SMB Messaging Focus - Sponsored by Alt-N
Today there is an app for just about anything and everything. In recognition of this trend, this fall, the Federal Trade Commission (FTC) produced guidelines to assist developers of mobile apps to be in compliance. According to a the most recent edition of Socially Aware, the journal of social media and legal issues produced by Morrison & Foerster, this is just a signal of more to come.
The FTC guide briefly outlines best practices that developers need to adhere to in order to remain in compliance with “truth-in-advertising, privacy, and data security principles.” Says the Socially Aware authors, “The guide, called Marketing Your Mobile App: Get it Right from the Start, explains general consumer protection principles, and applies them to the context of mobile applications. Although the title of the guide suggests that the advice is primarily about marketing the apps, the FTC also gives advice about the design and implementation of apps.”
Essentially, the FTC wants app developers to be aware that mobile apps are included in its policing, under Section 5 authority, against unfair or deceptive acts or practices.
According to the guidelines on the FTC site, apps must:
- Tell the Truth About What Your App Can Do. “Whether it’s what you say on a website, in an app store, or within the app itself, you have to tell the truth,” the publication advises.
- Disclose Key Information Clearly and Conspicuously. “If you need to disclose information to make what you say accurate, your disclosures have to be clear and conspicuous.”
- Build Privacy Considerations in From the Start. Incorporate privacy protections into your practices, limit the information you collect, securely store what you hold on to, and safely dispose of what you no longer need. “For any collection or sharing of information that’s not apparent, get users’ express agreement. That way your customers aren’t unwittingly disclosing information they didn’t mean to share.”
- Offer Choices that are Easy to Find and Easy to Use. “Make it easy for people to find the tools you offer, design them so they’re simple to use, and follow through by honoring the choices users have made.”
- Honor Your Privacy Promises. “Chances are you make assurances to users about the security standards you apply or what you do with their personal information. App developers—like all other marketers—have to live up to those promises.”
- Protect Kids’ Privacy. “If your app is designed for children or if you know that you are collecting personal information from kids, you may have additional requirements under the Children’s Online Privacy Protection Act.”
- Collect Sensitive Information Only with Consent. Even when you’re not dealing with kids’ information, it’s important to get users’ affirmative OK before you collect any sensitive data from them, like medical, financial, or precise geolocation information.
- Keep User Data Secure. Statutes like the Graham-Leach-Bliley Act, the Fair Credit Reporting Act, and the Federal Trade Commission Act may require you to provide reasonable security for sensitive information. The FTC has free resources to help you develop a security plan appropriate for your business. One place to start: Protecting Personal Information: A Guide for Business.
Morrison & Foerster believe that the publishing of the guidelines signals that more enforcement actions should be expected in the near future, citing that in August 2011, the FTC reached a settlement with W3 Innovations, LLC, for alleged violations of the COPPA rule in its apps directed at children.
The entire Morrison & Foerster article can be found here [PDF].
There is a real risk for marketers to “lose” customers in our current age of the always-connected customer. This seems at first counter to the thought that more online time would mean more opportunities to engage the customer. It is true that more devices and more channels mean audiences are available in more places, at more times, however, it also means audiences’ scattered attention has made previously reliable customers increasingly elusive.
“New analytics solutions, multi-channel metrics, and better collaboration tools will be crucial in 2013,” says Aphrodite Brinsmead, senior analyst at Ovum. The Ovum analyst says organizations will feel the pressure to understand and pre-empt the needs from the always-connected customer. “Vendors will need to step up and add these capabilities fast, or else risk losing business,” believes Brinsmead. As part of its 2013 Trends to Watch series, Ovum explores the important changes in the customer experience and interaction market, detailing how technologies are evolving to meet new consumer demands and providing recommendations.
In the presentation by Darika Ahrens, interactive marketing analyst for Forrester, she notes that in 2010, there were so few “always on” customers that Forrester did not even collect data on them. “But by 2011,” says Ahrens, “we started to see this group emerging and they were already at 38 percent of the U.S. adult population. Recent research indicates that by the end of 2012, we believe the always on customer will constitute 42 percent of adults in the U.S.” She feels this is not a niche audience, given the rapid growth to date, and expected growth in the future.
What does this mean to marketers? While a marketer might think this means that more customers are more accessible via more devices throughout the day, Ahrens observes a real problem with this group. “Despite their connectivity, always addressable customers are harder to reach” Why? Because traditional marketing is starting to be tuned out and people are opting for subscriptions with ad-free environments. This group also expects higher relevancy than other groups. Because they are so connected, people expect what they see and hear to be relevant to them and if it is not; they are not willing to trade information. In a nutshell, there are more digital opportunities today to market to, but with those opportunities comes challenges.
One of the best takeaways from the Webinar is Ahrens’ recommendation to stop thinking about social media and think instead about the person a marketer is trying to reach and ask: “Who am I engaging with directly? What is their history with my brand and who else are they connected to?”
Ahrens says marketers need to understand when, where and why customers are engaging with a company by asking—where is this person when they engage with me? When can they come into contact with my brand and what, specifically, are they doing at that time?
Even though we have a deluge of devices today, (60 million people will have tablets alone by the end of 2012) and that customers have never been so connected as they are today, we still need to step away from the technology and focus on the person to understand what needs the customer has that you can fulfill. Ahrens recommends that marketers ask, “What need is revealed when I consider the people and their context together? What value or service can I offer that will fill that need? What messages or context must I create to delver that value or service?
Only after those questions and lots of research about the customer is done, should then technology be considered, even in this environment today where technology is so pervasive.
“One of the reasons we always put technology last is because it can be a false economy to think about a technology first or a platform first,” explains Ahrens. “At Forrester, we think it is about identifying the person first and from there your strategy flows so that by the time you get to the technology step and deciding what you are going to be using—the mobile devices, the tablets, or web TV or interactions with your digital campaign—it comes together as a final step.”
This reminder is important for marketers that can easily become overwhelmed with the number of channel options available today to reach out to customers. Having the technology be the final consideration puts the customer first. After all, isn’t that where a customer belongs in an organization of any size?
A comprehensive set of best practices covering anti-bot and malware, anti-spam and emerging mobile abuse was jointly released last week by the Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG) and the London Action Plan (LAP). The report provides proven strategies to help business, government and end-users stay safe.
For the SMB, technology can be the great equalizer and make competing with larger companies more possible. A small company can look, act, and appear much bigger and more sophisticated when the right tools are in place. Many SMBs turn to outside IT solutions and services for messaging, but regardless of opting to use outside services or internal resources, it is important for organizations of all sizes to be aware of cybercriminals’ activities and why (and how) they do what they do. This report, Best Practices to Address Online and Mobile Threats [PDF] is an excellent primer of the current cybercriminal landscape, written for a non-technical audience. It focuses on four major areas of concern: malware and botnets, social engineering and phishing, IP and DNS exploits, and mobile threats.
A thorough review of current and emerging threats and the proactive steps to help mitigate risks, makes this report well worth the time to read. The report helps explain why online threats have become so difficult to thwart and how these criminals are continuously changing tactics to avoid detection. The ever-increasing adoption of Internet and mobile technologies and the vital role they play for end-users, businesses, and governments has created an attractive medium for cybercriminals, especially in the popular platforms of the moment, like tablets, smartphones and other handheld devices.
“As a globally cooperative effort, the report brought together an unprecedented team of experts who outlined safe computing tactics in uncomplicated, accessible language for end-users, large and small businesses, and governments,” states Alex Bobotek, M3AAWG co-chairman. “This is also one of the first efforts to update industry recommendations recognizing that public agencies are important online enterprises, and just as companies need to implement best practices, so do governments.”
According to M3AAWG, this is one of the first global efforts to encourage governments to deploy best practices more commonly associated among businesses. To encourage government participation, the report was presented to the 34-member country OECD (Organisation for Economic Co-Development) for review.
“As the Internet economy grows, implementing the best practices detailed in the report will help reduce illegal activities such as spam, phishing, malware and spyware distribution, botnet deployment, the redirection of Internet traffic to malicious websites and denial of service attacks,” believe the authors.
The report includes input from a number of organizations, but M3AAWG, a well-known industry group that represents more than one billion mailboxes from some of the largest network operators worldwide, and LAP, a 45-memberAAWG organization of law enforcement agencies and industry participants, are the credited authors.
The comprehensive 48-page report includes explanations, recommendations, and a glossary. The report is free and is a highly recommended read for better understanding of the sophisticated online and mobile threats that exist today, the vulnerabilities being targeted, and what the near future holds.
One of the outcomes of spammers and phishers becoming craftier is the development of tools to keep an eye on network traffic scanning for unusual activity. Intrusion protection systems and intrusion detection systems, once novel are becoming more commonplace. This month, Alt-N Technologies, Ltd. announced the immediate availability of MDaemon Messaging Server 13—the latest version of its low cost Windows-based email and messaging server. Built directly into the product, and among the most customer-requested new features is hijacked email account detection.
As filters and other methods of stopping unwanted email get better, spamming and phishing techniques have continued to evolve to evade detection. In the past few years, spammers and phishers have very fruitfully hacked into email accounts and taken advantage of trusted email addresses captured directly from a user’s address book. How many of us have received an email message from a friend or relative supposedly traveling abroad and stranded? Having received a couple of those myself, if I had not known better, I might have fallen for the tactic. The chances of a relationship between those listed in a contact address list and being accepted as a trusted sender directly into another’s inbox is high. The tactic has been working successfully for several years and IT administrators are looking for ways to put a stop to the practice.
According to Kevin Beatty, vice president of marketing and business development for Alt-N Technologies, MDaemon’s Hijacked Account Detect and Disable feature will detect, disable, and notify an IT administrator of email accounts that send too many messages in a given timeframe.
“It is technically different from an Intrusion Detection System (IDS) in that an IDS function is to identify possible incidents, log information about them, and reporting attempts to a management station,” explains Beatty. “MDaemon’s feature is analogous to IDSes but it also executes the most critical step for a company: disabling an account from sending traffic that could result in a customer’s domain being blacklisted. Once the IT administrator has had the opportunity to review the account, it can be released and email traffic can resume.”
Beatty does add that as with all best practices for messaging and network security, a layered approach consisting of multiple facets to address and prevent security threats continues to be recommended.
The need for a hijacked email account detection feature is a reflection on the prevalence of the problem and a key truth: a majority of the time people do not know that their account has been hijacked. In its 2011 State of Hacked Accounts [PDF] published by Commtouch, the authors found that less than one-third of users noticed that their accounts were compromised (with over 50 percent relying on others to identify account anomalies) and 15 percent of users believing their credentials were stolen after using a public kiosk or WiFi network.
“We do have some customers using third-party solutions,” acknowledges Beatty, “but to maintain Alt-N’s goal of making MDaemon simple for the customer to manage and maintain, adding the feature within the product [user interface] just made sense. Surprisingly, the easiest way to prevent an account from being hijacked is through strong password policy enforcement. However, the IT Admins can’t always easily ensure users are following the policy and practices vary across business size and markets.”
Since its original introduction, MDaemon is looked upon as a lower cost alternative to Microsoft Exchange and Small Business Server (SBS). “The main point I stress with SMBs and the channel that serves them is to ensure that the solution match the true needs of the customer,” says Beatty. “MDaemon has been successful since 1996 because we have focused on the principles of affordability, quality, and flexibility. We have always been focused on the needs of the SMB market. Many channel partners have added MDaemon to their Exchange portfolio to satisfy customers when cost is a key driver.”
The user community largely drives MDaemon’s feature set. Another highly requested feature that reflects today’s bring your own device (BYOD) trend is a single interface to manage the growing BYOD environments typical of SMB/SMEs. Smartphones and tablets that run Android, iOS, Windows and BlackBerry can be managed from a single user interface within MDaemon’s console or via its remote administration screen (WebAdmin).
“There are many mobile device management solutions on the market that perform many functions from inventory control to policy enforcement across the various device platforms,” observes Beatty. “What Alt-N has heard from its customers is true to every feature we have put in our email server over the past 15 years: ‘please make it simple for us to manage and maintain’.”
Beatty goes on to say that the latest MDaemon includes ActiveSync support, “so now all devices (smartphone and tablet) can be managed from a console within MDaemon or its remote management web interface. But unlike many MDM solutions that provide an extensive set of features geared toward the enterprise, we have focused on what our customer said was the most important for SMBs: remote wipe, password policies, device locking.”
Other enhancements in this month’s release of MDaemon 13 include:
- Document sharing from MDaemon’s web mail that provides a central repository for documents to be accessed and shared by designated users.
- A public folder ticketing system that allows users to quickly communicate with the sales or technical support team of the host to request help with any issues that may arise.
- Improved performance in low bandwidth environments via IMAP COMPRESS.
- The ability for Administrators to view traffic and mailbox performance to gain a graphical view of basic email patterns, top users and other key stats.
- A drag and drop email attachment feature that allows users to select multiple files and attach them to a web mail message.
Of the new release, Beatty concludes, “Our goal is for prospective customers to add MDaemon to their list of potential messaging servers. We’re confident that when compared to their current solution, they will quickly discover it meets their needs in terms of features and total cost of ownership.”
A post last week from Geraldine Hunt of SpamTitan Technologies asks if anyone noticed the change in individual Facebook email addresses. She did a quick poll of 50 Facebook users (with technology backgrounds) that regularly use the social network and found that 48 of the 50 people polled hadn’t noticed.
“Facebook has changed everyone’s email address to user profile name [at] Facebook [dot] com,” Hunt writes. “The email address you originally listed is now hidden in Facebook's database and you’ve been assigned an @Facebook.com address which is now is visible for your Facebook ‘friends’ to see.”
Why is this significant to Hunt? Because she believes the possibility of spam and phishing attacks stemming from these email addresses is “huge.” “Once a spammer knows or correctly guesses a person’s Facebook profile name they can easily send email from outside of Facebook to this new address. A spammers paradise is born!”
Facebook's plan says Hunt is to have users never leave Facebook and the added email addresses is meant to keep users logged onto the site. To Facebook marketing it is no doubt a one-stop messaging convenience.
Hunt does think Facebook is aware of the risks of these new email addresses, but doesn’t believe the company wants to broadcast the possible threat to its customers. “Rather than being clearly visible to users on their home page [the] message has been buried deep within the security notes of Facebook,” she observes. The Facebook message says that an email account (phish [at] fb [dot] com) to report phishing attempts has been set up so users can forward suspicious emails to Facebook.
The threat has the potential to go beyond the users, as many employees use company time and networks to go to social media sites.
“With different research studies showing that between 30–40 percent of SMB malware threats originate from social media sites, it is imperative that small business owners take a close look at their IT and social media strategies, and establish policies now so that they harness the best of social media without downside—or downtime,” commented Ronan Kavanagh, CEO of SpamTitan earlier this year.
As Messaging News has stated before, social media strategies and policies are important to help educate employees, and manage social media use on business networks.
Cloud Reduces Costs
The “cloud” has been in the news for several years now, making it seem to be a recent development. It isn't, but the packaging and marketing of outsourced services has and now the cloud has reached mass acceptance. This summer Rackspace Hosting commissioned a survey that found nine in 10 (or 91 percent) of IT decision makers have a positive opinion of cloud computing. There is also consensus around the benefits cloud computing can bring to the small- to medium-sized business.
Siamak Farah, CEO of InfoStreet recently put together tips to show SMBs how to cut costs using the cloud:
The Cloud gives your small business access to otherwise hard-to-reach or hard-to-afford IT expertise. You don’t have to pay for full-time IT staff that will manage your servers, software, and hardware. The Cloud relieves you from installing, maintaining, and upgrading software and hardware and manages everything for you.
Eliminate the cost associated with replacing PCs every two to three years. Since the computing is done in the Cloud, any old computer will do. Use the computer till it runs into the ground, then just simply get up, go to the next computer, log in, and continue exactly where you left off in two minutes flat.
Another benefit comes to you with the advent of the new Cloud app markets, giving you comparison shopping right at your fingertips. Almost all apps offer free trials and pay-as-you-go pricing so you can sign up for new apps for as long as necessary, without any long-term commitments. Additionally, for every highly sophisticated (perhaps too sophisticated) app, there are simpler options at much lower costs for those businesses that only need a basic solution.
Lastly, every entrepreneur can tell you that often, unnecessary costs come from things that they’ve purchased, but never used. The Cloud scales with you. If you are seasonal—or grow overnight—you won’t have to spend a dime on additional hardware or long-term software agreements, since Cloud apps are typically charged on a monthly and per-user basis.
The classic concerns of using the cloud (Who owns the data? How secure is the data? Can I control the data? Am I locked-in to a single vendor?) have been addressed by a number of cloud providers. For instance, Rackspace CEO Lanham Napier acknowledges, “We believe it is important that companies be empowered with choice, an open cloud and the high level of technical support they need to concentrate on their core business. A chief benefit for IT decision makers using open-source technology is portability of workloads across vendors and the elimination of vendor lock-in.”
With the maturity of the cloud solution, the benefits of reduced infrastructure costs, significantly reduced IT costs and time, pay-as-you-go services, and greater flexibility are, for many SMBs, finally outweighing cloud concerns.
No matter the size of the business (large or SMB), for anyone in financial services, compliance is a major concern for this heavily regulated industry. Interestingly, as compliance concerns go, other industries often look to financial services to adopt best of practices. Recently, financial services compliance professionals participated in a survey regarding retention and oversight of electronic communications. Their collective responses offer insight into the concerns of compliance officers, especially as it pertains to newer communication channels (like social media and texting) and the growth of mobile.
As business communications have expanded beyond the traditional channels, compliance professionals have had to respond by taking steps to build new policies, as well as broaden supervision and retention procedures. Regulatory requirements for electronic communications is expanding and compliance professionals are being asked to produce a broader range of message types during examinations.
“This year’s survey findings illuminate the shifts underway related to electronic communications compliance,” said Stephen Marsh, CEO and founder of Smarsh, the company behind the survey. “The retention and oversight of electronic communications is becoming increasingly complicated as employees are presented with a growing number of options to communicate—from instant messages and mobile devices to websites and social collaboration tools—and compliance officers must adjust quickly and comprehensively to mitigate risks to their firms.”
Risk reduction is the key goal and many recognize that compliance practices have not caught up to all the electronic communication options currently available. In fact, it is these new communication channels that are the second biggest concern for firms.
According to the survey, over the course of the past year there has been a significant increase in the number of firms that allow a variety of mobile devices for business purposes. In past years, most organizations required the use of a controlled, company-issued BlackBerry. Today, the BYOD (bring your own device) trend can be seen even in this highly regulated industry with more than half of firms now allowing iPhones, iPads, Android phones and tablets on the corporate network. Extending compliance practices to oversee these communication devices earns the top compliance concern, cited by 63 percent of survey respondents.
Marsh notes that last year FINRA issued Regulatory Notice 11-39, stating that firms are required to retain, retrieve and supervise business communications regardless of whether they are conducted from a work-issued device or personal device. The survey points to the fact that archiving and supervision practices governing communication from these devices, however, lag behind those established for laptops and desktop computers. A majority of survey respondents (65 percent) said they would have minimal to no confidence in their ability to produce text messages during examinations.
The survey pointed also to a notable change from last year, organizations are adapting and increasingly taking steps to formalize their position on social media use. Nearly 80 percent of respondents indicated they have written policies to address the use of LinkedIn, Facebook, and Twitter, a significant increase from the year before, when less than half indicated they had a policy in place. However, the findings reveal that when it comes to putting archiving and supervision systems in place for social media, most firms (more than 60 percent) have not yet taken action.
“Social media is following a similar adoption path to instant messaging and email,” comments Marsh. “As with those communications channels, we are seeing firms first put policies in place. Then, they turn their attention to enforcement and how they can effectively and efficiently supervise and archive the communications.”
Another area where a lag exists in retention and supervision is company websites. Increasingly interactive with videos, slideshows, Flash and other interactive elements, survey respondents said that website content was the second most requested communication type during regulatory examinations, second only to email. However, 41 percent of respondents indicated having minimal to no confidence in their ability to produce website content during an examination, and only 35 percent reported having an archiving and supervision system in place for websites.
As electronic communication channels increase, so too does the amount of time it takes to maintain regulatory compliance. Compliance burden is reflected in the 60 percent of respondents that reported an increase in resources (time and/or money) spent on electronic message compliance in the past year. Nearly all survey respondents (96.6 percent) indicated resources spent increased or stayed the same.
Reducing risk and maintaining good retention policies is time consuming, but it’s always worth doing, for any industry. Financial services are held to very high standards in this regard. Marsh says in 2011 FINRA doled out 1,411 disciplinary actions against registered individuals and firms and the SEC brought forth 735 enforcement actions that resulted in US$2.8 billion in penalties. The expectation is that examinations will only become more frequent in 2012.
This is the second annual Electronic Communications Compliance Survey conducted by the company. The full survey report is available here for download.
For small and medium-sized businesses, social media can really extend the reach of the company as a low-cost tool for connecting to the world and has firmly established its place among other online and traditional ways of marketing a business. When it comes time to do a product or service launch, the temptation might be to use social media to pitch story ideas to gain additional coverage and get noticed, but according to a recent poll of public relations professionals, businesses should think twice about using social media to pitch story ideas to promote company activities.
More than 80 percent of the PR pros said they primarily use social media to develop relationships with media and influencers, build trust and maintain transparency, share current news, or solicit feedback on products and services.
Only 13 percent of those polled use social media to proactively pitch story ideas to journalists and bloggers. The preferred method for pitching is still email. Press releases and story ideas being sent to the media via this traditional medium is expected to continue into the near future, as more than 90 percent of the PR folks plan to distribute the same or greater number of news releases via email in the coming year.
If you want to connect with media on social networks and build relationships, where should your concentration lie? The survey participants recommend these as the dominant social media networks for PR purposes: Coming in first was Twitter, at 34.4 percent, then Facebook at 29.3 percent and LinkedIn at 23.3 percent. The remaining 13.1 percent opted for Google+ (4.8 percent), blogs or other social platforms as their principal vehicles.
Typically, SMB owners and employees wear many hats. When the PR hat gets put on, time should be spent working on building those social media connections. For the PR pros from the survey, 65 percent dedicate time each week to identifying influencers in their markets and social networks. How much time ranges from 12.6 percent spending four or more hours, 30.5 percent spending two to three hours, and 23.3 percent at least one hour.
The real impact of social media can be seen in the choices being made to use the medium. The emphasis on collaboration, conversing and building the relationship is aimed toward social media, while the more nuts and bolts press releases and the “how about a story on this?” is happening in email. Understanding the best tool for the job is part of the challenge these days with so many options at our feet for communicating, marketing and promotion. Putting the best that social media can offer to work for us requires time and tending, just as all good relationships do.
The survey was conducted by Cision, a provider of software, services, and tools to the public relations and marketing industry.
By nature SMBs need the flexibility and productivity that personal devices now offer. But is the company at risk with the fast adoption of “consumer” BYOD practices? There was a time when cool gadgets and slick computers were only found in business environments and the selection was the domain of IT. But today, as smartphones get smarter and smarter and connectivity is available anywhere, more devices are coming into the workplace not from IT, but from users directly. For small- and medium-sized companies, this is especially true. Gartner is predicting that end-users will be responsible for 50 percent of business IT procurement decisions. From what I hear, it seems like the percentage will likely be higher. BYOD (bring your own device) is now common in all sizes of organizations. Should specific policies be in place to address this ongoing practice?
A recent informal survey of 500 IT professionals, conducted by Mimecast, a provider of email archiving, continuity, and security for Microsoft Exchange and Office 365, found 74 percent of the respondents emphasized that the biggest BYOD challenge was managing information security.
“Employee support for consumerization of IT is in full swing, whether business leaders are ready to admit it or not,” believes Orlando Scott-Cowley, senior product marketing manager of Mimecast.
Here are some recommendations from Mimecast for managing BYOD:
- Provide comprehensive support—Employees will work around corporate IT infrastructure in order to be productive and find ways to leverage their personal devices, regardless of if they’re supported by the business or not. Supporting as many computing platforms as possible will ensure employees are accessing and sharing business data within a secure environment approved by the organization.
- Focus on data—Seventy-one percent of those surveyed identified their role as a data custodian or someone responsible for locating content and establishing context that is aligned with associated business rules. An organization’s mobile strategy therefore needs to not only enable IT professionals to effectively manage the volume of data, but also provide the solutions that allow employees to securely access and leverage data as a business asset.
- Enable productivity—Identify the business applications employees rely on—such as the organization’s email or social collaboration tools—and provide mobile and tablet support for these applications to ensure employees can remain productive.
For any size business it is a worthwhile exercise to discover what employees are using within the network and what might be happening outside the network that is work related. If you are in a business that has compliance regulations to adhere to or have proprietary information to protect, BYOD can jeopardize the company through data leakage. Holding educational sessions with employees about malware, data leakage, and what might be against company policy on devices is an important piece of any policy.
What Devices Are Most Popular?
The IT professionals that participated in the Mimecast survey named the specific personal devices they currently own, with Apple and Android devices leading the pack. Although over half (56.3 percent) of the respondents indicated they were working on a Windows PC, 87.3 percent own a device running off the Apple operating system, with 44.5 percent owning an iPhone and 42.8 percent owning an iPad. Android mobile and tablet ownership followed, with 51.3 percent ownership, and Windows and Blackberry devices followed, with 26 percent and 19.2 percent ownership, respectively.
The smartphone market is, quite simply, on fire. IDC recently reported the worldwide smartphone market grew 42.5 percent year-over-year in 1Q12. But contrary to the survey respondents, it wasn’t Google’s Android or Apple’s iPhone in the top spot, it was Samsung.
“The race between Apple and Samsung remained tight during the quarter, even as both companies posted growth in key areas,” said Ramon Llamas, senior research analyst with IDC’s Mobile Phone Technology and Trends program. “Apple launched its popular iPhone 4S in additional key markets, most notably in China, and Samsung experienced continued success from its Galaxy Note smartphone/tablet and other Galaxy smartphones. With other companies in the midst of major strategic transitions, the contest between Apple and Samsung will bear close observation as hotly-anticipated new models are launched.”
Set Up A Policy
With the number of smartphone and tablets flying off the shelves, there will only be more and more of them appearing in the workplace. There are a number of templates available that offer sample BYOD policy options. At the minimum, a BYOD policy should cover user responsibility, establishing security settings, use of passwords, information classification, camera use, email security requirements and the outlining of unauthorized activity.
As with any policy, employees understanding of the policy is key, along with a policy enforcement plan.
Mobile devices are a boon to the small business. Today’s smartphones are like pocket-sized computers with the phone function practically the least important feature. Essentially a transportable mobile office, the devices are essential to productivity and maintaining a competitive edge. Add the ever-increasing number of business apps now available and it can be an incredible tool. Add to that, in particular for the small- to medium-sized business, the cost efficiencies compared to landlines, long distance billing, and perhaps even office space, and these devices could arguably be the single most important operational investment a small business can make.
As we become more familiar with all mobile devices can do for us and we rely on them for more and more, it is essential that devices be secured. This week Support.com offered six tips for keeping mobile devices secure and data safe if lost or stolen. Here is what the company recommends:
- 1. Enable Auto Lock: Whether using an iPhone, an Android smartphone, or a BlackBerry, enable the built-in phone lock feature with a strong password. This adds an extra layer of security to your mobile device and prevents unauthorized access particularly if lost or stolen.
- Step-by-step instructions on how to password-protect your iPhone.
- For Android phones, tips and forums at Android Central
- For BlackBerry devices, try an app for locking your device.
- 2. Install a Mobile Tracking App: To reduce the risk of lost or stolen mobile devices, consider a device tracking application such as:
- 3. Erase Personal Data Remotely: These applications enable you to remotely access a lost or stolen smartphone from a PC, and then wipe its data clean.
- 4. Lock-Sensitive Applications: Another useful way to protect personal data on smartphones is to make use of an application locker utility, which prevents unauthorized access to applications that contain sensitive personal information. Even if someone finds or steals your phone, they cannot access these protected apps without a valid password (and while they fumble around you can remotely wipe all data clean!).
- 5. Device Backup: This is perhaps the wisest thing you can do to both protect vital data (and ensure you can restore it on a new device in the event of loss or theft). When choosing an application, always consider a solution that offers remote backup and restore, such as Lookout a free application for iPhones and Androids.
- 6. Real-Time Protection: Ensures that all files stored on your mobile device are analyzed each time you attempt to access them. It will also scan all incoming content, such as text messages and files received via Bluetooth.
User Owned Devices
Not only have mobile devices changed the way we conduct business, often a device is user purchased for both personal and work related activities. Taking steps like the above will help keep data (both personal and company) safe in the event the device is lost or stolen. Consider including them as part of company policy for mobile best practices for all employees.
The need for organizations to retain emails will continue in 2012, regardless of business size. On the heels of December news that Citigroup agreed to a $750,000 (USD) civil fine for not retaining millions of emails, it is a sober reminder that losing email is not an option for regulated industries. While Citigroup should receive some kudos for self-reporting its loss (which occurred during an upgrade of its email archiving system between October 2008 and December 2009) the Financial Industry Regulatory Authority (FINRA) still determined the incident to be inexcusable.
I recently heard that Atos, one of Europe’s largest technology companies, plans to phase out email between colleagues over the next three years. The company’s more than 75,000 employees will be required to communicate with each other via instant messaging and a Facebook-style interface instead. This is the first I have heard of such a policy, but I doubt that 2012 will see a lot of this type of action. The company hopes this plan will increase productivity because the volume of email, which the company estimates to be up to 20 hours worth of worktime, is reportedly not translating to useful time spent. Of course email from outside the company will still be floating around. The idea is being met with both criticism and accolades.
“The goal of reducing the amount of data that is fast polluting our working environments and also encroaching into our personal lives is noble,” comments Nick Mehta, CEO of LiveOffice, a cloud-based email archiving company. “However, the idea of moving to a new communication mechanism is simply shifting the problem. The problem is that there is too much information and too much communication. This data explosion will follow you to whatever communication media you use.”
I have to agree with Mehta. Email is not going away. In fact, a new study published by Return Path, Inc. makes the point that while desktop and webmail use might be decreasing, a top (and increasing) use of smartphones is access to email. The study takes a look at the impact mobile is having on email viewing. (Note that webmail might have decreased by 11% according to the study, but it was still found to be the dominant platform (44%) for email access.)
In the study, Return Path researchers make this prediction: “Email is an important business tool, so some combination of desktop and webmail use is likely to remain dominant well into 2012. But the number of people who opt for smartphones increases each quarter, meaning email viewership on these devices will continue to grow. Add in the iPad and we predict that mobile viewership number will tick up by a measurable amount by the end of 2012.”
With email use firmly in play, the need to archive continues,no matter where it is accessed. As if to punctuate the news of Citigroup, Osterman Research and ArcMail just published a timely report called “The Critical Importance of Archiving in the Financial Services Industry.” (The paper is offered at no cost if you register with ArcMail.) It is filled with valuable takeaways for financial services firms as well as organizations in other markets, and provides three key steps that businesses can take to address compliance and retention obligations:
- Every company, regardless of its size, must develop policies focused on the retention of its business records.
- It is critical to deploy archiving technology that can satisfy content retention policies for email messages and their attachments, as well as potentially other types of content such as files, social media posts, instant messaging conversations and other data.
- Choose an archiving system that can integrate with and satisfy other organizational requirements, such as making content available in a format that will satisfy regulators, external legal counsel and others.
Osterman notes early in the paper that “Some financial services firms do not archive their email and other electronic content because of their misperception that it is less expensive to pay the fines associated with non-compliance. That said, it is difficult to ascertain exactly how many firms fail to meet their retention obligations because few decision makers are willing to admit publicly that they are making a conscious decision to violate federal and other requirements for preservation of content. However, given the financial meltdown that began in late 2008, we can surmise with almost absolute certainty that government and industry oversight of the financial services sector in the context of data retention will become more stringent and more difficult over the next several years, and that archiving systems will play an even more important role in helping financial services firms to comply with their regulatory and legal obligations.”
The paper offers a list of current compliance requirements and steps to address compliance.
“The question facing financial services firms today is no longer whether to retain data, but how much to retain and how to go about getting the job done right,” says Rory Welch, CEO of ArcMail.
Although Welch is focusing on the financial services industry, others can benefit from best practices and adopt what makes the most sense for their industry types. With many compliance rules pertaining to data about employee and customers, most all businesses have some component of the need to retain email.
One thing we know for sure about 2012, email is not going away. Despite attempts like the one being planned by Atos. Like many, Mehta believes, “Previous attempts to move off of email (IM, Google Wave, etc.) have by and large been failures. The problem is the work culture—not the communication system.” However it turns out, it will be an interesting case study to follow.
Whether it is email, IM, or social media, data retention is indeed a challenge, due in large part to the sheer volume that passes through each messaging technology and the variety available. But a constant among all of it is the need to manage the medium regardless of type and find a reliable archiving technology that works for you.
- IT Security
- Internet Privacy
- Messaging Security
- Email Security
- Mobile Security
- Internet Security
- Cloud Security
- Information Security
- Internet Privacy
- Privacy Protection
- Email Encryption
- Data Breach Protection
- Spam Filtering
- Virus Protection
- Botnet Detection
- Internet Worm Protection
- Social Business
- Managed IT Services
- Mobile Devices
- Disaster Management
- 1 of 245