Archive | Blog RSS feed for this section

Visual Hacking – Watch Out for Those with Camera Phones

The Ponemon Institute on behalf of 3M and the Visual Privacy Advisory Council, performed experiments with visual hacking techniques and the results were surprising. Ponemon hired a computer security expert as a hacker and gave him access to eight firms through a temporary worker badge. What the institute found was disturbing.

The hacker achieved success in close to 90% of the attempts. This included access to sensitive corporate information on a workers desk or computer screen. Information included contact lists, customer information, corporate financials, and employee access and login credentials.

According to the report, ‘The hacker used three techniques to obtain the information: walking through the office looking for information on desks, computer screens and other locations; taking business documents labeled as confidential; and using his smartphone to take a picture of confidential information displayed on computer screens. What’s more, the hacker used these techniques in plain view of employees. In fact, 70 percent of the time, the expert was not stopped by employees. Even when he was stopped, he was still able to steal some sensitive information.’

What I find interesting, in only one case did someone ask why the person was there and why they were taking pictures. Curiously the same experiment in a traditional office layout did yield as much hacking success.
Since Ponemon granted security access to the firms being hacked, in reality, they may have been stopped by security.

Still, interesting findings.

Comments are closed

Microsoft on a buying spree – LiveLoop added to the Microsoft cast of players

Microsoft recently acquired LiveLoop. Live Loop is a Microsoft PowerPoint plug-in that brings truly real time cloud-based collaboration to PowerPoint’s 750 million users, enabling teams to collaborate effectively without leaving the familiar Microsoft Office ecosystem. “Instead of emailing dozens of versions of a presentation back and forth, with filenames like Marketing_v133_Final_v2_ReallyFinal, LiveLoop’s users work on a single version of their presentation, seeing each other’s changes as they type.”  It is anticipated that LiveLoop has bigger fish to fry and will eventually work with documents of all types, not just PowerPoint.

I am a heavy duty PowerPoint user. From my work perspective, I really don’t want others watching me in real-time create PowerPoint slides, nor do I want to watch them creating slides for the same presentation. I think I would find it rather unsettling. Like, “oh no, where did they get that? I already did that slide later in the deck,” and you can imagine if you are like me what would be racing through your head.

I suppose for this to work effectively, you would have to perform pre-planning to ensure all participants are focused on their part of the presentation. I wonder too, how much of the message gets blurred or lost with participants expressing their own point of view. Writing will always be subjective.

I do see the advantage of eliminating multiple versions being emailed when one item has been changed. I also see the advantage for very large presentations to break it into sections, enabling all participants to work on their own section at the same time. I am very curious to see how well this will be accepted and used. I can see benefits, but to me let me keep doing it the way I have always done.

From a Microsoft game plan – according to the author Virginia Bakaitis, it’s likely that LiveLoop’s PowerPoint solution will be integrated into the Office 365 family much the same way Accompli was. As a result there will be no need to reach for non-Microsoft tools. Interesting scenario. Something for everyone – and it’s all Microsoft. Guess that’s a different article.

So what do you think?

Comments are closed

A Data Breach – Just Pocket Change

I just read a really interesting article about the cost of data breaches. The article, How much do data breaches cost big companies? Shockingly little, is the result of an analysis, published in Fortune. The analysis was written by Benjamin Dean, a fellow at Columbia University’s School of International and Public Affairs.

According to Mr. Dean, despite that the Anthem breach is now approaching $111 million, Target at $10 million, Sony anticipates spending $35 million and Home Depot $28 million, and these sums are minor in the big scheme of things. The gist of the article is that these sums are just pocket change to these companies. “These numbers are likely not small enough to vindicate Sony Pictures’ former executive director of information security. In 2007, he told CIO Magazine that “‘it’s a valid business decision to accept the risk’ of a security breach…I will not invest $10 million to avoid a possible $1 million loss.” But Dean’s analysis does come alarmingly close to making the minimal effort-stance a defensible position.” For Home Depot, the $28 million “represents less than 0.01% of Home Depot’s sales for 2014,” Dean points out.

In his conclusion, “until corporations are held more accountable for these breaches—not with $10 million slaps-on-the-wrist—but with, well, he isn’t quite sure what yet, companies won’t make the big investments in information security needed.”

Although this is an interesting perspective, there are so many harmful impacts of a data breach, considering credit card theft, theft of health information, social security numbers, etc. The above is just an example of irresponsibility on the part of the organization and to blow off the cost at the expense of their audience and stakeholders.

I think organizations must act ethically, even if that means putting the appropriate security in place to protect their employees, customers, vendors, anyone they do business with. I think it’s a sad commentary. What do you think?

Comments are closed

It’s Baaaaack. After a 30 year hiatus Artificial Intelligence is on the move.

I just read an interesting article, ‘The Return of Artificial Intelligence’. Written by Bloomberg News, it appears that the sleeping giant, Artificial Intelligence is now awake and on a roll. Most are start-ups, and according to the article, funding is there for the asking, without even a business plan.

So, what are these entrepreneurs developing? The current trend seems to focus on developing business tools that solve specific organizational challenges. Behind the resurgence, is companies like Amazon, Google, Apple, and Microsoft who have over the past decade deployed AI technologies, such as which ad is more likely to be clicked on. Other examples include Apple’s chirpy assistant, Siri, and Google’s self driving cars.

What I find interesting, is this focus on solving business problems. According to the article, “the University of California at San Francisco began working with Palo Alto, California-based MetaMind on two projects: one to spot prostate cancer and the other to predict what may happen to a patient after reaching a hospital’s intensive care unit so that staff can more quickly tailor their approach to the person. Theresa O’Brien, an associate chancellor at UCSF, said the university teamed up with the startup—the first such collaboration she’s aware of—because it wants to develop better approaches to bespoke medical treatment by employing computers to sort and link data, which AI can help.”

American Express uses AI to automatically detect fraudulent transactions. ““Our machine learning models help protect $1 trillion in charge volume every year, making the decision in less than 2 milliseconds,” Vernon Marshall, American Express’s functional risk officer, wrote in an e-mail, without disclosing which AI companies it works with. “We have been delighted with how well this technology can detect fraud.”

All in all, it will be curious to watch as AI developments unfold.

(If you have a few minutes and use SharePoint or Office 365, could you kindly take our metadata survey? You could win a free conference pass to Microsoft Ignite. We would greatly appreciate it)

Comments are closed

I thought we were over this? Information Governance is NOT that hard to understand.

Many of my colleagues send me information that I would be interested in, which is great. I just happened to read a blog, by Gordy Hoke, who jotted down his notes from attending LegalTech, sponsored by ALM Events, Mr. Hoke made some very interesting comments on Information Governance (IG) that he gleened from the exhibitors.

Although humorous, I found it very surprising that vendors in the legal arena still don’t understand IG. According to Mr. Hoke, who attended the New York City LegalTech Feb. 3-6, “Information Governance (IG) could be seen as an incidental tag line or a rising star. I say “incidental tag line” because many exhibitors added IG to their signage in a list of bulleted items. It was as if they wanted to be sure not to exclude someone because they didn’t have a requisite buzz word. ..kind of like Burger King adding a vegetarian patty to their menu so a single herbivore in a group would not 86 the idea of going to Whopperland.”

He continued, “When questioned, many booth personnel had no idea how to define IG. Some equated it with data management, others called it eDiscovery/predictive coding, still others said it was defensible disposition, and a final group said The Dead Man in Yossarian’s Tent could answer my question, if I would just return later. This was disappointing and dismaying, but it speaks to the noted (if misunderstood) significance of IG. (To be fair, a couple vendors were on board with real IG, but they stood out as exceptions that prove the rule.).”

I’m not sure if this confusion is due to the term being relatively new, but for goodness sakes, the exhibitors could have at least taken a peek at Wikipedia. As far as I am concerned, IG may be difficult and challenging to implement, but it really isn’t that hard to understand.

Even though we are a software vendor, it does rock my boat when vendors are unable to discuss or substantiate the claims that they make. I was kind of surprised that this was so prevalent.

WDYT?

(If you have a few minutes and use SharePoint or Office 365, could you kindly take our metadata survey? You could win a free conference pass to Microsoft Ignite. We would greatly appreciate it)

Comments are closed

Be Happy You are Not Responsible for the Security of this.

Do you know every 60 seconds there are:

  • 98,000+ Tweets
  • 11 million instant messages
  • 698,445 Google searches
  • 168+ million emails sent
  • 1,820TB of data created
  • 217 New mobile users

What’s my point? People love their Internet communication toys? No, the real point is security. Although the above are global numbers, many points are admissible in a court of law. It is the organization’s responsibility to protect and secure tweets, instant messages, and emails. Finding privacy or confidentiality holes in unstructured content is hard. It’s a growing problem, even more so with the use of the cloud. My guesstimate is that more than 95% are harmless. But what about the remainder? Content needs to be analyzed as it is created or ingested, not after the fact. To accomplish this, there are tools available, such as ours, that will identify exposures, either privacy or confidential and remove them from search or portability. Even something as simple as restricting the ability to download files can prevent 63% of potential exposures before they occur. It’s a help.

What measures do you take to safeguard privacy or confidential information, either in the cloud or on-premise?

(If you have a few minutes and use SharePoint or Office 365, could you kindly take our metadata survey? You could win a free conference pass to Microsoft Ignite. We would greatly appreciate it)

Comments are closed