Top 10 Security Myths

Security Myths

Security Policies and Procedures and Audit Program

  1. Organizations are more secure now than they were a year ago
  2. The presence or absence of regulations greatly matters when it comes to protecting customer data
  3. External consultants know more about information protection than in-house personnel do
  4. Information protection must be managed as a separate business unit to be effective
  5. Complex, frequently changed passwords will make my enterprise secure
  6. The padlock icon present during an SSL session means my data is safe
  7. Migrating from Internet Explorer to Firefox or Chrome will make my enterprise secure
  8. Increased security spending results in greater security
  9. Wireless networks aren’t secure
  10. Dumping Windows for Linux will increase security

Read On…

IT Employment Up In a Soft Job Market

Between the first to second quarter of this year, the unemployment rate of computer hardware engineers went from 4.4% to 0.5%. For software developers, the unemployment rate shrank from 3.6% to 2.5% over the same period.

IT Employment Picture

However, for computer support specialists, the unemployment rate over the two quarters rose from 7.1% to 8.2%.

The entire job market in the US did increased by 96,000 jobs in August, but troubling was the fall in the labor market participation rate which fell another .2% to 63.5% with 368,000 dropping out of the labor force. Victor Janulaitis. The CEO of Janco Associates said, “The year to year comparison of workforce participation shows how deep a hole we are in. Until those percentages turn around there will be little hope for a strong recovery.”

IT Job Market Trend Moving Average Workforce Participation Percentage

Order Salary Survey Free Salary Survey

IT Job Market Growth Slows in August

IT Pros face a mixed job market with a net gain of only 12,400 IT jobs in August – versus the 13,600 jobs added in July and 9,600 in June. This shows a slight positive trend – 96 CIOs interviewed feel that hiring will increase significantly six to nine months from now

The market for IT Professionals continues to show a slight improvement in hiring.  There was a net increase of 12,400 seasonally adjusted IT jobs in August according to the latest BLS data. There was an improvement in computer system design and related services accounted of 14,700 jobs and another 3,100 jobs in other information services which was offset by a loss of 4,700 jobs in telecommunications and 700 jobs in Data Processing, hosting and related services.

The entire job market in the US did increased by 96,000 jobs in August, but troubling was the fall in the labor market participation rate which fell another .2% to 63.5% with 368,000 dropping out of the labor force. Victor Janulaitis. The CEO of Janco Associates said, “The year to year comparison of workforce participation shows how deep a hole we are in.  Until those percentages turn around there will be little hope for a strong recovery.”

IT Job Market Trend Moving Average Workforce Participation Percentage

IT Hiring Picture Improves

IT Hiring Picture Improves

One in five chief information officers, based on Janco ‘s interviews with U.S.-based chief information officers, anticipate hiring lower-level staff for short-term needs, with almost 25% of them doing so in the next three months as temporary positions, Janco says. Overall, firms are trying to keep their I.T. head counts level when considering both contractors and employees.

In the short term CIOs and IT Managers are reducing the use of contractors and are looking to replace them with lower cost employees. Almost all of the top level IT pros feel that things are looking better for 6 to 12 months down the road.

Read on….

Data Breaches Impact More Users

Data breaches impact more uses in 2011 according to analysis of data

Compliance Management White Paper

Self-reporting of breaches is a requirement for businesses under the Health Information Technology for Economic and Clinical Health Act (HITECH) which is an expansion of HIPAA. In one analysis of the data almost twice as many people were affected by data breaches in 2011 as in 2010. The analysis showed that the total number of breaches dropped by 32% to 145 but the number of people affected by those breaches doubled to 10.8 million.

The increase in the number of people affected by breaches signals that individual incidents are more users.
The data shows that California had the highest number of breaches in 2011 with 15, followed by Texas (11), Illinois (8), Florida (7), and New Jersey (7).

The causes are:

  • Theft – 52%
  • Unauthorized access – 22%
  • Loss – 11%
  • Hacking – 6%
  • Improper disposal -5%
  • Unknown -3%
  • Other -1%

Breaches that involved the loss of healthcare data affected the most individuals – 6.1 million. Theft affected 2.4 million, unknown cause affected 1.9 million, and loss affected 1.2 million. Unauthorized access, hacking, improper disposal and other combined affected about 464,000 individuals.

The association between laptop computers and healthcare data breaches seems obvious, but access to other portable electronic devices such as thumb drives, backup tapes, CDs, DVDs, and X-Ray films accounted for 28% of the breaches and affected 8.2 million people.

Paper and laptops account for 27% and 22% of the beaches, respectively, but combined accounted for only 5% of the individuals affected by breaches. The study says this is a result of organizations taking steps to remove or encrypt protected health information.

Top 10 Reasons Why Disaster Recovery Business Continuity Plans Fail

In the recession many organizations put disaster recovery and business continuity on the back burner. As a result those plans are not as functional as they were when they were created. Planners should keep in mind the top ten mistakes made in disaster recovery business continuity plans. They are:

Top 10 Reasons Recovery Plans Fail
  1. Backups do not work
  2. Not identifying every potential event that can jeopardize the infrastructure and data that the enterprise depends
  3. Forgetting or ignoring the cross-training of personnel in disaster recovery and business continuity
  4. Not including a communication processes which will work when your communication infrastructure is lost
  5. Not having sufficient backup power
  6. Having a recovery plan in place but not listing priorities of which resources need to be restored first
  7. No physical documentation of your Disaster Recovery and Business Continuity plan
  8. Disaster Recovery and Business Continuity plan that has not been tested adequately
  9. Passwords are not available to the Disaster Recovery and Business Continuity team
  10. Disaster Recovery and Business Continuity plan is not up to date

To see the full article on this topic go to
https://www.e-janco.com/Articles/201209-top-10-recovery-failure-causes.html

Disaster can strike anywhere

Disaster strikes one of our work at home employees

Even Janco Associates is not immune to disasters.  Just this past week one of our key employees completely lost their connectivity.  It seems that the modem that connected their work at home site to the internet stopped working intermittently. It should have been an easy problem to identify however that same modem had just been swapped out a few weeks ago.

When the problem occurred the disaster plan and business continuity plan that we had in place saved the.  While waiting for the connectivity to be re-established an iPad and a laptop provided sufficient connectivity to keep that employee operational.  Connectivity was obtained via both a secure and some “public access” points.

The primary secure access point was via SmartPhone, cellular device internet access and insecure public access points  like the public library and retail store outlets like Starbucks and McDonald’s. Though that was not idea, at least communication could be maintained with the employee and key customers. See https://www.e-janco.com/DisasterPlanningRiskAssessment.html

Granted that is not an ideal situation however with s

Will the hurricane preparation be enough to minimize damage

Hurricane storm surge protection preparation

Inner Harbor Navigation Canal Surge Barrier. Col. Edward Fleming, New Orleans District commander, highlighted the united front federal, state and local agencies are taking in support of the Hurricane and Storm Damage Risk Reduction System building built here. The HSDRRS system is referred to as the best the area has ever had regarding storm risk reduction.

Top 10 Things a CIO Needs to Add Value

Top 10 for CIOs -What does the CIO have to do to be viewed as a business person versus a technologist?  There are many strategies that CIOs have followed that work. We have found some sure fired ways to have the CIO be a driver in the alignment of strategic business objectives with IT initiatives.  They are really the same today as they were back in the early days of computing.

  1. Look and be an executive – That not only includes speaking in business terms but all dressing and looking like the other executives. The key is to ensure the IT results are business focused and that both the CIO presents the big picture in terms of company strategy and ensuring IT and strategic business direction are aligned to it.  It is much easier to do when the CIO looks and talks the part.
  2. Have an opinion and present it – Do not go with what you think everyone wants.  Be brave and present ideas that will help the business to expand and grow.  If the CIO does not have an opinion what value are they in the executive suite?
  3. Check the ego at the door – No one wants to hear how great the CIO is.  It is much better if the other executives voice that and the CIO is humble in accepting praise.
  4. Get out of the detail – The CIO has a staff and they are the ones who do the programming and analysis.  CIOs need to focus on the big picture.
  5. Manage by mingling outside of IT – Get out of the “ivory tower” of IT.  Meet with other executives and operational staff frequently.  Invest at least 50% of the day to deal with business issues and become a key member of the executive management team and sounding board for where the organization is going.
  6. Stay within dollar and time budgets – CIO that are successful are the ones whose organizations deliver what they say, when they say it, and within budget.  That adds to creditability and makes it easier the next time around.
  7. Present a positive can do attitude – Focus on what can be done within what time frame. CIOs who say why something cannot happen often pushed aside by those how say what can be done.  It is better to implement part of a concept than say why the grand solution cannot be implemented.
  8. Management at the executive level s about selling and implementing ideas – It is not enough to present an idea, rather the CIO has to become a champion of an idea and transfer that role to the other executives in the organization.
  9. Take ownership – Not only when something succeeds, but also when it fails accept the results.  CIOs that come up with excuses and blame others do not last long in the executive suite.
  10. Innovation leads to success – CIOs who embrace new approaches gain a lot of creditability.  CIOs that hinder the use of new technologies are viewed as obstructionist and are bypassed in key decisions because they are viewed as some that the not accept change.

Top 10 Leads to Adding Value

CIO CTO Role

DRP BCP Best Practices Defined

DRP BCP Best Practices Defined

Here are some Disaster Recovery Business Continuity best practices

 Order Disaster Plan TemplateDisaster Plan Sample
  1. Keep your primary backup  disaster recovery business continuity data in house – this is your first line of defense, a quick fix in case something goes wrong.
  2. Analyze your critical systems and their subsystems –  Identify applications that are critical to your business and the data and systems that these systems depend on.
  3. Your backup policy has to include some incremental systems and snapshots to be able to handle when single files or select data is lost.
  4. Think carefully about your backup solution – if your requirement is very granular – like restoring a damaged mailbox or maybe even a single mail, then your solution has to be selected keeping this in mind.
  5. Long term backup in a public cloud is a great option – it is not expensive, availability is good however be aware of security considerations.
  6. Run the backup from the cloud directly – if your backup data is kept in the cloud, then running a recovery directly from the cloud is easy. Y
  7. Test everything – test your backup solutions regularly till you are confident that they will work when required. The need to recover may occur at the middle of the night or when you are far  away from your on premise systems. A backup solution in the cloud is a great solution to ensure business continuity

IT Job Opportunities – 44.1% of long term employees can not find new jobs or have left the labor market

IT Job Opportunities

IT job opportunities – The U.S. Bureau of Labor Statistics (BLS) reported from January 2009 through December 2011, 6.1  million workers were displaced from jobs they had held for at  least 3 years. The data shows that 26.7 of those individuals remain unemployed and another 17.4% have left the labor pool all together. That adds up tp 44.1 % of these long term employees continuing to be out of work and does not include any factor for those who are underemployed. IT job opportunities for long term unemployed remain poor.

This was less than the  6.9 million for the survey period covering January 2007 to December 2009. In January 2012, 56 percent of workers displaced from 2009-11 were  reemployed.

Janco talked with a dozen IT Professionals who had been employed in IT for over 3 years with the companies and had been terminated.  One of the common refrains was, after being out of the IT job market for several months many of these professionals felt that their skills has decayed and that that employers did not view them in a positive light because of the lenght of time they had been out of work.  Some of these individuals were able to find “part-time” and “contractor” however they found the job market remains tight for them. Others have left the IT Market all together and had started alternate careers.

Long Term Employees Employment

IT job opportunities   

Business Continuity Plan Has to be in Place Now

Business continuity plan is something that every organization needs to have in place before a disaster happens.  Every day somewhere in the world disasters are happening. Some are man-made and others are natural events.  In any case they both can harm people and businesses. It can be something as common as a flood or extreme as civil disturbances.  The result is the same — can the business support it customers’ needs?

Business Impact Questionnaire
Order Disaster Plan Template
Disaster Plan Sample

Companies cannot stop them from occurring, but they can be prepared. When disaster strikes, the clock is ticking; and when the clock is ticking, businesses that practice Business Continuity Management (BCM) are ahead of the game!

How do you balance the business continuity disaster recovery risk and investment equation? Is the potential risk greater than the investment? The facts are:

  • 43% of companies experiencing disasters never reopen, and 29% close within two years.
  • 93% of businesses that lost their data center for10 days went bankrupt within one year.
  • 40% of all companies that experience a major disaster will go out of business if they cannot gain access to their data within 24 hours.

This new video explains what BCM is and why you should be doing it.

Business Continuity Plan Management – The Time Is Now

Business Continuity Planning for Survival Under Stress

Incident Communication Plan Business continuity and disaster recovery planning took a real hit in the recession that started in 2008.  First many companies reduced the number and intensity of testing the plans.  Second many firms cut staff in support area like communications and do not have sufficient staff in place to provide the level of information that is required when an event occurs. Last but not least the rapid evolution of social networks and BYOD has added a level of complexity that did not exist before.

In addition to a DR / BC plan CIOs and operation executives need to have an Incident Communication in place that not only provides what to say but how to use technology like social media to get the message out.

Business Continuity has been a stepchild in this recession

The specific objective of this incident communication plan is to define who will provide key communications during a crisis and the content, recipients, schedule, method of delivery, frequency and priority of the communication. By outlining communications in advance, ENTERPRISE

  • Protect the effect of a crisis on employees, associates, suppliers and customers,
  • Reduce the impact of bad publicity, maintain customer service, bolster relations with vendors and
  • Addresses the concerns of other key stakeholders

Order PolicySample Policy

 Here is a great video that you can use to create a presentation to explain why plan and how your plan should take shape.

Top 10 things business can do to minimize wildfire risks in business parks

Business Continuity - Disasters Happen

Top ten by Janco – Wildfire caused and increase business interruption risk as the number of companies that are located in business parks located in the outskirts of population centers increases.  This year scores of fires sparked by high temperatures, severe drought conditions and strong winds have blanketed the western part of the US, including Utah, California, Washington, Montana, Oregon, Idaho, Nevada and Arizona, making this fire season one of the worst in history for this area. According to the National Interagency Fire Center (NIFC), over 43,000 individual wild fires burned a record 6.8 million acres cross the West since January.  The wildfire season continues through early number and prediction of over 7.5 million acres is now being made by some forecasters.

Order Disaster Plan TemplateDisaster Plan Sample

Janco’s Top 10 to minimize wild fire disaster planning risks

Remote Office Disaster

What can businesses do reduce the risk to properties? Janco’s guidance, supported by NIFC recommendations is:

  1. Have a clear area of at least 100 yards around the business park.
  2. Keep lawns hydrated and maintained. Dry grass and shrubs are fuel for wildfire.
  3. Landscape with native and less-flammable plants. When landscaping, choose slow-growing, carefully placed shrubs and trees so the area can be more easily maintained.
  4. Create a ‘fire-free’ area within ten feet of the property, using non-flammable landscaping materials such as rocks, pavers and/or high-moisture content annuals and perennials.
  5. Have no tall vegetation immediately adjacent to structures.
  6. Clear leaves and other debris from gutters, eaves, porches and decks. This helps prevent embers from igniting the property.
  7. Remove dead vegetation from around the property, especially within 50 feet of the premises.
  8. Remove flammable materials from within 50 feet of the property’s foundation and outbuildings.
  9. If you have trees on your property, prune so the lowest branches are 6 to 10 feet from the ground and none overhang the structure.
  10. Don’t let debris and lawn cuttings linger. Dispose of these items quickly to reduce fuel for fire.

Best of Breed Disaster Recovery Business Continuity

Best of Breed solutions for disaster recovery and business continuity has four key components:

  • High Availability – Best of breed requires service that have high availability. The service may go down but will recover quickly enough that the employees and clients are not significantly impacted, if they notice at all. High availability helps mask or minimize the effects of the failure and makes it less of an issue for those who consume that IT Service.

Best of Breed for World Class Organizations

Disaster Recovery
  • Fault Tolerance – Best of breed requires that A system have a high fault tolerance when the entire system will not fail even if a critical IT service component is compromised. This is achieved through solutions with redundant hardware and software so that the slack is immediately picked up by the secondary system.
  • Continuous Operation – Planned downtime is a common occurrence for many if not all IT services. Recent innovations in virtualization allow IT teams to perform maintenance on systems without downtime. IT Services that meet this requirement are considered to be in continuous operation.
  • Continuous Availability – This is the ultimate goal of DR and BC teams. This means that the service achieves 100% availability by avoiding both planned and unplanned downtime. This is achieved through a combination of Disaster Recovery and business continuity solutions such as those defined in Janco’s Disaster Recovery and Business Continuity Template.

Order Disaster Plan TemplateDisaster Plan Sample