BYOD are you sure?

Last year, 60 percent of all targeted attacks struck small- and medium-sized organizations.

These organizations often have fewer resources to invest in security, and many are still not adopting basic best practices like blocking executable files and screensaver email attachments. This puts not only the businesses, but also their business partners, at higher risk.

(Symantec Internet threat security report 2015) 

I think there is a simpler answer: there are more small and medium organizations than big ones.

The financial people have not enough with ruin the economy, they also ruined the IT departments and put many companies at risk.  The results speak for themselves.

It is a sign of the great lie of our "bring your own device." BYOD

The first presentations I had the opportunity to hear from the hand of some "Evangelists" belonging to the world's leading companies with thousands of employees such as Cisco, Dell or HP, summarized in small letter in the early years of the global crisis as very simple:

“If we give an employee € 1,500 and he goes to your much cheaper laptop in a Media Markt (for example), then I don’t need give him a computer and support for three years”.

 

 

Companies have spent millions of dollars to obtain this result:

 

 

“This allows the firing of many people in our help desk and moving the user problems with the PC's outside our area of support. The result is that we can save millions of dollars.”

 

It was a bad financial decision, not a technical or professional one.

 

Now all presentations for  investments of thousands of dollars are based on tools with all kinds  of securitization, deployment of applications, support applications, and monitoring users with heterogeneous platforms. Worse, if we recognize that 90% of security problems are due to this and it’s reflect some of the attitudes of the end users.

 

Lack of knowledge and weaknesses and user error show that this decision was a serious mistake or  one perfectly planned and with awareness of its consequences to speculative financial decisions.

 

My conclusion:

The device, which only allow use corporate applications, must belong to the company.

Result: It is cheaper, more secure, more logical and more functional.

IT people must learn to be financial advisers too.

Internet of idiots or dummies?

Everyone talks about the internet of things, but following the thread raised by the risk of things, only a few people talks about internet of idiots or dummies. It is difficult to understand, but I think it is the most abundant problem.

thimblerigger is playing  to Three-card Monte

How Mika Waltari wrote in Sinuhe, the Egyptian “Everything begins again there is nothing new under the sun; men change even when changing their habits and the words of their language.Men flit around like flies lying around a honeycomb, and the words of the narrator embalmed like incense, although it is squatting on the dung in the corner of the street; but men shun the truth. ....”.

Maximum risk: when an idiot begins to create, invent, innovate thanks to the ease of use of social networks, then everything becomes a risk to the company.

Those smart people and experts tell us that we should connect with our clients in social networks so that we can attract them to our web pages to achieve good future relationships.

Have you seen what kind of successes these professionals really have had in some cases?

 

There are a lot of people speaking only about things that they have read in internet or have learned in some course without know the reality of the day a day in the hard work of sales.

This is something that feeds my anger, because they are  not respectful of the work of a lot of the other people that are  selling and need to sell every day . Often I think that this is because they are not able to do it themselves and try to manipulate, for a lead at t a playing field that only benefits at them.

The other day I saw a competitor’s commerical with all of its most important clients as contacts in linkedin. Thank you. I don’t have to look for anything. In five minutes I will have all your clients, what they are involved in...well, we will save money by not having to contract anybody to get this information for us.

For example these days there is a discussion about charges for music downloads from the internet. The same people who have defended the right to piracy because of the high prices. they are maturet now and now they know that this can’t be. The problem is the large quantity of work, knowledge robbed, pirated, plagued by the useless and idiotic in the internet, and we can no longer recover it.

Put your ideas on the internet, share your knowledge, Everything is free. Maybe it is good idea for you and in any case it’s your risk.

For putting the ideas , customers and knowledge of the company and colleagues on the net, we need a risk evaluation.

It surprises me when Forrester predicts that these type of cross-channel sales (defined as transactions that are influenced by digital medium but completed via an in-person channel) amounted to $1.4 trillion in 2014 and will reach $1.8 trillion in 2018. In 2014 it represented more than 4 times the amount of total online sales!

Three-card Monte other time?

In the last ten years companies like Cisco, HP, Microsoft and operators like Telefonica in Spain (I do not know the behavior the others operators in others countries) have made two phases of play and trick.

At first, they explain the advantages of introducing the information of  final customers of their Resellers in their systems (best support, best services, news and more) They exchange this for more money, promotions, a new level of partnership and discounts.

In the second phase they offer discounts directly to  the final costumer , renewals of services of support, products,.etc.

The result is that a thousands of Resellers have shut down  their companies recent years and the crisis is not the only reason, when customers began to be a scarce commodity

Who is really the fish? Why all this?

I think that they don't have the capacity to do a sale. All people are selling anything, but not everyone has the capacity  to do that, and they play  three-card Monte.

Reputation risk is the top strategic business risk

Reputation risk is the top strategic business risk

Deloitte in 2014 Global survey reputation risk references too some examples of ways in which reputations can be tarnished:  “News websites have readers redirected to fake news, damaging their credibility — and the credibility of online news in general...” . Other consequence “Leading retailers take big reputation hits and sales plummet after losing large amounts of customer and credit card data to cyberattacks...”  “But in a world of ubiquitous social media, managing customer expectations and perceptions is key”.

What has changed so that now security is no longer the major risk for a company?

We know that the security of information is basic for our company. Are we worried only about what we don't have?

Social media are smart and fast, but…  Can our marketing take advantage of that?  Perhaps big companies can, but can we?

Why all experts speak only about startups or big company?  Where are micro, small and medium companies?

This is another sample of ignorance and lack of real experience in our companies and we must wary of lot of information that we can read about this.

It is easy speak about big companies about their success of failure and speak about Startups, but you need know and to be specialist for speak about micro, small and medium  companies.

Is it difficult? Yes, but there's the quality that we need.

Have we learned to live with insecurity? Every day news about security matters becomes more worrisome, and the concerns about cybersecurity are becoming ever more important.  - We cannot lose this perspective   and this must always be present in our mindset 

Maybe it’s only the consequence of hiding our heads in the sand on security issues previously, but what can our reputation depend on now? 

We always knew that it depended on our quality, the quality of our products and services, our sales and technical people.  Why then are we more worried about it than before?

We decided to explain everything to the whole world and to play in social media without knowing the rules of the game, and we have put the responsibility in the hands of people who are supposed to know a lot about marketing and social media, but perhaps they didn’t know anything about our business or have experience with it.

  

Have we now lost control of our reputation?  

Definir una política

Muchas empresas tienen fundadas dudas sobre  que tipo de relaciones deben 
mantener con las diferentes redes sociales, si aún no es el momento o simplemente no se ha planteado la cuestión.

No percibimos de la misma forma redes como Facebook o Linkedin, Yammer Google, foros de debate y otro tipo de redes sociales, la mayoría de veces por lo que nos cuentan, intuimos y pocas veces por experiencia propia.

Una nueva generación de social medias, sin duda con amplia formación al respecto pero a menudo con poca experiencia laboral o de ventas da consejos por doquier. El resultado es que veo  fotos de niños, actividades lúdicas, recetas culinarias, chistes, vídeos divertidos, nuestra suegra diciendo que le gusta lo que decimos de promociones de producto o de la empresa, quiere ayudar claro. No puedo evitar recordar una de las primeras críticas en mi vida de vendedor, cuando mi jefe me dijo al salir "estás mezclando peras con manzanas".... Me había dispersado. Cada cosa en su momento pero no revuelto.

Bueno, lo que no podemos pasar por alto es que aunque no tomemos una decisión al respecto, gente de nuestra empresa incluidos cargos de responsabilidad y todo tipo de directivos ha tomado sus propias decisiones al respecto y hace lo que puede, y si nos atendemos a los datos de las encuestas este debería ser ya una actividad madura en nuestras empresas... 



Escenario en el año 2012 . 

Otra cuestión es que además, esta presencia en las redes sociales en muchas ocasiones ha dejado de ser de carácter personal, se utilizan  las credenciales  de identificación como la cuenta de correo de empresa y se crean páginas web con perfiles, blogs, etc. ; es evidente por lo tanto que esto tiene que ver con la imagen de empresa y forma parte de la información que tiene la empresa y que forma parte de su know-how.

Como primera recomendación sería recomendable, teniendo en cuenta esta realidad, que la empresa se posicione en cualquiera de las opciones pero que lo haga  y que esto lo traslade a las personas de su organización. Creo que es una primera medida que nos ayudaría a todos. 

Adjunto una plantilla de buenas prácticas creada por SANS Institute esperando que pueda seros de ayuda en ese primer paso en las relaciones de empresa y las redes sociales.

Xavier Isern CISA CSIM

Descargar pdf

Documento tipo política redes sociales