The ability to analyze and use data, often in real-time, is a growing and important driver behind providing a superior customer experience on the phone. Your contact center is a priceless resource that sustains and cultivates loyal customers.

"With our demographic and psychographic information, we can deliver superior customer service and a very strong ROI without seeing degradation in the audience size or the results," says Mike Herston, vice president of IT client services at InfoCision. "It's simple in our business to say, 'This person looks like my best donor or my best customer so we should always call or mail them.' Eventually they will fatigue. What we can do is expand that list with like-kind prospects so you don't call the same people over and over again."

Herston and InfoCision's Business Intelligence Group, a marriage of the marketing and IT departments, utilize data analytics, the process of reviewing raw data to draw conclusions from it. In addition to highlighting opportunities for greater ROI, this process provides the ability to efficiently connect with customers on the for-profit side, or donors on the nonprofit side.

"Budgets are tight for a lot of companies right now, given the economy," Herston says. "So they need to look for more effective ways to reach their customers, and they're looking to analytics to be able to do that. It's really about getting down and peeling the layers of the onion away so we can tailor a message to a particular customer. It's all about building that customer relationship and being able to anticipate the customer's needs."

In the last few years, the data analytics industry has become more procedure-driven rather than data-driven, Herston says. This is tied to the vast amounts of information available and decreasing timelines for deliverables. There's also a greater reliance on software to be the decision-maker on final outputs or results.

"Where InfoCision differentiates itself is that we're able to integrate sound business understanding with statistical modeling," Herston explains. "We certainly use up-to-date statistical analytics. But at the same time, we have an understanding of the day-to-day business of our clients and the audiences that they are trying to reach so we know what we're actually profiling or modeling. It also means we're not totally reliant on statistical software."

Equally important to obtaining data, is using it. For example, script-on-screen technology can take the data and tailor a message in real-time to the individual being called allowing for a very personalized conversation.

"What we're able to do is enhance the calling experience for that donor or that customer," Herston says. "We have the ability to model people and predict their propensity to say yes by scoring them in real-time. We can actually tailor a call treatment based on that person's information. We can tailor a script based on the fact that we know someone is male or female or if we know their age range. We can tailor a script to a household that has a presence of children. The whole idea is that it allows us to deliver a script that resonates with the person we're calling."

Companies need to strategically align themselves with partners that can help them leverage the growing amount of data available.

"We make a lot of calls, and that gives us a lot of past behaviors to model," Herston explains. "We can model internal data specific to a client, and break it down further to the specific audience depending on what the client's goal is. Let me put it this way, we don’t operate on the one-size-fits-all model."

Mike Herston is the vice president of IT client services at InfoCision. Reach him at Mike.herston@infocision.com or (330) 668-1400.

Published in Cleveland

Smart Business spoke to Mark Strippy, Executive Director, Payroll Services at Heartland Payment Systems®, about how implementing an Employee Self-Serve portal can save employers time and money.

A company’s payroll department can spend a huge amount of its day addressing employees’ payroll questions, sending payroll forms and updating payroll information.

Disruptive, time consuming and ultimately costly, these chores can be alleviated with a convenient system that not only enhances payroll productivity, but empowers your employees.

That system is an Employee Self-Serve (ESS) portal.

ESS is a convenient, secure and user-friendly resource that provides all your employees online access to personal data — including their payroll information. Employees have the ability to view and print payroll vouchers and W2s and view their paid time-off balances — reducing routine staff inquiries and easing the burden of distributing payroll vouchers to your work force. Employees can also use this portal to update bank account details.

What’s more, ESS portals eliminate the need for postage and paper printing of payroll forms, offering substantial cost savings. ESS has become increasingly popular as more businesses “go green” in an effort to reduce paper and energy waste.

Companies like the international coffee chain, Starbucks, deployed an ESS portal as a means of providing information to its employees, but quickly realized how much more it could be doing using this technology. The organization enhanced its systems so all individuals can complete just about every transaction via ESS.

And it’s not just the large companies. Many small and mid-sized businesses have been adopting secure and private ESS systems because they provide:

Ability to update personal information. Companies can give their employees permission to review and make changes to their personal data (name, address, next of kin, etc.), W4 elections and voluntary deductions, as well as view their payroll stubs and W2s. Encouraging employees to enter personal data through the self-service portal is one way to leverage technology in order to increase productivity in payroll.

Electronic time sheets. Electronic time sheets improve the payroll efficiency of employees who use computers, and they are especially useful for companies with multiple worksites. Electronic time sheets improve accuracy and, according to some reports, can cut handling time.

Savings. ESS systems can be economically implemented over the Internet or a company Intranet. Internet-based payroll solutions can facilitate cost savings by allowing companies to reduce the IT resources needed to support the payroll function. A Web-based payroll solution eliminates the need to purchase and maintain specialized hardware, thereby eliminating maintenance costs and assuring that the latest features are available to all employees. Additionally, ESS can save time and dollars associated with updating materials for employees, and in the cost of printing payroll forms.

24/7/365 access. Round-the-clock access to ESS is an added plus for companies that provide services to a diverse and often dispersed work force.

In today’s volatile business climate, your payroll department is no doubt being asked to do more with less. Implementing ESS is one way to achieve that goal and provide real value to employees in an effective and low-cost manner.

Heartland Payment Systems, Inc. (NYSE: HPY), the fifth largest payments processor in the United States, delivers credit/debit/prepaid card processing, gift marketing and loyalty programs, payroll and related business solutions to more than 250,000 business locations nationwide. A FORTUNE 1000 company, Heartland is the founding supporter of The Merchant Bill of Rights, a public advocacy initiative that educates merchants about fair credit and debit card processing practices. The company is also a leader in the development of end-to-end encryption technology designed to protect cardholder data, rendering it useless to cybercriminals. For more detailed information, visit HeartlandPaymentSystems.com or follow the company on Twitter @HeartlandHPY and Facebook facebook.com/HeartlandHPY.

Published in Cleveland

Businesses that thrive in today’s competitive marketplace recognize that the data they collect on a daily basis can be a valuable asset.

But just collecting data isn’t enough. It’s critical to organize this business intelligence so that it is accessible and can be analyzed to improve an organization’s performance by driving innovation, spurring fresh ideas and giving managers the tools to make smarter business decisions, says Sassan Hejazi, director of the Technology Solutions Group at Kreischer Miller.

“Having the ability to analyze data and use it as a benchmarking tool internally and against competitors can change the culture and character of an organization,” says Hejazi.

Smart Business spoke with Hejazi about how to centralize business intelligence and how that data can be harvested and used to make key business decisions.

How can data be valued as assets in today’s business environment?

Companies are capturing valuable data in numerous ways — from clients who make online purchases, from sales calls and even through daily business practices.

Consider the volume of electronic documents that your business creates and files away each day. Now, ask yourself, ‘Is this information easily accessible?’ Businesses collect enormous amounts of data that are tucked away, often in disparate locations, during the regular course of business. However, all of this collected data is not effective if it cannot be accessed and analyzed and acted upon.

More businesses are working toward going paperless and storing their data in a centralized repository versus in file folders and boxes. When data is uniformly formatted and accessible on a centralized system, the business intelligence that can be gained is incredibly valuable. Businesses should aim to implement systems that allow them to harvest this data so they can make better decisions.

What are some common missteps that businesses make with collecting and accessing data?

Often, companies need to capture data quickly, so they settle for a quick fix. For example, a salesperson visiting with a potential client transfers information into an Excel document, then presses ‘save’ on his tablet. Another member of the sales team gathers information from a phone call and enters it into a spreadsheet on his desktop computer.

There are countless pieces of disparate data floating around that don’t connect; therefore, the information cannot be linked, harvested and analyzed to make business decisions. The answer to this problem is to centralize all data so that managers in your organization can build reports and analyses of this data, making decisions based on the whole picture.

What are the first steps to centralizing data so they become uniform and accessible?

The first order of business is to design a data collection system and decide how that data will be managed. That is called creating a data map, a system of how data will be merged, uniformly formatted and accessed within an organization.

This requires an understanding of what data currently exist by taking an inventory of an organization’s data assets. Then, a plan is configured to migrate toward an integrated data management system.

This process requires a multidisciplinary approach involving business process owners and technology staff. These players must all work together to ensure that the data map addresses the business and technology objectives of the company.

From there, information systems can be designed to add capabilities for allowing a business to capture data in a more integrated fashion. With this, a company is in a position to maximize its technology investment and use reporting tools to gain a competitive advantage.

What is the best way to present data to managers so they can use them to make key business decisions?

Once a centralized data system is in place, a business can implement dashboards, which are the most effective way to present all of this collected data to managers and other stakeholders. Dashboards are displays that can appear in different user-friendly formats, such as a speedometer or graph.

Dashboards are the new way to report information because they can capture and analyze selected data. They are able to give managers a picture of what’s going on inside and outside of the organization. Dashboards create a link between day-to-day activities in the business and long-term goals, plans and objectives. And, they’re simple to view on a computer screen and understand.

How can companies harvest data for a competitive advantage?

Data can lend insight into opportunities and risks. For example, a sales and marketing team can use collected data to benchmark performance against targeted sales goals. The team members can learn from high performers and track sales trends. Access to sales data can change the culture of sales management in an organization.

The same goes for operations. Operations managers can understand where bottlenecks, as well as efficiencies, exist in their processes and then compare those to industry benchmarks. This gives a business the spirit of continuous improvement.

Having data at your fingertips to analyze and compare how you stack up against the competition can aid in evolving your company’s culture, better managing risks and moving it toward being a more performance-oriented organization.

Sassan Hejazi is director of the Technology Solutions Group at Kreischer Miller. Reach him at (215) 441-4600 or shejazi@kmco.com.

Published in Philadelphia
Monday, 31 October 2011 21:01

Back it up

It is — or at least it should be — a given that you are backing up your company’s critical data. However, as you may have already found out, conducting those backups can be a costly and time-consuming process.

Shawn McCullough of Ulmer & Berne LLP was looking for a better backup solution. Working alongside his partner, Black Box Network Services, he was able to find the solution with EMC Avamar.

According to EMC, Avamar was developed to solve the challenges associated with traditional backup. They state that EMC Avamar backup and recovery software, equipped with integrated global, client-side data deduplication technology, facilitates fast, daily full backups for VMware environments, remote offices, enterprise applications, LAN/NAS servers and desktops/laptops.

Smart Business spoke with McCullough about Avamar, how it has helped them and what it can do for your business.

What challenges were you experiencing that led you look for a next generation, backup solution?

For us, it was all about getting rid of tapes. Managing the tape library we had for backups was expensive and time-consuming. We were spending $5,000 to $10,000 every six months just to replace the tapes. Not only that, we don’t have a dedicated IT staff at all of our locations, so if anything went wrong at those locations, we’d have to spend the time and money to travel to those locations to address the problem. It just wasn’t feasible to do it that way anymore.

Besides protecting our data and cutting down on the cost of tapes, we wanted a backup solution that would protect our virtualization endeavors without putting a strain on the backup infrastructure. We also needed a solution that would allow us to utilize the backups from one central location. Another factor was the timing. As we all know, timing is critical. With multiple locations and data that’s constantly being moved around, we needed a consistent, reliable backup system. EMC Avamar addressed all those concerns and then some.

Another benefit that we didn’t even consider was deduplication. Why back something up if it’s already backed up and stored? This has reduced our backups and saved us a lot of time.

What were the factors that made the EMC Avamar solution the best choice?

This solution allows us to have a zero sum game — we can add more applications anytime we want without increasing space or bandwidth. It’s a very well rounded solution. Plus, it’s an instant solution. Before, if something went wrong, our backups were down for days. Now, there is no downtime. And, you can find exactly what you need almost instantaneously. Recovery is fast and amazing. A restore that used to take an upwards of 18 hours can now be done in under two. Also, there is no need for client licenses to backup and restore.

What cost savings and ROI were you able to realize by implementing EMC Avamar?

We really didn’t realize just how much we were spending to maintain and store our tape library. That cost saving alone has made it all worthwhile. When you factor in the time we’re saving as well, the ROI is very strong.

How did the EMC Avamar solution reduce the cycles your IT staff was spending to perform backup or recovery tasks?

This was the biggest benefit for us. Before we were spending five to eight hours a week managing and troubleshooting our backups. Needless to say, it was incredibly time consuming. Now, we maybe touch it a couple hours a month!

What guidance would you give to other companies with similar backup concerns and challenges?

EMC Avamar can be a costly solution, but it’s definitely worth the investment. Don’t just look at the price — look at how much this solution will help you. It has amazing features that will save you a lot of money in the long run, more than offsetting the initial cost.

Shawn McCullough of Ulmer & Berne LLP can be reached at smccullough@ulmer.com.

For more information on Black Box Network Services, visit their website at www.blackbox.com.

Published in Columbus
Monday, 31 October 2011 21:01

Making "above and beyond" the norm

Call One is one of the nation's largest providers of voice, data, and Internet services and systems.

Smart Business spoke to Ken Moss, Director of Data Operations at Call One, about how the organization has overcome challenges to become an innovative leader in its region and industry.

Give us an example of a business challenge your organization faced, as well as how you overcame it.

The biggest challenge that Call One Data Operations has faced is the growing trend of enterprise organizations choosing inexpensive small-office/home-office (SOHO) IP solutions for their business. In years past, telecom providers enjoyed success selling premium services such as internet DS1 lines to businesses, thus reaping the benefits of larger revenues. Not only have wholesale bandwidth prices fallen, but emerging products such as DSL and cable modems that are economically price positioned have shifted the landscape to be ultra-competitive.

Call One has and continues to overcome this challenge through providing value added services that the SOHO IP products cannot offer. Free bandwidth metrics, reporting, and evaluations gathered though SNMP traps that DS1 can provide. Complimentary proactive notifications on service outages — where we contact the end user notifying that they are down before they even notice. Increasing that “white glove” type of approach based on what the technology can provide. We’re constantly looking for new ways to increase the value add.

In what ways are you an innovative leader, and how does your organization employ innovation to be on the leading edge?

The great thing about Call One is that we’re not limited in how we can approach management issues. I personally like to tackle things with an analytical mindset — I’m a big metrics guy. But if something is not working for me or my teams, we jettison it and identify new and better ways. We’re not saddled with the “this is how things have been done for 10 years” mindset.

We’re firm believers in testing and being hands-on while at the same time employing an open door, customer centric approach — I call it the client/technology partnership. Being a technology company, we find all sorts of interesting challenges that present themselves — advanced routing issues, local area network issues, etc. Because we strive for that client/technology partnership, let’s solve issues together with our clients. Innovation through flexibility in both internal and external customer facing operations is what drives a lot of what we do. This has long been a critical component to our success.

What is the greatest lesson you’ve learned and how have you applied it?

The lesson of always being positive. It sounds cliché, I know. But over my career I’ve found that successful negotiation of most issues boil down to attitude and approach. Maintaining a positive attitude and approach in our dealings does make a difference. Letting negativity bleed unto oneself brings bunches of problems in a hurry. Positivity — that “can do” attitude and approach to not only operational issues, but relationships as well. I strive to ensure that my teams maintain that positive attitude, and they know that’s a pet peeve of mine. You could be the best and brightest engineer out there — but within my teams we won’t tolerate negativity.

How does your organization make a significant impact on the community and regional economy?

Call One has had an internal Give Back Committee for years now that has coordinated fundraising efforts for various charities and community not-for-profit organizations. This year, for instance, our targeted fundraising organization is Aunt Martha’s Youth Service and Health Center. We consistently hold raffles, contests, bake sales, etc. with the proceeds going to Aunt Martha’s. We set fundraising goals and achieve them. It certainly makes us all feel good knowing that we’re helping contribute to those in need locally.

The effect we have on the regional economy is a little different — Call One is first and foremost a Chicagoland telecom company.  We have a wide range of different local affinity groups — including municipalities, school districts, and auto dealers, amongst many others. We can provide incentives for these groups to give them a competitive advantage in their marketplaces. Call One wants to see other Chicagoland businesses succeed. Through our affinity group program, I believe we are helping do just that.

How have you added “value” to the products and services you provide to customers and clients?

Funny — I would encourage everyone to go to www.callone.com and read a blog article that I authored and posted on August of 2011 titled “Discover Your Hidden Value Proposition.” In a nutshell, it always boils down to providing that premium customer experience that cannot be matched by your competitors. Know your client, stay ahead of the game, and ease their pains. Telecommunications is a commodity. Anything commoditized must be differentiated with value — this is a big one for me.

What is your philosophy on going “above and beyond” for customer service?

My philosophy about “above and beyond” is that it’s unfortunate that it’s still referred to as “above and beyond.” Going the extra mile is what provides that value proposition, that foundation for success to ensure longevity and sustained growth. It’s not “above and beyond" — it should be the “norm.”

Ken Moss, Director of Data Operations at Call One, has worked for Call One in Chicago, Illlinois, since 2002. He holds an MBA from Benedictine University and is a member of Sigma Beta Delta Business Honors Society. Reach him at kmoss@callone.com. Also, feel free to connect with him on LinkedIn.

Published in Chicago

Smart Business spoke with Mike Landman, CEO of Ripple IT, about how business owners can ensure their company’s IT department is using the right backups.

Every business leader I talk to is certain their company has good backups. Well, pretty sure. Kind of sure? There's tapes, so there must be a backup, right?

When pressed, most business leaders find that they don’t really know the status of their backups.

I’ll grant you, backups are boring. Like insurance, flu shots and TPS reports. But once you’ve seen the face of someone that has lost their company data — or even thought they lost their data — the boredom ends quickly.

As a leader, you want to trust your IT guy, or your IT department, or your brother-in-law that handles your IT. They know technology, and this is their role. But there is a difference between delegation and abdication. And with backup, I think a leader needs to know what’s up.

Here’s a few things you should know to keep on top of data protection:

Backups fail. Every backup software can and does fail. More often than you might think. There are three things you can do about it:

1. At Ripple we decided that no single backup software is good enough to shoulder the responsibility for client backups. So we use two completely different software vendors and technologies for backup. The downside is, of course, that it costs more to implement and to manage. The upside is a nice reduction in risk of data loss from a failure or a software bug.

2. Get looped-in. Have a chat with IT, and get a report every day (just like they do) of the status of backup. If everything is OK, you have spent 30 seconds over coffee getting reassurance that your company is safe. If not, you can help out with some positive support.

3. Set the tone. Troubleshooting backup failures is difficult and time-consuming, and it often happens without management even knowing there was a failure, because IT is nervous to tell leadership. So they work on it silently. But now that you are looped-in, you can help. Let them know that you know software fails sometimes, and that it’s a top priority to you that they have the time to get it fixed. Then let the rest of the company know that regular support will be a little slower while IT works on an issue that’s important to the company’s security. Those words mean a lot more when they come from leadership rather than from IT, and you will buy your IT team time to fix the problem, rather than shelving it because of daily IT fires.

If your backup is not offsite, you are not safe. The kinds of events that require restoration from offsite are certainly more rare, but they are company killers if there’s no offsite backup. A fire, the cleaning crew sets off the sprinkler, natural disasters — they happen. This is what backup is for. The same day you ask IT to add you to the daily backup report, ask them how the company handles offsite backups. You might be surprised at the answer.

Some of your most valuable data is not on the server. The mantra of IT for as long as I can remember has been “if it’s not on the server, it’s not backed up.” While this has some measure of CYA for IT, it’s not a viable strategy. It makes your end-users (particularly your mobile ones) responsible for backups, and if you’re honest with yourself, you have probably had an important file (or 50) nowhere but your laptop. And if you’ve done it, you can bet every laptop user you have has done it too. Yes, there is an expense to backing up all of your laptops, but it’s nothing like the expense of watching your highest paid employees scramble to recreate a presentation after having their laptop die. Unless you enjoy saying “I told you so” more than you enjoy having crisp, timely presentations from your road warriors — backup your laptops.

Backup is important enough for leadership to pay attention to. Just like you don’t have to be an accountant to keep an eye on your company’s cash, you don’t have to be an IT guy to keep an eye on your data.

Mike Landman is the founder and CEO of Ripple IT, an IT company that makes IT run smoothly for companies with less than 100 employees.

Published in Atlanta

Besides people, a company’s most valuable asset is its intellectual property. Because of this, organizations must ensure that they’re doing all they can to protect this vital asset.

Smart Business spoke with Rockie Brockway, GSEC, GCIH, GSNA, Cisco TSS/Security, the security practice director for LOGOS Communications, Inc. dba Black Box Network Services, about intellectual property and what businesses should be doing to protect their valuable data.

What threats do companies face when it comes to their intellectual property?

Cybercrime has evolved over the last two decades, from brute force attacks for bragging rights in the ‘hacker’ communities to billion-dollar black and grey market profit centers. Today, we are seeing very sophisticated tools that can control millions of hacked ‘zombie’ computers for a single purpose, like mass spamming or attacking other Internet resources. And, these tools come with 800 numbers for live tech support just like any other software you might purchase at your favorite home electronics chain. The bottom line today is that it is easier and cheaper for new or developing companies to purchase stolen trade secrets in an effort to be competitive than it is to develop it themselves, and such incentive opportunities will always create markets, legal or not. This demand translates into exceptionally ingenious ways to exfiltrate critical intellectual property from organizations and presents a large challenge for the security industry as a whole to keep up with the innovations being developed as a result of these new markets.

The other primary threat to an organization’s intellectual property is geo-political in its nature — state-sponsored hacking with the intent to gather as much competitive intelligence not only through stolen IP and trade secrets but also through business methodologies in an effort to try to get a leg up on other countries in these shaky economic times.

What are some ways data can be stolen?

Lost USB sticks, stolen laptops, improper disposal of documents, disgruntled employees, third-party vendors, not to mention targeted hacking attempts and even ‘hacktivism.’ If you can think of a vector for data loss it probably can be done. But the tried-and-true threat vector in the war against data loss ends up being the human factor and social engineering, which has also vastly improved in the last decade. Today, spear and whale phishing high-impact targets, such as CEOs, presidents and board members, and getting them to navigate to a website that installs a malicious application that hasn’t been seen before is commonplace and once that foothold is in place, a little patience goes a long way. If you look at the recent slew of high-profile attacks that resulted in severe data loss like RSA, Oak Ridge Labs and others they all share the same MO — targeted spear phishing, malicious code execution, staying low and under the radar of existing security countermeasures and data exfiltration.

What preventive measures should companies put in place?

Process is key here, and the object is not to panic and throw solutions in place without having a clear understanding of what you are trying to protect, its impact on the business should they be stolen (or worse), the assets that support the business's critical data and the security compromises and risk the business is willing to accept — basic risk management, which unfortunately can be easily overlooked. This process defines the corporate security policies and comprises the strategic half of a good security model. The tactical half of the model is defined by these policies and needs to protect, detect and react to threats. Given the mobile nature of information technology, endpoint host protections are a must, and I am a big advocate of application whitelisting technology. If an organization has the ability to inventory and classify business-use applications, then whitelisting can be utilized to only allow those approved applications to be able to run on the user systems. For most organizations, malware doesn’t constitute a business-use application so it isn’t allowed to execute. And apart from the obvious countermeasures, such as firewalls and encryption use, identity and event correlation are also crucial to a strong security posture. Again, with the adoption of BlackBerrys, iPhones, iPads, Android devices and other mobile platforms, organizations cannot simply rely on their traditional perimeter defenses to protect their intellectual property. Security industry guru Richard Bejtlich recently tweeted that ‘identity is the new corporate perimeter’ and that is a very astute observation. On the correlation side, security information and event management (SIEM) systems gather, analyze and present information from network and security devices, vulnerability and identity management tools, OS and database logs and policy compliance tools and correlate and prioritize the data for not only lower administrative overhead but also for auditing and incident response.

How can businesses thwart attacks?

The answer to this question is almost always tied to the adjacent question, ‘Who is accountable if security is breached?’ Security is very subjective so there needs to be a powerful advocate within the organization that has the ability to fight the appropriate battles when necessary in order to ensure security isn’t glossed over as another optional insurance policy. That, combined with the adoption of an enterprise risk management program that weighs the business risks of everything from third-party vendor access to business critical assets to personal mobile devices on the business networks truly gives organizations the leg up on defending their business. One specific action that I highly endorse is the development of a real security awareness program, and not one that exists solely to satisfy a compliance audit checkbox. Regular awareness training can significantly reduce the potential for success of spear-phishing attacks and other social engineering efforts. Another idea is corporate peer groups, meetings of representatives of organizations in the same or similar verticals to discuss what they are seeing, what works, what does not work and share information security best practices and war stories. There is great value in measuring yourself to your immediate peers in terms of security statistics and practices.

What if, despite a business’s best efforts, IP theft occurs?

There are many variables that go into this equation, but in general, the process should go detect, disconnect from the Internet, determine the root cause of the data leakage, fix it, clean up and then resume operations. This is where the enterprise risk management program should already have answered questions like ‘Can the business afford to disconnect from the Internet in the event of a security incident?’ and ‘Should we make a public statement that could potentially harm our reputation?’ Your legal department should most definitely be involved in this process. Involving the appropriate local, state and/or federal authorities is a must. Both the FBI and Secret Service have been investigating security incidents for decades and are highly qualified to provide expert guidance during the investigation.

How can businesses ensure departing employees won’t take intellectual property with them?

The quick and dirty answer is through data loss prevention (DLP) systems. DLP systems give organizations the ability to classify certain data as important and then assign policies to those documents or files. Policies can range from very simple, such as blocking any outbound e-mails that contains Social Security numbers, to more complex rules, such as only members of the executive board are allowed to write documents classified as containing intellectual property to a USB drive. In reality, however, such systems can be cost-prohibitive to many organizations in the SMB market and many find themselves trying to piece together several disparate technologies with higher administrative overhead to accomplish similar results. Like security itself, the balance between capital expenses versus operating expenses is always going to be different from company to company and may dictate which controls are feasible and which are not.

How can businesses best handle having facilities in areas around the world that may be attempting to steal their intellectual property?

This is a continuing and evolving issue for many global organizations. Some have taken the view that any data that is accessible by users in facilities in certain countries should already be considered as compromised. For these businesses, the strategic action plan becomes one focused on designing system and network controls with the ability to enforce the principle of least privilege on the one hand but do not hinder any employees’ ability to do their jobs. Identity is critical in these situations, as is the ability to restrict who has access to sensitive information and control access to removable media. Some organizations are now deploying virtual desktop farms in these regions to address some of their concerns around losing intellectual property, so their sensitive data does not actually reside in these facilities. Others have decided that a certain level of data loss is an acceptable business risk of having facilities is these areas and keep their actual crown jewels under lock and key. At the end of the day, the business must make the decision on what is and is not acceptable and those decisions must be made through the organization’s enterprise risk management process.

Rockie Brockway, GSEC, GCIH, GSNA, Cisco TSS/Security, is the security practice director for LOGOS Communications, Inc. dba Black Box Network Services. Reach him at (440) 250-3673 or rbrockway@logosinc.com.

Published in Columbus