Archives For The Bottom Line

policeThis Week’s Lesson on Good Security

Physical and digital security aren’t that far apart in principle. This week’s attacks on NY and NJ are another reminder that we need better security.  We’re getting hit on all sides. Governments are infiltrating our data, aggregators are profiling us far beyond any security check point or law enforcement group. And terrorists are hitting us in the streets.

Security is not a political question, it’s a science. Protection, detection, response. Three parts of a well defined system that work, when properly sequenced and timed. On the data side, as I shared with the Allinal Event attendees this week in San Antonio Texas, IT groups have been lulled into unnecessary product purchases, chasing meaningless compliance regulations (not that all of them are meaningless), and putting their faith in technology to keep out the perpetrator.

This morning’s Wall Street Journal offers a sobering insight from someone who’s experienced terrorism overseas as part of their daily life. Bret Stephens writes,

“What’s the lesson here for Americans? This past weekend’s terrorist attacks hold at least two. One is that there is a benefit for a society that allows competent and responsible adults to carry guns, like the off-duty police officer who shot the knife-wielding jihadist in St. Cloud, Minn. Another is that there is an equal benefit in the surveillance methods that allowed police in New York and New Jersey to swiftly identify and arrest Mr. Rahimi before his bombing spree took any lives.”

A change is needed in our mindsets on security. Security isn’t compliance or politics, it’s life. In the digital world our intellectual capital is being taken even day, bank accounts drained from fraudulent transfers, and businesses crippled by ransomware. On the streets, the expectation is that the police will be there just before the bomb goes off, on the network, we expect firewalls and antivirus software to stop every attack in it’s tracks…but they won’t.

Great security means being able to detect something is wrong before it’s too late, and having a well-rehearsed, timed response plan, that can stop if before damage is done. New laws and efforts to keep the bad guys out never work.

© 2016, David Stelzl

P.S. If you’ve not yet read Digital Money, The Smart Business Leader’s Guide to Stopping Hackers – it’s on Amazon right now!

Advertisements

The Florida Shooting – the Worst We’ve Seen So Far

But It Will Get Worse If The Right Actions Aren’t Taken

As I write this blog, I am aware that this is a sensitive issue. People’s lives have been destroyed here, and there’s no easy way to sooth that pain.  It’s tragic.

But in each of these mass shootings (and they seem to be gaining momentum here in the states), government officials start reacting and wrong  thinking drives us deeper into a hole.  In most cases, they’re all missing the root problem.

These are all Security Issues -And When Security is Broken People Get Hurt

Omar Mateen represents just one of hundreds or thousands of individuals who have bought into the ISIS lie.  Another Omar could be anywhere – perhaps even living next door or attending your Church or school, waiting for the right moment to take action. And they don’t have to belong to ISIS. There are all kinds of extremist groups and gangs that aim to hurt and kill. It’s a growing problem.

The FBI tells us, “Omar is an example of precisely the threat that has consumed the agency: The self-radicalized American.”  So how do you stop the next Omar. There’s no easy – but security principles, done right, can help.

Wrong Thinking Prevails

For some reason, few understand how security works.  Just yesterday I was talking with a client about his home security. He thought he had it right, but in two minutes he realized he was completely helpless if someone were to invade his home.  That’s the case with most homes, nightclubs, Churches, schools, etc.

Should we clamp down on freedoms?  

The U.S. could become more like China, closely monitoring what people read and do online. Is that the right approach? Give your freedom away, and you won’t get it back (wrote Ben Franklin).  The FBI, in today’s WSJ report – “Orlando Shooting Plays Into FBI’s Homegrown Terror Worries” all but says Omar was recruited by the Internet.

Maybe there’s too much freedom online.  If we head down that path, there’s no telling what the government will allow over time. China doesn’t permit content that goes against the government’s agenda, preferred religion, etc. I don’t think we want that kind of oversight. There must be another way.

How about stamping out the First Amendment? Should we stop people from expressing their opinions, or speaking out against something they don’t like? Our country is quickly heading that way. Suddenly everything is a hate crime. Perhaps your beliefs don’t fall into this category, but at some point they might. Years ago men were killed for wanting a Bible written in the common language. That same type of oppression could come back to bite us all in whatever area is important to you.

“The U.N. Rights Chief Decries Insufficient Gun Control”, reports Associated Press. Really? Will throwing out the 2nd Amendment fix this problem?  If you think Omar needed a local store and permit to get a weapon, think again. If he couldn’t find a black market assault rifle (and I am sure he could have if he wanted one,) he would have made a bomb out of fertilizer.  You can’t get rid of drugs, human-trafficking, black-market firearms, or counterfeit money.  Even the guys in prison have access to these things.

The truth is, no-gun zones are prime targets for killers. In most cases there is no response plan in these locations.

So How Did This Guy Get In?

Great security is always a matter of real-time detection, real-time response. Back to The House & the Cloud. If someone breaks into your house tonight – let’s say a couple of armed gang members, will you know it? Will your alarm go off?

Let’s say it does. Then what?  Will your alarm monitoring company call 911.  If you have one, they will. Will the police stop any mass shooting at your house? The answer is no. The last time my monitoring company dispatched the police it took them 20 minutes to arrive. The average shooting happens in about 11 minutes according our local SWAT commander. But they’ll be there to take the report and investigate.

I’ve read numerous reports on this Florida incident. It’s horrible.  There’s no other words to describe it. But none of the reports I’ve read talk about how this guy got into the club. Did he hide the assault rifle under his polo shirt?

He was detected – but it was too late. He was in the club, armed, and prepared to kill. Detection has to happen at the perimeter. A response plan must execute immediately. Last week North Koreans allegedly hacked into the SWIFT system.  They too were detected, but not until $81 Million Dollars had already been taken.  Again, it was just too late. Slow detection, slow-or no response, can keep anything safe.

Taking away First and Second Amendment Rights will not fix this issue. Better detection, at the perimeter – or before, with a strong response plan, is the only security that works.

© 2016, David Stelzl

 

 

Donald Trump Says – Break Into The Phone….

View my interview with FoxNews and Let us know what you think….

foxThe Apple Encryption Dilemma  is a Bigger Issue Than Most Think…

Yesterday FOX News Interviewed Me on The Apple Phone Issue…Watch The Video!

The VIDEO REPLY (CLICK)

Here’s the Fox News Article: http://www.fox46charlotte.com/news/local-news/93368477-story

Trump said, “They must open it.” It sounds simple, but he’s wrong in my opinion – Yes, terrorists are hitting our country and planning more attacks. The San Bernadino Phone could provide information that would stop the other attack.  But have you read Tim Cook’s letter on the Apple Site?  News reports like Donald Trump’s Interview miss the main point of it all.

The court is ordering Apple to change their operating system to make it less secure.  What do you think Apple should do?

Some things to think about….

  1. Security Experts spend decades developing encryption that will meet FIPS standards, allow for online banking, investing, and money transfers – even Apple Pay!  The government is asking them to now create a backdoor to it all.
  2. Nothing digital is actually safe in the long run – who keeps the keys to the new back door?  Does apple or the NSA. What happened when RSA lost their encryption keys? Will this happen again?  Who do you trust with your phone as it becomes more and more the repository of your private life?
  3. This is Apple – what if the next terrorist uses Blackberry or Android?  So now there are no secure phones on the market. Do government officials now get a special phone that can’t be tapped into? What if the terrorist is in the government?  Hmmm.  Can that happen – have we seen any military personnel involved in shootings. Texas?

What About Stopping Terrorists…

  1. Is this the best next step? Did our government have some indication this couple was getting ready to do something? My understanding is that they did – through Facebook. But were called off by their superiors.  Is this better than some profiling measures?
  2. What about gun control? I know this is a hot topic. But the truth is, all good security is based on DETECTION / RESPONSE.  You can’t keep bad guys out. Was there a response plan in place once this couple was detected?  Not a good one – in fact all gun-free zones are targets and Apple Phone encryption won’t stop it.  The bad people are armed – Government can’t stop that. Are the good people able to respond?  Not without a response plan that include self defense and stopping the attacker.
  3. Could government issued malware be used, like it was with StuxNet? Is this a better solution that compromising the security our businesses depend on?  This is simply the next step in bugging a phone or staking out someone’s house under court order.

I’d love to hear what you think….

© 2016, David Stelzl

 

What’s The One Big Mistake Just About Every Business Is Making When It Comes To Security?

There are lots of mistakes being made…I guess you could argue one over the other. But the big mistake I constantly see is a lack of insight into what’s going on.

No Detection. No Intelligence.

As Mike McConnell put is months ago in the Wall Street Journal, IT lacks the data and the trade-craft to bring intelligence to their company.

This morning, 8:30 AM, I am on stage in Charlotte, NC. speaking to business leaders and IT personnel on this topic. Usually I am doing this talk at Lunch & Learns, sponsored by resellers and security product manufacturers. But this morning I decided to accept an invitation to speak at SecureWorld.

My hope is that my talk will generate opportunity for the many resellers and technology vendors I work with. It’s the education session in my conversion chart, but this time there’s no real conversion. The sponsoring technology companies will be lined up in the Technology Expo Hall. If you’ve read my book, you know that conversion goes way down once they leave this room.

If you really want to drive technology sales, you need a presentation like this in you home town, with a sign up sheet calling your audience to an assessment. Without, it’s just education.

Even so, I am looking forward to meeting with this group simply to learn more about what they are thinking, doing, and needing. The more you know about the CIO and IT culture the better equipped you’ll be in your next meeting.  Hope to see you there – learning about CIOs and IT. But don’t expect a big conversion.

Copyright, 2016, David Stelzl

 

Is Your MSP Business Growing?

How Many New Logos Did You Pick Up in 2015?

That was the question I started with in last nights Check Point/Tech Data event just outside of Boston. From the hand raises it looked like many groups I’ve spoken to in recent months.

Everyone has an MSP offering – meaning there are thousands of resellers offering basically the same thing…and most don’t see big growth.  2016 will probably show a decline in sales – and if you’re hoping to sell more product, forget it. The cloud really is hear to stay. Of course everything seems to go in cycles, so maybe we’ll move back to mainframes next, and then a new type of Token Ring network.

If you’re in sales, you know the technology is not all that important. Conversion is what matters. Do you have something people are interested in, need, and are willing to spend their hard-earned cash on? Last night I shared pieces of a presentation I use to convert small business audiences through lunch & learns. The point of the message is this: Everyone needs more security. This will become even more critical over the next 12 months as many companies adopt more apps, more cloud, and more BYOD. $1 HC Book Ad

The problem is, small business owners are limited on budget. If you ask them, they don’t need more security. In fact, they don’t need more of anything…well, what they really need more of is retained earnings and working capital.  Better workers would be a plus.

But the truth is, they really do need more security. They just can’t see it. If you had a way to attract them into an educational session, with a message that clearly explained the need…and brought them to a point of wanting to know where they really sit (Assessment), would new business result?  It would.

The core message I presented last night comes from my book, The House & The Cloud.It points out the one BIG mistake just about all companies have made. Their security centers around firewalls and passwords. There is no detection, and there is no response. And that means, once a breach occurs, they won’t know it for at least 14 months (According to the FBI – and it could be a lot longer.)  Next step – enter the Assessment.

Our meeting ended with Tech Data and Check Point offering qualified resellers a seat in the SVLC Security Sales Mastery Program…the only training program I know of specifically designed for resellers, to teach them how to sell more security to business leaders.

© 2016, David Stelzl

P.S. Looking forward to presenting this later today in NYC. – Sponsored by Ingram Micro.

ingram

 

IMG_3007I’m often asked what books to read – but rarely asked how to read them…

Have you ever considered, how to read a book?

Following my Keynote at the BASF Sales meeting in Frankfurt Germany this week, I did an interactive session on Character; the importance of building character, and how to go about building your own character. I often ask sales groups, “Are you reading sales and marketing books?” Rarely do I find a group with more than 2 or 3 people actively reading. It’s a lost discipline.  Reading is central to building character.

Mark Twain once said, “The people you spend time with and the books you read determine who you will be five years from now.” That includes both character and skills.

Andrew Carnegie – From Failure to Success

In preparation for my session I was reading about Andrew Carnegie. At an early age he and his family emigrated to the US from Scotland. he was penniless.  By age 30 he had his own business in the steel industry, and by age 60 he was one of the wealthiest people in America. He donated millions to the New York Library, and founded what is now, JP Morgan.  William Thayer, in a book on character writes, “He had few school privileges, for at the early age of 14 he was compelled to quit school forever to earn his daily bread.” How did he become so wealthy? Thayer goes on, “He could read more or less every day…he was a thinker…he was never satisfied without knowing the reason of things.”

How to Read

Later in the book he talks about how to read.  Of course, most of us in business can read. Hopefully you can read this…but that’s not what he’s talking about.  In his section on reading he states, “Get a habit, a passion for reading; not flying from book to book, with the squeamish caprice of a literary epicure, but read systematically, closely, thoughtfully, analyzing every subject as you go along, and laying it up carefully and safely in your memory. It is only by this mode that your information will be at the same time extensive, accurate, and useful.”

How I Read

I started to apply these principles in college. Up until then, books sat unread on my shelf. And those  I did read, I didn’t retain. You would know that from some of my high school english lit. grades.  Today I read every day. I read on the plane, before going to sleep, and often in the morning as well. I also listen to audio books while exercising.

Highlighter in hand, I find that marking my books up helps me pick out the important stuff. I also create a cheat sheet of page numbers and important facts in the books I really care about (I make these note on one of the blank pages at the front of the book). If a book is not helpful, I quickly abandon it. I either sell it or toss it to create more landfill.  The ones that make the cut are on my shelf for future reference.

Video is great – but in many ways I think it has made us lazy. I enjoy watching a great movie. But looking back, it’s the books I’ve not only ready, but studied that have made significant impact on my life and my business.

© 2015, David Stelzl

P.S. Speaking of books, have you read the updated House & The Cloud?  Even if you have the old version, you’ll want to read this one. It’s a complete rewrite, designed to address today’s security market with cloud, BYOD, and the digital, connected generation of workers taking over business right now.

Get it on Amazon.…  << Click to visit Amazon.Com