Earlier today, the New England Chapter of AIIM held an event titled “Security and Other Scary Stuff” and the conversation lived up to the title’s foreboding tone. We had a tag-team of speakers, comprised of an FBI Agent from the New Haven Office’s Internet Crime division and an Ethical Hacker from the firm of CohnReznick. You can find more detailed highlights of the event on the Chapter website but I want to focus on a few things that cross the line between security and information management and I’d be remiss in one of my duties if I didn’t hype the Chapter network again.
Get rid of stuff you don’t need! – That was the message from the speakers at the event, and it’s so simple that the fact that we keep ignoring it almost hurts my head. One of the talking points of the event was: “knowing what you have to protect” and an obvious way to keep important stuff out of harm’s way is to remove it from the playing field. If you need information but you don’t need to share it or actively work on it, maybe it can be archived some place safe. The FBI agent added “encrypt it before storing it” but that probably wasn’t necessary. By the time she was done talking, we were looking for ways to encrypt our name tags. Still, getting rid of information is not as simple as it sounds. This type of “getting rid of it” doesn’t sound like deleting content. In this case, we might only be removing it from view. That seems to add another dimension to retention, and honestly, it’s one I’ve never considered before.
What are you doing to train your employees to be your eyes and ears? – One of the most important and most frequent messages that we heard during those presentations was that your trusted employees are also known as a valuable attack vector into your information store. The bad guys are bringing their game to your people, what are you doing to prepare them. Simply put, you can have all of the technology that you can afford, but if someone lets a bad guy in the front door, your technology isn’t going to help. This led to one of the many tweetable moments as captured by Steve Weissman - "BYOD is ludicrous" ... it's "BYON" - N for network. Simple apps turn smart devices into hotspots, and BINGO! You're compromised. Do your trusted employees know enough about the myriad ways bad guys can use them?
Our event was sponsored by our friends at Harmon.ie and by a new sponsor, OCR Solutions. Harmon.ie provides great products for accessing SharePoint from a mobile device and for integrating email and SharePoint the way that it should have been done out of the box. OCR Solutions makes a pretty cool iPhone app for reading and extracting identity information from driver’s licenses and other forms of ID. We were treated to a short demo of that app during the break, and it was impressive.
You won’t find the FBI agent on-line, and you won’t see them speaking at a for-profit event. They do community outreach to governments, schools and non-profit groups like AIIM Chapters. You won’t get to participate in the lively and sometimes emotional discussion that took place at our event at some strict time-limited presentation at a national event. This kind of experience is the product of your local AIIM Chapter – check out your next event and see for yourself.
#Security #training #ethicalhacker #retention #privacy #identity #FBI