home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
The Unsorted BBS Collection
/
thegreatunsorted.tar
/
thegreatunsorted
/
texts
/
cell_nfo
/
sellular.txt
< prev
next >
Wrap
Text File
|
1992-10-18
|
40KB
|
676 lines
Citation-> Canadian Business, August 1989 v62 n8 p65(5)
COPYRIGHT CB Media Inc. (Canada) 1989
----------------------------------------------------------------------
Title-> Infotech: stand on guard. (computer security) (includes
related articles on computer bugs, computer security,
cellular phone security)
Authors-> Misutka, Frances; Stieren, Carl
----------------------------------------------------------------------
Subjects-> Electronic data processing departments_Security measures
Computer viruses_Prevention
Cellular radio_security measures
SIC Codes-> 3663; 3571
Article #-> 07845695
----------------------------------------------------------------------
LAST NOVEMBER ROBERT MORRIS JR., AN indisputably brilliant Cornell
University computer science graduate student, sent a program by remote
control to a computer at the Massachusetts Institute Of Technology'S
artificial intelligence laboratory. From there, the program quickly
burrowed its way into the US Department of Defense's Arpanet
network-Morris's target.
Morris's program moved more rapidly than he thought possible, clogging
and temporarily paralyzing thousands of military, corporate and
university computers across the US within hours. The virus Morris had
created was unlike many others, which sit in a computer's disk operat-
ing system and infect other disks that come into contact. Morris's
virus didn't have to sit and wait for help-it was smart enough to
spread by itself and consequently moved much more rapidly.
Fear spread rapidly too, as a result of Morris's experiment.
Ken Grant, a partner specializing in information security with
management consultants Stevenson Kellogg Ernst & Whinney in Toronto,
says this fear accounts for the huge attendance at recent seminars on
cOmPuter viruses held by his company. "These are senior management
people coming to the seminars," says Grant, "and they're worried." But
viruses are not the biggest concern. Rather, they are a symp- tom of
living in a world where "integration ... .. networking" and "openness"
are the operative buzzwords.
Management's new computer security worries are simply a result of the
new way computers operate-the basic security threats haven't changed.
Data can be lost in a power failure or a fire-, a disgruntled employee
can destroy or steal commercially sensitive files; hackers like Morris
can break security codes, or open unlocked doors into a system, and
wreak havoc; and telephone lines can be tapped. What is new is the
vulnerability of computer systems in this increasingly integrated
world. "It's getting so that we no longer know what is connected to
what," says Grant.
The multiplicity of interconnections means that managers have a harder
time identifying the potential points of security breakdowns. In turn,
these complex systems become increasingly vulnerable to security
threats when they are linked to other systems in the outside world.
Unfortunately, the only way to truly secure a computer is to lock it
away in a glass room" and not give it a communication line.
But this is where the catch-22 arises for business managers. Systems
are given communication lines for one reason: so they can talk to
other systems. Today it's possible for office systems to link with
those of suppliers in the US, distributors on the other side of the
country, and customers around the globe. But because a networked
computer makes resources such as software programs and information
more easily accessed and shared, the chance of those resources falling
into unauthorized hands increases.
As a result, managers are being forced to change their thinking about
security. Many businesses still focus their attention on the glass
room, says Ron Gilmore, a partner with Gellman Hayward and Partners
Ltd. of Calgary, whose experience with data processing and systems
planning spans more than 20 years. He explains that security during
the days of the stand-alone computer meant locking the mainframe away
in a glass room to which only the office technical expert had access.
A few "dumb" terminals were used for clerical work. Since these
terminals had little power and no intelligence of their own, there was
less concern about what mischief the unsupervised employee or
unauthorized intruder could perform. "But by the early 1990s,"
Gilmore says, the distribution of PCs in the workplace will mean
there will typically be three times as much horsepower outside the
glass room as inside. Security solutions, on the other hand, are
still being focused inside the glass room."
Those who are worried by all this talk of emerging security issues
might find comfort in knowing that the security experts say the most
effective solutions still rest with the way management handles
technology, not just with the technology itself. Mike Oke is
vice-president and general manager of Racal-Guardata Canada, a
company that, among its services, sells computer security products
that use encryption. But no technology is foolproof, Oke warns, and
the easier it becomes for systems to talk to one another, the greater
chance there is for unauthorized access to those systems. "It's up to
management to put the right controls in," he says. You can't think of
security just in terms of a product that you put on a local area
network [LAN]. It's more complicated than that. Security is a set of
policies and procedures, including regular audits to find out what
activity has gone on in a LAN." Oke says security products are a
subsequent step in the process of securing a computer system.
Policies and procedures come first.
Security consultants stress policies and procedures because the
biggest threats to company systems are human, not technical. Grant
says human error is still the main source of security breakdown by
far. This may be something as simple as keying in a wrong command at
the terminal, but it also often means a lack of regard for proper
procedures: swapping disks or software with unauthorized sources,
writing passwords down in notebooks that are left out in the open, or
sharing company information with friends outside the company. This is
where security problems begin, says Grant. "Most users don't treat
security as a major issue. They're far more concerned with getting
utility out of the system." But an office where employees are
unconscious of the risks involved in things such as swapping disks or
making passwords public is more vulnerable to computer crime.
Rod Stamler, former RCMP assistant commissioner and the force's senior
commercial crime expert who joined the forensic accounting department
of Peat Marwick of Toronto on Aug. 1, says computer crimes-stealing
or tampering with data, fraud and even industrial espionage-are most
often committed by company insiders, or with the help of insiders.
Security practices start with managers teaching employees computer
ethics-teaching them that they don't have the freedom to access, read,
alter, or do what they will with computerized information. Employees
need reminders that computers are aids to make their jobs easier, not
aids to help them tamper with company information.
Gilmore says managers can teach computer ethics with something as
basic as the employment contract. He has investigated many cases of
internal data theft that could have been avoided if management had
spelled out, in the contract, what is meant by "company information."
He suggests a contract clause that restricts employees from "copying,
securing, transmitting, keeping, storing, gaining from, selling or
using company information." Information can be defined as anything
from programs and data to processes, techniques or formulae. Stamler
says Gilmore's advice about contracts is crucial because theft can
mean the end of business for companies that spend millions developing
specialized software. Stamler remembers a case of an employee who
learned a valuable secret about his firm's computer programs. The
company never made him sign a contract saying the information belonged
to it. "He left the firm, went to a competing company, and started
selling the information as his own. We had no charge we could lay
[because of the company's oversight]. The man was eventually charged
with theft of paper. " But Gilmore says many managers don't want to
hear advice about policies and procedures: "They'd rather spend money
on security products, because, frankly, those things are more
exciting." Stamler says the RCMP has "no hard, fast statistics" on
computer crime because people are often reluctant to report such
incidents. Businessmen either don't want to suffer the public
embarrassment, which may result in a loss of confidence in the
company, or they're afraid that the company information the thief was
trying to steal will become public knowledge. In February
Toronto-based software developer HCR Corp. found itself with a
security problem when a man associated with the company used his
personal computer to access files the company had termed "classified."
Kok Weng Lee, a 31 -year-old North York, Ont., man, was charged with
"unauthorized use of a computer"-the st ever charge under this section
of the Criminal Code. Before Lee's court date, police would say
little about the case, indicating only that because HCR had not
hesitated to bring in the police, they would not release information
about the case. HCR has a S 1 50,000 licence with the American
Telephone and Telegraph Co. in the US to use its UNIX operating
system's source code -a program that plays an important role in the
rapidly growing world of open systems. The program is worth little on
its own, but consultants say Lee theoretically could have used
information gained from the program to start up his own consulting
company. HCR President Michael Tilson played down the significance of
the case, saying that "no customer's confidential information was
accessed at any time. Lee appeared in a courtroom in Toronto's old
city hall March 10, pleaded guilty to unauthorized access of a
computer and was sentenced to 12 months' probation. Constable Craig
Lewers of the Metro Toronto police force's Criminal Investigation
Bureau (52 Division) later confirmed that Lee had copied the UNIX
source code, which HCR had kept in a file labeled classified." Lewers
says the case is proof positive that managers can never be too
vigilant when it comes to protecting highly confidential information,
You can have all the security products in the world," he says, "but
they won't protect you from your own employees." This doesn't mean
that managers have make the electronic environment so secure that
employees can't do their jobs. t everything in a company's computer
system will be termed "classified" and therefore have to be secure in
the true sense of the word. Michael Harrop is senior project officer
with the information technology management division of the Treasury
Board of Canada, and a member of the newly formed Canadian Advisory
Committee on Information Technology Security, a national group of
representatives from concerned industries working to promote national
and international security standards. Harrop says managers should
think about security as meaning three things: confidentiality,
integrity and availability.
When governments talk about security, they mean
confidentiality-information that is secret. Businessmen, with the
exception of those in high finance, will generally have less concern
for security in this sense.
To protect confidential data: Fl Store the data on a separate computer
that's kept in a sealed room. 11 Issue passwords. F-1 Make sure
passwords are changed regularly and don't use those that are easily
guessed. F-1 Don't link confidential data to the communication lines.
F] If confidential data must travel over the communication lines,
encryption (electronic scrambling) is essential.
The next level of security involves integrity: making sure that if
company information does fall into the wrong hands, it can't be
altered or destroyed. To help ensure data integrity: * Ask security
products companies about access control software. * Perform regular
audit trails to help spot unauthorized access. * Don't use software
from unknown sources.
Security also means availability, making sure the system is accessible
and usable on demand by those authorized to use it. Consultant Grant
says this really means contingency planning-"planning for the fire,
the bomb, the virus, whatever. " Ensuring availability requires
careful planning ahead of time: * Make backup copies of all files. *
Know what services are expendable so they can be shut off during a
tornado or other crisis situations. F] Arrange for a "hot site": is
there another backup system you can use in case your own crashes?
Make arrangements for one -just in case.
While terms such as confidentiality, integrity and availability are
useful in determining levels of security, they don't cover everything.
John Hopkinson, a computer security consultant with DMR Group Inc.,
says security is too complex to be broken down into these tidy units.
Something confidentiality, integrity and availability don't cover is
the issue of repudiation. "If I send you a document, how do I ensure
the authenticity of that document if six months down the road you
decide you don't like the terms of that document and deny its very
existence?" Hopkinson asks. He says consultants are examining
electronic forms of message authentication to ensure that a computer
system can keep accurate records in case such legal issues ever arise.
Hopkinson also says that neat terms such as integrity and availability
don't work well when dealing with the single biggest security
threat-people. "How do you ensure the availability or integrity of
people, or guard against human error?" asks Hopkinson.
Hopkinson's question will continue to keep security experts busy.
Despite the ever-increasing sophistication of technology, the biggest
threats to security are human, not technical. Grant recently heard an
instructive story involving a systems programmer in the US who was
fired. Little did the company know the programmer had set up several
dummy computer accounts before he got canned. The president's office
informed everyone in the company that the programmer had been
fired-everyone except the night security guard.
The programmer came back at 2 a.m., waved to the security guard, sat
down at a computer, called up the dummy accounts and caused chaos in
the system's files. "That's not a systems problem," says Grant,
"that's a procedural problem." Simple human error, in all its forms,
is the biggest threat to any company's computer system. "All the other
threats, like viruses and hackers, are nothing compared to the impact
of the user," says Grant. "We destroy ourselves long before anyone
else
can." 3
Why cellular phones make easy targets Those who discuss strategy on
cellular phones might be surprised to learn how vulnerable those
conversations are. Ian Angus, president of telecommunication
consultants Angus TeleManagement Group in Pickering, Ont., recently
attended a seminar on communications in Ottawa, where someone asked
him why businessmen weren't encrypting their cellular calls. "I told
him that I thought the assumption was that it was reasonably difficult
to tap an entire cellular conversation because of the way cars move
from cell to cell."
After the seminar, the man approached Angus and told him that he had
read an electronics magazine that told him, in detail, what equipment
to buy (for less than $ 1,000) and how to set up his scanner so it
could monitor cellular phone conversations. "This guy discovered that
when people moved from cell to cell, their conversations moved either
up one frequency or down one frequency, so that when he lost a call,
it was always a minor adjustment to find it again. Now he's traveling
around Ottawa listening to cabinet ministers, people talking to their
mistresses and heaven knows what else."
And cellular snoopers are not easy to prosecute. The interception of
cellular phone conversations is governed by the Radio Act, which makes
it illegal to use information gained from interceptions but doesn't
make the interception itself illegal.
The average business person probably doesn't have to worry about
unauthorized snoopers, but eavesdropping on cellular conversations
does happen. Nearly three years ago the Law Society of Upper Canada
offered a brief warning in its newsletter to all member lawyers,
advising them to be careful about conversations they have over
cellular phones. The warning was sounded after one Toronto defence
lawyer had his cellular calls intercepted by another. Says Keith
Ward, a federal Crown prosecutor with the Department of justice,
Arguably [people] have no reasonable expectation of privacy in the
case of cellular phones, so we can tap away." Fax security: curse of
the wrong number Nobody would think of sending a private letter
through the mail without an envelope, but thousands of Canadians send
confidential electronic facsimilies every day via public phone lines.
"People don't seem to realize that just as you can dial a wrong
telephone number, you can dial a wrong fax number," says Norm Watt,
president of Privatel Inc., an Ottawa-based telecommunications
security company.
Merrill Lynch Canada Inc. learned that lesson the hard way early this
year when the company was seeking federal approval to open a banking
subsidiary. The firm had meant the news about the bank to be
confidential-until a memo dealing with the bank application was sent
by fax, intended for the company's Toronto office. Because of a
misdialed number, a copy of the memo turned up on the fax machine in
the Toronto newsroom of the Globe and Mail. When contacted by the
newspaper, Michael Sanderson, chairman and CEO of Merrill Lynch, had
to confirm that the jig was up. Sanderson offered little comment on
the incident, other than saying he planned to change a few fax
numbers.
Michael Parent, spokesman for Ottawa-based Ricoh Corp. (Canada) Ltd.,
a leader in the fax market, says business people concerned with
security sometimes devise closed networks" using fax machines that
have been programmed with secret access codes and are only compatible
with machines with similar codes. Other machines offer memories that
indicate when a facsimile has been received but won't allow the
machine to print the document until a password is entered.
Here are a few tips for fax users: * Don't fax confidential documents.
* Confidential information that must be sent by fax should be
encrypted (electronically scrambled). * Facsimilies meant for the
president's eyes only should be sent to a special machine in the
president's office. * If you use passwords, change them regularly. *
Always verify reception to guard against misdials. Beating the bugs:
viruses, Trojan Horses and other vermin When little bouncing balls
started skipping across the screens of his students' computers one
morning last March, Frank Skill wasn't immediately concerned. He
watched as each ball ricocheted off the bottom of the screen and then
started wiping out characters on the lines above. "We thought at
first we just had some scrambled start-up files from computer games
that night school students had brought in," says the software
applications instructor at Seneca College in Toronto.
But the bouncing balls didn't go away after they had restarted the
computers.
The Seneca computers had been invaded by a computer virus called the
"Ping-Pong" or "Italian" virus. It had infected several machines in
the classroom and had penetrated the college's microcomputer centre.
Skill finally contained the virus by taking an uninfected copy of the
disk operating system (DOS) and reinstalling it on the infected hard
disks.
The term "computer virus" was first used by Fred Cohen, an American
programmer, at a US Department of Defense computer security conference
in September, 1984, although few were reported until Scientific
American magazine ran several articles on the subject in 1984 and
1985. A computer virus consists of a bit of computer code-sometimes
as short as I 00 bytes or as long as 2,000 bytes or more. A virus
will copy itself onto an existing program, causing it to blank out the
screen, erase data or program files, or even format the hard disk,
wiping out all data and programs. There are three main species of
virus: those that infect operating systems, those that infect
commercial programs, and a trickster known as the Trojan Horse.
System viruses lodge themselves in the system or "bootstrap" sector of
a hard or floppy disk. Whenever another disk with the operating
system (DOS for IBM Corp.-style personal computers) is inserted in a
drive, the virus spreads to that disk. Commercial program parasites
lodge in unused spaces in a program such as a word processor and then
spread to other programs. Trojan Horse programs pose as free computer
games or utilities such as freeware programs found on elec- tronic
bulletin boards, but do their dirty work behind the scenes when you
run the programs. Unlike i true virus, a Trojan Horse can be stopped
simply by deleting it from memory and from the disk.
Early computer viruses, which simply flashed messages such as "Ha, ha!
You're dead" or "Gotcha!" across the computer screen, were easy to
detect and root out. But computer viruses today are far more
sophisticated and difficult to eradicate.
One virus, called the "Israeli" virus by many American authors and the
"PLO" virus by others, infected personal computers at the Hebrew
University in jerusalem and even some units of the Israeli Defence
Forces. it was a "logic bomb," set to go off on Friday, May 13, 1988
(40 years after Palestine ceased to exist as an independent entity),
when it was set to destroy files in host computers. israeli
programmers spotted the virus and cleared it out of most of the
infected computers before that date. However, according to Maariv, an
Israeli daily newspaper, the Israeli Ministry of Education lost 7,000
hours worth of work when one version of the virus attacked computer
files before the May 1 3 detonation date.
Philip Fites, an Edmonton-based information systems security
consultant, has cowritten a book called The Computer Virus Crisis,
which analyses the viral risk to today's computer systems. "I believe
all computers in the future will spend part of their operating time
coping with viruses," he says. Martin Kratz, an Edmonton lawyer and
co-author of the book, notes that one of the most common vectors of
virus transmission is computer piracy. But computer databases and
computer bulletin boards, set up to share data or programs over phone
lines, can also be the source of viruses. Anyone receiving a compute
r program from a bulletin board might unwittingly be taking in a virus
hidden in the program. Such a program could infect the user's hard
disk, and from there infect any other disks put into the machine.
A virus on an IBM or compatible microcomputer might hide in an
infected copy of a DOS file, the operating system for most personal
computers compatible with IBM PCs, PC-XTs, and PC-ATS. A favorite
target of viruses is the DOS file called Command.Com. The virus will
copy itself into an unused section of the file and then change the
file creation date of Command.Com back to its pre-virus date to cover
its tracks. In Apple Computer Inc.'s Macintosh computers, a virus can
easily hide in an extra "resource file" as a part of any Macintosh
program. Some viruses hide in the bootstrap sector of a disk, which
is not visible to the average user, while others might hide in the
battery-powered backup section of the memory on the computer's mother
board or on the clock/ calendar card. Still others store themselves
in parts of hard or floppy disks marked off as "bad sectors." Since
most hard disks have some bad sectors, there is really no easy way of
detecting such viruses.
How does one protect against the virus? The best method is to take a
few general precautions. Take computer programs directly out of their
shrinkwrap-never use pirated copies. Put write-protect tabs on all
original program disks before you load them onto your hard disk. And
finally, never run a free compute program until your friends have run
it for more than a year without problems. There are vaccine programs
available every make of personal computer, but, unfortunately, some
viruses are able to dodge them.
A virus called "Killer" was written by programmers at PC Labs, the
testing laboratory of PC Magazine in New York City, to test various
vaccine programs. That virus dodged all I I vaccines tested; three of
them did report that virus activity was going on, but failed to stop
it. The magazine's reviewers recommended FluShot Plus and Certus
above the other vaccines. FluShot Plus is available for US$14 through
Software Concepts Design of New York (212/889-643 1). Certus is
available for US$189 from FoundationWare Inc. of Cleveland
(216/752-8181). An antiviral program called The Antidote is available
for $72 from Quaid Software Ltd. of Toronto (416/961-8243). Code
green: the cost of perfect security The safest way of protecting
information traveling over ordinary telephone lines from eavesdroppers
is by encrypting, or scrambling, it. Encryption takes electronic
signals, slices them up into pieces and scrambles them according to a
randomly determined code, or algorithm. Encrypted data can then only
be deciphered by using a pattern of the same code, called a key. But
encryption doesn't come cheap. It costs about $ 1,000 for the
equipment to encrypt data files, while protecting communications links
(telephone switching equipment) can run anywhere from 2,000 to $
10,000.
Patrick Bird is president of isolation Systems Ltd. of Etobicoke,
Ont., a company that sells secure microcomputer systems. He says, for
companies that believe their competitors will go to any lengths to
penetrate their computer systems, encryption is a necessity. And
Isolation Systems' products don't end with offering encryption. The
company sells a product for the extremely paranoid: the ISAC 2400, a
plug-in module that turns a standard IBM PC into a secure workstation
by protecting it against the unlikely event of being dropped in liquid
nitrogen. According to Bird, dropping a computer into liquid nitrogen
slows down its memory, making the key values that unlock access to the
files easier to read. Isolation Systems does much of its business
with governments and high-finance companies- the ISAC 2400 is not for
everyone.
But research may soon offer more affordable encryption. Bell Northern
Research Ltd. (BNR), the research and development group jointly owned
by BCE Inc. and Northern Telecom Ltd., has developed a version of the
Rivest Shamir Adleman (RSA) encrypting algorithm. Brian O'Higgins,
manager of custom applications and development for digital telephone
switches at BNR, says BNR's version of RSA (still part of an
exploratory program) is contained on a single microchip. This means
the technology will no longer require separate computers to perform
the complex mathematics of encryption, thereby cutting the cost.
@@@078456991 1487HHa073C4DF
JACK FISHER'S INTUITION TOLD HIM IT was time to expand, and his
intuition had never failed him in the 12 years he'd been running his
own business. New Interiors Ltd., his Toronto-based painting and home
decorating company, was a great success, with revenues for 1988
topping $1 million. But most of his sales came from nearby
neighborhoods. With the renovation market in Toronto booming, he
wanted to tap into other areas of the city, and he knew from
experience that the way to do this was through advertising.
Fisher, 48, attributed his company's success to two factors: his
dedication to providing quality workmanship at competitive prices; and
to an aggressive mar- keting campaign. "What good is it to be the best
painter around if nobody knows who you are?" he repeatedly asked his
son Bryan, 24, who had recently joined the family business as the
general manager. "You gotta spend the dough so they know where to go.
"
True to his philosophy, Fisher sent out flyers four times a year to
the suburban neighborhoods near his office and regularly purchased ads
in community newspapers. In addition, he worked actively in several
community organizations to maintain a high local profile. Call me a
traditionalist," he would tell Bryan, "but I believe that if I shake a
man's hand, there's a greater chance that hand will dial my num- ber
when there's work to be done."
When Fisher informed his son-whom he was grooming to take over the
business -about his plans for expansion, Bryan responded with
enthusiasm. But when he outlined his marketing strategy, Bryan was
less receptive. "I'm going to blitz most of the city with flyers and
take out ads in the major newspapers," Fisher said. " I'm also
thinking about radio commercials."
"Newspaper ads are too expensive for the one shot they give you,"
Bryan replied, "and flyers have an extremely low response rate. You're
not going to get nearly as high a response in areas where you're not
known, compared to what you're getting right now. However, I have
another suggestion. There's a new sales method called automatic call
dialing." Bryan explained that the system he was proposing consisted
of a computer that calls numbers out of the telephone book and
presents them with a recorded message describing New Interiors'
services. At the end of the message, listeners are asked to leave
their name if they want more information. "I have a friend in an
advertising company who told me about this," Bryan said. "He was very
persuasive about the way it could reach a lot of people at a
relatively low cost."
Fisher did not like the idea. "Look, I had one of those machines call
me awhile ago. Something to do with life insurance. And you know
what I did as soon as I realized it was a computer?"
"You hung up." "I hung up. You know your father, which is good. What
is not good is that you think you can get new customers by using some
impersonal machine. People hate these things. They'll get mad at us
and we'll get a bad reputation."
Bryan countered by saying that flyers weren't any more personal than a
recorded message. "Lots of people hate junk mail," he said. "You
should be open to new ways of doing things. You can't shake hands
with two-and-a-half million people. But this is a way that you can
send them a message, and your voice if you want, directly into their
home."
Fisher wasn't convinced, but he also didn't want to arbitrarily crush
his son's initiative. Their conversation ended with Fisher asking
Bryan to research the auto- matic call dialing services available. He
doubted that he would change his mind, but he wanted to give his son
another chance to make his case.
Should Fisher have a more open attitude toward automatic call dialing?
What are the benefits compared to sending out flyers? Before you read
what the experts have to say, ask yourself- what would I have done?
WHAT THE EXPERTS SAY TONY ROTHSCHILD President Phonetix Corp.
Coincidentally, our company recently completed a test of an automatic
call dialing system using a Toronto paint company as the prospective
client. Among other information, we wanted to determine the kinds of
responses the system generated. Almost 50% of the people that we
called listened to the complete message. When you consider that
people could slam the phone down on a machine without feeling that
they're upsetting someone-unlike a direct personal call-that was a
very healthy response. About 40% just hung up, while the rest
consisted of fax machine numbers, no answers, OPerator intercepts and
so forth.
The format we used consisted of a message followed by a tone like an
answering machine so that people could leave their name if they wanted
more information. About 40% did leave a short message. Some were
abusive and quite a few asked not to be called again. Under Canadian
Radio-television and Telecommunications Commission guidelines, you
must comply with their request by taking them off the database. The
percentage of positive responses was about 4%-that's quite
encouraging compared to the response usuall y elicited by flyers,
which usually ranges from.05% to 2%. Now, those aren't all going to
end up as customers, but it's a good number of leads.
For various reasons, our company usually doesn't offer this kind of
service, although we will sell a company a complete turnkey system so
that they can do it themselves, which costs about $25,000 for a
four-line system. I would advise Fisher to consider using automatic
call dialing because I think it is well suited for busi- nesses such
as painting and home decorating. However, I think he should go to a
company that will do it for him on a fee-for-service basis. In other
words, he should test it out before risking the considerable expense
of buying a system.
This type of advertising is becoming more accepted, just as the
answering machine is now quite commonplace. It's effective for
situations such as the police issuing emergency information to an area
(the calls can be targeted with any parameters you want); school
boards informing parents of closings due to bad weather; and airlines
notifying passengers of cancellations.
The Canadian Red Cross Society doesn't use the system to advise people
of blood donor clinics because it prefers to rely on volunteers and
finds automatic call dialing dehumanizing. However, they may use it
in the future if they don't have enough volunteers to make the calls.
Although there will be people who will get upset at being called, and
who will feel that their privacy is being invaded, I don't think that
should deter Fisher. There are people who get angry at flyers coming
in the mail, too. MARVIN FINE President D.F.D. Telebroadcasting Inc.
We provide an automatic call dialing service to clients such as
fitness clubs, home renovators, stop smoking clinics, life insurance
companies, headhunters and so forth. We make about three million
calls a week. I think it's a method of advertising and promotion
that's suited to certain types of businesses; from my experience, I
believe it would work for Fisher's company, especially because he
wants to reach a large number of people across a city.
We charge a minimum of $2,520 a month plus Bell charges of about $600
a month. That gets you 12 lines a day (a line is like an operator)
with any additional lines costing $7 a day. For a two-month period,
which is our minimum rental, the cost for 12 lines will be about
$6,500. In two months, 12 lines will place about 800,000 calls. A
script will be written and prepared for about $60. In addition to the
basic system that asks people to leave a message after they've
listened to the ad, we can produce interactive ads that ask the
listeners to indicate certain responses by pushing numbers on their
touch tone phones.
We would offer Fisher a four-day free trial after which we would
guarantee him in writing a certain number of leads a day, which is an
obvious difference from using a flyer. We've found the response rate
to be in the 4% to 8% range. The key for Fisher is that he must
follow up on the leads quickly. He must have people in place to do
that before the leads get cold, or else he's just wasting his money.
We do get some resistance and a few "scoldings" from people who don't
like being called by a machine, but it's not that many. Out of the
three million calls we make each week, there are only about 2,500
complaints. A lot of people really seem to enjoy it. I had an
evangelical organization that ran a 13-minute message for a year and a
half. People expressed happiness at getting the call.
The reason for the effectiveness of this kind of advertising is
because of the importance of the telephone in our society. If the
phone rings, people answer it, no matter what else they're doing. A
flyer, on the other hand, often gets thrown into the garbage without
even being looked at. The bottom line is that the phone gets results
that no other form of communication can offer. DAVID SCHEIB Member
Services Representative Scarborough Chamber of Commerce I became
interested in telemarketing 18 years ago, long before it became as
popular as it is today. Over the years, I've sold just about
everything over the phone, such as real estate, contracts for
construc- tion jobs, investments, even chimney sweeping. I'm a great
believer in selling anything over the phone if you know what you're
doing. I definitely think personal telemarketing is more effective
than a flyer, but when it gets down to an automatic call dialing
machine, I have some reservations.
I would tell Fisher that in theory automatic call dialing is a good
system for his type of business. However, it requires a
sophisticated, well-produced message in order for it to be effective.
Most of the messages that I've heard are not well designed. If it
wasn't for my professional interest in hearing them, I'd hang up on
almost all of them right away. One exception was a travel agency that
knew what it was doing. I was pushing numbers on my dial phone to
answer certain questions and it pulled me in the whole way with its
five-minute call. Fisher should spend the money to have a
professional produce the message he wants to send out, someone who
understands the psychology involved in getting people to listen to a
machine.
This is vital because a poor message can really turn people off. I
know many people who've told me they find the calls a great annoyance.
It also doesn't help that there are a lot of scam-type people involved
in marketing products over the phone, so it's crucial that the right
impression is created immediately off the top. There's only a few
seconds to capture people's interest before they hang up.
Because of the volume of calls a system like this can make, Fisher
could get good value for his money from it. But he has to follow up
those calls within three days or risk losing the leads. WHAT ACTUALLY
HAPPENED Fisher's son arranged for his father to visit a company
offering automatic call dialing. Fisher was impressed by the
demonstration but was still reluctant to go ahead with it. He had
talked to many of his friends who almost exclusively expressed their
dislike of receiving calls from a computer. Fisher decided to go
ahead with his original marketing plan of using flyers and some radio
ads, but said that if the results weren't satisfactory after a few
months, he would reconsider the automatic call dialing system.
----------------------------------------------------------------------
