• A secure lock code
• Keeping all Apple patches up-to-date
• Setting up the Find iPhone in iCloud (allows remote wipe. In mid-November, someone stole my iPad and I was able to pinpoint the location and have the iPad back with me safe and sound.)

Apple is, in my estimation, working hard to get the iPad accepted and implemented in offices. To that end, Apple has adopted some security measures. This blog is directed at senior executives, so some of these terms may not make sense—and that is okay:

• Support for WPA2 for Wi-Fi security (both PSK and Enterprise)
• Support for VPNs
• Password support including options for complexity, length, forced changes, lockout, etc.
• Integration with Exchange
• Ability for the IT department to enforce policies
• Remote data wipe
• PKI support including code signing requirements

If you, or IT, want to know more, check out Apple’s security overview. In particular, their iPad Security Overview and Microsoft Exchange ActiveSync document.

I expect lots of posts on this blog. This is such a hot topic—so many more of these devices are in the hands of executives, and especially after the holidays.

Please post your comments on this blog.

There was no sensitive data on the iPad, just in case something like this ever happened. Security features are enabled anyway.

When I arrived hours later the receptionist said they hadn’t heard anything about any missing devices. I checked and now Find my iPhone showed the device’s location to be about 30 miles away, complete with an address and a satellite view of a residence.

I asked if they had any idea why my iPad would be at such and such address. The helpful person at the desk said, “Can you wait a moment? I need to call the owner of my company.”

I was told that the address was that of an employee whom they’d had other problems with before. They informed me that, after the phone call, the owner had actually driven to the home, recovered the iPad, and terminated the person on the spot. Hopefully the owner isn’t the kind of terminator that Arnold Schwarzenegger portrayed in the Sci-Fi movie. I told them not to fire the guy—maybe he is just trying to feed his family and losing his job wouldn’t help him. It was just nice to know I’d have the iPad back soon.

Your device can tell you, “I’ll be back!” with that thick German accent, “Ahl be bock!”

Turn on a locating service for your device today.

Please post your comments on this blog.

• Of course, keep your own backups of your data in case the cloud provider ever loses your data and they cannot restore your data.
• Establish your own business continuity plan. This plan, which you may practice implementing one or more times a year, is what to do if your cloud provider fails.
• Have your legal advisor help you with your contract such that the contract includes clauses for both a service level agreement and a quality of service. The former specifies how much of the time the provider will be up and running for you to use their services. The latter specifies how quickly the service will perform. You want a rapid response as opposed to applications that function so slowly that your user productivity suffers.

Handled correctly the cloud can be very helpful. In case you missed them, the past 3 blog entries discussed the benefits of, cautions for, and dangers of moving to the cloud. Click the links below to read each of those blog posts:

• Big benefits of using the cloud
• Be cautious about using the cloud
• Dangers of using the cloud

Please post your comments on this blog.

The same with sharing data between your local applications. Moving one of your most important applications to the cloud may eliminate the ability to share data with your other applications.

It may be expensive to convert your systems to run in the cloud.

Using a cloud service just adds one more entity to the finger pointing game of “the hardware guy blames the software guy, who blames the cloud provider, who blames the Internet Service Provider” etc.

In the past, it was easy to define the perimeter of your network as existing at your firewall. Everything outside your firewall is “out there” and everything inside your firewall is “in here.” Utilizing cloud services for your private data blurs the delineation.

In the next blog post I’ll focus on the dangers of the cloud.

Please post your comments on this blog.

• Making backups of the data you host with them.
• Installing patches to the applications they provide you.
• Performing upgrades to their software and provide business continuity solutions to prepare for when disaster strikes their service.
• Blocking spam for you if you are using hosted e-mail.

Generally with cloud services you and your users can access the cloud applications from practically anywhere using practically any device that has a browser—even a smartphone.

Many cloud services allow month-to-month contracts and they also offer instant scalability so you can add or remove employees/users anytime you like. This means your fees are adjusted accordingly and instantly as your number of users dynamically increases and decreases.

The next two posts will address both cautions and dangers of using the cloud.

Please post your comment on this blog.

Sometimes it is even better to have a buffer zone in-between your local network and the DMZ. In other words, for traffic to get into your network, the traffic will have to get past at least three firewalls.

Since this blog post is directed towards an executive level audience, I’ll invite IT professionals to contact me for more details. And, for any of you who are interested, click here to download a diagram that provides both a clear visual and also the details you will find helpful.

Please post your comments on this blog.

• First of all, they’ve either qualified as a “Competent Toastmaster” (Competent Communicator) or have similar skills.
• Do you make the mistake of thinking the best person to present is the person who created a process? Or the person who is responsible for attendees to take action? You’d better make sure that person has excellent presentation skills if you expect for them to hold an audience’s attention.
• In my experience, 9 out of 10 presenters, especially from IT, use verbal crutches such as fillers constantly.
  • Sometimes 25% of their presentation is made up of “uh” fillers.
  • Qualified presenters know that using a pause is far better than using fillers such as: “Uh”, “Um,” “You know,” “ And,” “Well,” “ah,” “er,” “like,” “actually,” “basically,” “exactly,” etc.
  • Do you know what’s interesting? The presenter will often have no idea they are using fillers.
• Attendees generally gain more from a presentation when the presenter knows how to make regular eye contact—with everyone in the room—that is not too long or too brief.
• Qualified presenters—if they are using PowerPoint, Keynote, or some other presentation tool —know to never read, and preferably, not even use bullet points during a presentation. The bullet points can be on handouts before, during, or after the presentation.
• Qualified presenters know to speak in the affirmative so they avoid saying, “do not think of a green popsicle.”
  • What did you think of? Right… a green popsicle.
  • That’s why when a presenter says, “Do not use USB drives,” some of the attendees will swear they heard the presenter say to use USB drives.

There are many books on the basics of presentation. Just make sure your presenter is qualified via the presentation skills, has already presented at least 100 successful presentations, is able to take questions on the fly, knows how to end on time, and—perhaps most important of all—is intimately familiar with the topic on which they present.

Please post your comments on this blog.

• Live “in person” presentations by a qualified presenter capture attendees’ attention and will improve their security awareness dramatically more than attending a web meeting.
• It is easy for a qualified presenter to keep attendees’ undivided attention for 90 minutes and increase their security awareness significantly.
• Qualified presenters know how to “read” the audience to know when to speed up or slow down, to use specific people’s names if that person starts to doze off since they were up all night with their newborn baby, etc.
• Require your qualified presenter to use live demonstrations. Nothing can replace “seeing the process in action.”
• Live presentations provide a unique opportunity for attendees to experience the reactions of their peers—and especially the reactions of the mangers they report to.
• Live presentations make it easier for attendees to ask questions and have them answered immediately. Usually when one person asks a question, several other people had the question too, so they benefit from the answer as well.

I’ve presented both online and in person many times. Experience has shown that in almost every case you will have a higher ROI with live training. ROI is measured based on feedback from my clients who say the live presentations dramatically increase user retention and they feel that retention provides the organization with increased protection against social engineering attacks.

Please post your comments on this blog.

• Provide 60 minutes maximum to help avoid losing attention.
• You can lose attendees’ attention before the meeting even starts.
• Attendees may choose to multi-task during the presentation anyway.
• If you have a qualified presenter, then videotaping a live presentation is generally better than recording a web meeting. Viewers often feel the presenter’s recorded presentation is more interesting than a web meeting.
• Experience with other organizations strongly suggests that your ROI will be better via a live presentation. Users “get it.”
• If you do choose to present a web meeting and/or video recorded live presentation, I suggest you notify the remote attendees ahead of time that they will be required to fill out an answer form (basically a test) afterwards. This may encourage them to pay even more attention during the presentation.

Next time I will focus on using a live presenter as the delivery method.

Please post your comments on this blog.

It is imperative that all of your users learn about common dangers and follow best practices. Require them all to attend the training courses you provide. Next time we’ll focus on the best delivery methods.

Please post your comments on this blog.