Monthly Archives: August, 2016

Physical security: The overlooked domain

August 29th, 2016 Posted by Glenn Baruck Security & Surveillance 0 thoughts on “Physical security: The overlooked domain”

“Physical Security is still vital and dangerous to overlook.”

– Todd Hepler, Digitek Security

The following article written by: y Robert C. Covington, Computer World

As few as 15 years ago, if you mentioned security to someone in the business world, they would immediately think about alarm systems, badge readers and door locks. Some years back, I visited the Equifax Atlanta data center, entry to which required a retina scan and practically an act of Congress. Today, the focus is on logical security — threat management, breach detection, intrusion prevention, etc. With the threats we face today from all over the world, logical security is very important. Physical security has unfortunately been relegated to the realm of secondary concerns.

In the world of CISSP certification, physical/environmental security has historically been one of the nine domains. As of 2015, it was combined with another domain that includes other items, further evidence of its diminishing importance in the minds of many security experts. I would suggest, however, that physical/environmental security is still of vital importance to information security, and is dangerous to overlook.

While it would seem easier for someone to breach your network in order to steal critical data and information, physical theft cannot be overlooked. These thefts may involve actual information, or just items such as manuals or a phone list to be used for social engineering purposes. In the early days of phone phreaking, for example, systems were breached as a result of hackers stealing manuals from Dumpsters.

Another concern related to physical security is the insider threat — an employee or contractor helping themselves to your information for financial gain. While these too often involve a breach of systems, they can easily involve physical security lapses, since these individuals are rightfully in your building in the first place. The 2014 U.S. State of Cybercrime Survey, a joint effort by Pricewaterhouse Coopers, Carnegie Mellon University, CSO magazine and the U.S. Secret Service, reported that “Only 49% of companies have a plan to address and respond to insider security threats — even though 32% of the same companies agree that crimes perpetrated by insiders are more costly and damaging than those committed by outsiders.” If insiders can walk into your data center and grab a removable hard drive, they have no need to break into your servers.
Finally, physical security is important to protect your most important assets: your employees. Many of the key aspects of physical security also protect your people. Beyond the value of human life, your business would be hard-pressed to operate without your employees.

Given the diminishing focus on physical security, I think a review of some key exposures in this domain is warranted.

The open lobby

This is one of my pet peeves in the physical security realm — the ability for an intruder to walk into a company lobby and straight through to the inside of the facility. Companies with open lobbies often rely on a receptionist to be the gatekeeper, but receptionists can get busy and distracted. A few weeks ago, I visited a company with an open lobby. Had the receptionist been distracted, and with the few people walking in the halls, I could have easily made it through the building to the unlocked data center. A locked door between the lobby and inside of a facility is very important.

The unlocked data center

This takes us to another key deficiency — the unlocked data center. Someone with physical access to a system can do many things that a network intruder could not. I helped a church blank the local admin password on a PC this week, something I could only do with hands-on access to the system. If you have a data center of any size, it needs to be securely locked, with access restricted to those with a need to be there.
Poorly secured doors

Systems requiring a proximity card for entry are now quite common, and with good reason. They provide tight granularity of access control for individual doors and a detailed audit trail. They are important, and should be used more than they are. That being said, they are not the answer to tight access control that many think, given the ease with which access information can be captured and used by bad actors. One of my customers recently described an audit by a major corporate customer that included an attempt to capture badge data using inexpensive, off-the-shelf hardware and software. The auditor arrived 30 minutes early and rode up and down the elevators with arriving employees. After 30 minutes, the auditor had captured enough data to easily enter almost any office in the building. I discussed this threat, and the options for badge encryption in a recent article.

Lack of surveillance

Cameras are very inexpensive today, and yet they can do double duty, not only detecting possible threats in progress, but allowing for forensic review of incidents. What a bargain! And yet, surprisingly few companies use them, and many that do, install and ignore them. Cameras should be installed at all entry points to a facility, and in key areas such as data centers and telecom closets. The video should be recorded and retained, with a live monitor placed on the desk of someone who can keep an eye on it.

The good news is that intrusion alarms are in very common use today. There is much opportunity for improvement, however. Many smaller offices in multitenant buildings do not bother with them, because a guard is often present in the lobby. If you refer to the badge paragraph above, you will realize just how easy it can be for someone to get into such a building. Further, these offices often share a common wall with other tenants. You don’t have to watch many home improvement shows to realize just how easy it is to get through drywall. You need an intrusion system, and you need one supporting unique codes for each individual for audit trail purposes.

The bottom line: It is appropriate to pay attention to logical security threats, but overlook physical security at your own peril.

Learn More about Digitek Security.

How to Create a Signature Brand Story

August 26th, 2016 Posted by Glenn Baruck Marketing 0 thoughts on “How to Create a Signature Brand Story”

“Author David Aaker demonstrates the value of illustrating with words. Though people respond visually, writing that shares stories can seal the deal.”

– Mark Ingraham, Image Perspective

The following article written by: David Aaker, AMD

Enduring Relevance + Capacity to Inspire + Provide Direction = A Signature Story

Stories are a hot topic in marketing because they have been shown to be superior to facts in getting attention, being remembered, changing opinions, stimulating social activity, developing emotion and, curiously, communicating facts. Many firms have added journalists, editors and filmmakers to their staffs to create or find meaningful stories and present them in a compelling way.

Stories often support tactical communication objectives. But there is also a strategic role for stories that is developed in an article by Jennifer Aaker and me entitled, “What Are Your Signature Stories?” in the spring 2016 issue of California Management Review.

We call such stories “signature stories” because they represent some form of strategic statement about a mission, values, the brand, customer relationship or strategic intent. Signature stories do this much better than a recitation of facts, which usually ends up sounding not only boring but similar to a host of other firms.

Consider L.L. Bean, a brand aiming to communicate its innovation culture, passion for the outdoors, commitment to quality, concern for the customer and the functional benefits of the Maine Hunting Shoe. Stating such facts is unlikely to create interest, credibility or even a connection to L.L. Bean.

In contrast, consider the following story: Leon L. Bean, an avid outdoorsman, returned from a hunting trip in 1912 disgruntled because of his cold, wet feet. With little resources but a lot of motivation and ingenuity, he invented a new boot by stitching lightweight leather tops to waterproof rubber bottoms. The boots worked so well he offered them for sale via mail order as the Maine Hunting Shoe, using lists of nonresident Maine hunting license holders.

Unfortunately, most of the first 100 pairs sold had a stitching problem and leaked. Bean faced a defining moment. His response? He refunded the customers’ money, even though it nearly broke him, and fixed the manufacturing process so that future boots were watertight. This story communicates the L.L. Bean brand far better than any presentation of facts.
A signature story is an intriguing, authentic, involving narrative (as opposed to a stand-alone set of facts or features) with a strategic message that enables growth by clarifying or enhancing the brand, the customer relationship, the organization or the business strategy. It is a strategic asset that can be leveraged through time, providing inspiration and direction both internally and externally.

A signature story needs to:
Be intriguing—some combination of thought-provoking, novel, provocative, interesting, informative, newsworthy or entertaining to the audience.

Be authentic—the audience cannot perceive the story to be phony, contrived or a transparent selling effort. Further, there should be substance behind the story and its message in the form of programs, policies or transparency that support it.

Be involving—the audience member should be drawn into the story, which can precipitate a cognitive, emotional or behavioral response.

Be strategic—have a message linked to the brand that enables growth by clarifying or enhancing the brand, the customer relationship, the organization or the business strategy.

A signature story is an asset with enduring relevance and capacity to inspire and provide direction over a long period of time. As they get retold, signature stories gain authenticity, traction and influence.

The principle targets for signature stories are employees and existing and potential customers. Signature stories can provide employees a source of inspiration and a cornerstone for organizational culture and values. The L. L. Bean story supports a higher purpose around innovation, the passion for the outdoors, quality and the customer. Millennials, in particular, are attracted to firms that are aiming for more than sales and profits. A signature story can help with making that purpose authentic and clear.

Customers are also a valuable target because there is a segment that will find a brand’s values, customer relationship and strategy important to them as they develop loyalties to brands and firms. Advancing the strategic position of the brand and organization in the eyes of this audience is challenging because of message clutter, media dynamics, growing customer ownership of context and the complexity of social media. Signature stories can be an answer, providing not only breakthrough visibility, but communicating the basic essence of a brand and organization.

To determine what story content would be useful, it is important to understand who you are, what you do and where you are going. Look to your brand vision and value proposition, drivers of customer relationships, your organizational culture and values, as well as your business strategy. What are the priorities? What perceptions and attitudes need to be created, reinforced or changed to allow the business strategy to succeed?

To find or create signature stories, look broadly for story heroes. Stories can be motivated by a variety of heroes such as customers, employees, programs, a founder, an offering, a business revitalization strategy or a future business revitalization strategy.

The customer as hero can be effective because there is no “my brand or product is better than yours” connotation, and the customer story is likely to be closely linked to either the organizational values or the brand’s value proposition. LinkedIn has a series of professionally created, one-minute stories about “creating you own success” that involve leveraging LinkedIn. Dr. Chavez told about his dream of getting pets off of processed foods using LinkedIn to share his big idea. Jenni was laid off during the financial meltdown and several months of intense networking led to a marketing position and, ultimately, supported her decision to be on her own.

The employee as hero can be a source of a strong and memorable signature story because employees are on the front lines. Zappos.com, the online shoe store, has a set of signature stories about its 10 core values, one of which is to deliver “wow” customer service. One such story involves a Zappos.com call center employee who, at 3 a.m., received a call from a customer who could not find an open pizza store. Instead of gently turning the customer away, the employee actually found a pizza store open and arranged a delivery.

The business revitalization story can clarify and motivate a new strategy and inspire employees and customers. Consider Zhang Ruimin, who became the CEO of a troubled Chinese appliance manufacturer, Haier, in 1982. Early in his tenure, he used a sledgehammer to destroy 72 defective appliances. The story and its symbol, the sledgehammer, served to define a new strategy and culture that ultimately led to Haier becoming a global leader.

Learn more about The eDot Family of Companies.

Physical Security Procedures for Small Companies

August 25th, 2016 Posted by Glenn Baruck Security & Surveillance, Small and Medium-Sized Businesses (SMBs) 0 thoughts on “Physical Security Procedures for Small Companies”

“Today every size company needs sound security procedures.”

– Todd Hepler, Digitek Security

The following article written by: Shelley Frost,, Small Business

Physical security concerns aren’t just for large companies. A small business needs a solid plan to protect the physical assets from both employees and outsiders. The security plan should also focus on keeping all staff members safe. Start with an inspection and evaluation of the current physical environment and procedures to determine the need for change.

Access Procedures

Controlling physical access to areas in the workplace is a way to keep the business safe. Establish a procedure for distributing keys, including who gets one and how you keep track of the keys when an employee leaves the company. If you keep confidential or valuable information, products or equipment in the workplace, keep these items secured in a locked room with access only to those who use the items. Keep entrances to the building locked on the outside to prevent people who don’t work for you from entering. Limit access by customers to one entrance that is monitored constantly.

Security System

Regular use of a security system protects the physical safety of employees and the assets of your company. Choose a security system that is monitored by an outside company so emergency personnel are automatically notified if an emergency occurs at the business. Provide the access code only to employees. In some cases, you may only need to share the code with one or two employees who arrive first or leave last. Change the access code any time an employee leaves the company.

Monitoring

Physically monitoring what happens in and around your small business helps you notice suspicious behavior before it becomes a problem. Get in the habit of walking around regularly to keep an eye on the workplace. Remind employees to stay observant both while working and when arriving and leaving. Train employees to stop and question anyone who does not work for the company, especially if the person tries to enter back office areas. Security cameras assist in monitoring the premises and discouraging potential burglars from attempting to enter your business. Keep the cameras running at all times for the best results.

Communication System

Establish a communication and response policy in case of an emergency situation. Lay out how the employees should respond to threats like an intruder, attack or suspicious behavior. Identify the procedure for communicating the threat to the rest of the staff, which may include an intercom, telephone system or an alarm that is manually activated to indicate danger. Plan for a backup method of communicating with others. You might also identify an emergency meeting area that contains supplies like a first aid kit.

Learn More about Digitek Security.

Managed IT Services Can Help Small Businesses Boost Productivity

August 19th, 2016 Posted by Glenn Baruck Small and Medium-Sized Businesses (SMBs), Technology 0 thoughts on “Managed IT Services Can Help Small Businesses Boost Productivity”

“Good insight on the value of IT staff augmentation. If you can outsource the care and feeding of the infrastructure to a trusted partner, you can allow your internal talent to focus on the business technology initiatives.”>- Patrick Torney – eDot

The following article written by: John Chancellor, BizTech

One company I know has found a unique way to improve customer service and outflank its competitors. The company’s leadership told its IT staff to set aside its routine activities for two weeks and instead compete in an internal hackathon. The goal: identify a business problem and find a solution.

At first, the company’s leaders weren’t sure of what they had started, but at the end of the two weeks, they were blown away by the ideas that surfaced. In particular, one team implemented a tracking app that showed customers the real-time location of delivery trucks, so customers could estimate when a new shipment would arrive and plan their day accordingly.

The app significantly boosted customer satisfaction and reduced calls to the company’s help desk by 75 percent. Just as important, the exercise showed how big the payoff can be when skilled IT workers devote more time to helping their company succeed rather than fighting infrastructure fires or performing routine activities like software patching.

Freeing Up Time and Saving Money

What’s the secret to enabling IT to work more strategically? The answer is managed IT services, a cost-effective way to extend SMB IT talent and free-up skilled resources to accomplish business goals.

Managed services can deliver a wide variety of capabilities, ranging from computing, storage and networking resources to mobility management, cybersecurity, email and unified communications, including telephony services. The common thread is that, along with the capabilities themselves, the best service providers also offer ongoing management and maintenance of the underlying infrastructure, service guarantees and end-user support.

According to the MSPAlliance, North American companies spend $154 billion on managed services, with SMBs being among the top customers. This dispels the notion that managed services are too expensive or too complicated for SMBs to consider.

After a decade in this market, I’ve seen firsthand that the opposite is true for startups and established small businesses alike. These companies typically see four key benefits: improved operational performance, reduced operational risk, cost avoidance and accelerated innovation.

The Keys to Success

There’s a lot to like about managed IT services, but how can SMB leaders be sure a particular service provider is right for their company? To find the best match, consider these five important criteria.

Choose a technology partner who focuses primarily on the business. Each company is unique, and so are its business challenges and opportunities. Potential providers must understand each SMB’s goals rather than offer a cookie-cutter service plan for all clients.
Look for a partner that values long-term relationships. A trusted adviser will help create an ongoing technology roadmap tuned to keeping a client focused on staying successful and competitive as market conditions change.
Assess the provider’s breadth of offerings. A comprehensive service portfolio means SMBs can fulfill their needs from a single provider rather than having to manage multiple and potentially conflicting vendors.
Address existing technology pain points. Discuss in detail particularly important problems, such as areas where outages have occurred in the past or security vulnerabilities. Then get potential partners to deliver a detailed solution tailored to these specific issues.
Insist on close communications. Determine how often the provider will present formal reviews and data to show the effectiveness of the engagement. This should happen each quarter at a minimum; informal meetings with account managers should take place more frequently.

Making the Most of IT Talent

IT professionals have a passion for technology, which often goes to waste when they must spend time patching servers and performing other routine duties. It doesn’t have to be this way.

That’s why I get so excited when I show SMB leaders how managed services extend their IT operations and free their people to do what they do best — make the business more successful.

Learn More about eDot.

Color Psychology-Marketing Strategies For Social Media

August 16th, 2016 Posted by Glenn Baruck Marketing 0 thoughts on “Color Psychology-Marketing Strategies For Social Media”

“In this popular article, Wade does a great job of expanding this seemingly simple topic. And with no less than 13 linked articles and infographics, it’s a compact example of how to spread your reach and add value online.”

– Mark Ingraham, Image Perspective

The following article written by: Wade Harman, wadeharman.com

92.6% of people say that visual stimulation was the reason they pushed the buy now button.

In visual marketing, color reigns supreme.

Color brings harmony.

Visual stimulation, when done correctly, engages the viewer and brings about creating an inner sense of order and balance in the visual experience.

When you have found your correct color psychology in your marketing your strategy flows, people convert, and customers are attracted to your brand.

In this article I want to talk about picking the right color for your content on social media and why it’s so important for both the reader and the creator to have this fluidity between them.

Does Color Affect Your Marketing?

Let’s talk about color in general.

In 1666, Sir Isaac Newton discovered fascinating truths about color when he researched the prism effect with light.

When pure white light passes through a prism, it separates into all of the visible colors. Newton also found that each color is made up of a single wavelength and cannot be separated any further into other colors.

This stands to reason that even when conducting color experiments, colors of all kinds can only be dissected to a certain base-point. After that, it cannot be dissected any further, even with something so powerful as light.

Color is powerful.

Colors affect your marketing because we are creatures that are in tune with the subconscious area of the brain. Emotionally, color psychology works because it affects us on a different level.

For instance, there are two camps that colors lie in.

The first camp is the warm colors like red, yellow, and orange. These colors affect us on two different spectrum.

Colors on the blue side of the spectrum are known as cool colors and include blue, purple and green. These colors are often described as calm, but can also call to mind feelings of sadness or indifference.

This means that these cool colors are tapping into the emotional side of the brain and are important to remember that even though using too many warm colors that can confuse your message, you don’t have to worry about over-using cool colors too much.

These cool colors evoke a sense of trust, tranquility, and influence among your target market. That is why most large brands choose their colors wisely, and most use the cool color swatches.

Warm colors trigger emotions ranging from feelings of warmth and comfort to feelings of anger and hostility. One study suggested that it is important to refrain from using too much of the same color at one time. Especially with the warm colors.

Researchers have said that the color red can hinder performance in some people and their tasks. So too much of a warm color is consistent with putting people off and limiting them to what they could do on your site or social post.

However, a study from HubSpot shows us how they wanted to tweak the color of their CTA button from green, which is a friendly, non threatening, color, to red, a more dominant color like we discussed above. See the image below.

So should we use warm colors then? Seems like a lot of double talk if you ask me.

Researching this further I came to a conclusion…

The Variables

There are a lot of variables that you must think about when introducing color psychology into your marketing strategy.

Everyone is different.

Different people react to different stimuli when it comes to trigger responses. Having said that, you must understand that the person that has just landed on your page and is an outright lunatic for your content may react more suddenly than someone who has never heard of you before.

Color still affects these people though. But what I want to stress is that for some people it doesn’t have to. You’ve already got them.

This is a graphic created by Kissmetrics about different brands and their color decisions with the Buy Now button. As you will see, tweaking something as small as color scheme in your marketing can produce great results for your brand.

The Final Thought

Create a color strategy that is fluid with the message that you want people to know about your brand. Create those bridges, those small tweaks, with your colors to bring astronomical results to your marketing.

For me, the color is blue. I want people to think of someone they trust when they see my branding.

What does your color say about your brand? And, best of all, does it say the right thing?

Start experimenting with your colors on social media, in your blog posts, and see what works the best. You may be surprised at what you find out.

What do you think?