Archive for the ‘IT Systems’ Category

Isolated from the Digital Infrastructure

Friday, July 3rd, 2009
This Way to the Remote Spots

This Way to the Remote Spots

The Pew Research Center found that 63% of Americans have broadband Internet connections in their homes, up from 55% the year before. They are paying on average $39 monthly from this service, up from $34.50 the prior year. The fact that they are paying more suggests the value that they attach to this service. In this difficult economic environment, consumers reported that they were more likely to cut back on cable television or cell phone service to budget for Internet access. However, the news was not all good, as 37% of Americans remain without access to broadband. Income was the largest barrier to access; 82% of those who don’t use the Internet earn less than $40,000 annually. Almost half earn less than $20,000 annually. Only 25% of those without Internet access live in rural areas, where low population density is often a disincentive to building broadband systems. The question is: does lack of broadband access hinder economic development? The Organization for Economic Cooperation and Development reports that the U.S. ranks 15th in per capital broadband deployment, well behind faster-growing Asian economies, such as South Korea.  Certain of the $7.2 billion in economic stimulus funding is targeted for expanding broadband access, which may help those in rural areas, where it is not economically efficient for private providers to expand access. But this may result in low returns for the investment, given the survey findings.  However, for rural areas in the Gulf Coast, expanded broadband access would almost certainly be welcome, as they need fast Internet access for remote operations, particularly during the hurricane season.

Protecting the Business Against the Disaster of Litigation

Wednesday, April 22nd, 2009
Use Your Head and Protect Yourself Against Litigation

Use Your Head and Protect Yourself Against Litigation

In this blog, I have written extensively about the need for data backups to protect your small business against physical disasters. Now I want to address a disaster of a different kind: litigation. A careful strategy of preserving electronic records may not only be helpful in mounting a successful defense (and, in many industries, is often a legal requirement), it may actually discourage a plaintiff from pursuing your business.

I recently spoke on the topic of disaster preparedness at a conference for smaller law firms. The focus of my remarks was, predictably, data backups, which are absolutely critical to businesses that are as document-intensive as law firms. To my surprise, the discussion among the participants took a different turn when one attorney described the experience of a client who had been served with an onerous discovery demand. He stated that often plaintiffs make such expansive demands in the hope that the defendant will not be able to produce what is required and that they can win a judgment on default. This particular client was exceptionally prepared, as the IT and legal departments had been working together on the matter of records preservation in connection with their disaster preparedness efforts. They complied with the demand in a timely manner, thereby creating a dilemma for the plaintiff: to sift through all of the records would have been extremely time-consuming and expensive with no guarantee of a commensurate benefit. Moreover, having charged out of the gate with an aggressive discovery demand, the plaintiff could expect little sympathy from the judge to a request for an adjournment. The plaintiff subsequently dropped the lawsuit. The attorney added that he believes that this thinking is the reason why the federal government settled its case with Arthur Anderson so quickly: the Department of Justice would be unable to justify spending taxpayer funds on an analysis of the reams of documents it had demanded from Anderson, which documents Anderson dutifully produced.

So consider your data backup in the context of a strategy for litigation deterrence. This lesson was so important that I wanted to share it with you. By the way, the graphic accompanying this blog, is a photograph I took in a subway station in Brussels, Belgium.

Environmental Impact of Spam

Thursday, April 16th, 2009
Pollution By Another Means

Pollution By Another Means

McAfee Inc., a computer security company, has just released its study “The Carbon Footprint of E-mail Spam” in which it reports that spammers generated approximately 62 trillion junk e-mail messages in 2008 that consumed electricity sufficient to power 2.4 million U.S. homes for a year. This wasted energy, that computers consume while users are viewing, deleting or sifting through spam generates needless greenhouse emissions. Spam filters block out most spam from ever reaching their destination; nevertheless, because most e-mail is spam, people spend about 100 billion user-hours annually dealing with the spam that makes it through the filters to their inboxes. According to Microsoft, 97% of e-mail is spam.

What can we do? I like the suggestions put forward by Seth Goldin in his book, Small Is the New Big, in which he calls for accountability, as anonymous strangers have made our lives miserable. Anonymous e-mail messages that clog our inboxes would go away if it could be traced to those who send it. So he suggests a parallel Internet where the only participants are those who verify their identities. Google, he suggests, could sell its G-mail accounts for $1, requiring people to pay with credit cards to verify their identities. Then you would only accept messages from such verifiable senders. Let’s hope his suggestion is implemented by the tech companies; they would quickly build user loyalty as we are all eager to end this abuse of our time.

Green Computing for Small Businesses

Tuesday, March 31st, 2009
Green Computing

Green Computing

I received several queries following the recent publication of an article in USA Today, which reported the findings of a study on the power usage of office computers. The 2009 PC Energy Report, produced by 1E, an energy management software company, and the Alliance to Save Energy, a non-profit organization, stated that roughly half of the 108 million desktop computers in the U.S. are not properly shut down in the evening, when employees leave their offices. This results in a cost to business of $2.8 billion annually to power unused computers and the emission of 20 million tons of carbon dioxide, comparable to the emissions produced by four million cars on the road. According to this report, the practice of powering down in the evening can reduce $260,000 in energy costs for a company with 10,000 desktop computers, with an environmental benefit of reducing carbon dioxide emissions by 1,871 tons. This study focused exclusively on costs and benefits to large corporations. Several readers asked me about the implications of this recommended practice for small businesses.

One desktop computer consumes between $50 – $200 in annual electricity costs. The newer models, which are more energy efficient, would be at the lower end of the range and the older models at the upper end. Large corporations typically ask that their employees leave their computers on overnight for software deployment and maintenance, tasks which small businesses typically perform during the workday. So the cost savings are not comparable for smaller businesses.

Data Warehousing and the Lifecycle of Information Management

Monday, March 30th, 2009
How Much Is Too Much?

How Much Data Storage Is Too Much?

The lifecycle of information management refers to the determination of which information and data your small business must preserve and protect and over what period of time. It is not productive for any small business to secure and back up information that has become obsolete. (It also raises the risk of human error, as your employees may inadvertently work with files that have aged out of use!) This requires some discipline for properly disposing of out-of-date electronic files. As you develop a strategy for lifecycle information management, here are some of the issues you should consider:

Liability management. The more sensitive customer data you store, the greater your liability for a breach of data. The news media report that computer hackers may have accessed up to 100 million customer records of Heartland Payment Systems, a credit card processor. They are not the only payment processors to report possible data breaches; RBS Worldpay and CheckFree have also been exposed, as has Monster.com, an employment site. These breaches are costly: $202 per compromised customer file, according to the Ponemon Institute, an organization that researches and consults on privacy and information security matters. What accounts for this cost? Customer attrition is one source of loss, as Ponemon found that health care businesses lost 6.5% of customers and financial businesses lost 5.5% of customers after data breaches. In addition, after a data breach, the affected company must undertake expensive security and legal procedures to deal with the intrusion and offer, at its expense, credit monitoring services to the customers whose data may have been compromised. In some states, there is a legal requirement to offer such a remedy; in all cases, it is a good business practice.

Marketing needs. Customer data may be a valuable asset for new product development, customer retention and customer acquisition. At the recent Information Security Best Practices Conference held at the Wharton School of Business of the University of Pennsylvania, marketing professors Eric Bradlow and Peter Fader discussed the conflicting needs of liability management versus marketing needs. As personally identifiable data are increasingly a liability for companies, Professors Bradlow and Faber recommend a “data minimization” strategy: keep the customer data your business needs for competitive advantage and purge all other data. Too many businesses, they believe, are data pack rats, storing information that serves no marketing purpose.

Legal and compliance requirements. Your business may be subject to certain legal or regulatory requirements for preserving data over a certain period of time. It is best to seek advice from legal counsel when developing your lifecycle information strategy.

Another Breach of Secure Credit Card Data

Monday, March 9th, 2009
Be certain your data are protected

Be certain your data are protected

Reports are surfacing that there has been a breach of secure credit card data from banks issuing Visa card accounts. Small businesses must be vigilant in two ways: first, carefully examine your card statements to ensure that your cards have not been misused. I log onto my online account information daily to proactively address any problems. Second, if your business accepts credit card payments, you need to monitor pending state legislation dictating what businesses must do to protect credit card transactions and other personal data. Currently, more than 30 states require companies to notify individuals whose data has been lost or stolen. Massachusetts and Nevada are currently considering more stringent laws.

Not the Right Way to Use E-Mail

Thursday, February 19th, 2009
Looks Innocent Enough

Looks Innocent Enough

You package a great deal of sensitive information about yourself in one bundle when you apply for a mortgage. And that information is re-transmitted whenever a mortgage broker works on your behalf or when your mortgage is sold and re-sold again in secondary markets. You would hope that financial institutions would handle such private information in the appropriate manner, but your hope might be misplaced. Wolters Kluwer Financial Services surveyed executives from 350 odd banks, credits unions and mortgage companies as to how they transmit financial data. (This particular company sells secure document delivery software to financial institutions.) Almost two-thirds of those surveyed use traditional e-mail services rather than secure encrypted online delivery technologies, thereby exposing mortgage applicants to greater risk for identity theft and other forms of financial fraud. You must never transmit sensitive information by e-mail. Automated algorithms, known as “bots” routinely hack into e-mail messages searching for 16-digit and 9-digit numerical sequences in the hope of finding valid credit card and social security numbers. The damage to your credit rating and reputation can be devastating.

I had this experience in the aftermath of 9-11 when a non-profit organization based in Lower Manhattan, which had the contract for processing certain disaster relief programs, transmitted my social security number in an e-mail message to a government agency. I learned of this when the recipient forwarded the e-mail message to me and I traced the thread of attachments. I brought this to the attention of the relevant federal government agency (which funded this particular disaster relief program) to no avail. I had hoped that the federal government would sanction or terminate contracts with providers that fail to handle sensitive information in a responsible manner. It is bad enough to experience a major disaster, but when the agencies paid to “help” you act recklessly and expose you to greater losses, that is inexcusable. To end the story, I received the letter from the federal government agency in question who punted the matter to the New York City agency coordinating disaster relief efforts which, in turn, wrote to me assuring me that the matter was under investigation. That was six years ago. I am still waiting for the results of this investigation which were promised to me.

Your customers won’t likely be as forgiving of irresponsible data handling practices. We are small businesses, not large, indifferent bureaucracies. So never transmit sensitive financial information via e-mail. Use a secure, encrypted online service instead.

Global Virus Spread

Tuesday, February 17th, 2009
Globally Connected, in the Worst Way

Globally Connected, in the Worst Way

More than one million, and possibly as many as ten million, personal computers have been infected with the Conficker virus. The virus has claimed victims from the German military, computer networks in the British and French Air Forces and teaching hospitals in England. Conficker is particularly virulent because once it spreads it disables infected computers from being cleaned out, while searching nearby serves to break passwords and spread to any shared drives. It also replicates itself, like a DNA strand, onto any hardware device connected to a USB port, such as digital cameras, music players or key drives. When those infected devices are then connected to another computer, they infect that machine and so the virus spreads. This is apparently the means by which the computer networks of the French Navy were infected.

What makes Conficker so devastating is that on a daily basis, each computer infected with Conficker attempts to connect to 250 Internet domains for further instructions on destructive activities to carry out. Each day these 250 domains change, confounding efforts of security experts to shut them down. In effect, Conficker has created a massive botnet that could orchestrate spam attacks or cyber extortion or cyber militia attacks.

Generally, it is a bad idea to use external devices such as key drives for data storage; such devices can be lost or stolen. Now add another reason to the list: they can be used to transmit lethal viruses from one computer to another. Some businesses have their IT staff disable USB ports to prevent employees from using key drives. This may be an idea that small business owners should consider out of an abundance of caution.

Indexing Files

Monday, February 16th, 2009

File Management SystemsFurther to my posting about the “Train the Trainer” program for the Louisiana Small Business Development Centers held in New Orleans two weeks ago, one of the counselors contacted me with a follow-up question concerning file management. I had talked about naming conventions for files, directories, etc. It is important that your small business establish such standards and processes which will serve you well even in normal operations. Imagine that an employee creates a file, a marketing document, for example. Then, several years later, after the employee has left your organization, another employee has to update the file for recent changes. Would the new employee have any idea of how to retrieve that file? Would you? Would you immediately know how the file would be named and where it would be stored? That is why file naming conventions are so important. Indeed, at the Louisiana “Train the Trainer” event, I referenced a recent research report of the Butler Group, which elicited laughter. The Butler Group found that 10% of payroll expense goes to searching for files and documents. Imagine that you are paying your employees to spend 10% of their time looking for files that they cannot retrieve right at their fingertips. Apparently, some of the LSDBC counselors had some recent experience in this area; hence, their laughter. If you can agree with your staff to standards as to how you will name files, and train new staff in these standards as they are hired, then you will right away recognize an immediate boost in productivity – 10% of payroll expense is significant. Now imagine what happens when you are not enjoying normal business operations, but your business has been disrupted in some way and you are operating remotely, for example. You will be under some pressure. Having employees spend 10% of their time looking for files in such an environment is a luxury you cannot afford. It will only increase your stress levels during a time that is already difficult for you. So establish some naming conventions now. There is no right answer as to how you do it; it just has to be a system that is simple and easy for you.

That brings us to the topic of version control, which is a convention for naming documents, usually with a suffix in the file name, to ensure that you have recent and older copies of a file. If you make a mistake, you can simply revert to the last saved version. Version control is a quality control system and can ensure that you and your employees are not working at cross-purposes with one another in overwriting obsolete documents, for example. You might name a file, for example “Marketing draft_V1_09Nov01” for example. Then you organize your files electronically to make certain that the most recent version appears at the top of the selection and that users have to check the document out to work on it, so two users cannot simultaneously make changes and overwrite one another. This is another great productivity tool so that you don’t have to reinvent the wheel every time you begin a new project.

Apple Spotlight is a great feature for indexing and I make extensive use of meta data. “Meta data” are data that describe data. For example, you could tag a document with key words to enable easy search and retrieval. Another example of meta data would be found when you select a file and click “Get info” and then the name of the author appears, the date that the file was created, etc. We have a policy of always filling in those fields with descriptive information to enable easy searches. Of course, be aware that meta data can be accessed in ways you did not intend! I once received a file from a law firm with a document for which they were charging premium prices to draft from a blank page. But the meta data in the file document information indicated that another attorney had drafted the document and named the bank for which it was intended! Apparently, the attorney assigned to work with me copied and pasted the document and represented it as an original work product! Amazing the things you learn when you bother to check the file information. That is how I found out which bank was working on a local community development fund, information that was probably intended to be confidential.

Dial “C” for Caution

Thursday, February 12th, 2009
Sensitive Data Here

Caution: Sensitive Data Here

We are all sensitive to the need to protect confidential business data on our laptop computers, but have you given any thought to what is stored on your cell phone? Just a few weeks ago a man in New Zealand paid $10 for a used MP3 player and found it preloaded with U.S. military records and personnel data for troops stationed in the Middle East. In December, an old BlackBerry  was sold for $20 at a garage sale of the McCain Presidential Campaign. It was found to be preloaded with sensitive Republican donor information, emails, and more. Unfortunately, incidents such as these, while embarrassing, are all too common. Don’t let them happen at your small business.

Regenersis processed over two million mobile phone handsets in 2008 and last December, during a random sampling of 2,000 recycled mobile phones, found that 99% of them stored sensitive data such as banking information and confidential e-mail messages. The average mobile phone is replaced every 18 months; if you do not clear these handsets of data before you recycle or dispose of them, you may jeopardize the security of your small business. Of course, not all cell phones are recycled or donated once they are removed from service. In the U.S., over 700 million cell phones that are no longer actively used are stockpiled in homes or businesses, which also pose security risks.

Do not rely on the next user or the cell phone recycling firm to purge your data for you. It is safer to invest a minute or two to learn how to do a proper factory reset/hard reset on your phone, remove memory and/or SIM cards, check to make sure everything’s been wiped, and then dispose of your handset.