Sharing My Colleagues Work

Standard

I am very fortunate to work with some great people.  Below is a selection of informative articles that some of them have written for our web site at 1path.com.  I think you’ll enjoy them and learn a few things as well.  These pieces highlight some of practice areas, including IT Services, Cloud Services, Application Management and Building Technologies.  Enjoy!

FistBumps.jpg

Five Signs You Should Invest in IT Support
by Eric Ellenberg

You’re a business owner and things are going well. Your customers are happy, your employees love their jobs, and your business is profitable and humming along. Congratulations! You’ve put in some long days and dealt with some tough problems to get here, so take a moment and celebrate your team’s accomplishments.

But increasingly, you’re getting questions about technology. The computers you bought a few years ago aren’t running so great, and your employees need help with them. Your accounting software is a few years old and needs an upgrade to keep up. You’re thinking it might be time to switch to a new customer relationship management system (or start using your first) to better track your current customers and reach out to new prospects. You’re getting emails about PCI compliance, but you’re not sure what the next step is. You’re getting a lot of email that looks a little off that’s actually trying to steal your confidential information. Some of your people have gotten a nasty virus that took them out of commission. That college grad in the office is telling you to move to the cloud, but you’re not exactly sure what that is or how to make it work for your business.

Continue reading…

Clouds.jpg

Your Cloud Security Is Only As Strong As Your Expertise
By Armon Aghaie

When your day-to-day is consulting with prospective clients in IT, you begin to get a feel for which technologies are having the biggest impact. Questions that are asked, articles that are published, etc. all give pretty clear indications about how technical markets are evolving over time. Naturally – it likely comes as no surprise – cloud and security are at the top of everyone’s mind.

Cloud has gone through an interesting evolution as it relates to security. Four years ago, you couldn’t convince most IT leaders that housing their highly important information on the same infrastructure as someone else would ever be a good idea. Makes perfect sense, right? When people share an office, they need only turn their head to see what others are working on. Why wouldn’t it be the same when people share servers?

Fast forward, and now we are talking about how cloud infrastructure has some of the highest levels of regulatory compliance including PCI, HIPPA, GDPR, multi-national, government, and many more.

Continue reading…

NewProd

Online Product Catalog Allows Firm to Monetize Their Data
Underwriters Laboratories (UL) Case Study
By Raquel Valdez

An industry-leader in certifying and validating products to be green certified wanted to re-platform their online product catalog, in order to monetize it and become the global source for green products. They wanted their new catalog to be an evolution of their older one, expanded to include data from other green partners and a complete network of green products across all markets. They also had an immediate, urgent need to complete the project by the end of the year and needed a trusted partner they could rely on.

The company approached Onepath. The Application Management Services team had previously built an online product catalog for a smaller company devoted to air quality testing, which had since been acquired. Once the acquisition took place, all IT was brought in-house, and they continued using the catalog that Onepath had built. When the need to update and revamp another product catalog arose, Onepath was the obvious choice.

Continue reading…

Firefighters

Emergency Response Radio Coverage (ERRC): Coming to a Building Near You
By Caleb Clarke

When emergency responders enter a building, they rely on radio equipment to communicate with one another and dispatchers, but within certain buildings, standard radio signals become impaired and stop working altogether. When time is most critical, first responders can be cut off from receiving further instructions, coordinating with one another, or requesting additional resources and equipment.

Various building structures and architectural materials can negatively impact the transmission of radio signals and prevent them from working. Standard radio signals have always had this problem, putting emergency responders and those needing rescue at risk, but fire codes weren’t really updated to require minimum performance requirements for emergency radio coverage until inadequate radio communication was determined to be a contributing factor in the death of 343 firefighters during 9/11. Both the National Fire Protection Act (NFPA 72) and the International Fire Code (IFC 510) updated their requirements to include Emergency Responder Radio Coverage (ERRC).

Continue reading…

Goodbye Net Neutrality

Standard

june11-graphic-4

Despite the fact that an overwhelming majority fo the citizens of this country support net neutrality, politics has prevailed over the will of the people.  Such is the state of our current political system.

We still live in the greatest democracy that humanity has ever known, but it is flawed.

The House of Representatives has so far, refused to act on the issue.  If you are a regular reader of my blog, you know that the Senate voted to overturn the FCC repeal of net neutrality.  For that overturn to move forward, the House needed to act and they have not.  Should the House choose to act at some future date, then the President would also need to sign off.

At this point, all we can do is bombard the House and White House with plea’s to listen to their continuents and vote to overturn the FCC’s repeal.  For now, we are left to sit back and see if the large broadband Internet providers change the way their networks operate or if costs begin to rise in order to maintain unfettered access to all of the Internet.  Only time will tell.  Hopefully, watchdog groups will keep an eye on this, as there is still a transparency requirments, so providers must disclose if they begin to prioritize traffic.

Keep the pressure up at a grass roots level.  It’s never to late to save net neutrality, but as of today, the prior protections are officially no more.

An Undersea Data Center

Standard

You read that right, an underwater data center has been created by Microsoft.  Yes, that Microsoft.

The so called “submarine data center” is a giant tube packed with a whopping 864 servers.  The ocean will offer natural cooling to the data center that sits on the ocean floor off the Orkney Islands off the coast of Scotland.  Cooling is one of the most expensive components of a traditional data center, so this renewable aspect of cooling should cut down on a major cost component.

The tube is about the size of a shipping container and is designed to the deployed rapidly off the coast of major cities allowing for more expansion of cloud capabilities.  What’s not yet clear is how any hardware or power failures would be addressed in a large tube that sits about 100 feet below the ocean surface.

Microsoft plans to monitor this new prototype data center for a year, to determine it’s future viability.  While Microsoft is touting the renewable energy aspects of this development, one does have to wonder if there will be any heat bleeding from the tube and any ambient noise coming from within that could disrupt the marine ecosystem where these tubes are placed.  It will be interesting to see what is learned over the coming year.

sunk-data-center

Here is a link to more details, including videos and photos of the data center.  It’s worth a look and read.

https://news.microsoft.com/features/under-the-sea-microsoft-tests-a-datacenter-thats-quick-to-deploy-could-provide-internet-connectivity-for-years/

It’s Internet Safety Month #CyberAware

Standard

Happy June!  Did you know that June is Internet Safety Month?  Well now you do.

The National Cyber Security Alliance, NCSA, has declared June Internet Safety Month and this year, the focus is on mobility.  I recommend reading the NCSA press release “Stay #CyberAware on Mobile Devices during Internet Safety Month and All Year Round” for a wealth of informational resources.

This years theme centers around kids getting out of school and families taking summer trips.  It’s all about mobility and your online presence.  Major topic areas cover “Be Smart About Socializing”, “Stay in the Game Safely”, “Getting Ready to Go”, and “While on the Go.”  There are also links to virtual events that you may be interested in participating in.

Enjoy the month of June and the entire summer.  And do so safely.

NCSA

It’s a Hands Free World, Almost…

Standard

UPDATE: I originally wrote this post yesterday, but had to share a few things from my ride home after having posted this.  While in traffic just south of Providence, RI, I snapped a quick picture of the very clear signage that is displayed on the highway about the new law.  Yes, I was stopped in traffic at the time.

RIDOT

What I found so ironic was the driver in front of.  A professional looking guy in a dress shirt who was continually looking down at his phone while in this traffic.  When cars would begin to move, he would leave a large gap, so he could keep looking at his phone and when he finally looked up, he would speed ahead until he had to stop or slow down again.  Repeat, over and over and over.  Any wonder why these laws are necessary?  He almost caused a rear ender at least twice and then zipped across two lanes to make his exit that he almost missed.  Unreal.

Even more unreal was the woman just south of Boston.  Again, bumper to bumper keep-calm-baby-on-board-1traffic.  This lady had a sticker on her rear window that read, “Keep Calm, Baby on Board.”  That’s nice, expect she was on her phone texting the entire time we were in traffic.  She had her phone in her hand, about level with her steering wheel.  I wish I was kidding.  Her window was down and were it not for my wife’s voice in my head imploring me not to do it, for fear of freaking her out, I would have rolled down my window and yelled to her that she was being incredibly foolish.  So yes, we clearly need these laws and we need them enforced.

Below is the original post:

Hands-free-law

I am working in our Rhode Island office today and while driving in this morning, the highway signs were all aglow announcing the implementation of Rhode Island’s new hands free law, which goes into effect tomorrow, June 1, 2018.

One of the things I like about the Rhode Island law is that if you are cited for a violation, you may receive a waiver of the $100 fine if you show proof of purchase for a hands free device.  This only applies to your first citation, but I like that it encourages you to comply by incenting you to do the right thing.

I also like the fact that car manufacturers are embedding ever improving technology in their vehicles so that you can truly be hands free while you drive.  I recently purchased a new car and I can be 100% hands free thanks to various technologies, including Siri Eyes Free, which allows me to send text messages or call people without ever taking my eyes off the road.

My home state of New Hampshire, has had a pretty strict hands free law on the books for several years now.  Obviously, the intent of these laws is to prevent distracted driving from drivers making calls, using apps and texting while driving.  Unfortunately, even with these laws in place, I still see a lot of people holding their phones and using them while driving.

You know what I’m talking about.  You see the cars just sitting at a green light, because they were stopped and picked up their phone to text or check social media, etc. and then the light turns green and they are staring at their phone instead of the road and the traffic light they are at.  Or, you see a car drifting between lanes on the highway, often you will see the driver looking at their phone.

As of tomorrow, 16 states, D.C., Puerto Rico, Guam and the U.S. Virgin Islands prohibit all drivers from using hand-held cell phones while driving.  When it comes to text messaging, 47 states, D.C., Puerto Rico, Guam and the U.S. Virgin Islands ban text messaging for all drivers.  These are referred to as primary laws, meaning you can be pulled over and issued a ticket just for this.  It does not have to be in conjunction with another reason for being stopped by the police.

I wish it were all 50 states and territories and a complete ban, not just texting, but at least we are getting closer.  According to the Governors Highway Safety Association, only Montana has no laws regarding cell phone use or texting.  The GHSA has a great overview of laws, state by state, which you may review at this link.  Just click the + sign next to any state to see the specifics.

It’s Here

Standard

gdpr_checklistGDPR went into effect on Friday.  A friend and colleague has posted an excellent piece about GDPR and what you need to do to be ready.  Chris Chase is well known in the MSP industry.  He is a respected business owner and the creative genius behind his company, Directive and JoomConnect out of Oneonta, NY.  Chris publishes some truly excellent content and when I saw his latest post, I asked if I could repost it and link back to his original post.

Included in Chris’ post is a free download of a privacy policy template that encompasses language required for GDPR compliance.  I highly recommend you give this post a read and check out the video and links thoughout the post.

With permission, I have copied the post here for ease of access.  You may refer to the original post here.

GDPR was introduced by the European Union, but it applies to businesses all over the world, especially if you could potentially collect personal data from a person residing within the EU. We feel, as a business, it’s important to safeguard personal data of your prospects and customers, and think the GDPR is a big step in the right direction to provide transparency and understanding to your users.

The key elements of the GDPR are the following:

  1. You must process personal data in a way that is lawful, fair, and transparent.
  2. You must only use personal data for the specific purpose that you have declared.
  3. You must collect only the minimum amount of personal data required to achieve your stated objective(s).
  4. You must take all reasonable steps to ensure that any data you collect is accurate and kept up-to-date.
  5. You may only hold personal data for as long as it is required to achieve the stated objective(s).
  6. You must process personal data in a way that ensures appropriate security.

There is a lot to the GDPR (it’s over 255 pages long), but we’ve found a lot of the concepts make sense. Chances are, if you are handling your marketing and the data you collect as white-hat as possible, you are already mostly there.

Want to Update Your Privacy Policy?

We’ve also built a template that our clients can use as a starting point for their privacy policy. We took into consideration the services most of our clients use and how we advise using them.

Click here to download our free privacy policy template.

A few big things to look out for:

Automatic Opt-Ins are Not Okay

If you have Newsletter or ‘More Information’ checkboxes pre-ticked on forms, that is not enough to be considered an opt-in.

Enable SSL

If your website doesn’t have SSL, reach out to us and we’ll provide you with a free one under your hosting agreement. You can also purchase one, but for non-ecommerce sites, the free SSL is a good alternative.

Check Your Lists

It never hurts to run the occasional re-opt-in campaign to ensure you aren’t sending unsolicited emails.

Updating Your Privacy Policy

You’ll want to be as transparent as possible in your privacy policy. We’ve included a template to work off of, but don’t assume it is ready to publish for your business. You’ll want to review it with your lawyer, along with the rest of the GDPR. Updating your privacy policy alone going to make you compliant.

Document Any Extra Tracking/Analytics

We’ve covered the basics that we apply to most of our clients – Google Analytics. If you use a third-party service for tracking analytics or metrics on your website, or you have other scripts that collect data, you’ll need to make sure that it is applied to your Privacy Policy and that those services are GDPR compliant.

Check With Your Host

If you host the website yourself or use a third-party besides us, you’ll need to make sure they are GDPR compliant.

It Doesn’t Stop There

Be sure to review the GDPR to determine if you are within its scope and to ensure that your business is compliant. This will involve reaching out to any vendors that you might share or transfer data to and reviewing their policies, and making sure you are protecting any personal information you collect.

You can learn more about the GDPR by checking out the official site: https://www.eugdpr.org/

You can also read the original regulation here: http://eur-lex.europa.eu/eli/reg/2016/679/oj

There is also a great breakdown of the GDPR here: https://gdpr-info.eu/

Disclaimer: We’re Not Your Lawyer

Please be advised that Directive is not your attorney, and this information is not legal advice. This information does not provide, nor constitute, and should not be construed as, legal advice. It is for educational purposes only and is not to be acted or relied upon as legal advice. Use of this information does not create any attorney-client relationship between you and Directive. The information does not constitute legal advice and is not a substitute for competent legal advice from a licensed attorney representing you in your jurisdiction. Applying or asking us to apply the privacy policy template to your website does not make us responsible in any way for the accuracy of the content or your compliances. You should seek advice from your legal counsel to determine your legal obligations.

Effects of GDPR Becoming Apparent

Standard

The following was published in today’s Foster’s and Seacoast Sunday.

Have you received a ton of privacy update messages this week? GDPR is why.

The European Union General Data Protection Regulation came in to effect Friday. Two weeks ago, my column, “GDPR and What it Means for U.S. Companies” shared some insights into why this new European law will impact companies in the United States.

As you’ve undoubtedly seen over the last week it impacts you too. Everyone I talked to this week commented on the marked increase in email messages received about updated privacy policies and to confirm existing email subscriptions. You can thank GDPR. Many companies are sending these updates to all of their customers, regardless what country they are nationals of or residing in, to be in compliance with GDPR.

One key provision of GDPR is clearly communicating your data privacy and retention policies to people who register with your website. Some sites consider these new requirements so ominous they have chosen to shut down out of fear of not being able to comply. If a website asks you to register to login or receive email communication, it is likely collecting enough information to be governed by GDPR. The new law requires companies that collect personal information to make it clear to those people exactly what information is being collected and stored. In addition, the individual has the right to request that information be purged from the company’s databases. The individual may also request to know what data the company has stored about them at any time. In other words, you have the right to be forgotten at your request.

Companies that collect this type of data are required to have a data protection officer or DPO. Part of the DPO’s responsibility involves ensuring personal data is removed from company systems once it is no longer needed. They are also responsible for processes that will remove personal data of anyone who requests it be removed. The DPO is basically charged with making sure your business practices comply with GDPR.

Another key part of the law is that you may only send email communication to individuals who request it. That is why many of the email messages sent over the last week ask you to take steps to reconfirm you want to receive email from the company. Some state right up front that you will no longer receive emails unless you go to the company website and in effect re-subscribe to receive email subscriptions you may have been getting for years.

This is why you’ve been seeing a flood of emails about privacy policies and email subscription leading up to Friday, May 25. Now that the law is in place, it will be interesting to see what may change over the weeks and months ahead. There is a lot of concern about hefty fines GDPR allows to be levied against violators. In my opinion, there is still a lot of education and awareness training that must take place before fining a company. As evidenced by the uptick in privacy and email update messages, many companies are scrambling at the last minute to do what they think they need to. That’s the fault of the company for sure, but I hope any infractions will be dealt with fairly and reasonably and not just resorting to the letter of the law when it comes to financial penalties. Certainly, everyone is hoping GDPR and other laws like it help drive a culture of protection of personal information and better overall security across the board.

If you are a U.S.-based company doing business in the EU, employing citizens of the EU or foreigners residing in EU countries you need to be sure you are in compliance. GDPR is here, are you compliant?

FBI VPNFilter Cyberattack Warning

Standard

The FBI has issued an urgent advisory that will impact many, if not most, home users of the Internet.  The specific threat, which is felt to be State sponsored, is known to have infected over a half million home and SOHO router devices.

VPNFilter

Specifically, if you own a home or SOHO router or NAS (network attached storage) device made by Linksys, MikroTik, Netgear, TP-Link or QNAP, the advisory recommends rebooted the device as soon as possible.  Rebooting will disrupt a portion of the malware.  If the malware has already embedded itself in to the device, there may still be a risk after the reboot.  To ensure maximum safety, you may wish to perform a factory reset on your device and set it back up with a secure password and wireless passphrase (if your device doubles as a wireless access point) that is different from what you had previously.

While not likely that you, individually, are the target of the hackers, your device may be being prepped to help execute a broader cyberattack that could, theoretically, put your data at risk.  An abundance of caution is warranted given the urgency of the FBI advisory.  It is also recommended to be sure your device is running the latest manufacturer firmware version and that you disable all Internet accessible remote managment of your device.

You may read the FBI advisory here.

GDPR Insight from Onepath

Standard

Our awesome marketing team at Onepath put together the following informational piece to help our clients and friends understand GDPR and its potential impact on you and your business.  There are some excellent resources below, which I encourage you to read.

onepath-banner00bb

The GDPR goes into effect tomorrow. Does it apply to you? Are you ready?
Here are five hand-picked articles from around the web that will tell you everything you need to know.


webp.net-resizeimage1a816What is the GDPR?

So what is the GDPR exactly? Here’s an overview that includes the key elements of the far-reaching and complicated European Union legislation.
1path.com

 


Yes, The GDPR Will Affect Yourwebp.net-resizeimage26285
U.S.-Based Business

What about companies that have no business operations in the European Union? Read about the homework they need to do.
Forbes.com

webp.net-resizeimage3294bA Practical Guide to the European Union’s GDPR for American Businesses

American businesses operating or serving customers in the EU need to understand what they need to do to prepare for a new reality.
Recode.net

 


How might GDPR affect your website?blur-blurred-background-communication-908287e097

If companies are affected by this new regulation, they need to continue to research GDPR policies, and create a plan.
1path.com

 


arachnid-close-up-cobweb-27634710b60GDPR in Real Life: Fear, Uncertainty, and Doubt

Why are most organizations still not ready for GDPR? And what are the implications and mechanisms of applying GDPR provisions for companies, individuals, and regulators?
ZDNet.com

 

Beware GDPR Scams

Standard

Yesterday, I posted What’s With All The Privacy Updates?  I was referring to all of the messages being sent this week, updating privacy policies and asking you to confirm email subscriptions as a result of GDPR going in to effect on Friday.

To no surprise, the scammers are right on top of this, sending their own messages, seeming to be related to this, but trying to trick you into revealing your credentials to sites you visit.

GDPRPhishIf you get a message from a company asking you to confirm their privacy policy or your email subscriptions or anything related to your identity, DO NOT click on the links in the message.  Go to the actual website and look for the places where you would normally update your settings and see if you are being asked to do so.  Otherwise, you may find yourself landing on a fake site that’s sole purpose is to get you to enter personal information and credentials that will compromise your identity.