Vacation Notice

Standard

Beginning Friday evening, February 24th through Monday morning, March 6th, I will be on vacation.  I do not anticipate posting during this time.  Thanks for your follows and readership.  Looking forward to getting back to blogging in early March.

GoneSkiing.png

500% Increase in Social Media Phishing Attacks

Standard

According to security firm KnowBe4, phishing attacks originating from social media have risen 500%!  With just about every person online using one form of social media or another, you are at risk and the following best practices, recommended by KnowBe4 are easy ways you can help keep yourself safe.

  1. Be sure you regular check and update your security settings.  Social Media sites regularly update their security capabilities and policies.  Be sure you review your settings regularly and limit what you post to only be seen by those you trust.
  2. As I like to say to my kids, don’t post anything online that you don’t want to see on the front page of the morning newspaper.  Once it’s out there, it’s out there forever, so think carefully about what you post.
  3. Be absolutely sure that you know your employers guidelines for the use of social media.  You don’t ever want to post information that your company considers confidential or sensitive in any way.  Play it safe.  I have several friends who are prohibited from having social media accounts as part of their employment agreements.  Be sure you know what you are allowed to do online.
  4. Don’t post that you are away on vacation, etc. or anything that would give a would be thief insight in to when your home will be empty.  Just as criminals are known to troll obituaries to see when family members may be at a funeral, in the online world, it’s even worse.  I know people who have been burglarized when they were away on vacation, because a “friend” of one of their children saw the family was away and this person broke in, robbed and vandalized the home.  Fortunately, they were caught.  Don’t give them the easy insight in to when your home may be vulnerable.
  5. Never accept friend or connection requests from people you don’t know personally or can verify.  Just because you may have mutual friends or connections, does not mean they are a good friend or connection for you.
  6. Always use different usernames and/or passwords for each of your social media accounts.  You do not want all of your online accounts tied to the same credentials as if one gets compromised, you have to assume that they all have been.
  7. Don’t use your work email address for anything other than work.  You do not own nor control your work email address, so if you ever lose access, regardless the reason, you will lose control of any accounts you have tied to that address.
  8. Think Before You Click!  This is the hallmark of KnowBe4’s security campaigns and it’s a simple and powerful safeguard to always keep in mind.  Even when you receive messages from trusted senders, whether in email or social media messaging services, don’t just click.  Hover over the link and check the URL the link will take you to.  If it’s not crystal clear that the link is legitimate, don’t click it.  It’s always safest to confirm with the person who sent you the link, before you click.

Hopefully these eight best practices will be a good reminder and a simple checklist to keep in mind, to do your best to keep your social media accounts safe.knowbe4

CompTIA’s Fly-In Sees Positive Future for IT in DC

Standard

The following appeared in yesterday’s Seacoast Sunday.

For several years, I have traveled to Washington, D.C. in mid-February to take part in CompTIA’s DC Fly-In. This event brings together about 150 technology professionals to hear from members of Congress and meet with our members, to talk about IT’s importance to the economy, national security and discuss the needs of this $1 trillion-plus segment of the U.S. economy.

dcflyinThis year, I found a very different Washington, D.C. While that may invoke negative connotation, I was pleased to see some hopeful signs. I arrived in Washington this past Monday evening at the same time word came that National Security Advisor Michael Flynn had resigned and the national security leadership was thrust into turmoil that only got worse the next two days. Wednesday afternoon, I was on Capitol Hill moving between the House and Senate office buildings. The worry and air of uncertainty was palpable. Members of Congress I was scheduled to meet with were all called to urgent consultations or votes, fueled by what seems to be a highly fluid government right now. As I was finishing my meetings, word came that the cabinet nominee for Labor secretary was withdrawn, the latest of what some Hill staffers referred to as crises of the day.

Despite all these events and distractions, staffers remain focused on what they can do for their constituents and how, in my case, they can help the IT industry remain vibrant. On Tuesday, I talked with several members of Congress. I sat in a small working group with Rep. Carlos Curbelo of Florida. I was impressed with his grasp on technology and what Congress can do to help our industry. He talked about the critically important issue of exposing more young people to IT careers and helping small and entrepreneurial business thrive without overly burdensome regulation.

This was a nice prep for the next session, which focused on developing necessary skills to build our national workforce for cybersecurity. Everyone agrees it is a significant deficiency that our children are not better educated about the importance of cybersecurity and available career opportunities. It was interesting to learn about programs of the National Institute of Standards and Technology and National Security Agency. The NSA, in particular, has some innovative programs that work with schools and universities to designate them as Centers of Educational Excellence, providing resources to train students in critical cybersecurity skills needed by industry and government.

We heard from several congressional staffers, including from the offices of Sen. Brian Schatz of Hawai’i, House Majority Leader Kevin McCarthy, Senate Majority Leader Mitch McConnell and representatives from the Department of Commerce and Federal Trade Commission. They discussed the growing need to secure devices that fit into the category of the Internet of Things (IoT). They also discussed implications of the new Congress and administration as it relates to technology policy. With respect to Congress, a growing membership of younger, tech savvy representatives and senators is gaining influence and drawing attention to important technology issues. As it relates to the new administration, it’s too early to know if it will be as technology savvy as the Obama administration.

CompTIA awarded its Tech Champion awards to Sen. Cory Booker of New Jersey and Rep. Will Hurd of Texas. I was impressed with both young men, who have inspiring personal stories and an affinity for technology. Booker’s father was the first African-American salesperson hired by IBM in the Virginia area. Hurd is the only member of Congress to have served as a covert CIA case officer. They have both shown leadership on matters impacting the technology industry and share the industry’s concerns around cybersecurity and the growing skills gap.

Reps. Derek Kilmer of Washington and Ted Lieu of California impressed me as well. Both are younger members of Congress with a strong understanding of technology. Kilmer is a self-described recovering geek, having grown up as a gamer. As a 43-year-old father of two young children, he is concerned about the lack of diversity in technology and wants to see that change. He is also concerned about hacking and cybersecurity. Lieu is one of only four members of Congress to hold a computer science degree and is a colonel in the Air Force Reserve. He brings a valuable perspective and talked about concerns I see every day in the business world, namely the security of mobile devices and growing amount of work done from them.

Wednesday afternoon, we headed to Capitol Hill for meetings with members of Congress from our home states. As a New Hampshire resident working for a company headquartered in Massachusetts, I was able to participate in five meetings across the delegations. I was scheduled to meet with Sens. Elizabeth Warren and Ed Markey of Massachusetts, Maggie Hassan and Reps. Ann Kuster and Carol Shea-Porter of New Hampshire. Due to the nature of the business of the Congress, further complicated by the unknown nature of the day’s developments, only Markey was able to make his scheduled meeting. For the rest, we met with staffers. Meeting with their staff is no less important.

There is a massive skills gap in the IT industry. There are nearly 1 million unfilled IT jobs nationally. CompTIA is putting forth a proposal to expand existing, successful, apprenticeship programs to IT. This would allow high school students and those who may not pursue a traditional four-year degree to get trained and certified for IT careers.

I strongly support this and was thrilled to hear staff and members offer equally strong support. Our economy and national security are at risk if we don’t address this need. We are reliant on H1B visa holders to fill many IT jobs we are not able to fill with home grown candidates. With looming changes to the H1B program that will potentially curtail this, we are now in a real deficit. Our schools need to focus on more than just software coding. That is just one small part of the IT career continuum.

It’s critical that our teachers have a better understanding of what IT careers are and that the curriculum they deliver aligns with the total opportunity, not a narrow segment, as it does today.

This initiative, coined CHANCE in Tech is a mechanism to do this and ensure our competitiveness as a nation. CHANCE stands for Championing Apprenticeships for New Careers and Employees in Technology. They key part of this act would be to develop a bill specifically addressing the tech workforce. It would be based on the apprenticeship model developed under the American Apprenticeship Initiative to scale up work based learning accelerators targeting early college STEM students and those over age 18. It would also recognize and award high schools that alight to tech career pathways of excellence.

Please consider writing your member of Congress in support of this initiative. This will have real value locally, regionally, nationally and globally. Take action and support U.S. competitiveness in technology.

Mac Users Need to be Vigilant

Standard

slide-1-mac-malware-coverartIf you use a Mac, beware.  Security researchers have discovered a malware targeting Mac’s that is very likely a variant of the malware used to hack the Democratic National Committee during last years election.  What’s worse is that this particular piece of malware is believed to be tied to a group affiliated with Russian military intelligence.

Yes, the Russian hackers.  The same ones that are being talked about each and every day for their reported efforts to sway the US Presidential Election and their potential undue influence over the present Administration.

Politics aside, this group is purported to be the most sophisticated hacking organization in the world.  Why they are now targeting Mac computers is not yet known.  Nor is it known how they are distributing the malware, but it’s out there.  If you are using MacKeeper for anti-virus, replace it, as a vulnerability in that program appears to be the most plausible point of penetration.

Don’t but in to popular misinformation that Mac’s are not vulnerable.  They are and this proves it.  Be sure you have strong anti-virus and anti-malware protection, keep it updated and perform regular deep scans on your Mac to be sure it’s clean.

Mr. Shoer Goes to Washington

Standard

us-capitolMy younger readers probably won’t get the reference in the title of this post.  If you’re that person, Google Mr. Smith Goes to Washington and learn about the classic 1939 movie starring the late, great Jimmy Stewart.  Now on to my post…

CompTlA DC FLY-IN

Businesses like mine are the lifeblood of our national economy. They employ more than half of the country’s private sector workforce.

Internet & Telephone, LLC is proud to be part of the economy. We employ professionals with IT infrastructure expertise and contribute to our local economy through our work with regional and national employers to keep their businesses competitive by leveraging IT as a strategic asset.  We also help our local communities through philanthropic activities and work closely with higher education to provide internship opportunities for students interested in exciting IT careers.

I am thrilled to join forces with fellow IT colleagues to advocates in Washington, D.C., on
February 14-15, to speak with Members of Congress about issues that are critical to the future of my business and the overall tech industry. The annual “Fly-ln” is organized by CompTlA to advocate on behalf of the tech community.

logo-small_jpegCompTlA, the Computing Technology Industry Association, represents technology companies of all sizes and is committed to expanding market opportunities and driving the competitiveness of the U.S. technology industry around the world.

Innovation is a key force behind a strong 21st century economy, and our leaders should prioritize issues that affect growing companies like Internet & Telephone, LLC.

While in Washington I will visit Senator Hassan‘s, Congresswoman Shea-Porter‘s, Congresswoman Kuster‘s, Senator Warren‘s and Senator Markey‘s office to advocate on tax reform, workforce development, cybersecurity, broadband communications and digital privacy – all are central to our industry. These legislative issues are key ingredients for helping technology firms like mine to become more competitive.

I am particularly looking forward to discussing with my elected officials the importance of:

Data Breach Notification

THE ISSUE:

There is currently no national standard for how a company must notify its customers in the wake of a data breach. Instead, companies must navigate a complex web of 47 different, often conflicting, regularly changing state data breach notification laws in the aftermath of a breach. With the increasingly mobile and decentralized nature of our economy, data storage and dissemination technologies, it can be nearly impossible for companies to determine which state laws apply when a breach occurs. The current regulatory landscape not only places an immense financial compliance burden on businesses, but also delays the process of getting information into the hands of those who need it most: the customers whose data was compromised.

WHAT CompTlA SUPPORTS:

A national standard for data breach notification would provide consumers and businesses
with consistency and predictability on how consumer notice must be provided. Until
Congress passes a national standard, CompTlA and its membership continue to advocate
for the following in breach notice bills:

“Harm” Trigger for Acquired Data: The notification requirement should be triggered when there is a real risk of actual harm, not a theoretical concept that could lead to over-notification about data breaches that aren’t harmful.

No Private Right of Action: Individuals should not be able to sue companies who have suffered a data breach for actions covered by federal data security and data breach notification laws. The businesses who have suffered breaches are victims of criminal activity.

Narrow Definition of “Personal Information”: To avoid over notification of consumers and unnecessary costs, the definition of “personal information” in the legislation should not include information accessible through public records. For example, merely the combination of a name, address and birthday should not qualify as personal information.

Preemption of State Laws: Any federal data security and data breach notification law should preempt State laws and requirements. Without strong preemption language, the compliance burden for small businesses will not be alleviated and the effectiveness of any law would be significantly undermined.

Exemption for use of Technology that Renders Data Unusable or Unreadable: Federal legislation should include an exemption from notification requirements for companies
who utilize technologies to render data unusable or unreadable. This exemption should
be technology-neutral.

Limits on Financial Penalties: Massive financial penalties are unwarranted, and could force small businesses out of existence. Penalties should be reasonable, and should take into account the size of the company that suffered the breach and the type of data that was accessed.

No Fixed Data Security Requirements: Data security requirements should not be specifically enumerated within the legislation. Instead, the legislation should direct the government to work with industry to develop a set of flexible “best practices.”

No Over-Burdensome Notification Requirements: Data breach notification legislation
should avoid overly prescriptive notification requirements. In the event of a breach, companies should dedicate their resources to efforts that most directly notify and protect consumers. Additional requirements, such as those mandating the creation of call centers or the provision of credit reports, would divert resources away from small businesses seeking to protect and inform their customers.

Reasonable Notification Timeframe: Legislation should require a reasonable timeframe for notification, which includes allowances for risk assessment without requiring a specific time limit that must apply to every case.

Take Other Laws into Account: Companies that are subject to other data security and/or
breach notification laws, such as HIPAA, Gramm-Leach-Bliley or the Fair Credit Reporting Act, should be exempt from these requirements.

How Do You Handle Inclement Weather?

Standard
work_sea_getty

I know this isn’t exactly a snow storm, but it’s a nice alternative reality.

What does your company do when a Nor’easter is bearing down on you?  Do you close your business for the day or do you have plans to keep operations seamless even during the worst of weather?

Today is a great example and a good opportunity to review your capabilities and possibly make some changes.  It all starts with your back end infrastructure, be it Cloud or on-premise.  Is your infrastructure redundant and able to operate through power outages without interruption?  Are you dispersed across multiple, geographically separated data centers for both your public, private and hybrid-Cloud infrastructures?  These are all important considerations.

You want your servers to be configured in high availability clusters, so that if any one component should suffer a hardware failure or software corruption, your standby systems take over immediately and as seamlessly as possible.  This goes for your Internet connectivity as well.  It needs to be redundant, from different carriers and coming in to your physical sites via different paths, to protect against single points of failure like the telephone pole in front of your building.

Are your users versed in working remotely?  Do you have secure Virtual Private Network (VPN) connections available and properly secured?  Do you have Citrix or RemoteApp’s deployed for users to connect to?  It’s important that users know how to access company systems when working remotely.

It’s also important to determine your company policy with regard to working remotely.  Do you issue company laptops for users to take home or do you allow users to work on their home PC’s?  If you are allowing your users to connect from their home computers, be sure you enforce at least minimal management and security best practices on that computer, so you do not expose your corporate resources to any risk from a home computer that is unmanaged and not monitored for threats.

Don’t forget about the phone.  If you have an IP based phone system, do users have phones at their homes, allowing them to work from their home as if they were sitting in the office.  If they don’t, they should.

For me, today will be as productive a day as when I am in the office.  Actually, it may be even more productive as there will not be as many interruptions.  I have a laptop with a secure VPN that allows me to connect to all of our company resources.  I am able to work no differently than if I was sitting in any of our physical offices.  I have a telephone on my desk that also securely connects back into our unified communication system.  My extension works just as if I was at my desk.  I can call my colleagues by extension and speak with them whether they are in the office or at home themselves.  I even have softphone capability on my computer, so that if I were in a hotel or somewhere other than my home, I could still work in the same manner.  I just need to connect a headset to my computer, which can be done wired or wirelessly with Bluetooth headphones.

So, as you can see, a day when it’s not safe to travel to the office does not need to be a lost day.  In fact, it should be just as productive as any day at the office, or possibly even more so.  Enjoy the snowy day!