCC anti-net neutrality – Now that FCC has announced they plan to roll back an Obama-era framework for net neutrality, their website is being flooded with several thousand duplicate comments.
The FCC asked Americans to leave comments in favor of keeping the rules. These robo-comments make any meaningful analysis of the responses next to impossible. Including those comments, well over half-a-million comments have been posted.
What does this all mean to small businesses and individuals who are using the web to conduct business and gather information. Only time will tell.
IT Environment and Net Neutrality
The IT environment is too complex to rely on outmoded ways to keep the business functioning and thriving flawlessly. That is one of the reasons that the net neutrality rules are important.
To balance the many crucial and changing enterprise demands to move the organization forward, an effective IT strategy is required. Without that, there are increases risks in expectations of IT — the growth of the Internet, compliance concerns, mobile computing and advanced security risks. Instituting a effective Internet and digitization strategy can serve as a catalyst that can effectively bring together the dynamics of cross-enterprise communication and summarize key, relevant data to provide critical metrics to make informed decisions.
ISO 31000 Compliance – Risk Management ISO 31000 Compliance – Risk Management Cloud processing and outsourcing add external risks to a business’ operation. The International Standards Organization (ISO) has implemented a...
Security Architect – The one position that CIOs and C-Level executives are looking to fill. With all of the recent cyber-attacks and negative publicity they have generated there is a need for this proactive position.
Most of the other positions are focused on “after the fact” monitoring. This one looks at what could happen and creates an architecture which address potential cyber-attacks and hacks. The individuals operate on a philosophy that is easier to prevent something from happening versus trying to address problems after they occur.
The individual in this position assumes responsibility for data security including the planning, design and implementation of security measures which safeguard access to enterprise terminal files and data elements. The administrator provides rapid response to user community’s request for security assistance.
They secure enterprise information by determining security requirements; planning, implementing, and testing security systems; preparing security standards, policies, and procedures; mentoring team members.
The full job description for this position has just been released.
10 Certifications for Cloud Professionals 10 Certifications for Cloud Professionals Hear are 10 certifications for Cloud professionals. Some are hardware and software specific and others are independent of hardware and...
Tenure of Telecom pros exceeds that of CIOs by 18 months
Tenure of Telecom pros – In the process of preparing for our mid-year IT salary survey, we have started to review the impact of the baby boomers who are now starting to to retire in droves. The issue that CIOs and CSOs face is wither they have the resources in place to fill those positions as these professionals retire.
Added to this is the fact that over the last several quarters the total number of job in the telecom field has shrunk significantly. This has also dampened the number of new entrants into that job market.
Preliminary data that we have seen shows that telecom salaries are not keeping up with the rest of the IT industry.
CIOs and CSOs are going to have to address succession planning for not only the telecom pros retiring, but also for the rest of the baby boomers that they have on their staffs.
When the CIOs and CSOs discuss common security concerns these five topics always seem to appear:
Surfing the web anonymously is a thing of the past – As online tracking systems become more sophisticated and harder to shake, the likelihood of private, anonymous browsing is becoming a long-ago memory. Take into account the latest ISP changes, where the U.S. government allows providers to not only track, but sell your browsing history without your consent. These changes in “net neutrality rules” require users to be more vigilant about their own browsing patterns. You can guard your activity by logging out of search engines before browsing, clearing your cache and search history, and switching to a private browser to minimize the various ways your browsing history is catalogued.
Anyone gain access your webcam – Hackers can and do target cameras by disabling the light that notifies of access, and keeping tabs in order to commit some sort of crime. Many users have responded by putting dark tape or coverings over their computer’s webcam. But as more smart devices are created and purchased, the surface area for webcam hacking only expands. Think, for example, of all the places you take your smartphone, with its built-in camera almost always pointing in your direction. The malware used to hack webcams, known as RAT (remote access Trojan), is often spread through spam email. Once clicked, the software is capable of disabling your light so you’re never made aware of anyone watching.
How to protect against identity theft – Be wary of sites asking for personal information to complete a basic task, such as subscribing to a newsletter. When submitting personal information, such as your address or payment method, check for https versus http and never submit this information to a party you’re not familiar with or for a request you don’t remember making.Protecting your identity, at its core, always comes back around to common sense behavior online. Understand risks, practice careful consuming, and taking precaution to diversify passwords and watch out for phishing schemes.
Free antivirus software is not free – You get what you pay for in the area of antivirus and malware protection. If it is free a lot of people use it and when there is a security hole – hackers will attack. That is opposed to paid programs were vendors constantly update the software to address new issues as the occur.
Are tablets, Smartphones and Macs safe without antivirus software? – Though the Android and Mac OS X boast of operating systems that claims they are tough to breach, they still contains weak access points. Just like any tool that surfs the web or connects to wireless routers, security is needed to scan all those items you click. (Recent research suggests Macs are now more vulnerable than PCs.)While these devices have often carried around the title of most-secure operating system, it doesn’t hurt to back up your devices with the latest antivirus security protection.
Wearable Device Security Concerns Wearable Device Security Concerns Wearable Device Security – Over 300,000,000 wearable devices are going to be deployed in the next several years Wearable Device Security –...
Top 10 CIO concerns Top 10 CIO concerns for the New Year Top 10 CIO concerns – Janco Associates has just completed an informal survey of 75 CIOs and...
IT related fraud and alware infections cause a number of problems. Machines become unresponsive or sluggish resulting in users become frustrated and administrators spending precious time trying to find the problem.
Once an attacker is on the inside, his or her work is significantly easier since on most networks, systems on the inside are trusted. To that end, in a review of over 300 security audits Janco has found a list of the greatest security weaknesses.
The weaknesses are:
Using only single level verification for access to sensitive data
Having public workstations or access point is connected to a secure network
Sharing login credentials
Connect to network from an unsecure access point
Corporate web site is encrypted but the login process is not
Using weak encryption for back end management
Using unencrypted or weak encryption for Web site or Web server management
Password Requirements and Management Issues Password Requirements and Management Issues The passwords should not be reused across many accounts, but should preferably be unique to each account. (single-sign-on services & password...
Women CIOs hold over 20% of all CIO roles according to data analyzed by Janco Associates
Women CIOs – In the process of capturing public data on CIO compensation, Janco has found that well over 1 out of 5 CIOs is a women.
According to the CEO of Janco Associates, at least two thirds of large public companies doing CIO searches require the recruiter to include women in the candidate pool. Further, when “all else is equal”, between a male candidate and a female one, companies are tending to choose the latter specifically to enhance the diversity of perspectives on the management team.
Unfortunately, even with this data, there are still too few women in senior, experienced roles to populate the candidate pools of all diversity-minded companies. So it’s not enough to decide at the CIO level to hire a woman. The relevant decisions must be made and opportunities offered earlier, at the developmental stage of potential finance leaders.
Companies need to provide more mentors who can share wisdom about things like where to invest time and ways to be motivated.
For those with leadership potential who prioritize family and stability over always making the best career move, the path to the C-suite may be inherently more difficult in CEO and finance than in other functions, like IT and human resources.
Number of employed rises by over 1/2 of million individuals
The initially reported number of employed individuals rises by almost 300,000 in February. At the same time, there are now over 650,000 newly employed individuals since the election.
When the data is analyzed over a long term the trend recent trend does not stand out as much.
However all of the indicators are that this is the start of an upward progression in the number of individuals employed. This is in line with the other data that we have analyzed.
“Everything you need to respond and hire as demand for IT Professionals increases” – CIO Fortune 500″
Simplify Recruiting While Making
Sure You Hire The Best IT Staff Possible
In today’s economy, nearly every organization faces pressure to reduce waste, run at peak efficiency and “do more with less”. While the economy has shown signs of improvement and the unemployment rate has dropped modestly, organizations are still extremely cautious when it comes to hiring. When it is necessary to hire, it is critical to make every hire count. There is little room for error. It is crucial for senior-level leadership, human resources and hiring managers to all be on the same page and do the right thing.
Unemployment Levels over 6% in 12 states Unemployment Levels over 6% in 12 states State Unemployment Levels Unemployment Levels by State — The National unemployment data provides a measure of the health...
Tech savy young hires talent Shortage is real for many enterprises
Tech savy young hires talent shortage is widely discussed among CIOs. The shrinking unemployment rate has drained the talent pool in many corporate IT functions and industries, and companies continually complain that they can’t find qualified staff. For Information Technology departments, the problem is different: If they were looking solely for the technical skills they wanted years ago, they would be overwhelmed with candidates. Today, though, such skills are table stakes, and the focus is on finding people who stand out because they have other desired qualities as well.
Given companies’ increasing reliance on data in decision-making, demand is soaring for a demonstrated aptitude for analytics. Even more important for the long-term success of new hires, however, are assorted “soft” skills that allow them to communicate and collaborate with others, as well as influence others’ attitudes and behaviors.
According to some CIO, there is not a shortage of finance talent per se, but there is a shortage of people who have both technical expertise and these additional skills that will enable them to work well inside an organization.
Given this shortage, IT departments are aggressively positioning themselves as employers of choice. And they can’t allow themselves the luxury of easing up on that quest, since their competitors are doing the same thing.
What are CIOs and CFOs looking for
CIOs and CFOs are telling Janco Associates they want Information Technology students who know how important application strategy will be in any IT function and who show a willingness to embrace and explore analytical tools and methods. Students don’t necessarily need to know how to code. Many companies that are successfully hiring young candidates with prowess in analytics are looking beyond traditional sources like business schools and accounting firms.
The problem is that demand for those candidates far outpaces supply. CIO should be looking for people who may not have the desired business background or professional experience but who possess the analytical skills IT pros need now and in the future.
10 point DR power checklist defined in Janco DR/BC Template
10 point DR power checklist — After an event that disrupts a network, availability of power to recover and run the network often is critical. Below is a 10 item check list of what to consider in your disaster recovery – business continuity plan.
Electricity, water, broken wires do not mix. Before anything else validate that the power source and power distribution systems are dry and functional before power is turned on.
Understand the minimum power requirements to be operational. Have a clear understanding of a facility’s critical loads.
Have an adequate fuel supply to operate backup power sources. Make smart fuel and technology choices, considering things such as if natural gas pipeline service were to be disrupted in your community. Make sure that you have sufficient fuel storage capacity onsite for an extended outage.
Set reasonable response times for standby generator. Frequent outages of a few seconds, a few minutes, or more, can have significant cost implications for businesses. While some other generators take up to two minutes to engage, diesel-powered generators are uniquely able to provide full load power within 10 seconds of a grid outage.
Maintain your equipment and test it operations. Standby generators should be exercised periodically to ensure they will operate as designed in the event of an outage.
Understand your environment and geography. Even the best generators won’t work underwater when subjected to extreme flooding. Check unit location for protection from flooding and ensure you use the proper gauge extension cord.
Set up generators in an “open environment”. Use generators or other gasoline or charcoal-burning devices such as heaters in an open area or outside near an open window. Carbon monoxide fumes can build up and poison people.
Quarterly review your load. Know when there are any new demands or critical circuits to protect. If you’ve added new computers or other power-hungry devices, consider updating switchgear.
Meet all mandated compliance requirements. Make sure you have the proper permits and records on operations.
Optionally contract for a rental power source. Consider a rental generator power for use in the event of an extended outage.
10 Point Checklist DR Power Requirements 10 Point Checklist DR Power Requirements 10 point checklist DR power requirements in Janco’s Disaster Recovery Business Continuity template. The checklist addresses the issues associated with...
10 Disaster Recovery Lessons Learned 10 lessons learned in Sandy’s aftermath on disaster recovery and business continuity The impacts of Hurricane Sandy have crystallized many executives’ minds on the importance...
Top 10 tips and best practices to improve social networking security
Top 10 tips to improve social networking security are necessary in order to secure the enterprise’s data and reputation.
Educate employees – Educating employees of best practices can help improve the overall security of the business. Awareness through seminars, workshops, and other programs help educate how attackers use social media to target a brand via individual employees.
Have employees use different passwords for different system – Encourage users to have multiple unique passwords. This can be support by implementing a cloud based password management system.
Mandate strong passwords – Make it a requirement to have unique strong passwords.
Have employees change passwords regularly – One every three or four months communicate with employees to tell them it is time to change their passwords.
Do not share accounts – For social accounts that represent the enterprise only have one user per each and the linking e-mail account should be one that is in the enterprise domain and will remain with the enterprise in case the employee leaves or is teminated
Implement two factor authentication – Many of the larger social networks provide two-factor authentication, commonly in the form of a code sent to their smartphone or email each time a new device or browser attempts to login to the account.
Educate employees to NOT open email attachments or go to links where the originator is not known – Stress the practices of carefully reviewing URL links before clicking to make sure the company and site name are spelled correctly. Cybercriminals will often blast out links that are very similar to a real address adding, subtracting or rewording parts to differentiate them.
Utilize antivirus and security software – . No matter how careful a user is, there’s always the risk of accidentally engaging with a malicious link – and just one unfortunate click can lead to months of recovery time.
Don’t friend people you do not know – Companies should encourage employees to thoroughly vet a friend request before hitting “accept”. They should check to see if other colleagues are also connected to the account. If the account seems suspicious or you don’t know the individual, ignore or report the user, and refrain from clicking on any links they may have sent.
Validate and verify – just because it is on the Internet does not make it true.
Top 10 WYOD Best Practices – Employees bringing their own smartphones into the workplace started the BYOD trend requiring enterprises to deal with the serious security implications that come from these devices. The decision for employees to wear their own device (WYOD), such as an apple watch that can link to your Wi-Fi; capture audio, video and data; store; and transmit poses similar problems for IT departments. Employees and individuals outside of the enterprise can use these devices, sometimes discretely, to access and share business content.
This puts corporate data and infrastructure at risk, and reinforces the need for IT managers to focus on securing the content, rather than the device that’s in use. Wearable devices simply add another level of access and security concern to what we’ve already seen with the BYOD trend.
Here are top 10 best practices for WYOD:
Have a strategy for how, when and why WYOD devices can be used
Implement an acceptable use policy
Identify the connectivity options that are available to both internal and external users
Approved devices should be easily connected to the available secure access points
Define a management process for the WYOD devices
Plan for the activity WYOD devices will add to the network
Make collaboration tools a priority
Secure the end points and isolate sensitive/confidential information and locations
Be prepared for little to no advance notice on upgrades
10 best practices electronic meetings 10 best practices electronic meetings 10 best practices electronic meetings have been identified by Janco Associates, Inc. They are: Have an agenda that is available...
10 BYOD Best Practices for CIOs BYOD Best Practices for CIOs Bring Your Own Devices (BYOD) is exploding all over corporations. CIOs are in the cross hairs and need to follow...