Tuesday, August 25, 2015

Mo’ Data, Mo’ Problems: Managing data in a dynamic environment

Today’s guest blog comes from David Luhan, a director at the Governor’s Office of Information Technology (OIT). David's views below are based on his years of IT experience; they do not necessarily represent OIT policy.

Data management is a business imperative. Success hinges on the ability to make informed and effective decisions, and although organizations have been collecting and storing information for years, they continue to wrestle with quality, availability, and retention of data -- day in and day out.

With the uptick of e-commerce, social networks, and mobile devices, data is collected and stored in an overwhelming number of formats. Data management requires constant attention to ensure adequate storage, enforce security, and ease of use. Data management is essential; end of story.

But there are many obstacles, and they are not easy to overcome. Businesses and IT leaders are consistently faced with the following:


  • Rampant data growth from capturing unstructured data and a “keep everything” attitude.
  • Intensification of data velocity where there is an influx of rapidly-changing data that is decreasing in value over time.
  • Data that was once confined to a single data store is being replicated and repurposed across multiple departments and beyond.
  • The increasing propagation of data imported into new applications and repositories.
  • New applications creating content from sources that come with varying requirements for access, security, and retention.

That’s a lot. So, how should we handle data in a dynamic business environment? Here’s what I suggest:

  1. Establish Controls
    Review the data and the process by which data it is collected and managed. Establish rules on access and modification rights based upon job function. Identify the opportunity for database consolidation to establish a single point of data truth that feeds reporting and applications.
  2. Develop a Data Map
    One key to effective data management is determining what data you are going to collect and why. A data map shows the “flow” of data from intake to output, how various systems integrate, and define the use for each database field. The data mapping process will support the controls that have been established and will ensure better data consistency.
  3. Segment Your Data
    Segmentation is the on-going process of building several ‘profiles’ in the database depending on the product or service offered. Using characteristics of your customer, target audience profiles can be developed. Segmentation allows you to effectively gain attention with targeted key messages, leading to better engagement.
  4. Establish a Regular Data Archive Process
    Implementing a data archive process is an essential consideration for every department. Determine how frequently you will need to access the information and timeframe for records retention.
Adopting a data management strategy like this will help to alleviate the pain around reporting, compliance, and space provisioning. And, if you do it right, your IT leaders will foster a collaborative environment to enable a comprehensive and secure data repository that becomes a valuable -- and permanent -- resource. And that’s certainly a happy ending for today’s data management challenge.

Wednesday, August 19, 2015

Change: Let's Face IT

Photo credit: Connectedsocialmedia.com
Most people would prefer not to deal with change, wanting life to remain constant and predictable. However, in the world of IT, innovation and transformation are part of the fabric of our world. Changing technology, business processes, and ways of interacting with the customer constantly evolve. So, how do we deal with it?
  • No one can tell you how to feel or make you feel anything. Face your feelings and own them. I often write things down, or I send myself an email venting all of the frustrations or worries I have. When I hit send, I can “let it go.” After I receive this email from myself, I can choose to read or delete it. Usually, I delete the email and move on knowing that I have been able to express myself and to get those thoughts out of my head. Oftentimes this process allows me to formulate a constructive plan for moving ahead, whether or not I choose to send relevant ideas from the note to my teammates or others.
  • Control what you can; let go of what you cannot. It is easy to get caught being negative or resistant to change. When something interferes with our daily routine -- like when another team steps on a process -- I notice it is a human trait to look to fix the other person’s problem. It sure is easier to point the finger and find flaws elsewhere. I take a step back and focus on what I can control -- myself and my team. This not only improves the entire process and situation but it also gives me (and us!) something productive to focus on. When we are focused and choosing to be in control of ourselves, we don’t feel the stress of change as much.
  • Find ways to be grateful and look for benefits of the change. When change happens, it is often our first reaction to be angry. I try to get past this (after sending my angry email to myself) and focus on being grateful about what the universe is offering me with this change. If I reframe the change as an opportunity, I can see the possibilities. I have found that as soon as I “let go” of resistance and worries, I can see the ways to make the change work for me. Often I will reach out to a key coworker, family member, or friend to discuss my feelings and frustrations. This gets the worry out of my head and provides perspective. Others may see the benefits for me when I cannot.
  • Take care of yourself -- relax and do something you enjoy. This concept applies at all times but certainly makes a big impact when stressed or dealing with change. I find the time to just take a walk around the building. Or, I read a chapter in a favorite book during a quick break at work. Not only does this give me control of key moments in my day, it also recharges my personal battery. We can’t help ourselves, or others, if we don’t take care of ourselves first. Find what works for you and take control of the time you need to refresh your attitude and your mind.
  • Keep breathing, and embrace change as a natural part of life. If we can see change as normal, and not as something being “done” to us, we can transform how we think about it. I envision myself going on that trip I have planned next month, catching that new movie in two weeks, or even just having dinner at home with my family tonight. When I can see the normal things in life occurring in the future, the change and stress of the moment are less worrisome. I know I can survive it; life goes on.
  • While change may be an ever present part of life, stress does not have to be. Successful change and stress management is learning how and when to take control. It’s important to remember that you control how change affects you.
You always have a choice; and that means you do have control of how you deal with change.

William Chumley: Chief Customer Officer. Weekend color guard judge, computer science study, traveler, bookworm. He knows how to get it done and is always listening to the customer. Find me on Twitter at @WilliamMChumley.

Wednesday, August 12, 2015

Cybersecurity Smarts: Don’t Go Phishing

Phishing is an all too common occurrence we see everyday -- just check your spam box. Unfortunately, people in Colorado are estimated to have lost millions of dollars last year to scams. So what is it, what does it look like, and how do you ensure you aren’t a victim?

What is Phishing?
Phishing is done through email (most common) or phone by someone who is posing to be a legitimate business or organization. These requests will ask you for personal information or encourage you to download something to your computer. Oftentimes these emails contain links that can install viruses on your computer and permanently damage it. While many people receive these emails, generally those who are less technology-savvy are most vulnerable to phishing scams.

Examples of Phishing Scams
Phishing scams usually contain some request for information or action, such as clicking a link. This is how the scammers gain information to attack your computer and identity.

Phishing messages could look like this:
  • "We suspect an unauthorized transaction on your account. To ensure that your account is not compromised, please click the link below and confirm your identity."
  • "During our regular verification of accounts, we couldn't verify your information. Please click here to update and verify your information."
  • “Our records indicate that your account was overcharged. You must call us within 7 days to receive your refund.”

How to Avoid Phishing Scams
There are some steps you can take to avoid being a victim of phishing attacks:
  • Be cautious of all emails from addresses you don’t know.
  • Also be cautious of generalized emails, even from people you do know. Often scammers hack into emails of other people and send messages through friends.
  • Only give personal information through secure, official websites (ie. Amazon). Tip: look for the ‘s’ in the https:// in the URL. The ‘s’ means secure. If it just says “‘http://” it is not a secure website.
  • Do not click links or download files from unknown senders.
  • Don’t click on links in unsolicited emails -- if FedEx (for instance) sends you an email that you weren’t expecting, rather than clicking on the link in the email, go to your browser and type in the URL that you typically use to access that site.
  • Do not enter personal information on a pop-up screen.
  • Never send personal information through email -- your bank will never ask you for your address, social security number, account number, or any information in email.
  • Make sure you keep all software, including your operating system, up to date.
  • Run anti-virus software, and keep it up to date.
  • Examine the security controls your bank, email providers, and other service providers you use offer -- you may be able to take advantage of 2-step verification and other controls that would prevent your stolen credentials from allowing unauthorized access to your account.

What To Do if You Think You’ve Been Scammed
Unfortunately, bad things do happen and someone could gain access to your sensitive data. There are some steps you can take to minimize the damage scammers can do to you, once they’ve already gained access to your data.
  • Change all your PINS and passwords for your online accounts.
  • If you know any accounts that were accessed fraudulently, close those accounts promptly.
  • Contact the bank or merchant directly if you suspect the email sent on their behalf is not legitimate.
  • Run a virus and security scan on your system to make sure there are no residual threats.
  • Request a free credit report to see if any other accounts were opened under your name.
  • Report the scam so it can be stopped in the future.

Reporting Phishing Scams 
The State of Colorado is particularly interested in stopping scammers. That’s why the Attorney General’s Office has started a campaign to stop fraud, and even created a website dedicated to stopping scammers. Visit StopFraudColorado.gov to report and help stop phishing.

Debbi Blyth: Chief Information Security Officer. Colorado native (almost!), beach lover, deep sea diver, Sunday school teacher. I'm the queen of keeping Colorado safe online. Find me on Twitter at @debbiblyth.