Friday 8 April 2011

Thought Picnic: Regaining the verve

Regaining the verve

It has recently become apparent that the wealth of professional experience and the almost enviable record of impact and radical change that has somewhat been the hallmark of my career over 23 years was no more turning heads as much.

Times when one would turn down opportunities because the people had put you through an interrogation of waterboarding and asphyxiation whilst waiting for a better opportunity that always eventually came have somehow passed.

My first job

My very first job was in a brewery just after secondary school, by arrangement of my father who was the Chief Accountant, I went for interview where the test of my knowledge of chemistry and physics for a laboratory assistant’s job put my pride at stake and obviously the reputation of my father where if I performed badly, it would reflect badly on both of us and possibly any other recommendations for employment my father makes.

They were impressed and on the way back from the interview, I had by reason of the moving vehicle fallen asleep as I was wont to leaving the driver to a reckless manoeuvre that had a laden truck ram into us from behind and still had us at fault with no eye witnesses.

I did start work on the following Monday but there was no time to reflect on how well I did, but by the time I left, I observed that the end of the line in the loading bay had some cartons of beer poorly packed, with broken bottles and in one instance there was a cockroach in a ready-to-go delivery.

Shaking it up

I suggested to my manager a quality checking procedure that meant randomly selecting 12 cartons at different times of the day to check for the quality of the contents, checking off a worksheet which fed back into the system to improve quality through all parts of the beer-to-bottle-to-carton process.

Each subsequent job where I have been allowed the latitude, I have been a change and improvement agent, just because it happens and just because it benefits the organisation and it was just a matter of course which when looked back on is radical in its effect and wonderful to behold.

Somehow, I have never been there long enough to reap rewards before another scheme called on my skills to do something simple and realise something complete, the knowledge passed on to the extent that one becomes too expensive to keep on – in any case, at that time, my work is usually done and pastures anew await.

Putting letters to the skill

Today, my marketing literature reads well but does not pass the muster because there are no letters validating basic knowledge even though the words speak of extensive experience from three countries supporting global enterprises in complex environments.

So, something needs to be done to get my stuff beyond those filters that prevent that first call, the contact, that chat, that interview and that job.

The joy of study for an examination was rekindled and I dusted some books, refreshed my knowledge on some obscure features and watched simulations of some activities and I prepped my system for some practice.

Having fun

I chuckled and laughed in the library as I watched the expression of the thinking that went into some processes, the apparently complex stuff being made simple and easy to grasp and understand.

I was having amazing fun preparing for an examination that I plan to take very soon and pass well, I would immediately update my curriculum vitae and send it out to those who matter with the hope that it would begin to percolate to the top.

Twice before, I scheduled three tests for the same day and did brilliant clearing the full certification in weeks, couple that with experience and a return to helping others in forums I have long been passive on and well, the makings of a bigger profile loom.

I am enjoying this and well, I am not throwing in the towel for what at certain times had me in the top 10% of experts in my field. I am even thinking of going back to university but there are pressing needs that need to be in order to chart that course confidently.

The fundamental lesson really is one has to change to remain relevant or the threat of irrelevance when not heeded to with radical change will leave you out.

Tuesday 5 April 2011

Social Engineering: That Epsilon email data breach

Another data breach and scare

News that Epsilon [1], an email marketing service provider had suffered a security breach that involved the loss of data has been received with some angst and the analysis of security of data on corporate systems.

This firm handles the email marketing for quite a number of big names in the US like Target, Chase, Marriott & Tivo referring to the names that came up in the opinion pieces that form my source for this blog.

It is interesting to note that the first article dealt with the matter of Outsourcing email [2]; this is just a matter of responsibility, the data is vulnerable no matter whose system it is on but where the data is hosted in-house, after the fire-fighting and damage control there might be a person or department to take the blame with the possible rolling of heads in mock absolution for faults.

This is a big deal

The second article dwells on the value of an email address [3] but only in reference to the service provider from reputation, through information management to the possible loss of custom – the figures are high but they hardly address the more important point which is how it affects the customer.

Another news story suggests Epsilon sends out [4] over 40 billion emails annually from over 2,500 clients which include 7 of the Fortune 10 companies. This is big business at first and quite a large customer base too.

You’ve got mea culpa mail

In one instance the writer had received an apologetic email from Epsilon and seemingly exculpatory emails from three other organization which whom he had registered for some service that used his email as part of the transactional and interaction process.

Interestingly, even one comment suggested the receipt of emails from organisation they thought they had already cancelled subscriptions to, in effect, cancelling a subscription only stops emails from going out, it does not expunge the host database of the email information.

Where it gets worrisome is that what was exposed to unauthorised access was email addresses and/or customer names.

Proof you exist

There are a number of inalienable facts that derive from this piece of information, the fact that it was on Epsilon systems means there is a likelihood that the addresses are active and where a customer name is attached, it serves enough as a uniqueness identifier just for a spammer to use or purvey and even conduct more extensive searches that can match that information to home addresses and other personal information that could be found online.

This is the equivalent of looking through a telephone directory which probably contains current and valid information to use a service or contact a person.

Over a year ago, my phone number strayed into the hands of scammers in Ghana, one of whom called me at an unholy hour, the moment I answered the call, I had validated the working order of that number and for 5 consecutive days I received calls from different people in Ghana and it was my ignoring the subsequent calls that fed back into that network that it was useless calling me.

Another analogy is the having an email address with a customer name is the equivalent of knocking on a door and knowing there is an occupant of that premises that offers the opportunity for the criminal to watch out for when they might burgle the premises.

Getting familiar

Beyond that, having a customer name allows for the spammer to send friendlier and more familiar type communication that can break down the usual resistance to spam email.

Where the customer has different email addresses with particular ones being used for trusted Internet activity, receiving spam emails on those addresses can be rather irksome.

By the time the customer has been irredeemably spammed even important emails would have ended up in the bin whilst ameliorating acts of changing email addresses can be fraught with unnecessary administrative problems of reviewing all subscriptions, informing all contacts and many other troublesome issues.

The cost to the customer is high and I have in certain instances had to discontinue the use of a service provider just because they were doing nothing to stem the flow of spam.

Remediation is fraught

However, as it stands, there is really no compensation for the inconvenience of the expected deluge of spam from a new set of spam addresses and who because they now have customer names could suggest they have established a relationship with the victims of these criminal activities.

I am saddened that of most the computer press I have read about this data breach have not really addressed this angle of the matter, it is the multitude of customers that give the companies the business they have, they seem to have been forgotten in their face-saving and damage-limitation quests.

Taking care

Customers should beware of phishing email, check that URLs in emails are really from where they purport to come from, never send any personal details to anyone seeking such information via email, at least not before verifying that with the company via a telephone call.

You should never have to share your security number, home address, credit card numbers or personal identity numbers with anyone either by email or on the phone, if in doubt, ignore the email especially if it reads like a threat and if on a phone call, excuse yourself from the call, recompose yourself and call at another time – the taker of your call should never fill you with additional angst and anxiety.

Sources

[1] Epsilon is a subsidiary of Alliance Data - Wikipedia, the free encyclopedia

[2] Outsourcing email: Do the benefits outweigh the risks? | ZDNet

[3] Epsilon data breach: What's the value of an email address? | ZDNet

[4] Massive Breach at Epsilon Compromises Customer Lists of Major Brands | SecurityWeek.Com