Category: information security

Posted on

Improving the Business of Art: Making Beautiful Business Decisions

There is a lot more to managing and maintaining an art collection than simply collecting.  In the art business, knowing where something came from, how it got to where it is now (and what it cost to get there), and keeping track of it thereafter requires software and systems to store and manage the information.  A professional art collection management solution will do much more than simply keep an inventory list of items.  This solution must store all the relevant information about the work as well as gather information while facilitating the various business processes relating to activities around the work. The first step to improvement is ensuring all the processes are being facilitated.

Acquiring the item, transporting the item, preparing the item, showing the item, maintaining the item, selling the item… all of these business activities performed must not just be accounted for, they must relate back to the work of art and become part of its historical record. Art tends to move around. Traveling from collector to collector or to different galleries, works of art may change location and ownership or custodial care frequently.  The origin of a work and the tracked purchase history, as well as the history of placements is among the critical information to be stored with each item. This most valuable data is part of the legacy of the work that any professional system should address. If information is power, then better retention and management of information regarding a work makes the entire collection stronger.

The location or exhibition of a work, its purchase history, the related museum and contact records – all this and more must be maintained and managed with each and every item in a collection.  Essential data such as provenance, condition and value is certainly kept for each work, but the key to making a truly useful system for collectors and artists both is the ability to get all the needed data in a single view or report.

Having the inventory information available for invoicing and reporting is one thing, but also being able to connect or identify individual works and collections with relevant contacts is surprisingly valuable. Tracking other information items like costs associated with shipping or framing, or storing both an appraised value as well as an insured value, provides for a comprehensive record of the work and its properties and makes forms and documents preparation not only more accurate but more efficient and useful, too.

Art businesses are like many other “product”-based businesses in that they have e-commerce needs, they build websites to show off their catalogue, they use mobile applications to display items, and they find much higher efficiency and agility when the websites and mobile applications work with the same real-time inventory data that the rest of the system works with.  The goal is to achieve measurable results through improved efficiencies, and that comes from improved information management and integrated systems.  Centralized computing models and connected cloud services establish the foundation.

Cloud hosting, remote access and mobile technologies, and location-based solutions are all part of the package for businesses involved in the business of art these days.  Implementing a hosting solution which enable anytime/anywhere access to business applications and information is often the first key to unlocking the better and more efficient art business.

Whether it is collecting, selling or showing, users involved in the business of art need secure access to all their information whether they’re in the office or not so they have the data needed to support making beautifully intelligent business decisions when it matters most. The rest is just pretty pictures.

Make Sense?

J

Posted on

Mobility Solutions to Support the Booming Home Health Services Market

The market for home health care services is growing rapidly and is not likely to slow any time soon. The expanding need is due in large part to the aging of the baby boomers, those born between 1946 and ‘64.  The boomers were once the nation’s largest living generation, defined by a notable increase in births in the United States following World War II. As this generation ages, it is creating a boom of sorts in the home health services industry.

Roughly 10,000 baby boomers turn 65 every day, and increasingly these seniors wish to continue living in their own homes rather than being moved to nursing homes or assisted living facilities.   According to AARP, nearly 90 percent of seniors want to stay in their own homes as they age, referred to as “aging in place.” Most seniors (up to 82 percent) would prefer to stay in their homes even as they need daily assistance or ongoing health care.  Few seniors say they would prefer to move to a care facility, and even fewer identify living with extended family as a desirable option.

The rate of home ownership among boomers is higher than with the rest of the population today, which is one of the primary reasons for increased demands for home care services.  Reports reflect that 81% of seniors today own their own homes, compared to 68% for the rest of the population. The majority of these seniors live alone or with a spouse – we’ve already established that living with extended family isn’t a frequent choice, possibly due at least in part to reduced home ownership rates. There are also suggestions that the reduced economic status of later generations has similarly reduced the capacity for extended families providing the long-term care for their seniors.

Projected to double by the year 2050, the number of Americans requiring daily help with living at home is expected to grow from the current 12 million to 27 million.  Older adults will make up almost 20 percent of the population, if not more.

These and other factors are driving rapid growth and expansion in the home health care field. Projected job growth for home health providers and personal care aids is expected to reach a whopping 70 percent by 2020. Larger than any other occupation grouping in the country, direct care workforce is projected to exceed teachers from kindergarten through high school (3.9 million), all law enforce and public safety workers (3.7 million), and registered nurses (3.4 million). Between 2010 and 2020, the fastest growing occupations in the country are projected to be Personal Care Aides and Home Health Aides.

Home health care businesses providing in-home senior care, hospital after-care, veteran care and numerous other specialized and general services are supported by a number of specialized software solutions designed to meet the specific needs of this segment of the healthcare industry.  The software used to support the business generally includes specific functionality for managing client and patient records, caregiver and provider information, scheduling and dispatch, payroll and HR, billing, and other back office and accounting processes.

Many of the industry-specific solutions available on the market address different or unique aspects of operating the home health care business, integrating data from their system with separate accounting and finance applications (such as QuickBooks desktop editions) for the rest of the functionality needed.  This allows the developer of the line of business application to focus on the valuable features and capabilities that will make the practice more efficient, compliant and profitable, leaving general accounting processes (payroll, accounts payable, general ledger and reporting) to the accounting software.

With greater frequency, the applications servicing the home health care industry are SaaS solutions, crafted with online access and mobility in mind.  This industry in particular has a specific need for remote and mobile access to information, as it is a “field service” operation at its core with healthcare rolled in.  The requirements to manage not just scheduling and services, but to deal with compliance, privacy and other factors involved with healthcare information complicates matters, placing an additional focus on the security and mode of access to the software and information.

Businesses using solutions such as Kinnser ADL, Shoshana Rosemark, Kaleida eRSP and Generations Homecare System rely on the software to streamline their operations.  Not only designed to support a remote and mobile workforce, these application services also provide business owners and managers with the ability to access essential business data at any time.  At issue is the rest of the software and systems which support the business operation and its processes.  Word and Excel or other productivity tools are almost certainly used at some level, and QuickBooks is in use, too.  These applications and their data typically reside on the desktop computer or local network.  As desktop applications, these solutions deliver the best power and performance for the business in terms of features and usability.  While some users may consider moving to web-based versions of these products, those who favor performance and functionality over framework often return to the feature-rich desktop applications that do the full job required.

In order to give business owners and remote workers the access they need to desktop applications and data, secure remote access solutions are required.  When the software and systems reside in the locked office of the business, the people operating outside aren’t usually able to access them in a way that is useful – or useful for more than one person at a time.  Remote control solutions that broker access to a PC cannot provide the multi-user support, application security or overall performance that most businesses require.  Attempts to implement simple RDS solutions or use similar products to create access often expose the business to unnecessary risk and limited capability while introducing heavy technical and licensing expenses.

With an offsite option, where the applications and data reside with the commercial hosting provider, business owners and line managers benefit from being allowed to focus on operations and not on managing the underlying software and systems. The business outsources the provisioning, management and protection of primary IT resources to support users, software and data, but the business should retain the capability to administer their own cloud as personnel changes impacting information access can occur at any time.

Whether their software and data are hosted on-site with existing equipment or offsite with managed hosting, home health care businesses need to have an easy-to-use solution for administration of user accounts, application access and secure filespaces.  For the home health care business, this is critical functionality that can mean the difference between spending too much time in the office handling general business and software matters versus meeting with clients and managing caregivers and revenue-generating activities.  In a fast moving, fast growing and highly mobile business, getting to information at anytime from anywhere using any device means being able to meet booming business demand.

Make Sense?

J

https://www.census.gov/newsroom/press-releases/2014/cb14-84.html https://www.ioaging.org/aging-in-america http://www.pewresearch.org/fact-tank/2016/04/25/millennials-overtake-baby-boomers/ http://www.iyhusa.com/AginginPlaceFacts-Data.htm http://economistsoutlook.blogs.realtor.org/2012/01/13/homeowners-by-age/
Posted on

Big Data, Analysis and Business Intelligence

Big Data, Analysis and Business Intelligence

big dataThere is a lot of talk among IT professionals of “big data”, and discussions at many business conference tables center on how the organization might find greater benefit and advantage from the intelligence buried in the business systems and information.  It is a two-part problem, where the collection and the analysis each play essential roles in developing real business intelligence.

“So what’s getting ubiquitous and cheap? Data.

And what is complementary to data? Analysis. ..”

Hal Varian, Chief Economist at Google and emeritus professor at the University of California, Berkeley
“Hal Varian Answers Your Questions,” February 25, 2008 (http://www.freakonomics.com/2008/02/25/hal-varian-answers-your-questions/).  BUSINESS INTELLIGENCE AND ANALYTICS: FROM BIG DATA TO BIG IMPACT; MIS Quarterly Vol. 36 No. 4, pp. 1165-1188/December 2012

The information technology and systems in a business support the operation.  Software and computers help people do their jobs, and the information collected in and generated by those systems becomes the foundation for developing business “intelligence”.   Today, businesses must reach beyond their own direct operational support systems and consider the full realm of data to be collected, including IoT sensor data or social media data.

Business intelligence is gained from the analysis of the critical business data – analysis which helps owners and managers make better and more informed decisions which are based on an understanding of the business and market.   Business intelligence was a term popularized in the 1990s, but the key was the analytical component (business analytics), which gained focus in the late 2000s. Today it is big data and big data analytics, where organizations are working with massive data sets not previously even imagined.

“…one of the most significant challenges facing enterprise IT teams today is how to efficiently support and enable the “science” of big data, while providing the confidence and maturity of more traditional (and often better understood) infrastructure services.”

http://www.datacenterknowledge.com/archives/2015/05/26/hadoop-big-data-storage-challenge-overcoming-science-project/

The volume and velocity of information collection is ever-increasing even in the smallest of businesses, creating a great need for tools which can structure and correlate data so that it might render some insight.  Simply storing and managing these huge and growing data sets has become a challenge, and there isn’t one right way.

Once the business has the data, then it must find a way to analyze the data, which generally involves also applying visualization tools. Many IT departments are feeling pressured in the development of new skills and capabilities around data collection and management, yet it is more frequently the business user who provides the analysis and applies visualization tools to the task.

“Data collected by the Aberdeen Group, found that employees in organizations that used visual data discovery were more likely to find the information they need, when they need it. These same companies were able to scale their use of scarce IT skills more effectively.”

http://www.tableau.com/learn/whitepapers/visualization-set-your-analytics-users-free#0vXrkWZbizxyutw

The use of business intelligence and advanced analytics continues to grow in every segment of the market – from small business to enterprise – and plays an increasingly important role in supporting business success.

Until this point, most businesses didn’t have the technology or the data to enable significant quality or business transformation, but the times are changing and deployments of data collection, analysis and visualization software and tools are expanding with it. This is a fundamental aspect of business digital transformation and fuels the next step, where intelligence is applied to conditions revealed in the data and activities are automatically performed guided by that intelligence.

jmbunnyfeetMake Sense?

J

Posted on

Run Your [New, Small, Growing] Business from Anywhere

The office for a small business used to be where all the work got done.  The hub of activity and productivity for a small business, the office was where you could connect with team members and co-workers and generally keep on the same page with what was going on in the business.  Customer orders are taken, those orders are fulfilled, and bills are paid – all from the small business office.  Yet today’s small business isn’t tied to the office location any longer.fishingpoles

Mobility and the cloud now provide businesses with mobile office options that allow users to get their jobs done no matter where they happen to be.  Business moves at a fast pace, and mobility and remote access solutions help companies be more nimble.  Collaborating while on the go and exchanging ideas and concepts quickly helps businesses be more agile and better-able to meet changing customer needs.  Successful small business owners leverage mobility and action to beat the competition.

The cloud and Internet-based computing lets small businesses access and benefit from IT solutions that were previously only available to enterprise organizations.  Better IT means being more competitive, giving smaller businesses a leg up and positioning them among even the largest of competitors. For the business owner, the freedom of being able to manage the entire business from anywhere delivers a freedom and flexibility previously unimagined.

Here are some ways hosted and cloud-based IT can help small businesses overcome everyday business challenges:

Reduce or Eliminate the Need for a Physical Office

Starting a business is tough, and many small business owners decide to use their own homes as a business location rather than forking over a bunch of lease money to a commercial realtor.  Using hosting application services and cloud technologies can help keep team members and co-workers working together, no matter where they are located.  Many businesses are able to get off the ground and operating successfully without ever having an established office.

Work when it Works for You

Remote desktops and hosted applications deliver functionality to users no matter where or when they need to work.  With ready access to everything needed to get the job done, workers are able to be productive even when they’re not at a desk (or even a computer!).  Smartphone and tablet apps can make working from a mobile device highly effective, extending productivity and capability to workers whenever and wherever it is required.

Keep Everyone on the Same Page

When systems are centrally located and accessed, it is easy to keep everyone on the same version, the same edition, and the same page.  No matter where users are located, documents and application data are kept in sync, ensuring that everyone is working on the most current information available.  Mobile access to applications and data keeps information from being distributed to various devices, making revision control easier and providing better protection for valuable business information.

Mobile computing and the cloud make it easy for small businesses to have better IT that enhances productivity and supports growth.  Reducing capital costs and exchanging large technology investments with affordable monthly subscription service gives small businesses the boost they need to implement the solutions and services which will develop and improve collaboration, streamline workflows, and reduce overhead costs while enabling a fast-paced and agile business ready to meet any challenge.

jmbunnyfeetMake Sense?

J

Posted on

Securing Business Data When Mobility is the Target

driving1-ANIMATIONToday’s workforce is a mobile workforce. Technology has enabled businesses to allow their employees to reach beyond the office walls, doing business and operating effectively from just about any location.  SaaS, online access to business data, and smart phone technologies have brought flexibility in working models previously only imagined by the workforce tethered to business locations and office computers. Yet this flexibility comes at a price if the business is to keep up with securing and protecting data assets as readily as it extends access to them.  The bad guys are well aware that mobile computing and remote access working models are growing in adoption with businesses, and are finding ways to take ever-greater advantage of the situation.

Teleworking, which is not quite the same thing as telecommuting, is on the rise and it doesn’t look to be a trend that will slow down any time soon. According to GlobalWorkplaceanalytics.com, “telework is defined as the substitution of technology for travel”.  Those who work sometimes from an office, but sometimes not, are teleworkers. Working at the office during the day and then taking work home at night makes you a teleworker. The primary tool of the teleworkforce is the smart phone – the mobile computer with built-in connectivity and enough processing power to handle many basic office workloads.

  • 50% of the US workforce holds a job that is compatible with at least partial telework and approximately 20-25% of the workforce teleworks at some frequency
  • 80% to 90% of the US workforce says they would like to telework at least part-time. Two to three days a week seems to be the sweet spot that allows for a balance of concentrative work (at home) and collaborative work (at the office).
  • Fortune 1000 companies around the globe are entirely revamping their space around the fact that employees are already mobile. Studies repeatedly show they are not at their desk 50-60% of the time.  http://globalworkplaceanalytics.com/telecommuting-statistics

The number of teleworking employees is on the rise, and so is the variety of devices used to facilitate mobile working.  Smartphones, tablets and phablets and, of course, laptop computers are used by mobile workers – often in addition to the company-supplied desktop in the office. The variety and number of computing devices per user is growing. Knowing this, businesses must take increasingly expansive steps to strengthen and secure remote access systems and business data, yet many organizations are just beginning to fully realize that the mobility they extend to their users is part of the reason for the increasing number of data breaches and attacks against business information systems.

Cybercriminals and their crafty programs are often able to steal important information or access a network by first infecting computers and devices used for telework.  Many of the devices available to the attackers are not company-owned, but are introduced to the system by contractors, vendors and employees (BYOD or bring-your-own-device users).

Even if the device isn’t a vehicle delivering a nasty payload into the network, data breaches may still occur when business information is stored on an improperly secured device. Most people who work with computers have some recognition of the potential for virus attacks and malware, but far fewer recognize the threat potential of attacks against mobile devices such as phones and tablets, and even fewer may implement meaningful protections on those devices.

“To prevent breaches when people are teleworking, organizations need to have stronger control over their sensitive data that can be accessed by, or stored on, telework devices,” said Murugiah Souppaya, a NIST computer scientist. [1]

Providing guidance and information to the public on such topics, NIST (National Institute of Standards and Technology) is revising its publications on telework to cover growing use of BYOD and how contractor and vendor devices are increasingly used to access company information resources.  Two new publications – one for organizations and one for users – are now available for review and comment.  You can find them here.

“As one of the major research components of the National Institute of Standards and Technology, the Information Technology Laboratory (ITL) has the broad mission to promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology through research and development in information technology, mathematics, and statistics.”  [NIST Information Technology Laboratory Mission]

The rising number of threats, attacks and breaches caused by compromised devices used for teleworking is nothing to take lightly, and protecting against them shouldn’t be approached as a merely perfunctory obligation. Organizations must create and consistently update policies and requirements relating to protecting information accessible by remote workers if they intend to reduce business risk and provide assurances to stakeholders and customers that the information is adequately guarded.  But it doesn’t stop with the policy; businesses must also make an effort to properly educate their users (employees, contractors, vendors, etc.) on those policies, ensuring that all parties involved understand the responsibilities and requirements and strictly adhere to them.

jmbunnyfeetMake Sense?

J

[1] http://www.nist.gov/itl/csd/attackers-honing-in-on-teleworkers-how-organizations-can-secure-their-datata.cfm
Posted on

SEC Watchful Eyes Focus On Cybersecurity and Protecting Personal Information

SEC Watchful Eyes Focus On Cybersecurity and Protecting Personal Information  #cybersecurity BehindBars

Information privacy used to be a fairly simple thing.   Systems – what systems there were – weren’t so interconnected and information wasn’t so easy to share with thousands (millions) of people all over the world.  Security used to come down to gaining physical access to the information, which was usually on paper.  If you couldn’t get to the paper, you couldn’t get to the information. Yet those very analog days are long gone, and most of us have come to recognize that our personal information assets are no longer so tangible that we can touch them and feel them and keep them secured safely in the lockbox in the closet. What’s disturbing about the landscape of security in the cyber-world is that it is risky to trust not just the systems but the users – including the folks you want and need to trust – with your personal information.  It isn’t that you can’t trust anyone these days.  You just can’t trust that everyone is taking the precautions necessary to protect YOUR information.  You need to be sure.

Trust has always been an essential element in business and finances, and in every business relationship there is some element of it present. The prudent customer performs necessary due diligence before entering into any business arrangement, but there are often factors taken for granted in the review; factors which are overlooked or remain unconsidered, often due to an essential level of trust which  is placed with the other party. This is among the issues identified by the SEC as it relates to broker/dealers and their recognition of the importance of securing their clients personal information.  Yet recognition of the risk and responsibility isn’t always enough, especially with the number and makeup of bad actors out there. As the threat landscape changes, so must the approaches and technologies used to protect information from those threats.

Consumers place a high level of trust with their financial advisors and generally provide them with a great deal of personal information, and the broker-dealers and advisors generally recognize the importance of protecting the personal information they are entrusted with.  The problem is that these entities too often approach the problem of information security and protection as something with static and unchanging requirements. Compliance in establishing a baseline of protection is met.  A lack of ongoing diligence required to adjust to new threats and changing conditions… not so much. According to a summary report on the subject issued by the SEC in February 2015, the “vast majority” of examined broker-dealers and advisors have adopted written information security policies, yet the report goes on to discuss additional measures and constant reviews which should be applied to better guard the personal information of consumers.

Most of the examined firms reported that they have been the subject of a cyber-related incident.  A majority of the broker-dealers (88%) and the advisers (74%) stated that they have experienced cyber-attacks directly or through one or more of their vendors.  The majority of the cyber-related incidents are related to malware and fraudulent emails.

National Exam Program Risk Alert issued By the Office of Compliance Inspections and Examinations (“OCIE”); Volume IV, Issue 4 February 3, 2015

Among the agencies placing focus on the issues of cybersecurity and personal information protection is the SEC.  Within the SEC (Securities and Exchange Commission) is an office called the Office of Compliance Inspections and Examinations (OCIE).  The OCIE exists to “protect investors through administering the SEC’s nationwide examination and inspection program”.  Registered entities examined by this office (in Washington, DC and the Commission’s 11 regional offices) include broker-dealers, transfer agents, investment advisers, investment companies, municipal advisors, the various national securities exchanges, clearing agencies, and certain self-regulatory organizations (SROs) such as the Financial Industry Regulatory Authority (FINRA) and the Public Company Accounting Oversight Board (PCAOB).

In February 2015, OCIE published a summary of observations of the findings from a SEC-sponsored Cybersecurity Roundtable which included SEC Commissioners and staff as well as industry representatives.  The roundtable discussion, held in March 2014, focused on the important part cybersecurity plays in preserving the integrity of the market system and protecting customer data.  On the heels of the roundtable came a Risk Alert published by OCIE, in which it announced a series of examinations and tests aimed at the identification of cybersecurity risks and assessing the preparedness of the securities industry to meet the challenge.  After all, federal securities laws require registered investment advisers to adopt written policies and procedures reasonably designed to protect customer records and information.

Paperless_468x80

The watchful eyes of the SEC are looking directly at broker-dealers and advisers, bringing additional attention to messaging about the requirement for these entities to protect consumer personal information.  The message is more likely to be heard when it includes the threat of censure and big fine. In September 2015 the SEC charged an “investment adviser with failing to adopt proper cybersecurity policies and procedures prior to a breach”.  According to the SEC release, the firm “failed to establish the required cybersecurity policies and procedures in advance of a breach that compromised the personally identifiable information (PII) of approximately 100,000 individuals, including thousands of the firm’s clients.”  Also in September, the OCIE communicated another Risk Alert notifying of their intent to focus on cybersecurity compliance and controls, including information about the next round of examinations which will include more testing to evaluate firms’ implementations of procedures and controls around information protection and cybersecurity.

Gathering information on information security and privacy practices is not always easily accomplished for the SEC OCIE.  FinCin (US Dept of the Treasury Financial Crimes Enforcement Network), on the other hand, seems to get more reports of breaches from broker-dealers than does OCIE.  Maybe it is due to the advisor wanting to take more the role of the victim rather than admittance of culpability in any way, but the OCIE reports that roughly 65% of broker-dealers that acknowledged receiving fraudulent emails, for example, reported them to FinCen, yet perhaps 7% or fewer actually reported the information to law enforcement or other regulatory agencies.  It is the public report of the breach which gets the attention, and which continues to spur the efforts within the OCIE.

Public reports of cybersecurity breaches occur with too much frequency.  Sadly many of these events are due to failures or weaknesses in basic controls – failures which might have been identified if testing and review of basic processes, systems and controls was part of regular procedure.  With some of the largest data breaches possibly resulting from hacking of 3rd party vendor systems and platforms, review and assessment of vendors and suppliers must also be folded into the realm of consideration.  Failure to protect personal information of consumers and clients is risk to not just the firm or the client, but also to the entire market.  Risk reduction and management is among the focus areas for OCIE, a charter which supports the recent creation of the Office of Risk and Strategy, and which recognizes the challenge in gaining the information necessary to effectively inform the SEC and the market on cybersecurity issues.

jmbunnyfeetMake Sense?

J