A panel of seasoned chief information security officers took the stage during the BusinessTech18 conference held last fall in downtown Cleveland to share what they’ve learned to be best practices around the topic of data protection. Here are the three insights that panelists Tom Siu of Case Western Reserve University; Jerry Justice of Benesch; and Bob Salandre of Timken relayed to the standing-room-only crowd.

• RELATED: BusinessTech18 recap: Finding and developing IT talent

Insight No. 1: Understand behaviors

One of the first steps to stopping data thieves is to understand the behaviors of the people who use your network, including both internal and external users. This is an area where artificial intelligence can be particularly helpful. By studying the common behaviors of how internal departments and external visitors use your network, AI can quickly determine when anomalies occur and a visitor is acting out of the norm.

Salandre said that in the past, it was difficult for human eyes to connect the dots between all the many visits a company’s network sees during a period of time. But thanks to machine learning, AI can now put these red flags together and develop a clear picture of a larger threat.

Insight No. 2: Implement training

The CISOs on the panel agreed that there’s a new trend as it relates to training staff to be vigilant against cyber-attacks. The panelists said more companies are doing away with the standard 60- to 90-minute one-time training session and are more frequently implementing a more regular stream of quarterly 10-minute training snippets. The reason for this change is because the shorter training segments are easier for users to consume and also because such microlearning as this comes more naturally to people.

When installing these training methods, it’s important to back up the lessons that are being taught with real world examples of what has happened to other firms, the CISOs suggested.

• RELATED: 10 things to know about cybersecurity based on actual cases.

Insight No. 3: Using third parties

Some organizations have been looking to third parties, such as cloud computing providers, to help keep their documents secure. Before going the third-party route, the CISOs said the same basic principles of analysis used in any business decision should also come into play.

• RELATED: Busting common myths about cloud storage.

For instance, businesses should consider what might happen to their documents if the cloud storage firm should happen to go out of business. On the other hand, cloud security is strong and the disaster recovery employed by the cloud firms tends to be better than what most companies can invest in on their own.

BizTECH18 is just one example of the many different kinds of events that the Greater Cleveland Partnership and COSE are involved in each year. Click here to view upcoming events that can help your business succeed.

Employees are increasingly using their own devices to do at least some of their work. BYOD (“Bring Your Own Device”) examples range from accessing company email and calendar remotely to working from home on a computer connected to the company network. Users often prefer to use their own tablets or laptops to access company systems, especially when working remotely.

BYOD can be a boon to productivity. It’s convenient and users like the ability to work with the devices with which they are most comfortable. Additionally, there might be cost savings for the company when users provide their own hardware. Large organizations often enforce formal policies to realize advantages while mitigating risks of BYOD. They also invest in technologies that make it easier for IT departments to safeguard corporate data even when it’s accessed from a device the company doesn’t own. Small business owners, however, could wonder whether it is worth the expense to implement.  

It would be a mistake for any business owner to ignore the BYOD question. “Just Say No” probably won’t work because some users will easily figure out how to connect their smartphones and tablets to the company’s email system and perhaps even to its internal network. “Just Say Yes (And Hope for the Best)” might also be a costly mistake. Is there another choice?

A thoughtful, practical alternative 

The alternative is implementation of a BYOD policy that balances user wants with the company’s need to support productivity, protect resources, and manage costs. A qualified IT service vendor can help with this. A budget-conscious business owner might start by doing research and adapting BYOD policy examples from other organizations to fit his or her business. A BYOD policy should complement and extend your information security policy and acceptable use policy. 

Your security policy should provide reasonable safeguards against unauthorized access. Passwords shouldn’t be “1234.” Those responsible for IT should have procedures for granting access to company resources, including in emergency situations. Rules should clarify what can be shared in public-facing resources such as public or shared Dropbox folders or FTP servers.

Your acceptable use policy should be designed minimally to prevent abuse of IT resources that affect other users and prohibit users from damaging the company’s reputation or even exposing it to legal risk.  Among other things, this would mean prohibiting the use of company resources to publish spam, hateful or other illegal speech or to adversely affect internal or external systems.

With your security and acceptable use policies in hand, consider what new implications arise from the use of employee-owned devices. You might need to revise and strengthen some of your existing guidelines. You should identify and answer the unique questions raised by BYOD:

• Will the company pay or share the cost?  
• Will IT provide tech support on user-owned devices?  
• Will there be a list of approved hardware, operating systems and applications?  
• Will the company have the ability and right to remotely “wipe” a device that has been lost or stolen (or when the employee is terminated or leaves the organization)?

BYOD is here to stay. The “consumerization of IT” is a cultural phenomenon and business trend. A thoughtfully-developed policy will help manage risks and maximize BYOD benefits.

Want more expert advice? Check out COSE Expert Network, an online forum connecting business owners with creative solutions to the tough questions they face every day. 

This article originally appeared in the August 31, 2015, edition of Small Business Matters.

Our region really has a lot going for it:  great cost of living, beautiful surroundings, amazing museums, (mostly) professional sports teams and more.

And in the tech world here, we’ve got a really vibrant entrepreneurial community, from start-ups to mature coupled with a significant number of large, enterprise IT shops.

So why do we struggle to get people here?  And how can we compete with other markets (that we KNOW we’re better than!)?

Last week, we started work to address that marketing problem by hosting the first ever NEO Tech Talent Summit. We teamed up with Global Cleveland, Team NEO and Regional IT Engagement and hosted about 70 local tech executives and entrepreneurs. 

Our guests heard some great presentations from Ted Griffith of JobsOhio, Dawn Larzelere from Governor Kasich’s Office of Workforce Transformation and Jacob Duritsky, Research/Strategy VP at TeamNEO.  These folks laid the groundwork for a half-day working session with our execs and entrepreneurs to define NEOs strengths, weaknesses, opportunities and messaging regarding attracting tech talent.

TeamNEO secured group facilitators for the working sessions and we’ll be issuing a report out on the these phase 1 results shortly.  Ultimately, our goal is to hone messaging and secure funding or other support to more aggressively market NEO and attract more tech talent to the region.

We’ll continue to share information on progress of this effort, but in the meantime, here’s a podcast of the presentations from the day.

You may have noticed that your electric bill now contains a few charges that you had not seen before.  Well, they have always been there, you just may not have known about them.  New information on your bill shows specific charges for the costs of energy efficiency, peak demand reduction, and renewable energy. These charges are not new, but are and previously were consolidated with other charges on your bill. 

On October 15, 2014, the Public Utilities Commission of Ohio (Commission) issued proposed rules for comment which included a new rule, to implement the required cost disclosures in Sub. S.B. No. 310 (“S.B. 310”), specifically, which included charges such as the energy efficiency and peak demand reduction charges that were once buried within your bill. On December 17, 2014, the Commission approved the proposed rules and the rules became effective on December 11, 2015. Depending on your meter read, these line items should now be appearing on your bill. 

Once buried, they are now distinct line items that can be found on the front page. 

For example:

 

Not sure if you are being charged too much for each distinct line item? 

Want to know how to reduce the overall charges and put money back in your pocket? 

The GCP and COSE Energy team will do an on-site assessment to identify areas of your building that can be improved, help prioritize energy savings recommendations, develop an actionable efficient strategy, and connect you to quality service providers to drive implementation. Contact us at (216) 592-2205 or energy@gcpartnership.com

From discussing best hiring practices for tech departments to thoughts on the future of the Internet of Things, OHTec’s CIO Symposium 2017 brought together scores of tech influencers from across the region to spend a full day talking shop. Read on below for a brief recap of what was discussed.

• RELATED: Learn more about the work OHTec is doing to create connections across the Northeast Ohio tech landscape.

Approximately 200 technology executives from across Northeast Ohio attended the 17th annual CIO Symposium presented by OHTec, COSE and the Greater Cleveland Partnership on Thursday, September 8, 2016.

The full-day event, the longest running gathering of CIOs in Northeast Ohio, featured a number of "deep-dive" Tech Talks from leading technology experts, breakout sessions and a Tech Futures Plenary Session of a panel of award-winning CIOs.

Visit the links below to listen to podcasts of the CIO Symposium's sessions:

Breakout Session

Tech Futures

Breakout Sessions

Talent Attraction: Branding Your Organization

Next Gen IT Security Protections

Mobile Strategy

Extracting Real Value from Big Data

Tech Talks

Digital Transformation: Integrating Supply/Customers/Information by Dan O’Neil and Reid Sheppard, KINETiQ DIGITAL

Disruption and the CIO by Mark Lewis, Formation Data Systems

Thought Leadership and the CIO by Michael Krigsman, Analyst, Strategic Advisor and Blogger

Leadership Lessons from Space by Dr. Janet Kavandi, NASA's John H. Glenn Research Center