Tutu Lawal - Big Data: A Time to Save, a Time to Delete

April 08, 2014

Tutu Lawal Presents Article by  Paul Luehr
Nonessential work byproduct is not only clogging your internal network, it's raising the risk of litigation and cyber attacks. 

CFOs and accountants have heard the call to expand their big data analytical skills. With this newfangled know-how comes the promise to identify workplace efficiencies, evaluate prospective business opportunities and better understand customers. But thisrosy perspective focuses only on the upside of big data. A downside lurks in the disorganized and nonessential email, memos, drafts, presentations, reports and spreadsheets that lay strewn across most company networks. This surplusage can be analyzed by hostile litigators, aggressive regulators or surreptitious hackers using the same big-data techniques employed by marketing wizards. Therefore, if not properly managed, this mundane form of internal big data can significantly increase risks and raise costs. When it comes to internal company data, “less” is usually “more.” To run critical business functions and to mitigate risk, a company has to determine what data to keep and what data to delete.

The disorganized morass of nonessential files is now a critical issue for leadership, in light of rapid advancements in computer science. Complex analysis historically was limited to large databases, with their tidy tables and regular columns of numbers in uniform formats. However, big data analysts now can run complex searches across messy workplace byproduct. They can search “unstructured” information, outside formatted databases, across different file types and even in different languages. Not surprisingly then, big data analysis has become the lifeblood of many kinds of litigation. Even the most routine employment cases often involve forensic collections of data from multiple locations (email servers, file servers, laptop hard drives, online email accounts and smartphones). Larger litigation matters take big data analysis a step farther. For example, graphic files are searchable through optical character recognition; communication patterns can be visually depicted through early case assessment toolsconcept searches are being used to enhance basic keyword searches; and computer prediction models are replacing weeks of human document review. Federal regulators and cybercriminals, alike, have also climbed on the big data band wagon. The SEC data mines financial reports and trading accounts to find fraud and “aberrational performance.” This past winter, the head of FINRA boasted that his organization detects market abuses by monitoring almost six billion trades per day, as he said, “more ‘big data’ on a daily basis than the Library of Congress or Visa.”  Meanwhile, hackers crawl large corporate networks, use complex queries to search for exposed passwords, hide among the refuse of everyday computer files and target the very same customer databases compiled by big data analysts. In spite of these developments, many companies do not organize their data well enough to respond to subpoenas and legal discovery. In addition, because of this weakness companies often cannot tell when, how often or if they’ve been hit by a cyber attack. By hoarding mountains of unorganized, nonessential internal data, companies risk facing obstruction and spoliation of evidence charges (intentionally or negligently hiding or destroying evidence), and making themselves vulnerable to multistage cyber attacks.

Drawing a Data Map

To escape these fates, companies must create comprehensive and well-thought-out data retention and deletion policies. The process begins with the creation of a company data map. A data map tracks what information is created, where it is stored, how long it is retained and who manages it within the organization, allowing leadership to take real control of it. To start, a CFO should assign a team to sit down with internal business groups to assess their data inventories and to construct a taxonomy of them.  For example, accounting files may fall under the categories accounts receivable, accounts payable, taxes and billing disputes. Then the team should identify who oversees the data and where it resides — on employee hard drives, in a particular database, on a network drive or in the cloud. Creating this inventory can be unnerving.  Critical records may be scattered all over the network, sensitive personal information may not be encrypted and confidential financial documents may be available to an unnecessary number of employees through a shared network folder.

Next, the CFO’s team should consult with legal counsel to assign proper retention periods to each document category. The attorney may advise keeping general email for three months or certain tax documents for five years, but employee benefit records indefinitely. He or she can also advise on the practical extent of litigation holds. Many companies fail to lift holds when a case ends. As a result, the same documents could be subjected to another hold when the next lawsuit arises, and so on. A few years ago, my firm worked through a large inventory of case histories for a major insurance company to verify which legal holds could be lifted. This company was retaining so much data, under so many separate litigation holds, that an entire cottage industry had developed in its hometown to handle the company’s backup tapes. When we verified that numerous litigation holds could be lifted, including one from a federal regulator, the company enjoyed a multimillion dollar reduction in its data storage costs.

Whatever data retention periods a company sets have to be adjustable to address company needs and changing circumstances. For example, in the event of a data breach, forensic investigators often will ask to look at historic log files and server backups in an effort to determine when and how the attackers first struck. If a company normally keeps four sets of weekly backup tapes and three sets of monthly backup tapes of its servers, the investigators might lose an entire month’s worth of valuable data if action is not taken quickly to suspend the company’s normal backup tape rotation. Setting aside the oldest backup set and inserting a new batch of tapes is an easy way to preserve that evidence. Even with an effective data map and a clear data retention and deletion schedule, the work around real information governance is never done. A company must regularly train employees about where to store its data and must update policies frequently to address evolving technologies. Some of the thorniest issues today arise within companies that have liberal bring-your-own mobile device (BYOD) policies. In these companies, personal information may commingle with corporate data on smartphones that are backed up to home and cloud locations. The next challenge may be wearable technology that introduces health-care data into the workplace.

We only know one thing for sure: data will continue to grow.  Managing it, not only by harnessing large stores of data about customers and markets, but also by minimizing nonessential information clogging the internal network, can help a company maximize its big data returns.

THe Keys to Leadership

January 15, 2014

The Keys to Leadership: Your Brain and My Grandmother
Eric J. McNulty is the director of research at the National Preparedness Leadership Initiative and writes frequently about leadership and resilience.

I’m often asked to recommend books on leadership. Increasingly, I’ve been steering people away from what could be called a typical leadership book: a memoir by a CEO or a military officer, or the latest “Nine Essential Qualities of a Leading Leader” type. As entertaining as those kinds of books may be, few have anything new to say that’s really useful to a person who wants to improve his or her ability to lead. Instead, I direct people to the rapidly evolving literature on brain science, where I tend to find some fascinating ideas that apply to business.

In 2013, the standouts from my own reading list included books that cover a mix of physiology and psychology—namely, Daniel Kahneman’s Thinking, Fast and Slow , David Eagleman’s Incognito: The Secret Lives of the Brain , Srini Pillay’s Your Brain and Business: The Neuroscience of Great Leaders , Maria Konnikova’s Mastermind: How to Think Like Sherlock Holmes, and Mahzarin Banaji and Anthony Greenwald’s Blindspot: Hidden Biases of Good People. What I find particularly interesting is how much of the recent, cutting-edge research on the human brain actually confirms six insights that my grandmother shared with me years ago.

Don’t judge a book by its cover. The mind is a natural categorization machine—once certain attributes have been assigned to a category, they are difficult to remove. Our brains are full of hidden biases and stereotypes. InBlindspot, for instance, Banaji and Greenwald cite several instances ofimplicit association tests showing that people of color have more negative views of other people of color than they do of whites, and that gays and lesbians have more negative views of other LGBT people than they do of straight people. In a different test, people were shown a photograph of a random person and asked if the person seemed nice. Most people answered quickly, with no real evidence on which to base a judgment. Banaji and Greenwald show that it’s possible to default to stereotypes even while denying their validity. Will alone is insufficient to overcome these innate biases—it takes work.

Take a walk to clear your head. If you’re stressed or facing a critical decision, get out of your office! Konnikova cites research that reveals that spending as little as 10 minutes observing nature can help you relax and focus the mind. Even concentrating on a photograph of nature can help. There’s wisdom in taking time for a regular stroll at lunch. In Your Brain and Business, Pillay cites studies showing that physical movement can have a profound effect on how you think: Getting into a box-like structure and then stepping out of it actually improves your ability to get creative and think “outside the box,” so don’t expect your next big idea to come during the hours you spend in a conference room. It’s one more reason to get out of your chair and move.

You win some, you lose some. I have a friend who worked for a high-end apparel retailer, which measured her ability to sell additional products to every single customer. She joked that selling nothing was OK, but letting someone leave with only a single garment earned a demerit. That’s exactly the wrong way to induce high productivity, according to research cited by Kahneman in Thinking, Fast and Slow. You actually get better outcomes for decisions you face repeatedly when you approach them as a portfolio rather than individually. When you focus on individual wins and losses, you become more likely to take or avoid risks at the wrong times. It’s better to think like a stock trader—accepting some losses as inevitable and measuring overall performance to determine success—which stimulates better decision making. Looking at the ratio of single-item to multi-item sales over a week or a month would have given the retailer a better sense of which associates were adept at knowing when to push and when to hold back with a customer.

Let me sit with that for a bit. Just because you aren’t doing something, it doesn’t mean that your brain isn’t working. In Mastermind, Konnikova argues for the power of contemplation: She notes Sherlock Holmes’ description of a particularly thorny conundrum as a “three-pipe problem.” The brain between our ears is the ultimate supercomputer—sometimes we need to pause to let it sort through information, find patterns, and focus. While you may or may not want to indulge in tobacco, it really does pay to put down your smartphone, to just sit and reflect. If you need structure, journaling can be an effective way to build quiet time into your daily schedule.

When you can’t decide, flip a coin. We all wrestle with decisions, particularly when the available data doesn’t point to a clear way forward. One job candidate has better credentials, but another overflows with innovative ideas and great questions. Which do you choose? According to David Eagleman in Incognito, a simple coin flip may help. This doesn’t mean putting your faith in luck. When you flip the coin, pay close attention to your reaction: If you’re relieved at the side that lands up, you’re likely confirming what your unconscious mind was trying to tell you all along. If you long for a do-over, your inner mind wants to steer you toward the other choice.

It’s nice to be important, but it’s important to be niceResearchcited by David Rock in strategy+business in 2009 shows that the brain processes social pain in similar ways to physical pain. A psychologically stressful workplace can kill productivity, creative problem solving, and innovative thinking. Creating social safety doesn’t mean being a pushover, but it does mean making sure the work place is fair, transparent, and inclusive.

As we enter the new year, those aspiring to lead would do well to start thinking in new ways. Set aside the usual choices on the bookshelf and dive into the latest studies on the brain. It turns out that some tried and true pieces of wisdom are tried and true for good reasons.

Are Cybercriminals Winning

October 03, 2013


Security industry in 'rut,' struggling to keep up with cybercriminals

Experts agree hackers are winning but some are hesitant to blame it on a lack of new technology, however

September 30, 2013 — CSO — Dramatic changes are needed in multiple fronts if the security industry hopes to move ahead of cybercriminals, who are continuously finding new ways to breach corporate systems, experts say.

Some technology pros say the industry needs to develop new technologies and architectures that send hackers back to the drawing boards.

"I think we're in a security rut right now," Ed Amoroso, chief security officer for AT&T, said,ThreatPost reports. Amoroso made the remarks this week during a panel discussion at the Billington Cybersecurity Summit. 

While other experts agree hackers are winning, they are hesitant to blame it on a lack of new technology.

"The call for more innovation is only focusing on the technology aspect," Murray Jennex, a professor of computer science at San Diego State University, told CSOonline. "I agree we need more innovation, but that innovation by itself will not give us better security."

What else is needed is more effective sharing of attack data between security professionals working for vendors and corporations.

"My research has found it takes much less knowledge to use existing technologies to attack than it is to defend," Jennex said. "Security professionals need more knowledge to do their job than attackers do."

However, the attackers are the ones who are faster at sharing exploits for the latest products, Jennex said.

On the white hat side, security professionals get paid for how they defend, not what they share, and companies view knowledge as a competitive advantage. In addition, companies fear being sued by customers or partners, if the data shared relates to them.

[Also see: Unisys survey finds majority of industry leaders believe clients fear data breaches]

Also giving hackers a leg up is manufacturers failing to make security a priority in the design process. This is particularly true with industrial control systems (ICS).

"If we can build in immunity from attack, then we don' have to defend against it," said Eric Cosman, a member of the ICS Joint Working Group at the International Society of Automation.

The blame for not having more products secure by design lies as much with the buyer as the manufacturer, said Paul Rivers, Manager of System and Network Security at the University of California, Berkeley.

This is particularly true with mobile devices. Security is not a high priority with consumers, so manufacturers turn their attention to more desirable features, such as ease of use, music, video and voice recognition.

"Until that changes, I don't think you're going to see some new Silicon Valley startup with the first feature on their feature list being security related," Rivers said.

Marc Hoit, vice chancellor for information technology at North Carolina State University, said ignorance on the part of technology users also contributes to the number of security breaches, which makes it seem that defensive technology isn't working.

"Most of the infections come from poor user behavior and unpatched systems," Hoit said.

People are too quick to click on attachments and companies have a lot of difficulty keeping software up-to-date, which leaves known vulnerabilities unpatched, experts say.

On the research side, Hoit said a lot of work is being done at NCSU and other universities in spotting abnormalities in a network through better algorithms for analyzing massive amounts of data from hardware, software and network traffic.

Internet2, a nonprofit research organization comprised of more than 450 universities, businesses and government agencies, is conducting a lot of security research, Hoit said. However, researchers often have difficulty getting access to the Internet traffic needed for their work.

"It's a privacy and security issue," Hoit said. "I don't know any open network providers that will give you their traffic flow."

So while the industry struggles with multiple issues, hackers operate in a simpler world where the only focus is on breaking into systems.

Story Written by Antone Gonsalves
Presented here by Tutu Lawal


Disappointment Sucks! Now What?

September 30, 2013

Disappointment Sucks. So, Now What?September 27 2013

therapistYesterday I found what is already one of my all time favorite New Yorker cartoons. I pulled the current issue out of the mailbox, started flipping through it and saw the classic guy on a therapist’s couch. The caption was “I did seize the day. But then it seized me back and used some kind of jujitsu move to flip me on my ass.”

I laughed out loud as I read it because I had just spent the day getting back up after getting flipped on my ass. Early in the morning, I’d gotten some critical feedback I didn’t expect on an important project. I was really disappointed. Disappointed with my performance, disappointed with my misperception and disappointed with the recognition that something that I thought was working well actually wasn’t.

Disappointment is a fact of life. Unless you’re on Facebook where, unless a pet or a relative has died, everything is always sunny, in real world land, disappointment happens.

Disappointment sucks. It can bring you down. As a leader, you can’t afford to stay there very long. You’ve got to get back up and bring everyone else along with you.

How do you do it? Here are four steps that may work for you (And by you, I mean me. I’m working on taking my own advice.) :


Go for a walk – Seriously, go take a walk. Do something physical. Get out of your head before you drive yourself into a mental ditch of woe. Shake it off. Don’t sit there and dwell on it

Quit wishing – “I wish I’d known then what I know now. I wish I had done this or that differently.” Yeah, all of that would have been great, but you didn’t. Notice that all of that is past tense? That tells you something. It tells you that you can’t change what’s already happened. Quit wishing.

Talk it out with a trusted advisor – There’s a reason that talk therapy has been around so long – it helps. You don’t have to go to a therapist when you experience a disappointment, but you should talk about it with someone you trust. Doing so has at least two benefits. It helps you work through the emotional curve and identify the lessons learned as you do.

Get back on your horse and ride – Now we’re talking present and future tense. What can you do now or in the near future to recover or repair whatever can be recovered or repaired? What have you learned from this experience that teaches you what to change to get better outcomes in the future? This is where the upside comes from. The opposite of disappointment is resilience. (TWEET THIS) That’s where leaders live. Get back on your horse.

Interesting Monday Morning Read - Tutu Lawal

2 Goals to Curb the Trend of Women Leaving Corporate Jobs

September 23, 2013

2 Goals to Curb the Trend of Women Leaving Corporate Jobs


Women are a majority of the U.S. population and have long earned most of the college degrees – at all levels. While degrees are merely one data point, one could argue that women have been and will be a majority of the best, brightest and highest-potential entries into the American workforce.

One could argue that women have been and will be a majority of the best

But a disproportionately low percentage will ascend to the highest corporate ranks. So what are we left with? A trend in which our workforce and our management and leadership will be increasingly populated by fewer of our highest-potential members. Patti Johnson on this blog eloquently lays out the long-term problems this creates and why this should be a cause for alarm.

One frustrating aspect is that this knowledge is not new. The McKinsey research is more than a year old and not exactly shocking, and general awareness has grown to the point where companies or executives must at least make half-hearted attempts at bringing women into executive ranks rather than ignoring or belittling the problem. And for those who perpetuate or defend old stereotypes – hello, Paul Tudor Jones and Pax Dickinson – the backlash is quicker and harsher. Yet turning that awareness into tangible change is proving difficult.

What I want to focus on here is one aspect of messaging, designed to turn awareness into action among a most important audience – skeptical executives. For that, we’ll need to look at the cause of sustainability.

Sustainability sounds like it should be a simple application of science, and to environmentalists and other core supporters, it is. But it’s rarely that cut and dried for businesses or consumers. Their motivations are personal, financial, or driven by concerns of efficiency or legal liability. The emotional connections of marketing, threat of regulation and cold calculation of profits and losses are what will drive most companies and consumers.

You’ll always get the diehards by talking about reducing greenhouse gases and saving something or other. You’ll win over the C-suite by talking about cost savings, logistical efficiencies and reductions in regulatory uncertainty and other risks. Both messages are important, but they are audience-specific.

And so it goes with the problem of women not making it into the executive ranks. There must be real, focused efforts made in mentoring/sponsoring, in our education system (for girls and boys), and possibly in how our society views and governs what the working life should look like. There must be continued battles against deliberate and inadvertent discrimination, and education of the moral imperative of a business culture that does not drive women and others away. Those efforts must continue.

There must be continued battles against deliberate and inadvertent discrimination

But when it comes to messaging, don’t forget about the bottom-line risks. A world in which we’re inexcusably losing some of our best talents and perspectives is one where our companies face increased  financial, strategic and marketing blind spots. Internationally, there’s nothing that says other nations (say, China) can’t improve on getting women into leadership roles just because we can’t.

 Losing some of our best talents and perspectives is one where our companies face increased  financial, strategic and marketing blind spots

The short-lived corporate satire TV show “Better Off Ted” had an episode where the monolithic evil company Veridian Dynamics installed cheaper motion sensors for its office lighting. Unfortunately, these cheaper sensors are also faulty. In the words of Portia de Rossi’s character, “The system doesn’t seem to see black people.” The company’s prime directive is saving money; ripping out this system and bringing back the old one would be cost-prohibitive, and so the episode progresses with the company trying numerous offensive and/or ridiculous alternatives. How do our heroes solve the problem? Messaging – they show upper management that the alternatives will send labor costs through the roof. In a heartbeat, the company reinstalls the original motion sensors.

This silly sitcom enables us to set two goals. One, we can be far better humans than the officers of Veridian Dynamics. Two, we can be better humans and still do the best things for the strategic and financial health of businesses. Putting our minds and resources to work on the shortage of women in upper management is a step toward both objectives.

Photo courtesy of Flickr