Sunday, February 26, 2012

Personal Online Security

I had the opportunity to attend a meeting on February 24 at the New York Federal Reserve Bank. It was arranged through Fordham University, and the focus was cyber security.

Much has been said on this topic – and the more I hear the more frightening it gets. I will not try to summarize the presentation or the discussion that ensued among participants, who included CIOs of several major private and public institutions. It is far too complicated to capture in a single blog entry.

But the meeting caused me to think about personal security. Many of us have online access to bank accounts, credit cards, private information (e.g. email and contacts and calendars) and other highly confidential information. We are all used to two factor security arrangements (i.e. a user id and password). Some of us have had experience with one time passwords and other personal methodologies as well.

Keeping track of passwords is a challenge. So some of us store them in Outlook. Others use various ‘secure’ password storage facilities that are generally available. The common weak link to all of this is our email identity.

Why do I say that? What happens when you forget a login id or a password? Often you need to answer a preselected security question but in most cases you get a link emailed to your email account of record. That link ‘authenticates’ that the authorized party is requesting the password change, and allows it to be made.

But what if a hacker has access to your email account? Unless you are carefully monitoring your email account, and even if you are, a hacker can intercept that email link, change your password and access your private information, credit cards, bank accounts and who knows what else. And by time you figure it out – if you do – the damage is done and is irreversible.

What are we to do? There is no simple formula nor is there a foolproof methodology. I suggest the following as a starting point.:

1.       Eliminate all stored passwords from Outlook contacts and other repositories

2.       Use a unique password for every important access point of interest – personal information, banks, credit cards, email, etc.

3.       Change passwords often – monthly or more frequently for critical access points such as bank account access

4.       Change your email password very frequently – weekly!

5.       This will cause you to worry – as it does me – about how to remember all of these rapidly changing passwords. The process I suggest is to change your email password, then immediately request a password change at the site you wish to access. Use complex passwords – a combination of capital and lower case letters, numbers and if allowed by the site, special characters. Make sure the passwords have no meaning.  Do not worry if you do not remember it – you can do this for every access if need be.

6.       NEVER access any accounts or email via unsecured wireless connections.

7.       Secure access to mobile devices – PCs. Tablets, phones – though a password.

Is this enough to provide absolute security? No – the bad guys are continually seeking to find new ways of intruding on your privacy. But it is a start. Is this a pain in the neck to do? You bet. But losing your assets or personal identity is a bigger pain.

For more information about SIM Associates, please visit www.simassoc.biz. You can access this blog directly from there, as well as directly at simassocblog.blogspot.com/

Friday, February 3, 2012

The Transformational CIO

On January 30, I attended the 2012 CIO Summit of America sponsored by HMG Strategy and the NY Metro chapter of SIM. The focus of the day was on the transformational CIO.

In summary (and there was far too much good information to simply summarize it, but I will try anyhow), several themes resonated throughout the day.

First, it is the role of the CIO to cause transformation of the enterprise through innovation and leadership. Technology is an integral part of business. Technology leaders who are to be successful must move beyond being requirement takers to being innovators at the business level. This requires as a basis excellence in execution – all of the skills that have always been expected of IT teams. While that is necessary, it is no longer sufficient – innovation and leadership at the business level are requirements for future (and indeed current) success!

Second, the cloud is a key component of a CIO’s toolkit. Leveraging both private and public cloud technology can aid the enterprise in excellence, focus and responsiveness. Numerous vendors – both established and new – are providing the tools to foster cloud innovation and implementation.

Third, social media are transforming the way business is conducted – both within the enterprise and in the external space. No longer just an add-on, innovators are building upon the capabilities of social media to foster communication and flatten organizations. Those who have followed my commentary in the past will recognize that the emerging themes for CIO success are what I have been focusing on for some time. CIOs need to lead and engage the business, in addition to performing the traditional functions of application and infrastructure support with excellence. The broadened recognition of this reality will help set expectations, and motivate contributions to business success. Social media and the cloud are important tools in the CIO’s tool kit. They allow new capabilities to be deployed as never before. These tools, combined with the rich set of other tools in the wise CIO’s tool kit, enable success in new and exciting ways.

This posting represents my first of my newly inaugurated blog. Your comments, reactions and contributions are welcome, and I hope this becomes a useful forum for sharing and exchanging ideas.

What do you think?