Why Wishing Your Technology Into Progress Won’t Achieve Your Goals

January 30th, 2019 by Julie Lough

align the right technologyIt’s month two of 2019 and no surprise, we’ve been inundated with information about the importance of goal-setting and strategic planning. Depending on how the previous year went, the new year can leave us excited or, in many cases, overwhelmed.

We’ve all heard the quote, “A goal without a plan is just a wish.” When it comes to planning change initiatives for your business, whether it’s a big move, creating a new role, or implementing new software, it’s important to sit down and plan out the details, creating a goal rather than just a wish. However, while the thoughtful preparation seems detailed and inclusive, we often see one major missing puzzle piece in many business’ strategic goal setting.

Read the rest of this entry »

Urgent Tech Tip: Disable Facetime On Your iPhone

January 30th, 2019 by Julie Lough

Apple Facetime

A major FaceTime bug discovered recently has left Apple device users skittish about yet another privacy concern and forced the tech giant to scramble for a fix for the issue.

For users of Macs or iPhones, understanding the FaceTime flaw and knowing how to disable the function are important steps until the issue is fully resolved.

What is the FaceTime Flaw?

The FaceTime flaw affects iPhone users running iOS 12.1 or later. Here’s how it works. Someone calls your number using the FaceTime feature. Before you pick up, the caller swipes up and adds their own number (or any number), creating a Group FaceTime interface.

At that point, the caller can hear all audio coming through your microphone — even if you never answered the call.

News of the glitch spread like wildfire over social media. Others discovered that taking further simple actions could give the caller access to video, too.

What Is Apple Doing About the Issue?

Within hours of broad disclosure of the issue, Apple disabled the servers controlling the Group FaceTime function. As of January 29, Apple’s system status page states that “Group FaceTime is temporarily unavailable.” The company has stated that a fix is likely in a few days.

The company had first introduced Group FaceTime in late 2018 for both Macs and iPhones.

What Should I Do About FaceTime on My Device?

Users may want to disable FaceTime on their iPhones or Mac computers. It’s a simple process for either device type.

For iPhones

1. Go to Settings .

2. Scroll to FaceTime. This feature is in the fifth section of settings along with other built-in apps like Phone, Messages and Maps. If you’re having trouble finding it, go to the top of the Settings screen and type FaceTime in the search bar.

3. Click on the FaceTime bar.

4. At the very top of the FaceTime settings, there’s a label marked FaceTime with a slider. If the green light is lit, FaceTime is activated on your phone. Slide the slider to the left to turn FaceTime off.

Note: When Apple releases an iOS update, install the update, go back to the FaceTime settings and slide the slider to the right to reactivate the feature.

For Macs

1. Launch the FaceTime App.

2. Select the FaceTime menu bar from the top-of-the-screen navigation.

3. Select Turn FaceTime Off. Command-K also turns the feature off.

Note: Once Apple releases a fix, turn the feature back on by launching the app and clicking the Turn On feature.

How Did This Happen?

It’s unclear how this flaw was included in the Group FaceTime release. However, the New York Times reported that a 14-year-old Arizona boy discovered the glitch on January 19, 2019, 9 days before it became widespread on January 28.

On January 20, the boy’s mother sent a video of the flaw to Apple, warning of a “major security flaw.” She heard nothing from Apple Support and began using other channels to try to get the company’s attention. She emailed and faxed information to the Apple security team. She posted alerts to both Twitter and Facebook. Five days later, on January 25, Apple’s product security team suggested she create a developer account and submit a formal bug report.

It appears that the company didn’t react until three days later when a developer reported the flaw and a 9to5mac.com article went viral.

Apple faced criticism for its brief and limited response, which stated the company “identified a fix that will be released in a software update later this week.” In an ironic twist, the bug went viral on January 28, which is international Data Privacy Day.

Inside The United States Of Cybersecurity

January 25th, 2019 by Julie Lough

United States Cybersecurity

In March 2018, Alabama and South Dakota passed laws mandating data breach notification for its residents.

The passage meant all 50 states, the District of Columbia and several U.S. territories now have legal frameworks that require businesses and other entities to notify consumers about compromised data.

All 50 states also have statutes addressing hacking, unauthorized access, computer trespass, viruses or malware, according to the National Conference of State Legislatures (NCSL). Every state has laws that allow consumers to freeze credit reporting, too.

While those milestones are notable, there are broader issues when it comes to legislative approaches to cybersecurity across the United States. There are vast discrepancies and differences among states when it comes to cybersecurity protection.

What Laws Are on the Books About Cybersecurity?

In 2018, there were more than 275 cybersecurity-related bills introduced by state legislatures in 33 states, Washington, D.C., and Puerto Rico. The legislative action covers a broad range of cybersecurity topics, including:

  • Appropriations
  • Computer crime
  • Election security
  • Energy and critical infrastructure security
  • Government and private-sector security practices
  • Incident response remediation
  • Workforce training

For companies, especially those that work across state lines, the variances among state laws creates a challenge in tracking requirements and remaining legally compliant.

For example, while most states require immediate notification of a data breach “without unreasonable delay,” the deadlines are varied. Nine states require notification within 45 days, South Dakota allows 60 days and Tennessee allows as many as 90 days. In addition, most states require written notification while some allow for notification via telephone or electronic notice.

While states have focused much of their recent legislation on data privacy, there are many other components of cybersecurity. Again, there is no uniformity. In fact, most states do not have laws about other important cybersecurity issues:

  • Half the states have laws addressing denial-of-service attacks.
  • Just five states explicitly cite ransomware in statutes.
  • Phishing laws are in place in 23 states and Guam.
  • Twenty states, Guam and Puerto Rico have laws regarding spyware.

While broader laws addressing malware or computer trespass may be used to prosecute some of these attacks, the discrepancies further illustrate the different approaches and terminology states use.

What States Have Strong Data Privacy Laws?

Here are a few examples of states that have strong legal provisions within their cybersecurity and privacy laws:

  • Arkansas. Parental consent is required before student information can be shared with government agencies.
  • California. The state passed sweeping data privacy laws in 2018 requiring businesses to inform consumers of what personal information is being collected, disclosed or sold. The law, which goes into effect in 2020, contains provisions giving consumers the right to opt out of having their data sold to a third party. California is the only state with a constitutional declaration that data privacy is an inalienable right.
  • Delaware. Recently passed laws restrict advertising to children and protect the privacy of e-book readers.
  • Illinois. The state is the only one to protect biometric data.
  • Maine. It’s the only state that prohibits law enforcement from tracking people using GPS or other geo-location tools on computers or mobile devices.
  • Utah. The state is one of only two that requires ISPs to obtain customer consent before sharing customer data.

What States Have Weak Data Security Laws?

Despite the growing legislative controls on cybersecurity issues and public expectation for data privacy, there are many states that have laws that are lacking, including:

  • Alabama. There are no laws on the books that protect the online privacy of K-12 students.
  • Mississippi. To date, no laws exist that protect employee personal communications and accounts from employers.
  • South Dakota. Companies can retain personal information on employees indefinitely.
  • Wyoming. Employers can force employees to hand over passwords to social media accounts.

How Long Does a Company Need to Retain Personal Identifying Information?

Many companies struggle knowing when or if to hold onto personal information on consumers. The challenge is that laws vary greatly from state to state. As of January 2019, according to the NCSL, only 35 states have laws requiring businesses or government entities to destroy or dispose of this data at all.

Of those 35 states:

  • Only 14 require both businesses and government agencies to destroy or dispose of data.
  • Virginia requires government agencies only but excludes businesses.
  • Nineteen states do not require government agencies to dispose of or destroy personal information.

Where Is the Federal Government in Cybersecurity?

The federal government has many laws and rules regarding cybersecurity, from HIPAA to the Cybersecurity Information Sharing Act, which allows for the U.S. government and technology or manufacturing companies to share Internet traffic information.

Other proposed legislation has hit some roadblocks. Take the Data Acquisition and Technology Accountability and Security Act, which would have established a national data breach reporting standard. State attorneys general strongly opposed the legislation, introduced in March 2018. The 32 state AGs argued that the bill would weaken consumer protections, make state laws stronger, and exempt too many companies.

For companies, the variances from state to state present a complex technical challenge. To remain compliant, they need policies, tools and solutions that ensure data is protected and secure.

Managed service providers (MSPs) offer a powerful option to address many data issues. MSPs provide cloud-based, off-site, secure data storage and automated backups. Data, systems and networks are monitored 24/7 to detect and remove unwanted activity. The advanced firewalls, enterprise-strength anti-virus tools and employee education that MSPs provide help maintain compliance and keep data safe from the attacks that trigger responses.

The growth of state legislation to address cybersecurity issues is welcome. The challenge for companies is finding a reliable solution that allows for responsive and responsible action.

Beyond Beige: Bringing Your Technology into the 21st Century

January 22nd, 2019 by Julie Lough

Upgrade TechnologyIt’s Friday night. Your spouse is at Blockbuster picking out the newest VHS release. Your kids are at home alone dancing on the couch to MC Hammer. You’re stuck at the office behind your beige computer trying to finish the week’s work so you can start enjoying your weekend.

Does any of this sound familiar? Like, last-week familiar? No, you’re not back in 1992, and you probably aren’t watching VHS tapes or listening to “Too Legit to Quit” anymore. But if your PC is still beige or nearly old enough to drink, it’s definitely time to bring your technology into the 21st century.

Most business owners consider technology upgrades to be too disruptive of business operations and too costly and, thus, they ignore or put them off. They’re further afraid that any new upgrades will hurt employee productivity while they learn new software and hardware solutions.

Nothing could be further from the truth than those worries. Upgrades can be costly, disruptive and cause inefficiencies. However, with the right IT partner, they don’t have to be.

Read the rest of this entry »

Happy Martin Luther King Jr. Day

January 21st, 2019 by Julie Lough

Martin Luther King Day

Remembered mostly for his “I Have a Dream” speech, Martin Luther King Jr. was a man who fought to end segregation in this country. On this day, we remember someone who devoted their life to achieving racial equality.

Martin Luther King Jr. was born in Georgia in 1929. He graduated from high school at the young age of 15. From there, he earned his B.A. degree from Morehouse College and after studying theology for 3 years, he earned his B.D. and was president of his senior class at the Crozer Theological Seminary in Pennsylvania. Soon after, King won a fellowship at Crozer. He completed his residency in 1953 and earned his doctorate degree in 1955. Martin Luther King Jr. was a pastor, following the path of his father and grandfather.

Martin Luther King Jr. began to preach at a church in Montgomery, Alabama. He followed Gandhi’s philosophy, believing in nonviolence and equality. In 1955, King led the first large, nonviolent protest against racial segregation on buses. Though he conducted this without violence, people who opposed his beliefs responded with violence. Fortunately, this led to the Supreme Court declaring bus segregation as unconstitutional in December of 1956.

It wasn’t until 1963 that King directed the march in which he gave his famous “I Have a Dream” speech. There were hundreds of thousands of people there to witness the historic event. A year after this march, racial discrimination was completely prohibited, meaning that nothing could be legally segregated for years to come.

Over the course of his life, Martin Luther King Jr. made a great difference in the lives of thousands of Americans. His actions and accomplishments made over 50 years ago impact the daily lives of many and will continue to do so as time progresses.

Here’s How Cybercriminals Con Businesses In 2019

January 9th, 2019 by Julie Lough


Is someone out there pretending to represent your business to make money? Don’t laugh. It happens. Business identity theft is a growing concern for many companies across the US. According to a recent study by Dun & Bradstreet, business identity theft, also called commercial or corporate identity theft, was up 46 percent in 2017.

The CEO, Mary Ellen Seale, of The National Cybersecurity Society (NCSS) said, “Small business identity theft – stealing a business’s identity to commit fraud, is big business for identity thieves.” However, too few businesses, especially smaller businesses, are aware of the issue. In 2018, the NCSS published “Business Identity Theft in the US” to help publicize the problem, and to provide guidance on how companies can help protect themselves.

Which Types of Businesses Are Targeted by Business Identity Theft?

Corporate identity theft is not just a problem for large corporations or companies operating in a particular industry. It is a crime which can affect any-sized business from tiny Mom and Pop shops on Main St. USA to multinational companies who are involved in any commerce:

  • Small companies are usually the initial victims of identity theft since these companies tend to have more lax security in place and are less likely to realize their information is at risk. However, that doesn’t mean that larger companies are immune from having a criminal steal their identity. Plenty of larger businesses have their identities stolen each year.
  • Corporate identity thieves use the name and legitimate business information of customers of large vendors’ customers to trick them into fulfilling orders. Busy vendors who fail to put into place procedures to verify whether an order is genuine can end up losing millions of dollars a year to these scams.
  • Criminals masquerading as a legitimate business deceive financial institutions to open credit card accounts, establish lines of credit, send or receive wire transfers, and secure loans.
  • The list of victims of corporate identity theft even extends to the US government when criminals use stolen company credentials to claim tax refundable tax credits or to exploit other government benefits for corporations.

How Do Thieves Steal a Corporation’s Identity?

Criminals who steal the identities of businesses have a wide range of methods ranging from very simplistic to highly sophisticated. Many lower level identity thieves focus on email phishing scams which target employees of the company in an attempt to gain confidential information such as database passwords or HR records. Other simple scams use spoofed email accounts of company executives to trick vendors and clients of a company into believing they are communicating with someone from the company. Slightly more advanced scams can include setting up an unsecured WiFi network in near a company in hopes that employees will use it to conduct business and then stealing the data.

More sophisticated scams can include dozens of people, building fake websites, using shelf companies, social engineering and even renting office space at the same location as the targeted company. The goal of these higher level scams is typically to create a plausible “Proof of Right” which the thieves can then use to secure fraudulent loans, masquerade as the company in a business deal, or even sell company assets.

How Can You Protect Your Company From Identity Theft?

While there is no way to protect your company completely from identity theft, you can make it harder for cybercriminals by maintaining proper data protection procedures.

  • Train your staff. Teach your staff how to recognize phishing scams and how to verify when an email is from a legitimate source. Establish procedures on how to handle data correctly, and have a data loss prevention plan in place including a ‘clean desk’ policy.
  • Secure your network. Add additional security to your networks and ensure that everyone is using secured servers. Avoid using a ‘master account’ which allows access to your entire network to limit data breaches. Require two-factor authentication.
  • Monitor your financial information. Check your company’s credit report regularly to ensure that there aren’t any unexpected changes such as credit applications or new accounts.
  • Consider hiring a company to help prevent corporate identity theft. An outside security company is one of the best ways to protect your corporate identity from scammers.

SCAM ALERT: Google Play Gift Cards

January 6th, 2019 by Julie Lough

If there’s a will there’s a way when it comes to scammers, especially with gift cards. Everyone loves gift cards. Consumers love how easy it is to purchase gift cards, use gift cards and even give gift cards. It’s as simple as buying a card at a brick and mortar store or clicking a few buttons and almost instantly having the funds needed to play. Scammers love gift cards too. Gift cards can immediately be activated and spent by these scammers even before the owner of the card knows what happened.

Google Play gift cards are targets right now. Scammers love how easy they are to steal so consumers need to stay one step ahead of these online crooks. Here’s one of the latest Google Play Gift Card Scam that is scouring the internet.

Google Play Gift Cards

Scam Alert: Currently there is an email scam occurring where thieves, posing as someone the recipient knows and are phishing for personal, financial, and other private information. This includes requests for Google Play Gift Cards. For example, the message will read, “I need you to pick up a couple of gift cards. Can you make this happen? The type of gift card I need is Google Play gift cards. I need 4 cards in $500 denominations…scratch the back of the card to reveal the card codes and email me the gift card codes.”

Take away: Never provide any personal information including gift card codes like Google Play in an email. What seems like the information is going to a trusted source, it could be a scam.

Have You Heard Of This Scam Targeting Amazon Shoppers?

January 3rd, 2019 by Julie Lough

Amazon Scam

Amazon is a gigantic player in online sales. It’s estimated that the Seattle-based online e-commerce site will be responsible for roughly 50% of all digital sales during the 2018 holiday season, one of the busiest shopping times of the year in the United States. In other words, one out of every two people shopping during the holiday season will buy something from Amazon.

But Amazon’s very ubiquity has made it a tempting target for cybercriminals and thieves. It’s also widely trusted by consumers, who benefit from the online retailer’s wide choice and speedy deliveries. As a result of the many sales made through Amazon and the trust it has engendered among its customers, scam artists are targeting Amazon shoppers.

A Scam That Sends Fake E-Mail

The most recent scam sends an e-mail to an Amazon shopper telling them that their password needs a reset. One of the most notable elements of the scam is that the e-mail looks very official, using Amazon’s logo. It tells the targeted Amazon shopper to enter their Amazon user ID and new password directly from the e-mail.

But it isn’t Amazon that receives the new password. It’s the cyberthieves who set up and sent the e-mail. Once the target enters the information in response to the scam e-mail, the cyberthieves have the information to their Amazon account.

The thieves often set up Amazon gift cards for themselves, so that they have cash to be spent on Amazon. The gift cards are sent to their e-mail accounts, so they can use it before any theft is noticed. If the target customer has a credit card or debit card associated with their Amazon account, as most people do, the scam artists may shop until the cards are maxed out.

There are several variants to the scam. Sometimes, the cyberthieves set up the e-mail to say that new shipping information is needed or that there is a problem with an existing order.

But in all cases, a crucial element is the same. The e-mail looks official, and asks that the customer’s ID and password be entered directly from the e-mail. Entering it from the e-mail is what allows the cybercriminals to capture the user’s information and use it for themselves.

What Amazon Customers Should Do

Amazon customers need to be aware of the scam. They should never enter any of their account information in response to an e-mail about a problem with an Amazon order. For that matter, they should never enter any account information, of any type, in response to any e-mail, including debit card or credit card information.

If you get an e-mail like this, log out of your e-mail and log in to your Amazon account directly from the company’s web page, www.amazon.com. That page always has up-to-date information on your account and your orders. Customers will be able to see if there is any concern with their orders or shipping address.

If customers do need to change their log-in information, they should always do it directly on the Amazon site, not in response to an e-mail.

Finally, the Amazon site has a “take action” section on their website giving direct information on how to handle suspicious e-mails and scams by cyberthieves purporting to be Amazon. To access the section, click here.

The latest scam is easy to protect against. Customers should never respond to e-mails that look as if they’re from Amazon but always go directly to the Amazon website.