Posted by: on November 25
When we think about IT saboteurs, the majority of us picture a professional hacker bent on stealing highly confidential information or wreaking havoc with our business. In such cases, the perpetrator is usually an outsider who breaches the data network of a company with malicious intent, be it financial, political, or otherwise. To protect themselves from this threat, businesses have implemented layers of physical and IT security around the perimeter of their organizations. What they have overlooked in the process, however, is a threat which, according to Forrester Research, is responsible for 70% of all data theft: the insider attack.
Internal threats most often come from people who, at one time or another, were on the payroll of the organization and have knowledge of how to navigate the system to gain access to critical data. According to the Ponemon Institute and ArcSight, the average cost to a company for an insider data breach is an astounding $3.4 million. That figure alone is enough for any business take notice.
The rising number of insider attacks may be the result of businesses focusing an increasing amount of their efforts on thwarting external threats while forgetting to protect from within. In today's world, if you haven't done so already, good business practice dictates that you begin shifting your focus inward.
There are many places to find information on how to move forward in this area. One guide that might be helpful is the third edition of "Common Sense Guide to Prevent and Detection of Insider Threats," published by the U.S. Secret Service and Carnegie Mellon University's Software Engineering Institute. The guide outlines 16 best practices to help organizations avoid insider threats. It serves as a perfect checklist for those businesses not sure of their preparedness for such an attack. Some points include:
Implement strict password and account management policies and practices.
Log, monitor, and audit employee online action.
Use layered defense against remote attacks.
Track and secure the physical environment.
Use extra caution with system administrators and technical or privileged users.
Deactivate computer access following termination.
David Ting
Founder and Chief Technology Officer
Imprivata
Lexington, Mass.
Posted by: on November 24
How many times have you flown to a meeting to help close a deal, build relationships with partners, or connect face-to-face with a customer? Without dismissing in-person interaction, there is something to be said for today's technologies that enable fast, affordable interaction without the travel.
But do you miss out on something by not traveling and, therefore, not seeing people in person? Below I've listed a few common concerns about not being there for meetings:
Myth 1: You always need to be in front of your customer in order to take care of business.
In a recent study by Wainhouse and InterCall, 56% of respondents felt that if more in-person meetings were replaced by conference calls, both parties would be able to get more done. Conferencing allows you to stay in your comfort zone and conduct meetings with anyone, anywhere. Being there can simply mean dialing a couple of numbers and making a few clicks.
Myth 2: Bringing a new technology to the workplace will slow down employees. Conferencing is extremely easy to use, which is why it's such an invaluable tool. Conferencing tools can be as simple as a light switch. Most conferencing providers also offer free training so you can get up and running quickly.
Myth 3: It's going to require a lot of time and energy to enact companywide travel alternatives. You don't need to hire a private consultant to conduct a cost-benefits analysis. A great conferencing provider should have expert meeting consultants who can help you determine exactly what you need and exactly how you'd benefit.
When looking to manage costs without sacrificing customer relations or profit margins, small businesses should strongly consider reducing travel with conferencing. You'll quickly start to realize that it's O.K. to not be there.
Kathleen Finato
Senior Vice-President for Marketing and Business Development
InterCall
Chicago
Posted by: on November 23
Business owners with experience know that doing international business isn't as simple as selling your product in another country. A key consideration when buying and selling overseas is how to best leverage the foreign exchange (FX) market, which is the largest financial market in the world, with trillions of dollars worth of currencies changing hands every day. Here are three tips to keep in mind when conducting international business and dealing in foreign currencies.
1. Streamline all FX information within your finance department, so you can best determine your next steps. By streamlining all FX information in the same location, finance executives will be able to leverage the best FX strategies for all currencies.
2. Carefully evaluate what currency is best when invoicing in a particular country, and recognize the benefits and how they will affect your sales and bottom line. Often companies will want to make purchasing the product as easy as possible in international markets and that means pricing in the local currency. Make sure you understand how the exchange rates will affect your profit and whether if you should implement a hedging strategy.
3. Don't do it alone. Partner with a FX expert to capture the best FX payment options, help you define risks and develop strategies that are optimized for your unique exposure and risk needs. Corporate foreign exchange is a niche skill within the corporate finance department. It is OK not to understand the finer points of FX and it is wise to ask for help in effectively managing it.
Now more than ever reaching out to global customers is within the small business owner's reach. However, the importance of balancing the cost and complexity with an appropriate FX strategy cannot be underestimated.
Ryan Gibbons
Managing Partner
GPS Capital Markets
Salt Lake City
Posted by: on November 20
Today's typical user has about a dozen systems they need to access with a user name and password. While passwords are an important and almost inevitable part of our everyday lives, they can put your organization at risk of financial and reputational damage if they are mishandled or compromised. Thus, it is important to be careful when choosing a password and logging in. Here are the "ABCs" of password management, with advice on how best to protect yourself when accessing your small business’ information—and your own:
1. Always be confidential. You should never share your password with others, period. Anyone else who has your passwords can impersonate you—accessing information and making transactions without your knowledge and leaving you to deal with the resulting problems. If employees want your password to access a given service, have them contact your IT department and get their own accounts. Nor should you reveal existing passwords when getting computer service; your help desk should be able to change your password for you or log on with its own account. And always be aware of your environment, watching out for ‘shoulder surfers’ who might watch you access your systems.
2. Be current. Make sure the computer you are using is up-to-date with the latest security software from one of today’s main vendors. Be sure, too, that you have an active subscription to updates and have regularly scheduled automatic scans of your system. Antivirus software alone is not enough, so look for a complete client-protection package from the leading vendors, including anti-spyware, anti-malware, host-intrusion prevention, and a desktop firewall. Unless you are properly protected, software can be installed on your system to watch keyboard input and easily steal your passwords without you noticing anything,
3. Consistently break consistency. Don’t use the same password for all systems. If your Gmail password is the same as your Chase Online Banking password, someone who compromises one system would logically and successfully attempt to use that password on all of your other systems. Separate any work passwords from personal banking passwords, and keep these distinct from your personal e-mail and social networking accounts. This limits your risk exposure.
Jared Beck
Senior Security Architect
Dimension Data
New York
Posted by: on November 19
IT managers today are looking to curb the energy hogs in their data centers in order to limit spiraling energy costs by reducing power consumption, as well as cut overall environmental impact. Reducing data center power usage is a twofold process—the product of actually reducing power consumption by removing elements from the environment, as well as introducing more efficient components that can handle greater workloads, using the same or less power.
To get started, your organization might reduce power usage by retiring older systems and consolidating them onto virtualized platforms. This would enable you to more efficiently pool physical resources and improve network management capabilities. At the onset of consolidation, there is typically an immediate drop in the amount of power used, but the practice of consolidation and virtualization must continue in order to keep the power growth curve moving in the right direction. Occasionally an organization might see a brief rise in power usage when virtualizing for the first time, due to the need to install the new physical servers on which the virtual servers will eventually run. This spike in growth will reverse as older servers are virtualized and their former physical counterparts decommissioned.
Eventually, your organization may return to the same amount of power consumed pre-virtualization. By the time this happens, however, you should be realizing much higher workloads than previously possible, and thus increasing the overall efficiency of data center power usage.
As you look for additional avenues to reduce power consumption, also consider these quick tips:
1. Monitor the "lifecycle of usefulness" of your power and distribution systems. Inefficient equipment—often seven years old or older—can cause up to 50% of the energy you pay for to be dissipated as heat.
2. Look for ways to optimize your current cooling strategy, especially for modern, high-density equipment. Consider adopting "in-row" or "in-cabinet" cooling strategies that use less energy in heat removal.
3. Make sure your data center instrumentation includes sensors that enable you to monitor heat generation, power consumption, and overall cooling effectiveness.
Kris Domich
Principal Consultant
Dimension Data
New York