Feeds:
Posts
Comments

This has been an interesting couple of weeks. The IRS admits to “loosing” millions of emails, coincidentally the subject of an on-going investigation. If your company tried that trick, several of your executives would be in jail and the company would have a huge fine. There are several federal and state laws that require retention of any information relevant to an ongoing investigation. In addition, there are even more stringent laws on data retention specifically for US government entities. In legal terms, “spoliation of evidence” is the intentional or negligent withholding, hiding, altering or destroying evidence relevant to a legal proceeding. This kind of activity, in addition to being illegal, usually leads to “spoliation inference.” That is when a party destroys evidence, it is reasonable to infer in a court that the evidence was damaging to the party.

On the flip side, the IRS has inappropriately released protected personal information to third parties. This includes information provided to Congress as part of their inquiry into the lost emails. In reality, it is illegal for Congress to even open the files provided from the IRS because Congress was told that those files contained protected information on individual taxpayers.

On top of this, and in spite of the assurances from NSA, NSA has been collecting the content of emails from US citizens who are not under any suspicion of any connection to terrorism.

The implications to your company’s ability to respond to Discovery Orders could be serious. Even if you have an excellent Life-Cycle Management policy which defines exactly how long you retain different categories of documents, the US government may be working to make those policies ineffective.

When you receive a court order asking for all of the documentation on a particular subject, you must deliver all and only the appropriate documents. These documents may include emails, text messages, tweets, and standard documents, spreadsheets and presentations. Most organizations don’t do a good job of responding to these court orders. The possibility, or in some industries, the high probability of receipt of a discovery order is one of the drivers to implementing a data life-cycle management system. Most organizations give far more than they should, and fail to give everything they must because they don’t know where all of the data is. Like data life-cycle management, if you have existing policies, systems and procedures in place, it is well worth the effort to make sure that your Cloud Service Provider can interface with them.

My recommendation is to make sure you have a well documented life-cycle management policy and that you carefully document a complete audit of those procedures at least once a year. The legality of the government introducing in a court case documents it has illegally obtained has not yet been tested. But if you can show that you made every effort to appropriately destroy information according to your reasonable data life-cycle management policy then the court may look favorably on your attorney’s objection to the introduction of government-obtained data.

Whatever you do, do not emulate the IRS. Do not destroy information after the issuance of a discovery order or the reasonable expectation that one may be issued. And do not include protected privacy information in response to any discovery order unless that information is specifically listed in the discovery order.

The last word:

The Philadelphia Inquirer reported Monday that the Veterans Administration Philadelphia Regional Office had once again demonstrated the importance of management bonuses over providing services to our veterans. In this case they changed the dates on hundreds of thousands of claims, some filed as early as 2011, so that they were no older than 125 days in order to meet guidelines.

The VA is a fine example of federal government bureaucracy, where management works very hard to destroy the reputation of the organization and the thousands of dedicated medical personnel who are working to protect and serve our veterans. What are the implications of Obamacare as it inexorably moves health care under the federal government bureaucracy?

But don’t worry, the IRS is watching over the implementation of the Affordable Care Act. The IRS is even working with the union of IRS employees to rewrite their agreement so that employees who have failed to pay their federal taxes will no longer get bonuses from the IRS. Not funny. Over 1,100 IRS employees received bonuses within a year of substantiated federal tax compliance infractions.

Comments solicited.

Keep your sense of humor.

Walt.

Faster PowerPoint

Do you spend three or more hours most weeks creating and modifying Power Point decks? If so, I found something you really need: a short workshop that will reduce the amount of time you spend creating and modifying Power Point decks by two thirds. Really. For every three hours you spend now, you will probably spend no more than one hour, and your decks will look more professional. Taylor Croonquist of Nuts and Bolts Speed Training has created an on-line “watch and do” workshop that shows you how to do that.

Full disclosure: Taylor reached out to me and asked me to review his workshop so I did not have to pay the $98 for the course. But the course was well worth the list price. Wish I had taken it years ago.

The workshop is designed around the 2013 version of PowerPoint for Windows, although most of his techniques work on 2007 and 2010. Mac users cannot use many of Taylor’s techniques directly, although I think the workshop is worth the price even for them. Many of the ideas Taylor demonstrates work for the Mac version of PowerPoint, you just won’t get the full speed benefit. I ran much of the workshop in parallel with a Windows 2010 and Mac 2011 version up simultaneously. I spent about six hours going through the workshop, following along with Taylor on my Windows machine and often also on my Mac. I’m already using many of the tricks and techniques.

His main concentrations:

  • Use the keyboard instead of the mouse. The majority of the speed changes come from the simple fact that you can type a couple of characters a lot faster than you can pick up the mouse, find what you want, click or drag or whatever, and get your hand back on the keyboard. Aargh, you think, I have to remember a whole series of chords. Remember Word Perfect? Taylor has a very well thought out way to configure your PowerPoint environment to virtually eliminate the need to remember chords; you just need a few common points about how alt and control keys work that you probably already know. Everything else is on the screen. You will get a significant speed improvement immediately, and as your muscle memory becomes established it will all quickly become automatic.
  • Format an object once. Reuse it often.
  • Align everything perfectly. When you look at a slide and it does not look “right” it is probably because elements are not properly aligned. It can be a pain to get things to align right, but Taylor shows you how to do it perfectly and quickly. Your slides will stand out largely because misaligned objects will not distract from your message.
  • Use connectors correctly. Taylor shows you how to quickly set up even complex connector lines that are easy to maintain as your deck changes over time.
  • Take advantage of Ninja lines. Don’t look for them in your Excel help file. Ninja lines are just what they sound like: they appear out of the dark, do something magical, then disappear. Got a tough alignment problem? Call in the Ninjas.

Remember that every deck you create will probably go through a series of updates. Taylor emphasizes how to create each slide so that it can easily be updated over time, and how to take someone else’s messed up deck and quickly get it properly aligned and easy to maintain.

The user-interface of the course is quite intuitive and effective. Taylor is fun to listen to, even for a multiple hour stretch. He has a lot of enthusiasm for doing PowerPoint quickly while achieving professional results.

I strongly recommend this workshop. It will reduce your frustration with PowerPoint, and your managers and co-workers who constantly suggest “minor” changes, while giving you more time to do the important things.

Even after taking the workshop, you can still create a bad slide deck. It will look professional, and you will have done it in in one third of the time, but it will still be awful. Check out my earlier post on My Favorite PowerPoint Tips.

The last word:

I hope you had a Happy Independence Day celebration, waved a few flags, thanked a few vets, ate a few burgers and hot dogs, and “ah”d at some great fireworks. We don’t live in a perfect country, but we live in a great country. There is no other country I would rather live in. It was worth fighting and dying to create it, and periodically we have to fight and die to keep it great and free.

Comments solicited.

Keep your sense of humor.

Walt.

In spite of the significant service and financial advantages of the Cloud, many companies and governments are increasingly reluctant to adopt it for their critical processing. This reluctance is not caused by security considerations regarding the basic technology of the Cloud; those issues have been largely resolved. Companies following best security practices with experienced Cloud Service Providers (CSPs) can have Cloud solutions with security matching or exceeding anything they could do internally.

What is causing this crisis of confidence is the US National Security Agency (NSA). We have seen almost weekly revelations about the unconstitutional collection of personal and corporate data by the NSA, accompanied by their lack of internal security that has allowed thousands of documents to be “lost,” including those released by Ed Snowden.

It is not just NSA. The British GCHQ (Government Communications Headquarters) is also tapping Internet communication. One British MP, Chi Onwurah, in “reluctantly and unhappily moving to the Cloud.” One reason is the US Patriot Act which essentially means that any data stored in the Cloud that ends up on American servers can be compromised by the US Government at any time without notice. Some countries have privacy laws requiring information be stored within the country. Companies in those countries have a problem with public cloud providers that have servers in multiple countries. That flexibility is great for reliability and business continuance, but a nightmare to establish and verify compliance.

All of this impacts revenue opportunities for American CSPs and the growth of the Cloud in general. But there is more.

from Glen Greenwald’s "No Place to Hide"

from Glen Greenwald’s “No Place to Hide”

In a letter on May 15, John Chambers, the CEO of Cisco Systems, asked President Obama to restrict the surveillance activities of the NSA. Cisco Systems is one of the major suppliers of the network hardware that creates and manages the infrastructure that is the Internet, with over 50% of the worldwide market by revenue. The cause of this letter was newly released revelations allegedly showing that NSA intercepted, en-route, equipment from Cisco and other manufacturers to their customers worldwide and installed NSA surveillance software. Mr. Chambers indicated that Cisco did not cooperate with NSA in this activity nor was Cisco aware of NSA interceptions.

If the allegation of NSA interference is true, or even believed to be true, it will impact the ability of Cisco and other US manufacturers to sell their equipment in the US or anywhere in the world.

NSA has been fairly consistent: anytime they have denied doing something it turns out later that they in fact were doing it. I’m not sure how President Obama can convince companies that he has “fixed the problem.”

What should you do? The Cloud still does provide significant value, but you need to control the security of your own data yourself. Use state-of-the-art encryption for both data-in-motion (data moving through the Internet) and data-at-rest (data stored in the Cloud), and make sure you control the encryption keys for the data-at-rest. I discuss one way to get a Secure Public Cloud in an earlier post.

The last word:

Depending on which version is more accurate, Abu Bakr al-Baghdadi was in US custody at Camp Bucca, a US-controlled detention facility in Iraq, for most of 2004 or from 2005-2009. In any case, he was given an “unconditional release” into Iraq under President George W. Bush. You may have recently heard of him: he is now the leader of ISIS, the Islamic State in Iraq and Syria, which is running rampant over northern Syria and threatening the existence of Iraq. In hindsight, it was probably a mistake to release him.

More recently, President Obama decided to release five senior Taliban commanders from Guantanamo prison to a life of luxury in Qatar, with full freedom of movement within the country, and able to go anywhere after one year. The manner of the release was in stark violation to a law President Obama signed requiring that he notify Congress at least 30 days prior to any such release; he notified a few members of Congress five hours before the transfer. Noorullah Noori, one of the five, has already vowed to continue fighting Americans.

In return, he obtained the release of Army Sergeant Bowe Bergdahl. As President Obama said, we do have an obligation to not leave our military personnel behind. The controversy, mostly in the press, that Sgt. Bergdahl may have deserted his post back in 2009 is irrelevant to the requirement to bring him home. If there is significant evidence, Sgt. Bergdahl will be court marshaled and, if found guilty, punished. That trial and punishment, if appropriate, must happen under US control, not Taliban control.

In a few years, will we wonder about the wisdom of President Obama’s method of getting Sgt. Bergdahl free?

Comments solicited.

Keep your sense of humor.

Walt.

Decision Time

(This is another special posting by Suzy. I hope you enjoy it.)

He was just of average height and had ropey muscles indicating a vigorous, young man’s strength from years of working on the family farm. His family had come to this valley in western Pennsylvania with some of the first settlers, and different branches of the family had owned land all over the valley. The early morning July sun promised a hot day. Pushing a shock of dirty blond hair off his already damp forehead, his light blue eyes looked out over the field of winter wheat. It’s golden hue and fat heads told him it was ready for harvest. The air was still, and there was a bit of sparkle from the remaining dew. Within the hour the grass and fields would be dry and they could start harvesting.

He and his brother, Will, had just finished the alfalfa last week.. His father was pleased that they had finished before the Independence Day celebration. Mother had spent the week working to prepare the food for the family picnic. The holiday fell on Friday so that those who came from a bit farther stayed over to attend Sabbath Meeting before returning to their homes after dinner Sunday afternoon. Just now the family was mostly women and children and old men. The preacher had spoken about the war and all of the men who were away fighting. Brother Jack is on some island in South Carolina fighting this war. He’s been gone most of a year now. The Sharp cousins had gone earlier. Shortly after Jack left, their father had taken ill. It had seemed to take a long time for him to get his strength back. Jamie and Will were still doing most of the heavy work and everything took longer with fewer hands. Jack kept writing that their father shouldn’t fret about him, but both parent watched for the mail carrier each day hoping for some proof that Jack was still among the living.

Jack had helped put in the winter wheat last August, then joined up with Daniel Leasure and the100th Infantry, Pennsylvania Volunteers. Lawrence County had provided the men for F Company under James Cline. The Round Heads had pledged three years, but nobody thought it would take that long. In his early letters, Jack had written that they expected the war to be over by spring and he would be home by planting. They had gone to Camp Kalorama Heights, near Washington, D.C. for training. Then in the fall, his regiment had gone in a convoy of seven ships to North Carolina where they spent the winter on James Island. Now the fighting wasn’t going as well and Jack saw no end to it.

Jamie stepped off the porch and with an easy stride headed to the barn to get his hook.   He knew Will would be along soon. Will was still reading all the details about the war that were in the newspaper Mother had brought home from town. Jamie was looking forward to the rhythm of cutting the wheat, which would leave a lot of time to think, and he had a lot to think about just now. They had gotten a letter from his brother-in-law, A.J., just last week.   A.J. said he hoped the drill Jamie had done would be sufficient satisfaction of Military Duty to keep his war fever down. A.J. had come to the conclusion the he would much rather serve this great nation at home by cultivating the soil. He encouraged Jamie to value the production of food to feed the soldiers and those at home. He wrote that he requested Jamie not to go to War, but let somebody else fight to free the Negroes. Jamie didn’t know much about the Negroes, except that many were slaves, mostly in the south. He’d never even seen one. In these parts they rarely even saw an Indian. He had read Governor Curtin’s call for volunteers. Governor Curtin said that Washington was in imminent danger of being over run by the rebels. The regiments he had sent before had been sent to many places and now President Lincoln needed more men to protect Washington. Jamie did want to keep our great Union together.   His brother was marching and being fired upon. Word had come back that several of the young men he knew and had grown up with were dead. Every generation of his family before him had fought for this country except his father who had had the disadvantage of being born in 1812, and thus unable to defend his country in the war of that year. When Jamie was eleven there had been the War with Mexico. President Polk had not asked for volunteers to fight there and Jamie didn’t know anyone who had gone. Now, at twenty-seven Jamie was looking forward to buying his own farm, getting married and starting a family. After Sabbath meeting he had been visiting with Sarah. She seemed willing to marry and begin building their life together. If he signed up, would she wait for him to come home to her? Belle, who had been seeing Jack, had already begun visiting with one of the other fellows who had a farm up the road a bit. Would Jack even come home? Would he be maimed or killed in some battlefield whose name none here had ever heard before getting word of a battle? If Jamie went, would he come home? There was always that chance, too. Then, if he didn’t go would Sarah think of him as less of a man? Would he be able to live with himself?

Jamie cut the wheat and Will bundled it into shocks to dry. The weather held and by the end of the week it was time to separate the wheat heads from the straw. Then they baled the hay and stored it in the barn. On Saturday, the 19th, Jamie and Will walked into Harlansburg. Jamie had decided and Will wouldn’t be left behind. If they signed with this new group, the 134th, it would be for only nine months. He would be home by next spring. He would trust in the Great Giver of all good things that he would only miss one fall planting.   He signed.

Jamie had a little over two weeks to settle his affairs and to help his father prepare things around the farm so that the old man could handle it until spring.

On Friday, 8 August, Jamie and Will kissed their Mother and shook hands with their father and set off up the road for Harlansburg where they were taken by wagon to New Castle. At 4 P.M. they boarded a boat and started down river for Pittsburgh. They took heart from Jack’s letters about Army life. Now they were on their way to places they had never seen and their lives would be very different. Yet, Jamie was at peace. His decision had been made. He would fight in this war. He would be part of the Grand Army of the Republic and hold this great Union together.

The last word:

This is another story about my Great Grandfather based on his diaries and letters.

Letters_diary

Comments solicited.

Keep your sense of humor.

Walt.

A year ago I posted “Where Are the Workers?” about the difficulty that companies had in finding workers. It is very difficult to find people who can read and follow directions, show up on time, and pass the drug test. In all but the lowest level manual positions, the candidate must also be able to communicate with other workers, management, and customers.

But it is also difficult to find a job. While we are officially in a recovery, it is a very slow recovery without the usual fairly sharp rise in job availability after a major recession.

I recently saw a Washington Post article stating that for the first time in decades more companies are dissolving than are being created. The Brookings Institution study implies “a continuation of slow growth for the indefinite future,” and probably is part of the explanation why job growth rates have failed to rise above two percent in this recovery. The Brookings Institution is known as a liberal-oriented think tank.

CompaniesDisolving

Why is the American economy growing less entrepreneurial? That answer will probably become more clear in ten years or so, but I suspect a few influences.

  1. Our current education crisis. Our public schools seem unable to provide our students with the set of skills they need to be successful in business. Common Core will not help. Our colleges and universities, though still rated some of the best in the world, are mostly successful at saddling students, whether they graduate or not, with a mountain of debt and little chance of finding a job.
  2. The biggest single area of uncertainty is health care. Congress passed The Affordable Care Act, but President Obama has made at least forty changes to the law by fiat. Many of these changes impact when certain parts of the Act go into effect and what insurers must cover. These changes impact the cost companies will have to bear. All a CFO can really count on is that health care costs to cover employees will rise, with no idea of how much or how fast.
  3. Uncertainty driven largely by government actions and inactions in other areas. Congress continually fails to pass a complete budget or even budgets by sector, impacting government contracts in all areas. Congress also continues to fail to address a number of tax issues, allowing, for example, tax relief programs to expire for individuals and companies. This prevents companies from planning expenses and opportunities even for the current year, let along the future.

Whether you are a seasoned worker with decades of experience or just of out school, what does it mean as you look for that first or next job?   Two things: you need more than the technical job skills, and you have to be flexible in how you will work.

Baseline recently reported that 77% of employers believe that soft skills are just as important as hard skills for career success. These soft skills include a strong work ethic, reliability, a positive attitude, self-motivation, team-orientation, ability to manage multiple priorities, working well under pressure, good communication skills, flexibility, and confidence. As you work on your résumé, your interview preparation, and your references, focus just as much time on examples of how you excelled in most of these soft skills as you do on your certifications, training and experience in the desired job.

In the old days, one went to work with an expectation of staying there for a long time as you moved up in responsibility. Those days are gone. The loyalty that used to go both ways between a company and employee does not exist, although the company still expects you to be loyal to it. According the Bureau of Labor and Statistics, the average worker stays in a job for 4.4 years. That means that you should expect to have a lot of different jobs, around eleven, in your career. Companies are moving to outsource everything. Even CEOs are essentially contract employees. Companies started renting their executives decades ago, then starting working from the bottom to let someone else do their payroll, HR, shipping, manufacturing, software development, data processing, and building maintenance. Companies are now contracting out even for their core design, development, sales, and marketing. Who is left? I know independent contractors who have worked longer at a client company than most of the employees of the company.

But as companies try to keep benefit costs, especially health insurance, down ideally to zero, expect that you are likely to have multiple jobs at the same time. Instead of a one-to-one relationship between you and the company for which you work, you are likely to be simultaneously working for more than one company. This already happens for consultants, but expect it to become the norm. Companies do not need a fixed number of full time experts for a particular task, but when they need one or more they want people who understand their company, its strategy and its products. Someone who is available 20 hours a week or 20 hours a month who is plugged into the company is less expensive than a full-time employee, and more effective s they don’t have the learning curve.

One result is that I expect to see the virtual if not actual decoupling of health insurance from employment within the next five years, with government employees being the last to go. I personally view this as an appropriate place to be.

The other result is that you should always be looking for a job and keeping your résumé up to date. You should view every job as temporary and keep your job search activity going. Most importantly, keep your personal network active.

The last word:

There is a Congressional election coming up in November, giving voters a chance to deal appropriately with each Congressman and one third of the Senators. As you prepare to vote, study your Representative and, if applicable, your Senator. Decide whether they are helping or hindering your ability to find a good job or run a profitable business. If you don’t vote, you can’t complain in 2015.

Comments solicited.

Keep your sense of humor.

Walt.

Now It’s eBay

Right on the heels of the demonstrated incompetence of IT managers who used an untested beta version of critical security software with the Heartbleed bug, we have another example of IT incompetence: eBay.

On 21 May eBay released an official statement confirming that it has been the victim of a “cyber attack that compromised a database containing encrypted passwords and other non-financial data.” The data that was not encrypted included your name, physical address, e-mail address, phone number, and birthdate. EBay is asking about 145 million users to change their passwords.

This breach occurred between late February and early March, but was not discovered until early May. Reuters reported that the hackers obtained login credentials for some number of eBay employees and thus gained access to the eBay corporate network and to therefore had access to customer’s personal data.

Companies are not keeping up with the cyber criminals and cyber terrorists. It may be impossible to stay ahead of them, but companies like eBay are clearly not monitoring their IT infrastructure to quickly detect inappropriate access.

The chief security officer for Trend Micro, Tom Kellermann, said, “I don’t want to take anything away from the good work of places like eBay, but any site that handles the personal information of hundreds of millions of people has to be working harder to protect that information.” Leaving personal data unencrypted is pure incompetence, and an indication of the lack of concern companies like eBay have for their customers.

It is a shame that incompetence is not a crime, because many of these data breaches that impact millions of people are the result of pure incompetence in the IT departments of huge companies. As far as I can determine, eBay broke no laws nor violated any compliance regulations. I suggest that our lawmakers create federal regulations that financially penalize companies who have breaches that release unprotected personal data, with the fines going to the individuals who have been compromised.

The last word:

What should you do?

  • If you have a personal or corporate eBay account, change your password immediately.
  • If you use the same password at other sites, change it there also. Once a cyber-criminal gets one of your passwords, he is likely to try that password at other sites.
  • Continue to monitor your financial status.

If you haven’t recently, it is time to do a real security audit of your own company. Start with the data that you store about your customers as individuals.

  1. Do you store any data that might be covered under PCI (financial) or HIPAA (health) compliance requirements?
  2. Do you use usernames and passwords on your website to provide access, convenience or special opportunities for your customers?
  3. If you do, then how are you treating that data?
  4. Is it always encrypted when stored or moved?
  5. Do you have a formal security policy?
  6. Do you restrict access to specific personal data based on the role of your employee or contractor?
  7. Are your employees, contractors and partners trained on the importance of protecting that data?
  8. How do you identify internal users of your IT systems?
  9. Are employee and contractor roles updated immediately when they change roles or move on and should no longer have access?
  10. Do you monitor what data employees and contractors are accessing looking for inappropriate access? Are you looking for access at unusual times?

Comments solicited.

Keep your sense of humor.

Walt.

Far too many companies pay little more than lip service to compliance regulations and privacy laws. In my experience, this happens because of either ignorance or “it costs too much.” They may not even have a written security policy, or largely ignore it in practice.

I can’t do much about ignorance. It’s the old horse and water problem.

The cost issue is real. It can be expensive to keep your software current and your systems updated with the latest malware protection and detection software. It can be time consuming to train your people on best practices, or sometimes just smart practices. But like the old FRAM filter commercial, you can pay me now or pay me later.

Numerous studies have pegged the real measureable cost of a data breach at about $200 per lost record. While your specific case will be unique, over the past several years and across a wide variety of companies and government organizations, this $200 per record has been relatively consistent. It really doesn’t matter whether the information you lost is financial, medical, or other personal information.

But often the real cost of a breach is lost trust. Sending out the “we are really sorry” letter is often required by law, and always the ethically right thing to do. If you don’t, someone will tell on you, and like with General Motors and the faulty ignition switch, the damage done by trying to hide the flaw is worse. While that problem was not the result of a cyber-criminal act, it may be a lesson in not hiding. GM’s profits plunged 86% in the first quarter of 2014, and GM faces more than 50 class action lawsuits in the US, and more in other countries.

Unfortunately, unless you are a government organization, up to 60% of your customers who do get that “we’re so sorry” letter will not do business with you for some period of time, if ever.

Take Target as an example. As a direct result of a successful cyber-criminal attack, Target profits fell 46% for fourth quarter year over year, and analysts expect it to be down further for first quarter this year. The direct fourth-quarter cost to Target of the credit card breach it disclosed in December: $61M.  The amount does not include any allotments for claims by credit card companies. A Target spokesman said, “At this time we are not able to reasonably estimate a range of possible losses on the payment card networks’ potential claims in excess of the amount accrued.”

Target delayed taking any action after its security team in Bengaluru (formerly Bangalore), India, reported suspicious activity on November 30. Their security team in Target HQ in Minneapolis decided, “it did not warrant immediate follow up.” Oops.

As often happens, sales only fell 2.5%. Target did everything it could to keep customer traffic up by offering substantial discounts, which significantly impacted profit.

Target is now searching for a new CEO after replacing their CIO.

The same opportunities exist in the health care field. Advocate Health System is the largest fully integrated health care delivery system in metropolitan Chicago and the state of Illinois. They had a massive data breach last August. Four laptops were physically stolen from its facility in Park Ridge, IL. Those laptops contained HIPAA protected information plus social security numbers for about four million people, and that information was not encrypted. The theft occurred on July 15; Advocate sent the “We deeply regret” letter out on August 23. While Advocate promised a “thorough review of our policies and procedures,” they do not have a very good security record. In 2009, Advocate had a breach involving 812 patients. Seems an employee’s unencrypted laptop had been stolen.

In addition to potential direct costs in the hundreds of millions of dollars, Advocate now faces a class action lawsuit filed by affected patients. Are these people just looking for a way to take advantage of Advocate in our increasingly litigious society? Maybe not. Javelin Strategy and Research reported in its “2014 Identity Fraud Study” that one third of those who received a “We are so sorry” letter in 2013 became a victim of identity fraud. This is almost seven times the general population identity fraud rate of 4.9%

The last word:

Your company is being attacked. You will have a breach. When and how badly that impacts your business depends a lot on how well you, your employees and your partners pay attention to security best practices. Finding out quickly and taking action quickly will make a big difference to your bottom line, and your career.

Comments solicited.

Keep your sense of humor.

Walt.

Follow

Get every new post delivered to your Inbox.

Join 104 other followers