Welcome Thomas Baker

We are proud to introduce the newest edition to our B.I.T.S. team, Mr. Thomas Baker.  Thomas joined our team in June of 2016 and brings a range of new skills to the team.  He has a background in Web Technologies and has helped to expand our service offerings to include Web Site Design and Hosting.  Thomas holds a Sales and Technical Support Certification for cPanel, the #1 Web Hosting Control Panel in use today.  Thomas is a recent graduate from WVU Tech in Montgomery, and holds a B. S. in Information Systems and a minor in Business Administration.  As part of his senior graduation requirements Thomas and his partner developed a Sandwich Ordering System for the Bear’s Den, an on-campus sandwich shop.  The system provides a website that can be accessed from a mobile device or computer and allows you to place an order for a sandwich and provide a pickup time.  The order prints out at the Bear’s Den where the staff can queue the sandwich order up and have it ready to purchase when you arrive.  The Sandwich Ordering System is still in use by the Bear’s Den, even after Thomas and his partner have graduated.  The project was so well-received that it has been featured in the WVU Tech Alumni Magazine, BearTracks, which can be viewed here:  http://www.wvutech.edu/magazine.

In addition to working at Jacobs & Company B.I.T.S. and graduating from WVU Tech, Thomas started his own Web Hosting business – AMG Network Hosting – as a hobby in 2009, while still in high school.  AMGNH hosts sites and cloud services for over 300 customers from around the world through partnerships with accredited datacenters.  In addition to starting this company, Thomas has four additional volunteer employees who give their time to AMGNH.  Thomas also partners with Harrison County Business Education programs to provide Website Hosting to all of their Web Site Publication Classes – at no cost.

Originally from the Clarksburg/Bridgeport area, Thomas lived off-campus in Montgomery while attending school.  He and his girlfriend Jasmine recently moved from Montgomery to Charleston and are enjoying living on Charleston’s East End.  They have a family of pets who are also enjoying their new home in Charleston.  These pets include cats, dogs, hamsters, and lizards.  Thomas also recently became a Notary and when asked why he replies, “Because it was something I wanted to do so I went out and did it.”

iPhone 7 and iOS 10

It may not come as a shock to most people at this point, but Apple, Inc. has just released a new model to their iPhone line-up. On what has become Apple’s annual special event to announce the latest iPhone every September, the iPhone 7 and iPhone 7 Plus have been announcing with an availability and shipping date of September 16th. Not only was the iPhone 7 and 7 Plus announced, but they also announced a new release of their cutting edge iOS operating system, iOS 10.

The Specs:

With the latest release of the iPhone 7, we are starting to see processing power equal to that of desktop or laptop computers just a few short years ago available in the palm of your hand. With the iPhone 7 it is no surprise that the processing power has increased yet again. Apple’s announcement of the A10 CPU for both models of the iPhone 7 debuted their first mobile quad core CPU ever. This being said, it is still common today to find many workstation and desktop computers running on a single dual core CPU.

For those of you who follow Apple’s annual events and announcements, you know that it really wouldn’t be an Apple Party without there being “one more thing.” This of course means the latest iOS, Apple’s operating system for mobile phones and tablets. With too many features to list, iOS 10 is perhaps Apple’s greatest advance to make Siri, your iPhone’s personal assistant your best friend. Apple has announced that application developers can now integrate Siri with their own applications. This was something before only available to apps developed by Apple. This was not only a nice surprise now, but as more developers begin to integrate with Siri, your life with any Apple device running iOS 10 may just get a lot easier.

Behind the Clouds

It is no secret that over the past several years moving data to “The Cloud” is an industry trend that is gaining a lot of publicity.  But what exactly is “The Cloud?” The answer isn’t as simple as you may think. The Cloud isn’t one set place or thing.

Simply put, “The Cloud” is a term used to describe the place where you move your data and servers so they are no longer in your office. Essentially, you are moving everything somewhere else to be accessed via the internet from your office.

Where is “The Cloud?” This, too, is not an easy answer, because “The Cloud” is almost everywhere. Essentially, you can host your data from a separate office and it can be considered in “The Cloud.”  This is also known as a “Private Cloud.”  Your data is in “The Cloud” anytime it is not located in the same building or on the same network as your computer or anytime you have to use the internet to access it.

However, the more common definition is that “The Cloud” is any datacenter that hosts your information and manages the hardware for you, reducing your workload when it comes to IT management. There are many “Cloud” providers and almost every datacenter offers some form of cloud services, as do many IT providers.

“Should I move my services to “The Cloud?” This question is a very common one that gets asked often, and it truly depends on your unique situation. There are many advantages to moving to “The Cloud,” but also disadvantages in some cases. To truly know if you should move your data to “The Cloud,” you need to consult with your IT provider, who has the knowledge and expertise to break down the pros and cons of moving your data to “The Cloud” and be able to help you make that transition, should you choose to do so.

Why is SSL Becoming a Necessity?

What is an SSL certificate? An SSL Certificate or Secure Socket Layer certificate is a way of securing a connection to a website to prevent eavesdroppers from collecting and stealing the personal information you give to a website. Many people know this certification as the https:// at the beginning of a website’s address.

For years, most website visitors and webmasters alike have viewed an SSL certificate as something only ecommerce sites needed. Now, this field is changing as a major movement is in progress to make a more secure internet by requiring that all websites have SSL certificates. With the growing market of free WiFi hotspots almost everywhere you go, you want anything you do and send online to be secure. Being able to see other people’s personal information from any website is something anyone can do without much work at any public hotspot, if the users are using unsecured connections to websites. This alone is enough for every website viewer to want to be able to visit their favorite sites over a secure connection and encourage webmasters to start implementing SSL on their websites.

Current websites are already being penalized if they are not using an SSL certificate.  Starting in 2014, Google started taking into account whether or not your website has an SSL certificate into the ranking procedure for your website to appear in search results. This means that if you are not using SSL on your website and your competition does they are gaining an edge on your online searchers. Google and other organizations are now taking this even further by planning on making active warnings whenever users come across a non-secure website in their browsers. These warnings could potentially scare off some viewers who just see a warning and decide to leave the website. The Internet Engineering Task Force has even gone as far as approving new standards, called HTTP/2, that will become the new norm over the next few years for website traffic and require that all sites have an SSL certificate in order to be reached by future browser versions.

So, if some of this implementation still hasn’t happened why should you care? Already, many people look for a secure site when submitting anything on the web, and there is a chance if you don’t have an SSL that you have lost at least one customer. By getting an SSL certificate for your website now you are preparing for the future, as SSL certificates will be required to be on all websites. The cost for SSL certificates is extremely inexpensive and come in many varieties from a basic website encryption all the way up to extend validation certificates that prove to your web viewers that you are a government registered company. If you are ready to hop on board and get an SSL certificate for your website, give us a call and we will help you not only purchase the SSL certificate that is right for you but help you install it, as well.

Windows 10 Is Here!

If you haven’t heard, Windows 10 was released June 29.  Microsoft has been rolling out updates to Windows 7 and Windows 8.1 users who reserved their download times for the free upgrade with what seems to be great success.  Some of my clients have already begun the conversion process and so far the majority of them have been happy with the process.  As with most software though the upgrade process has not gone as planned, resulting in some machines not behaving as expected.  Most of the problem comes from older hardware that does not have a compatible driver.  In many cases, downloading an updated driver for the device that seems to be causing the trouble has rectified the problems.  The “interwebs” also seem to agree that this latest version of Windows is pretty good…high praise for Microsoft as they aren’t known for stirring quite the same hype and excitement as their rival Apple.

Here is the scoop on what you need to successfully run Windows 10.  From a hardware perspective the requirements are pretty low so, provided your hardware has compatible drivers, even some comparatively old machines should run Windows 10.  Here are the base hardware requirements:

  • Processor: 1 gigahertz (GHz) or faster processor or SoC
  • RAM: 1 gigabyte (GB) for 32-bit or 2 GB for 64-bit
  • Hard disk space: 16 GB for 32-bit OS 20 GB for 64-bit OS
  • Graphics card: DirectX 9 or later with WDDM 1.0 driver
  • Display: 800×600

Of course I don’t recommend running the minimum hardware requirements.  I would recommend at least 4 GB of RAM to cover all the multitasking you will be doing since Windows 10 allows you to snap up to 4 open apps to a single screen as opposed to the only 2 Windows 8 supported.

Another cool new feature that isn’t really all that new to other operating systems is having multiple virtual desktops.  We love our desktops.  We stack everything we can on the desktop; documents, shortcuts, applications, you name it it’s on the desktop.  What if you could organize all those things into projects or some other grouping and just flip to that desktop whenever you were working on a task or project.  Virtual desktops make that a possibility.  Of course you could just keep filling up desktops with icons with no sense of organization…the power is yours.  Speaking of power, Cortana, Microsoft’s digital assistant, is now available on pretty much every Windows 10 device.  I use Siri, Apple’s digital assistant, a lot, but by many accounts Cortana wins hands down when it comes to helpfulness.  Cortana hangs out happily on your taskbar taking note of the things you like, what is on your calendar, and numerous other things and presents you with news, information and reminders that are relevant to you.  Helpful tips like you have a meeting across town in 20 minutes but you should take an alternate route because traffic is heavy on the beltway. This is one of the new features I am really going to enjoy.

Windows 10 also has a lot of security features built in like Windows Hello.  Windows Hello is built in support for biometric security.  You can use Windows Hello to allow you to log in to your machine with a fingerprint, facial recognition, or if you are feeling like a super spy, iris scanning.  The one catch is each of these requires special hardware, but since the support is baked right into Windows now I expect we will see prices drop on this hardware as adoption grows. In addition to biometric security, Windows 10 also supports 2 factor authentication. This means that for example to log into the computer you might need a card key AND a fingerprint or an iris scan and a password.  Admit it, you are thinking about Mission Impossible right now, aren’t you?  I know I am.

Like Windows 8.1, Windows 10 comes with device encryption.  This means that out of the box your system drive and any other fixed drives are encrypted.  If you are running Windows 10 Pro or Enterprise you also get access to Bitlocker and Bitlocker-2-Go.  I have talked about Bitlocker before, but if you don’t know Bitlocker is an encryption tool used to encrypt data on hard drives.  Bitlocker-2-Go takes that an extra step and allows you to encrypt files on a portable device and decrypt them on another computer as long as you have password.

If you intend to do the upgrade to Windows 10 check first with your PC manufacturer to see if the hardware has Windows 10 driver support, or have your IT pro check it out for you. Here is a table that shows the upgrades to the different versions of Windows 7 and 8.1.

Windows 7 & 8.1 Versions Windows 10 Versions
7 Starter, Home, Home Premium Windows 10 Home
Windows 7 Pro, Ultimate Windows 10 Pro
Windows 8.1 Phone Windows 10 Mobile
Windows 8.1 Windows 10 Home
Windows 8.1 Pro & Pro for Students Windows 10 Pro


As you can see, Microsoft has consolidated the number of Windows versions down even further since Windows 8.  This makes buying and licensing Windows so much easier.  For Windows Enterprise users the upgrade is covered by your Software Assurance License if you have one and the upgrade path takes you from Windows 7 or 8.1 Enterprise to windows 10 Enterprise.

I am really looking forward to my turn to update to Windows 10 and begin checking out all the new features.  I am really excited to get the update on my Surface Pro 3 which I think is about the best tablet on the market today, competing directly with the iPad.

Rise Of The Voice Activated Digital Assistant

I have been a fan of Star Trek for as long as I can remember.  I would watch syndicated re-runs of the original series whenever I could find them.  To be honest, what clenched it for me was Wrath of Kahn. It is my favorite Star Trek movie.  I also fell in love with the futuristic technology.  The sheer level of automation always set my imagination ablaze.  Between Siri, Cortana, and IoT I almost feel like I am living the fantasy.

When Siri was first announced and subsequently released I was extremely excited.  That excitement was short-lived as the first iteration of Siri.  She was little more than a novelty.  As Apple continued to improve the iOS devices and connect Siri to more resources and information she became far more helpful.  I hop in my car and plug my iPhone into the charger so I can speak to Siri hands free.  I ask Siri for directions for my destination and we are off.  I use Siri to find restaurants and make appointments.  I ask her to remind me to do things.  It amazes me how often I actually use the little gal.  She is virtually trapped though living only in my iOS device.  Some of my information will follow me to other iOS devices and even my PC, but what Siri knows about me seems to be lost.  This is a 1 up Cortana has on Siri.  Cortana learns about you and saves that information in your cloud and whatever device you are connected to she remembers you.  Just like Siri, I can ask Cortana to perform tasks for me.  Make appointments, take notes, find information, and much more.  By many accounts Cortana’s speech recognition and natural language recognition also out performs Siri.  I can attest that Siri does still stumble frequently when I am talking to her, which can be frustrating sometimes.  She is getting better though.

Apple extended the potential of Siri not too long ago by releasing a new API called Home Kit.  Home Kit allows software developers to leverage Siri for interaction with their iOS apps.  I recently came across a new smart plug from iHome that allows you to use Siri to turn on or off a device like a lamp that is plugged into the Smart Plug.  Say “Hey Siri, turn on the Living room Lamp,” and on pops the lamp.  Cool, huh.  Cortana isn’t one to be left out of the party.  Microsoft has always supported developers by allowing them to leverage Microsoft technology, and Cortana is no different.  The commands Cortana understands can be extended to add voice automation to Windows 10 apps opening up the same potential Home Kit has opened up for Siri.

What makes this so exciting is the new era of connected devices known as the Internet of Things or IoT.  Imagine your oven is connected to this internet of things.  The developer has leveraged your personal cloud along with Siri or Cortana.  You are driving home and you need to get some chicken nuggets in the oven before the kids go to soccer practice.  There is no time to waste waiting for the oven to preheat so you tell Siri to heat the oven to 350°.  The oven is ready for you to pop the nuggets right in when you walk in the door.  What about security? Doors can be smart and connect to the IoT as well.  Little Billy walked home from school, but he forgot his key to get in the house so he rings the doorbell.  You are stuck in the office when you get a notification that someone is at the door.  The notification comes with a snap shot from a camera on the porch, and there’s Billy looking dismayed that he can’t get in the house.  Ask Cortana to unlock the front door for you.  You watch Billy go inside from the live internet stream from the “porch cam” and tell Cortana to lock the front door once Billy is safely inside.

There are limitless applications for interacting with IoT devices because literally anything can be connected.  All of these actions could have also been accomplished through the use of an app with screens and buttons, but speech is a more natural way of interacting and in most cases much faster to learn.  As these digital assistants are given access to more types of information and the software is trained to better understand more commands in the context of natural speech they will become far more ubiquitous in our daily life.  Soon I will be able to walk into my kitchen and say, “Cortana, tea, Earl Grey, hot” and have a fresh hot cup of tea dispensed on the spot just like Capt. Piccard.  If only Majel Barrett-Roddenberry was still around to lend her voice to my favorite digital assistant I would be one happy geek!  Live long and prosper…Cortana, end transmission.

What Should You Really Be Protecting Your Network From?

My family went to the beach this year for vacation.  Yes I know, I saw all the media about all of the shark attacks on the east coast, but we went anyway.  As I kept a watchful if not unnecessarily paranoid eye on the water and my boys, I began to think about how a lot of the same types of things I try and protect my kids from  I also try and protect networks from as well.  Some of these things are more likely to threaten a network than others, but nonetheless an ounce of prevention is worth a pound of cure.

Let’s start with environmental threats.  Storms and other natural disasters are usually the first things to come to mind.  These threats cause power outages or surges that can prevent access to the system.  Temperature can be a major player on the environmental threats’ team.  Cold can slow down hardware, but heat can really do some damage causing equipment to become damaged and fail.  It is important to be sure all of the equipment used in a network is housed in a nice cool, dry place.  We all know what water can do to electronics…everyone has had that one friend who dropped their phone in the toilet. Here in Charleston, WV storms have caused all kinds of power issues, but by and large earthquakes and raging fires are fairly unlikely compared to other parts of the country. They do happen though, so at least having an idea of how you plan to protect your network from these disasters is a good idea.

Make no bones about it natural wear and tear is a threat to your network.  Parts fail. We have talked about this before.  You take your car in for maintenance, and you should plan for the same with your network!  Regular checkups and preventative measures like taking your children to the dentist or the pediatrician are some of the things we do to protect our kids from problems.  Doing regular checkups and making sure everything is up- to- date and running smoothly can help to protect your network from problems before they start.  Upgrading parts like hard drives and memory as well as fans at a set time in a server’s lifecycle can breathe new life in to the device as well as head off any potential failures along the way.  Staying proactive can save you money when compared with the cost associated with down- time associated with a failure.  Recovery from failure in general takes far more time than proactive maintenance.  You also have the lost productivity and potential loss of customers with which to deal.  In most cases, the type of proactive maintenance can be done without any downtime whatsoever.

People…oh wow, people are a huge threat to your network, in reality probably the single greatest threat your network faces.  “People” as a group should be extremely limited in how they can interact with the network.  Employees should not have any more rights or privileges on any device on the network than absolutely necessary.  Physical access as well as remote access should be limited.  Employees can bring your entire network down by accident or through malicious intent.  Of course we want to trust our employees and from experience only a very small portion of these people problems are malicious in nature.  Maintaining a principle of least privilege for everyone on your network is a simple, effective way of deterring many security breaches and failures.

Sometimes it is other people outside your organization that can be the weak link in a chain.  Say for example you send a document with confidential information inside to a contractor.  Imagine it is a spreadsheet with your client’s personal information and credit card numbers.  Imagine that contractor accidentally sent this file to an unauthorized party.  This would constitute a major security breach outside of your office.  Even though this data left your office you are still obligated to protect it for your clients.  Encrypting these files is a great first step.  Another tool that you may not have heard of is Document Rights Management (DRM) or Information Rights Management (IRM).  This technology extends the document you sent out with a set of explicit permissions as to who is allowed to open it and what they can do once it is opened.  You can disable printing, copying, and even saving the document, to name a few.  DRM or IRM is an extremely powerful tool for protecting your data outside your network’s borders.  What about keeping information from leaving your network all together.  Microsoft has some interesting new tools as part of Azure and IRM that can check a document in a number of ways to determine if the file meets all the requirements for being able to be sent via email or on OneDrive share before it ever leaves the network.

Of course viruses are still a very real threat, so keep your firewalls locked down and your software up to date.  Backing up your data is critical to the recovery if something does go wrong.  While these 2 items could technically be considered preventive maintenance, they are so fundamental to protecting your network and your data I feel they warrant being called out separately.  Do your updates on ALL the software on ALL the devices in the network.  Make sure antivirus is installed EVERYWHERE.  When setting up your backups remember the 3-2-1 rule.  3 copies of your data, 2 on site, and 1 off site.

Follow best practices and continue to test and iteratively build your security and you will be in a much better position to protect yourself and your client’s data.  Diligently working to maintain the highest level of security you can has become even more important now that the FTC can also take you to court if they believe you failed to make reasonable efforts to protect consumer information under a 1914 law that gives the FTC broad powers to protect consumers from companies that engage in unfair or deceptive business practices.  According to a US District Judge last year, unfair and deceptive business practices now encompass businesses cyber security practices, basically saying customers trust that you will protect their data and failure to follow solid cybersecurity practices is like deceiving your customers with a false sense of security.  Make sure you talk to your IT and risk management teams about implementing and enforcing security best practices, because there is no such thing as a small breach.

Office Is Now On Android!

Everything we do today is in bite-sized chunks, from sharing quick status updates to entertainment like short videos on YouTube and Vine.  The short and sweet little bits of entertainment and information are delivered to us on demand to a myriad of devices from phones and tablets to laptops and desktops.  The way we work is changing, too.  More and more work is being done in bites and clips on the go and on demand.  While smaller devices are not great for extended data entry sessions they are perfect for taking notes or developing an outline of a document on the go or perhaps roughing out some paragraphs or dropping some new numbers into a spread sheet to see how it changes the bottom line.

Most of this kind of work has kept us tethered to a desk shackled to desktops and laptops using the Microsoft Office Suite.  Microsoft brought the ability to view and edit Office documents on Windows Phone devices what seems ages ago.  More recently, the ability was granted to Apple iOS devices.  While this mobile version leaves a lot to be desired as far as features go, new features are being added to this mobile version at a breakneck pace.  Now, as promised, Microsoft has released Office apps for the Android operating system.  As an added bonus, the apps are free!

Android users can now download and install Word, Excel, PowerPoint, Outlook, OneNote, Lync, OneDrive, Skype, and Yammer for their Android phone or tablet.  Now there are a few minimum requirements with which many of you Android users will already be familiar.  Compatible devices must have an ARM-based processor or an Intel x86 processor.  In addition to the hardware requirement, the device must be running Android KitKat 4.4 or newer in order for the new Office applications to run.

The apps support cloud storage like Google Drive and Box.  Microsoft Office has added word count and proofing capability.  Excel supports formulas, tables, and charts.  The best thing about the Excel Android app is its ability to render a sheet exactly or nearly exactly like the sheet is laid out on a desktop monitor with advanced visualizations like spark lines or other charts.

With this latest platform Microsoft has covered all of its bases.  IOS, Android, Windows Mobile, Windows, or OSX. No matter what device you have handy you will be able to work on almost any type of document from spreadsheets to novels.  Have some downtime at the Dr.’s office? Pull out your device and make some last minute edits to that contract you have been working on.  Halftime at the little league game? Pop some new numbers you were just emailed into the financial analysis for an investor you are trying to win over.  We are a mobile workforce, and using these tools to their fullest can help us all live life while still “getting it done.”

Go to the Google Play store to find out more about these apps and install them or you can head over to https://products.office.com/en-us/mobile/office-android-tablet to see what else Microsoft has to say about these new apps.

No Time Like The Present…For a System Review

IT isn’t this magic box in the closet — it is a system, a conglomeration of moving parts and processes working in concert to perform tasks, much like a car.  A car has an engine, doors, lights, and numerous other systems.  Some of these systems depend on each other and some stand alone.  They all share a commonality — wear.  Everything on a car eventually wears out and breaks.  Some of these breaks are more critical than others, like the engine or the brakes.  You regularly have these systems serviced and when necessary parts of them are replaced when the time comes.  You take your car to a mechanic and on his professional recommendation perform the regular service as needed.  Why then do most of us refuse to maintain our IT systems?

There is no time like the present to start though.  With Windows Server 2003 on the way out, the Windows 10 desktop operating system on the way in along with new versions of server products from Microsoft, not to mention the never-ending march of new hardware like firewalls and switches now is a great time to review your systems and to get started on a regular plan of maintenance for all of your IT systems.

A system review is a great place to start.  Much like a car inspection or a checkup at the doctor’s office, a system review is a chance to take stock of your systems, gage wear, and develop a plan for upgrades, repairs, and even replacements.  I like to start with the part of IT everyone sees every day — the computer sitting on the desk.  Taking a full inventory or even a sampling of systems to determine how old they are, RAM installed, and storage available are the first things to check.  Take a look at the operating system.  If it is Windows XP make note, because it is past time to replace those machines.  Take a look at the operating system and see if updates need done.  Take stock of any software being used that might be obsolete and need updated.  Taking a log of complaints at this point is also recommended as it helps point you toward problems employees have that are affecting productivity.  Now do the same thing for the servers.  Knowing the software installed, the hardware specifications, status of the operating system, and the age of the system will help you determine the best course of action here in your maintenance strategy.

Moving on to looking at some of the more exotic parts of the IT system like switches, routers, and firewalls should also be included on your maintenance check list.

If you can determine how long a device has been in service that is a bonus.  Many of these devices are “smart” and run an operating system called a firmware that occasionally is updated by the manufacturer.  Finding out what the latest version of the firmware is and if the version doesn’t match your device you probably should add this to your maintenance plan.  These devices also typically have a support lifetime.  If you have been running the device for 5 or so years and the manufacturer has ended support for the device planning for replacement is probably a good bet.

One area you might not be thinking about is your data.  We store huge amounts of, for lack of a better term, stuff on our servers.  Much of it has a very short useful life and can be readily deleted.  Other things are more important and though we might not ever need to look at them again except in special circumstances need to be saved.  This data can be archived onto an external drive or DVD and stored so it is no longer using up storage and backup resources allowing backups to cost less and complete faster.

Armed with this information and a few pointers, it is time to plan and implement.  Create a maintenance plan for the next 6 months or even year that is prioritized from most pressing to least.  Start working through the plan.  Don’t do all this work only to let the plan languish.  Put someone in charge of making sure it gets done.  Use your favorite consultant, maybe even set up a day or 2 a week for them to spend on site working through the plan, but please make sure it gets done.  I cannot stress that point enough.  My work more often than not centers on putting out fires and recovering from disasters, but you know that I am happy to see that work diminish because your business is changing its metaphorical IT oil.  You will be surprised how much better everything runs when you do.

Cyber Security – Not Just an IT Problem

Current IT-related news is a non-stop parade of data theft and cyber security breaches.  It isn’t really that the threat of attack has gotten worse as much as accountability expectations have risen due to exposure by the media.  Since the big Target breach nearly 2 years ago the media has reported on an ever growing number of breaches and the cost of dealing with those breaches after they occur.  This media coverage is making a lot of business leaders sit up and take notice, though maybe not for the right reasons.  The potential risk to operations in real dollars has caught the attention of nearly everyone.  Recovering from the 2013 breach has cost Target over $200 Million.  That is a serious threat to investors and the bottom line.  Target isn’t the first to be caught having to deal with these unexpected blows to their wallets and they won’t be the last.  Target does however seem to be the tipping point that has pushed cyber security out of the sole domain of IT and into the domain of operational risk management where frankly it should have been all along.

Presidents, CEO’s, and boards of directors are calling for strategies to manage and mitigate what they now perceive and understand to be a real risk to their companies.  Small businesses too are starting to take notice of the very high cost of a breach and how devastating that cost would be to recover from a breach.

It is a very long road from where most businesses are in developing cyber risk management policies and where they need to go.  One stop gap measure that has gained traction is the purchase of cyber risk insurance.  These policies cover costs related to data breach and data loss that are incurred when going through the data breach notification process as well as some compensation for loss of business due to loss of customer confidence.  While this is a great first step in protecting the business from risk it doesn’t reduce or manage the risk it just offloads it someplace else.  A strategic approach to managing, mitigating, and minimizing risk.  This strategy needs to take a holistic view of the business and the data within.  Prioritizing this data and the processes that are the most sensitive will help to manage the cost and reduce time and resources wasted securing systems and data that don’t need as much attention.

Once you have a clear strategy, the next step is to begin implementing best practices and reviewing the outcomes.  This is where a cyber-security framework would come in very handy.  Most businesses have to develop their own starting nearly from scratch for each new project.  In 2014 the National Institute of Standards and Technology or NIST released a Cyber Security Framework in an effort to fill this need though adoption has been slow due to the limited resources available to support it when it is implemented.  The framework does have merit and is built on a clear repeatable structure with clear goals and measurable outcomes that the business leaders want to be able to see.  The NIST framework is built on 5 core functions and relates to managing and mitigating cyber security risk: Identify, Protect, Detect, Respond, Recover.  These functions are supported by a number of existing IT governance frameworks like COBiT and ITIL as well as Industry best practices that have been categorized under each function.

Using existing best practices and implementing them as well as governance frameworks as part of a cyber-security risk management strategy will reduce the cost over time of implementing the strategy and when used as part of a cyber-security framework will give IT a clear way to track outcomes and data related to the effectiveness of the strategy to business leaders who now need to make decisions about cyber security risk they once left up to IT.  Cyber security is not just an IT problem and now more than ever communicating with business leaders about cyber security in a way they understand is of the highest importance.