The way you treat your employees affects more than your retention rate.

It can have a major impact on your company’s trainsecurity.

Banks are an excellent example. They are notorious for the low pay,  haphazard training and opportunities and iffy managers that frontline employees, i.e., tellers, endure.

But it is the pay that is especially erroneous.

According to the Bureau of Labor Statistics, the median annual income for tellers in 2014 was $25,760, a salary that prosecutors say does not match the high-risk nature of their jobs.

Raising a family and paying bills on $25K a year is beyond difficult, which increases temptation, yet these are the people who have the most access and opportunity to rip off customers.

And many of them are doing just that.

Rich and elderly bank customers are particularly at risk, prosecutors say, when tellers and other retail-branch employees tap into accounts to wire funds without authorization, make fake debit cards to withdraw money from A.T.M.s and sell off personal information to other criminals. Accounts with high balances and those with direct deposits of government funds, like Social Security payments, are especially coveted.

If you haven’t already guessed, the banks don’t want to spend to fix the problems.

Despite their importance, tellers and many low-level bank employees are not subjected to rigorous background checks. (…)  Kevin Streff, managing partner at Secure Banking Solutions, a security consulting firm, said the sluggish controls came, in part, from banks’ outdated view that tellers handled only low-risk transactions. (…)  Despite the warnings, progress has been slow. “There is a reluctance to provide real oversight, rigor or even security training because it costs time and money,” Mr. Streff said.

What will banks do?

Reimburse you for money actually taken, but that does nothing if your personal information has been shared or sold.

Based on their actions, as opposed to their words, executive attitude in many banks, insurance companies and others in the financial services industry seems be one of keep costs low, bonuses high and caveat emptor for customers.

That attitude is deeply embedded in their cultural DNA, which means changing it isn’t going to be simple — or quick.

Which means you had better embed caveat emptor in your DNA.

Flickr credit: Daz

New year, new ideas — one would hope.

Less ‘me too’ and more ‘me new’, or, as Matt Rosoff puts it, stuff that impresses his 5-year-old son.

By groundbreaking, I mean a technology that changed society, changed every other industry in the world. The World Wide Web was groundbreaking. The internet was groundbreaking. The personal computer was groundbreaking.

And before you write Rosoff off as a know-nothing consider Peter Thiel’s comment.

“We wanted flying cars, instead we got 140 characters.”

It’s nice to know my nobody-know-nothing opinion is in good company.

In the tech world IoT is supposedly the bright light on the horizon, but don’t hold your breath.

According to a study by Accenture of 28,000 consumers in 28 countries, the world is tired of gadgets and no interest in replacing what they have.

Worse for tech, the public is waking up to the fact that it doesn’t give a damn about people’s privacy, security or even safety as long as they buy — at least not until it’s forced to and then only enough to shut up the noise.

As Accenture puts it, companies must “ignite” the next five years of growth by coming up with products that “offer a compelling value proposition,” “ensure a superior customer experience,” and “build security and trust.” 

Read the article. Digest Accenture results.

Then think about what you can build that would impress a 5-year-old—even a little.

Flickr image credit: centralasian

A post I wrote after two researchers made headlines by hacking a Jeep and taking control of its vital functions focused on the idea that nothing would change until consumers voted with their wallets and demanded better security.

Until that hack, combined with several major data breeches in the last couple of years, the general public didn’t seem particularly concerned — and that nonchalance is especially prevalent in those who grew up wired.

In a comment on that post I wondered if consumers just didn’t care or didn’t understand, but there is another option.

I read a article about Conspire, a new site that helps find business emails and sent it to several people I thought could use it, including Ajo Fod, founder of QuantPrice and occasional contributor here.

Conspire uses your email account as the basis for a game of Six Degrees of Separation. Sign up, and it analyzes your email. Then enter the name of the person you want to search and it finds someone in your contact list to introduce you, examining that person’s social-media connections. It may even find multiple people to help introduce you. Then it will recommend the best choice.

Ajo joined and sent me an invitation. I haven’t accepted yet, because Conspire requires your email account information and password (plus my email uses POP3, not IMAP).

I asked Ajo if he was concerned about security and here is his answer.

Security is a concern,

… but benefits are a bigger.

… I’ve been hit before by a bad egg that decided to spam all my contacts.

… so, yes, I was worried when I gave out my email/password.

… In this case. I did some research and thinking and the potential seemed big.

I do worry about credit card numbers and identity.

… In my mind, the benefits outweigh costs.

People still send me phishing emails.

Perhaps, being an Indian security is a lesser concern to me than other people my age in the US.

Actually, Ajo gave it more thought than most people I ask no matter their age.

There is one more thing you should think about when doing a cost/benefit analysis.

Time.

What is the ROI for the time you will spend?

Is the new app a time saver or time waster?

Money can be replaced, but once time is spent it’s gone forever.

Flickr image credit: Jason Howie

A Friday series exploring Startups and the people who make them go. Read all If the Shoe Fits posts here

I found several useful/interesting reads yesterday and thought I’d share them with you.

If you’re wondering what’s hot (security) and what’s not (social and dating apps) take a look at the thoughts of Sequoia Capital’s Mike Moritz after recently listening to 146 pitches in a row.

Investing in startups is like bird-watching, (…) For venture capitalists, Moritz advises not to look at the flock, but at each individual startup. “Each one is different, and I try to find an interestingly complected bird in a flock rather than try to make an observation about an entire flock,” Moritz has said.

That said, some trends appear when the looking at the group as a whole.

Moritz is also the PayPal board member whose penny-pinching advice saved the company in 2008 and every founder should be following it now.

“That focus was instrumental in PayPal’s survival,” Roelof Botha said. “We could have been spending money willy-nilly and fallen by the wayside by accident.”

Tenacity is lauded in the startup world; the idea is that passion and never quitting are the hallmark of successful founders, but the story of François Reichelt proves that Kenny Rogers offers a more common sense approach.

“Know when to hold ’em and know when to fold ’em.”

Last are two links that provide useful tools for you.

First is a way to find company emails when you have the name.

Oleg Campbell has automated the process of hunting for someone’s corporate email with a nifty new Chrome extension built on top of Gmail. It’s called, descriptively, Name2Email.

Second is tech lawyer David Tollen’s Tech Contracts book and website, with helpful information and free forms for SaaS, software licensing, and other IT agreements.

It’s a plain-English how-to guide on IT contracts for lawyers, contract managers, salespeople, IT staffers, and executives.

Image credit: HikingArtist

There are dozens of startups working on wiring everyday products to become part of the Internet of Things (IoT) and a few weeks ago I cited an article that raising money in that arena was tied to building security into a product from the beginning.

Security used to be a function to which consumers gave little thought, but that is rapidly changing.

Anything can be hacked, but awareness was heightened recently when security experts hacked a Jeep’s entertainment system and took control of vital driving functions.

The result of their work was a hacking technique—what the security industry calls a zero-day exploit—that can target Jeep Cherokees and give the attacker wireless control, via the Internet, to any of thousands of vehicles. Their code is an automaker’s nightmare: software that lets hackers send commands through the Jeep’s entertainment system to its dashboard functions, steering, brakes, and transmission, all from a laptop that may be across the country.

And if none of this makes IoT startup founders rethink their cavalier attitude towards building tough security into their initial design, perhaps this comment from Colby Moore, a security research engineer at the cybersecurity firm Synack, will make them think twice.

“Really, the state of security on these things right now is pretty atrocious… A lot of these device manufacturers are just not security people and they really just don’t have security people on staff, especially when it comes to IoT start-ups. What they are doing is phenomenal with all of these new uses for technology. But security isn’t a concern for everybody. It’s ship now and patch later mentality.” (…)  If you are worried about it then don’t put yourself at risk. It’s kind of up to us to demand a higher security standard and hold the manufacturers to it.”

Flickr image credit: centralasian

A Friday series exploring Startups and the people who make them go. Read all If the Shoe Fits posts here

If you’ve been around long enough you find déjà vu connections everywhere.

I had a strong sense of it reading that security has become a priority with VCs.

According to The Information, computer security companies are being brought on to advise other companies about startups they are thinking of acquiring, and VCs are including cybersecurity experts as part of their due diligence when they look to invest in companies.

Security has been an after thought, if that; a feature that the company would get to as soon as [whatever] happened.

The déjà vu hit because that is the same attitude companies had towards quality once-upon-a-time (some still do).

After conception, architecture, design and manufacturing were done the product was sent to QC (quality control) and back up the line if there were problems.

In many cases the quality flaws were actually designed into the product or the manufacturing process itself, which made fixing them very expensive or impossible.

The same problem happens when security is the afterthought.

Any fool knows that if the wrong grade of steel is specified for a bridge or the spec is changed to facilitate speed or budgetary concerns the bridge is likely to fail sooner rather than later.

Zukerberg’s oft repeated “move fast and break it” is proving to be a deal breaker in a more ways than one.

Image credit: HikingArtist

How about that. Target, the White House, CIA, FBI and a host of other companies have been hacked and people shrug it off.

The Sony hack was different — a political show of arms.

Last week I commented on the FTC chairwoman Edith Ramirez’s focus on security at CES.

Seems she’s not the only one.

According to a survey by Piper Jaffray, security was ranked as the top spending priority for CIOs this year, with a whopping 75% of the respondents saying they would increase spending in 2015.

That’s nearly 20% higher than last year.

It’s about time — if they follow through.

And it looks like they might, since the venture crowd has scented money.

Piper Jaffray’s survey asked only 112 CIOs across eight different industries, so the results should be taken with a grain of salt. Still, security seems to be a huge concern for everyone in tech, as some of the top venture capitalists in Silicon Valley also picked it as one of their biggest investment areas this year.

That concern is also being driven partly by users waking up to the fact that while companies are happy to take their money they haven’t given much of a damn about keeping their online selves safe, i.e., their information secure.

And that is turning up the heat on the privacy issue as those same companies splice, dice and sell personally identifiable information to enhance their own bottom line.

The dangerous, even lethal, ramifications of hacking are obvious.

Thanks to the hacks of 2014, culminating with Sony, tech’s laissez-faire, “it’s not our problem” attitude towards these dangers seems to be changing.

One can only hope that it changes faster than connectivity grows.

Image credit: markus jakobs

Entrepreneurs are notorious for ignoring security — black hat hackers are a myth — until something bad happens, which, sooner or later, always does.

They go their merry way, tying all manner of things to the internet, even contraceptives and cars, and inventing search engines like Shodan to find them, with nary a thought or worry about hacking.

Concerns are pooh-poohed by the digerati and those voicing them are considered Luddites, anti-progress or worse.

Now Edith Ramirez, chairwoman of the Federal Trade Commission, voiced those concerns at CES, the biggest Internet of Things showcase.

“Any device that is connected to the Internet is at risk of being hijacked,” said Ms. Ramirez, who added that the large number of Internet-connected devices would “increase the number of access points” for hackers.

Interesting when you think about the millions of baby monitors, fitness trackers, glucose monitors, thermostats and dozens of other common items available and the hundreds being dreamed up daily by both startups and enterprise.

She also confronted tech’s (led by Google and Facebook) self-serving attitude towards collecting and keeping huge amounts of personal data was the basis of future innovation.

“I question the notion that we must put sensitive consumer data at risk on the off chance a company might someday discover a valuable use for the information.”

At least someone in a responsible position has finally voiced these concerns — but whether or not she can do anything against tech’s growing political clout/money/lobbying power remains to be seen.

Image credit: centralasian

Over the holiday weekend “Eric” canceled his email subscription and the reason given made me smile.

He said my post about the potential for hacking the “Internet of Things” was more fear-mongering than fact, so he was, as I always recommend, “voting with his feet” and unsubscribing.

Granted, I should have referenced my proof, but it’s hard to remember every article I read and this one dates back 15 months.

It’s an article about a search engine called Shodan — the Internet of Things’ worst nightmare.

Shodan crawls the Internet looking for devices, many of which are programmed to answer. It has found cars, fetal heart monitors, office building heating-control systems, water treatment facilities, power plant controls, traffic lights and glucose meters. (…) “Google crawls for websites. I crawl for devices,” says John Matherly, the tall, goateed 29-year-old who released Shodan in 2009.

Shodan wasn’t built for nefarious purposes, but intent has very little to do with actual usage.

Currently, Shodan is the only device search engine with public search results, which is, obviously, a boon to hackers.

However, I agree with Matherly, because if he hadn’t built it someone else would have.

“I don’t consider my search engine scary. It’s scary that there are power plants connected to the Internet.”

And, in case you are wondering, yes, I sent the article URL to Eric.

Flickr image credit: centralasian

Have you been hearing about the “Internet of Things?” Hearing how everything you use, everything you own will connect to the Net?

And I mean everything! Bill Gates is even funding development of a Net-enabled woman’s contraceptive.

Google is building Net-enabled, smart, self-driving cars.

The media claims that the Internet of Things will be world-changing.

Are you excited?

Some things are already available.

Whirlpool’s “smart” washing machine boasts Wi-Fi and a colored control screen, can be started from an iPhone app, and will text or email you when your clothes are ready to dry…

And there’s more excitement coming in the next few years.

Whirlpool said its “kitchen of 2020” would be piled high with not-exactly-necessary whirligigs: stove-tops that display the weather, Facebook photos and Pinterest recipes; music-playing refrigerators; oven burners that flame up via voice command.

There’s just one teeny-tiny, minor problem that I rarely see mentioned in all the news, excitement and hype.

Hacking.

Every system currently in existence has been or can be hacked.

What makes anyone think that the things of the Internet of Things won’t be hacked, too?

Flickr image credit: centralasian