Archives For Compliance

Security can transform your MSP – grow MRR – and open new doors…all you need is an assessment that converts, and a message that compels your prospect to act…

Advertisements
Continue Reading...

2016-07-25_13-25-41Digital Money, The Book

David Stelzl’s Latest Book

 

It’s been a busy summer. Some traveling, lots of work, and lots of writing. It’s all in preparation for the fall. Most of my fall will be spent in front of business leaders talking about security. Central to these presentations is my new book, Digital Money. I have conferences booked with CPA associations, banker’s associations, distributor conferences, and several exclusive executive lunch meetings hosted by resellers and technology manufactures. It’s all in an effort to create awareness – getting business leaders involved in their data security programs.

What is Digital Money?

You’ve heard of fintech and cybercurrencies – these are all related. But the data itself if worth a lot of money too…it’s all digital money. From bitcoin and blockchain to intellectual capital and trade secrets. Even your personal data – actually, that’s where it all starts.

I’ve been furiously writing since the start of the summer – the Digitalization Megatrend affectively changes everything we know about security, other than the fact that companies all around us are failing to keep their data secure. We should all know that. It’s in the paper every day.

The book should be out next month (August 2016)! I have my editors and internal team reviewing it now, and the artwork is in motion! What is this book about? Here are a few teasers…

  • Don’t like the word, Profiling? – Making decisions about someone based on what they look like is nothing compared to the data aggregation effort going on in the Net – Did you know that everything you do, including driving newer cars, is being recorded digitally? Everything from cookie syncing to fingerprint canvasing, all designed to understand everything there is to understand about you. You are absolutely being profiled.
  • Data aggregators know far more than your spouse will ever know about you. They know what you believe, how you think, what moves you, what convinces you, and how to get the most out of your bank account.  What’s worse, they will sell that information – and some of it is extremely private.
  • They know about your health, your morals, your politics, your fears, your finances, and how to manipulate you. If you’re wondering who you will vote for in November, there’s a computer out there that probably already knows…and the Russians just hacked the Democratic National Convention computers to get some of that intel. (Note: the GOP systems were hacked not long ago). Will there be voter fraud this year? Yes – you can count on it.  No doubt the winner will be determined by hackers…
  • Social engineering is bigger than ever.  If Mitnik had the kind of data available on individuals today, his hacking efforts would he netted millions more.

Data is Essentially Digital money – A Look at Business Security

Social Media is growing because of data aggregation. Facebook is worth about 75 Billion simply because of the intelligence they have on you. The more social media grows, the more promiscuous end-users become with data that used to be secret. And the more data that get’s aggregated, the more hackers can convince users to open doors.

In this book I take a hard look at the  trends – what hackers are up to, how the latest technology trends are opening doors, and how big data and deep machine learning are eating away at companies that don’t take the right steps.

This is not an IT book – it’s not technical. It’s about data, business, and leadership.  If businesses are going to be secure, the leaders must lead. The alternative is to delegate it to the government, letting them impose millions of expensive, ineffective regulations that will ultimately cost small businesses to the point of bankruptcy.

It’s time to get serious about security.

© 2016, David Stelzl

IMG_9025We All Need To Keep The Learning Process Going

Spending Time With Successful People

How do I keep up?  Well it doesn’t hurt that I interview experts every month.  Last month I had the equivalent of an MBA course in HIPAA, preparing for and speaking with Marc Haskelson of the Compliancy Group.  Over the past several months I’ve had opportunities with former NSA and CIA agents, owners and presidents of highly successful resellers, and some of the highest producers at larger companies like Dell Secureworks, Accuvant, and Check Point Software.

Next month I’ll be hanging out with some million dollar producers in my own business in a 2 day planning and strategy mastermind meeting.  There’s nothing better than learning from your peers when you see them doing something great.

Morning Reading – Krebs, WSJ, Etc.

Another thing I do is read.  I always have a book going.  Right now I am working through an audio book on building your online platform, by Michael Hyatt.  I also read the WSJ CIO section each morning, and subscribe to Krebs on Security.  Here’s a tidbit from this morning’s post I found interesting … How do fraudsters “cash out” stolen credit card data? Increasingly, they are selling in-demand but underpriced products on eBay that they don’t yet own. Once the auction is over, the auction fraudster uses stolen credit card data to buy the merchandise from an e-commerce store and have it shipped to the auction winner. Because the auction winners actually get what they bid on and unwittingly pay the fraudster, very often the only party left to dispute the charge is the legitimate cardholder.”

Conferences Are Great For Networking and Learning

And today, as you read this post, I am headed out to Denver Colorado to attend the Information Marketers Summit with Robert Skrob, President of the Information Marketing Association.  IMA is code for online training programs like the Security Sales Mastery Program on my website.  If you’re in the high tech industry, you can’t afford to work so hard that you don’t have time to read, network, and attend training.  As you start looking at your 2016 two things I recommend doing. First, figure out when you are going on vacation, and block that time out.  Also block out any important days such as your spouses birthday or your anniversary.  Second, figure how what kind of training you need to get and how you’re going to get it.  If you’re not growing, you’re shrinking.

© 2015, David Stelzl

PS. Don’t forget, many of you qualify for free training. I have several sponsors who are willing to put you through the Security Sales Mastery Program – normally $450/seat!  Contact me to find out if you qualify for a seat!

In case you missed my recent interview with Marc Haskelson

Here’s a short clip on the difference between security and compliance (Specially HIPAA, but Marc’s answer applies to just about every compliance regulation I can think of – PCI, GLBA, SOX, etc). The gap is big and healthcare companies are paying for their lack of knowledge on this subject! When there’s confusion in the marketplace, there’s also opportunity. You can learn more about how to tap this market right here.  Just click the Compliancy Box.

© 2015, David Stelzl

compliancy group

HIPAAHIPAA Isn’t Helping

If You Want To Help Sure Up Security, Start With HIPAA

As I mentioned in yesterday’s post, I’ll be interviewing Marc Haskelson later today, Founder and President of The Comliancy Group. He didn’t write the HIPAA requirements, but he understands them, and knows which of your clients need HIPAA.  He also knows where it falls short.

HIPAA Is Not Security – It’s A Government Law

Do you know what HIPAA stands for?  Google it and you’ll come up with more than one answer…if you’re going bring it up in a meeting, make sure you know.  Here it is: Health Insurance Portability and Accountability Act. (Note, it’s not the information portability act, and it’s not HIPPA).

It would have been great if the authors of HIPAA understood technology and security. The fact is, many of your clients either require HIPAA compliance, or will in the near future. The problem is, “HIPAA isn’t helping” healthcare security according to Gary McGraw, CTO of Cigital (a leading software development firm headquartered in Dulles, VA.)  If you’ve read my book, The House & The Cloud, 2nd Edition, you know I agree.  There’s a large chasm between compliance and security, but regardless, HIPAA is required.

In a recent study, “Healthcare overwhelmingly scored lower than financial services firms, ISVs, and consumer electronics firms, which include some Internet of Things providers.” according to Kelly Jackson Higgins, in an article posted on DARKReading.

As McGraw states it, “All [HIPAA] did was increase bureaucracy and the tiny print stuff handed out each time you go to the doctor. It over-focused the healthcare domain on privacy and patient privacy data, which is an important thing. But there are many other aspects of security that have little to do with privacy.”

The real problem with HIPAA is it has given doctors a false sense of security. In a recent healthcare conference I spoke at, every session that had something to do with security was all about HIPAA. When I gave my presentation, I started by asking the audience to forget about HIPAA for just one hour, and listen to what it means to be secure.  The response was one of surprise. No one had ever told these people that data, governed by HIPAA, was still at risk.

Over the past year we’ve seen numerous companies attacked, regardless of their HIPAA compliance efforts. To name just a couple; Anthem and UCLA Health come to mind.

I have a colleague who recently took a job with Websense.  This year they publised a study showing healthcare organizations are being hit 3 or 4 times as often as other firms by cyber attacks. Forbes noted in a recent article that healthcare data is worth 10 times that of credit card data on the black market.  A Trend Micro study shows that “nearly 27% of data breaches reported over the past decade occurred in the healthcare sector, and healthcare was the hardest hit by identity theft in the past 10 years, with 44.2% of those cases caused by insider leaks,” (Cited by the DARKReading article above).

Here’s The Problemcompliancy group

People think they are secure when they are compliant. HIPAA requires so much paperwork that the security issues get lost in the process. The financial companies know they’re a target, while a recent survey published by Trustwave reports that healthcare IT professionals don’t.

How can you get involved? First, where there’s a problem, there’s an opportunity.  I’m interviewing Marc today to get a better sense of what HIPAA really requires, and to show technology resellers how to get involved. Healthcare companies and their third-party providers both need help as well as education on HIPAA. The House & The Cloud Message was extremely effective in the healthcare conference I spoke at. For the first time their eyes were opened, and they saw the need. This kind of education opens doors of opportunity that are both helpful to your clients and profitable to your business.

Here are two things you can do…

First, visit the Compliancy Group Site to get more information on how to become a HIPAA Security Provider. Marc will do everything he can to help you get up and running with minimal time and investment.

Second, enroll in the Security Sales Mastery Program – If you qualify with one of the many sponsors supporting this program, I can get you a free seat (Normally $450).  Contact me and we’ll find a way to get you into the program.

© 2015, David Stelzl

compliancy groupHIPAA Is Important!

Tomorrow I will be interviewing Marc Haskelson, President of The Comliancy Group.

Marc’s team works with technology resellers to address HIPAA in the small and mid size markets, providing tools and professional services to take your clients through the process. Tomorrow’s interiew will not be broadcasted to the public;  it’s an exclusive session for the SVLC Insider’s Circle. However, you’ll want to download some information if you are doing anything with Security or Managed Security Services.  Here’s the link to learn more:

Find Out How You Can Get Paid to Help Your Clients Become HIPAA Compliant  <<< CLICK HERE!

© 2015, David Stelzl

Ingram Webinar ScreenYou Can’t Afford to Ignore The Security Trends

This Just May Be Your Biggest Growth Opportunity

On Sept 18th Ingram Micro invited me to to present a security update to resellers.  This is one of the most important messages you’ll see this year as you consider what to do to prepare for 2016. Don’t let the Q4 rush keep you from doing some serious planning.  The next 5 years of your business depend on it!

Replay the webinar right here  (CLICK).  << Access the webinar replay now…

Growth Opportunities:

  • Don’t forget, Ingram Micro, along with numerous security manufacturers including Websense, Bit9, Cisco, Fortinet, and more, are offering free seats from my Security Sales Mastery Program!  You can contact my team through this blog to find out if you’re business qualifies for these free seats.
  • Both Check Point Enterprise and Check Point SMB resellers may also qualify for Check Point Sponsored seats in the Security Sales Mastery Program – Contact us through this blog if you are a reseller, or are considering Check Point as a partner.
  • HIPAA Compliance! Do you work with businesses that must become and maintain HIPAA Compliance? This may seem out or reach, but it’s not.  If you’re interested in learning how you can build a strong HIPAA practice, contact my team. We have recently partnered with The Compliancy Group and can help you make the jump into this lucrative market!
  • Marketing Events Are More Successful Than Ever! Next Wednesday I will be presenting to 30 business leaders in the Mid Atlantic Area.  The sponsor, a local reseller, was able to attract 30 business leaders in about 4 weeks using our Marketing Success Kit.

© 2015, David Stelzl