Guest Post: Two Customer Reactions to a Data Breach

/in

Originally posted by Bob Siegel, CEO of The Privacy Ref, this article looks at how a company’s response to a data breach can do as much damage as the breach itself.

TD Bank has notified their customers of a data breach through the  loss of a backup tape. Initial reports have said that the tapes contain  the account information and Social Security numbers of more than 267,000 customers on the US East Coast. The tape was not encrypted so, while the bank is unaware of any misuse of the information, anyone who does obtain the tape could easily read the information it contains.

I was with some TD Bank customers the day the data breach was acknowledged. There were two comments made that I hear anytime a breach occurs so I wanted to share them to help you protect your brand image in the event of a data loss.

It took too long to notify customers of the data breach

The first comment the people I spoke with made was that six months was too long for the bank to notify customers that a data breach occurred. TD Bank has said that they were investigating the incident during this period. The customers I spoke with took the view that the bank either had the tape or they didn’t, so why did it take so long to be notified. The customers felt that the delay put their accounts at further risk as well as increasing their exposure to identity theft.

Notice of a data breach to your customers needs to be timely. The definition of timely rests on the perception of the customer. Any time beyond the customers’ perception of timely may be seen as the investigation not having been a priority or, as seen by the comments above, that you are putting the customers at additional risk.

The more complex a breach is perceived to be the more time customers will tolerate for notification. For example, an intrusion into your systems is perceived to take longer to investigate than something that has been misplaced.

More should have been done to protect against the data breach

Hindsight is 20/20 and we begin thinking “if only we had….”. Hopefully we wil learn from each others’ experiences and improve our own programs.

In this case more should have been done to protect the data. TD Bank has customers in Massachusetts.  MA 201 CMR 17.00 provides standards of protection for personal information for residents of this commonwealth. Under this statute, the encryption of personal data that resides on portable devices is required. Personal information under the Massachusetts law includes financial account information or social security number in conjunction with first name or initial and last name. Massachusetts includes tapes as portable storage devices.

In my conversations with the bank’s customers they began to question the overall security procedures used in the bank’s data processing. This may be a large leap in thinking, but one that someone unfamiliar with IT practices may make.

Privacy professionals today recognize that for any organization it is not if a data breach will occur, but when will it occur. How the public perceives your communications about, response to, and the circumstances of the breach will have an impact on your brand image. Preparing a response plan before a data breach occurs is something every organization should do to minimize any impacts, including  brand damage, that may occur.

 

TrueSwitch and Other Email Migration Options

/in

If you are moving from a hosted email service (other than gmail.com) to Google Apps, Google is releasing a new migration tool.  Partnering with TrueSwitch, Google is giving users the ability to migrate email from more than 50 different hosted email providers, automatically notify contacts of the new address, and forward email from the current provider to Google Apps.   As a third party tool, Google is only providing “best effort” support.

While has proven effective for users of the free Gmail service, businesses may elect to follow other migration paths for the following reasons: (1) TrueSwitch requires end user action or access to every end user account through the interface; (2) while the tool runs in the background, you need to be logged into the user account to check status; and (3) the tool is designed around personal email accounts.

Businesses may prefer to use other methods and services designed to migrate domains, rather than personal accounts.

 

Cumulus Global to Feature Web-Based Learning at MassCUE 2012 Conference

/in

Westborough, MA – October 8, 2012 – Cumulus Global (www.cumulusglobal.com) announced it will feature web-based learning solutions at the company’s first-ever participation in the MassCUE Technology Conference.  Cumulus Global will conduct live demonstrations of how Chromebooks and Google Apps for Education combine to provide students with better access to educational resources, expand collaborative learning, and improve student-teacher interaction. Cumulus Global will be at Booth 219 on October 24th and 25th.

“Google Apps is much more than email, it creates a learning platform that empowers students and teachers to work together, providing students access to productivity tools without expensive hardware or software,” stated Allen Falcon, CEO of Cumulus Global.  “Chromebooks give students a fully web-connected computer at a fraction of the cost of laptops and netbooks and without the expensive administrative overhead.”

While many schools begin with carts, providing Chromebooks to students in specific classes and subjects, districts are starting to deploy Chromebooks as part of a one-to-one program.  As a web-centric device, students can access educational applications and resources without the limitation of an “app store”.

“While other devices get more press, Chromebooks deliver more value in the classroom”, notes Falcon.  “Students can write and edit papers, create presentations, and work with video.  Schools can manage Chromebooks without the complexity and cost that comes with iPads and traditional laptops.”

With a full keyboard, mousepad, 12.1” screen, and HD audio and video, Chromebooks enable students to complete papers, presentations, and projects with the ability to share, collaborate, and get feedback directly from teachers.  Chromebooks are more secure than laptops, with automatic operating system updates, built-in malware protection, and no local user profiles or local data. The ChromeOS Management Service gives administrators full control over the devices without monthly updates and expensive imaging/ghosting systems.

Google Apps Vault for Education has Arrived

/in

vault-icon-150x150We are pleased to announce the Google Vault is available for K-12 schools and districts, and higher education institutions.  And, the price is right.

Google Apps Vault

Google Apps Vault provides in-place archiving for Gmail and Talk.  Archiving for Google Docs content is expected in the not too distant future.  Google Apps Vault is fully integrated with Google Apps, using the cPanel for management.  Like Postini/Google Message Archive & Discovery, there is no space limit for Vault accounts.  Unlike Postini, retention is indefinite — no more limitation at 10 years retention.

EDU Pricing

For K-12 Schools, Google Apps Vault lists at $10 per user per year.  Coverage must be purchased for all faculty/staff accounts; student accounts are provided at no cost.   This represents a savings of $1 per user per year (for most schools) that would otherwise use Google Message Discovery 10 Year Retention for faculty and staff emails; and a significant cost savings for student accounts.

Things to Know

As with any change, there are some considerations.  Google Apps Vault preserves data so long as the underlying Google Apps account exists.  If you need to maintain records after an employee leaves, then the Google Apps account should be suspended and not deleted. This does mean that you will continue to pay for the account when maintaining and archive.

What if you are running Postini, aka Google Message Archive & Discovery?

If you are running Message Archive & Discovery, Google will migrate your service to the new Google Apps Vault platform.  Currently, these transitions are beginning with commercial (Business) customers.  When it is time to transition, Google will handle all of the data migration and we, Cumulus Global, will be working with you to make sure you can take advantage of the new features and capabilities.

FUD! Who do YOU trust?

/in

Fear!  Uncertainty!  Doubt! Every since Google announced that its Postini services — Google Message Security and Message Archive & Discovery were moving from an aging Postini infrastructure to the more secure, more robust Google Apps infrastructures, Postini customers have been hounded by competitors raising alarms about Postini going away and the need for a replacement.

We have already established that Postini is not going away in this blog post. Additionally we’ve pointed out that for the same pricing plan, Postini customers will gain integrated access to Google Docs, Sites, Talk, and other services (everything but Gmail, actually).

So if a vendor’s first contact with you is that Postini is going away, you know they are lying — or at least bending the truth to mislead you.

It is surprising how many people will listen to vendor claims, fail to validate them, and make decisions that impact their businesses.

Vendors use FUD because it works.  It works because business owners and IT managers are busy and they want to believe there is a better mousetrap.  But if a vendor is lying to you, why would you want to do business with them?  If they mislead you to get your business, will they follow through on their promises of quality?  savings?  support?

With a modest amount of due diligence, businesses can save themselves newer, bigger headaches.

Postini is Moving, But Not Going Away

/in

Earlier this month, Google announced a major change for users of Postini email security services, including the Google Message Security and Message Archive & Discovery Services.  If you listen to the FUD (fear, uncertainty, and doubt) spewing from competitors, you would think that Google is about to abandon some its best customers.

Here are the facts:

  • Google is moving Postini services from the legacy Postini data centers onto Google’s more advanced infrastructure.
  • Before the migrations begin, Google is adding functionality to Google Apps’ spam and virus services that are not yet present:
    • Policy-Based TLS Encryption is in the current Scheduled Release Track
    • Daily Quarantine Summary messages and expanded blatant spam protection are planned
  • Postini users will have the same features and services after the migration that they have today.
  • The Postini Administration Console will be replaced by cPanel settings and modules that will simplify the interface and make management of the services more intuitive.
  • Migrations will begin in the first quarter of 2013, starting with Google Message Security customers.  Message Archive & Discovery services will migrate to Google Apps Vault.  These migration will happen later.
  • Google will publish a migration path for Google Message Encryption users in the near future.
  • Pricing for services will remain the same.
  • After the migration, Postini customers will have access to additional features, including Google Apps services other than Gmail.  Message Archive & Discovery customers will be able to archive instant messages sent/received via Google Talk and, in the future, documents stored in Google Docs.

Our Analysis:

When Google migrated Google Apps customers running the embedded Postini services to the new spam/virus protection in Google Apps, customers did notice a difference.  Most notable were differences in the scope of blatant spam filtering and the elimination of the daily quarantine summary.

For users of “stand-alone” Postini services, Google is filling in the functionality gaps and has committed to fully equivalent services.  Beyond that, Google is providing Postini users with added features and benefits of Google’s infrastructure.  Whether or not a company is interested in access to Google Docs and other services, the Google Apps infrastructure will provide greater performance and reliability.

Our Recommendation:

We recommend companies stay with Postini and go through the migration process.  With comparable features and functions, access to additional services, and simplified management tools, companies should benefit from the changes.  The scope and quality of services are worth waiting for and trying, before deciding if there is any need to look elsewhere.

 

Lower Legal Bills: Real Value From Google Apps

/in

One of the most tiresome and expensive aspects of contract negotiations is the “redlining” process that takes place as both parties wordsmith the legalese to accurately reflect the agreement and the intent of the parties.

As both parties, using “track changes” make modifications, the document becomes a rainbow of colored words with strike-through, underline, and change bars.  Multiple copies of each version — with and without changes visible (to keep the documents readable)  — zip back and forth as email attachments.  With each iteration, it takes more time and effort to understand, assess, and process the proposed wording.  As important, the history of what was written two versions or more in the past is often lost.

Both parties waste time — and money — keeping track of versions while trying to agree on wording, meaning, and intent.

Stop the Madness !!

Enter Google Apps for Business and the Comments feature in Google Docs.

One party creates or converts the initial draft agreement into a Document in Google Docs and grants the other party “Comment” permissions.  Both parties can now highlight text, suggest new wording, and make notes about intent.  As the parties add comments, the other party is notified so that the discussion keeps moving forward.

Each party can respond directly to the other’s comments in the document or by responding to the notification emails.  The owner of the document and make edits, solicit feedback, and get acceptance.  As the parties agree to intent and wording, they “resolve” each comment thread.  While the thread is no longer visible, it is a permanent part of the document.

When the parties are in full agreement, and all comment threads are inactive, the results are stunning.  The parties end up with:

  • A clean document ready for printing and signatures (physical or electronic)
  • A full record of all of the comment threads — discussions leading to agreement — on the wording, meaning, and intent of the document’s content
  • A full revision history of changes made to the document over the course of the negotiations

And, most importantly, these results did not require the time and money usually wasted managing multiple versions and files, figuring out file names and last modified dates, or playing with “track changes” and “compare documents”.

The results you want and need, more efficiently.  Real Value from Google Apps.

 

Guest Post: What is my Gmail account really worth?

/in

Originally posted on the by Jay Garmon, here is a way to assess the value of your Google Apps account … or at least just the email.

What, exactly, is your Gmail account worth to you?

That’s a complicated question but, at first blush, we’d guess about …roughly…$3,588.85.

That’s the value of the time invested in the average Gmail account, given how many emailsFile:Moneyenvelopeemail.png the average Gmail user has written (5,768), how long it takes to write the average email (one minute, 43 seconds), and the most recent U.S. Depart of Labor statistics on average annual salary ($45,230). In other words, if the average Gmail user were paid to recreate all the Gmail messages he or she’s ever written, it would cost $3,588.85.

How much is your Gmail account worth to you (and how do you stack up to the average Gmail user)? We built a Gmail Value Calculator to help you find out.

Just log in with your Gmail account, input your salary data, and the Gmail Value Calculator will determine:

  • How much your Gmail account is worth to you, in dollars
  • How many messages you send and receive per day
  • How much Gmail storage you use per day
  • Your average Gmail message size
  • Your Gmail Personality Index, which compares your Gmail usage to the average and determines whether you’re more extroverted or verbose than the typical Gmail user

Head over to Gmail-Value.Backupify.com, click the Autofill with Google button (it’s much easier than manually filling out your data), specify your salary, and in seconds you’ll learn what your Gmail account is worth to you.

It’s important to note that this number — how much of your time have you’ve spent writing emails multiplied by how much your time is worth — determines the minimum value of your Gmail account. In truth, your Gmail account is probably worth a lot more.

The $3,588.85 average figure doesn’t include the value of all the email you’ve received, the value of the time spent reading email, the value of any attachments included in your emails, or the simple fact that some emails are simply irreplaceable — especially if you lose them at the worst possible moment. (We’ve got a whole whitepaper devoted to parsing out the math on this issue.)

The average Gmail account is worth at least $3,588.85, but very likely a great deal more. Still, even that minimum figure is pretty impressive — as our Gmail Value Infographic explains. The text-friendly highlights are:

  • Your Gmail is worth $3,588.85, and increases by about $1,196 per year
  • You “spend” as much in Gmail every year as you do on your car
  • Your Gmail is worth five times as much as your laptop
  • Your Gmail represents over four weeks of wages
  • You store one old-school floppy disk (1.44 MB) of Gmail data every day

The complete Gmail Value Infographic is below. Click the image to view it all full size.

 

Inbox Size versus Email Relevance

/in

Now that many email services are matching Google Apps’ 25GB inbox, the IT folks areA Clean Inbox wondering if users really need that much space and if mailbox limits are still a good practice.  For most companies, the answer lies in how users use email.

Most emails lose value over time.  Like most conversations, the value of the discussion itself fades once the conclusion or result is reached.  Granted, emails dealing with legal, contract, or financial issues have historical value and should be kept around.  But think about the back-and-forth emails for scheduling a lunch meeting and picking a location.  The conversation is fine; the end result is what really matters.

Use and content are more important than size. For users that do not have mobile access to documents, saving emails with attachments may be the only way to access important information in a timely manner.  For these users, large mailboxes seem useful.

For users addressing customer service issues, emails from past cases create unnecessary clutter in the inbox and folders that can lead to disorganization and inefficiencies.  For these users, limiting inbox sizes forces organization.  Combined with an archive, customer related information is not lost while users have a cleaner environment.

And while some users believe that they need to keep everything and that they will need access to any past email at any point in the future, reality dictates that the need to go back to old emails is very limited.  For these users, the discussion is philosophical more than pragmatic.

The challenge for the IT team, is that nearly every organization has all types of users.

You can provide a common solution. Instead of focusing on “how much” space to provide users, focus on “information value”.  Users should have immediate access to information contained in emails that they need to perform efficiently and effectively.

Taking this point of view, email services can meet all user needs when:

  • Users have local, remote, and mobile access to collaboration tools and shared file services, eliminating the need for sending documents as attachments.
  • The system automatically archives email messages, potentially indefinitely, for future viewing by the end user.
  • Users can automatically groom they size of their inbox and email folders based on age, rather than volume, letting users keep and focus on information with the greatest value.

Creating an email service with these attributes eliminates concerns about remote/mobile access, sending/receiving messages with large attachments, and user efficiency.

The good news: The integrated tools within Google Apps — Gmail, Docs, Drive, and remote services — along with Google Apps Vault (or Message Archive & Discovery) deliver this ecosystem without complex configuration and expensive infrastructure.

3 Non-IT Benefits of Google Apps

/in

When most companies consider moving to cloud computing solutions, in general, and Google Apps, in particular, the decision making process is often IT-centric.  Decision makers focus on the features, cost, and impact of the change.

While not surprising, the decision should really be business-centric.

What value will moving to Google-Apps bring to the business, beyond the direct impact on IT?

In a recent Executive Briefing, we presented answers based on a formal study of more than 100 companies that switched to Google Apps for Business.  Here are three of the highlights:

1) Individual worker productivity gains of 5% to 25%

2) Sales increases of 1% to 4%

3) Travel expenses drop by 5% to 18%

While features, reliability, and cost are all reasons to look at changing technologies, the business benefits should guide the decision process.