Hello From ChannelCon 2017


ChannelCon2017This week, I am attending one of, if not the best technology industry event of the year, ChannelCon.  ChannelCon is the annual technology conference hosted by CompTIA, the Computing Technology Industry Association.  CompTIA is the global non-profit IT industry association whose mission is to advance the global IT industry.

I have had the pleasure to be a member of CompTIA for nearly 18 years and have served on the Board of Directors, currently as the Immediate Past Chair.  CompTIA brings together all elements of the industry, on a level playing field, to educate, certify, advocate, network and look toward the future of the industry.  It is a unique event that draws well over 1,000 attendees every year.

This years theme is “Be the change.”  From the ChannelCon web site: “Attend ChannelCon for intensive industry training, peer-to-peer learning and exceptional networking opportunities and walk away with new ideas and tools you can put into immediate action to grow your business and advance your career.”

As the week unfolds, I’ll post some of the key nuggets that emerge from this years event.  Stay tuned.

Will New TSA Rules Change Your Plans?


TSAThe Transportation Security Administration (TSA) has announced that all electronics larger than a cell phone will need to be removed from carry-on baggage and placed in their own bin for x-ray screening.  Prior to this, only laptop computers were required to be removed for screening.  You may read the announcement here.

With most people carrying multiple electronic devices with them while traveling, will these new rules change what you bring onboard?  I know for myself, my bag has my computer and my iPad Mini.  Fortunately, I have TSA PreCheck and will not have to remove any of these from my bags, for the traveling public that does not have TSA PreCheck, you will have to.

The new rule is to allow screeners to be able to properly examine the devices.  Due to the airlines baggage fees, more users are carrying on and stuffing those carry-on bags more than ever.  This is making it harder for screeners to do a proper job reviewing the x-ray images, so this only makes sense.

I’m just wondering if it will change what people bring with them.  Will Kindle’s and tablets be packed in checked bags or simply left at home?  Will this have any impact on your business travel?

Insider Threats Often Overlooked in Data Security


The following was published in yesterday’s Foster’s and Seacoast Sunday.

Insider ThreatWhen most people talk about information security, the discussions tend to focus on keeping hackers out. There is no question this is a real threat and needs a comprehensive layered approach to defend against. I’m sure your business has made significant investments in building out these layered defenses.

But what about insider threats? Has that even been a topic of discussion? If not, it really should be and here’s why.

As mentioned, most security conversations focus on hardware and software tools that protect the company network against attempts by hackers to penetrate the company network. It has also been quite common to focus on phishing attacks, those social engineering emails that look like they are legitimate, but are not. They are designed to trick the recipient into clicking a link or opening an attachment that will infect the system with malicious code that will allow the hacker to circumvent the layers of security.

Insider threats are too often overlooked, whether they intentional or unintentional. Most insider security risks center around the data stored on the company network. Employees need access to the data required to do their job. That access is a threat because computer users are often granted more access then they need to do their work. In those cases, a person could come upon data that may have value to them in a malicious sense.

Many insider threats are motivated by financial gain, so when an employee comes across data they may be able to use for their own personal gain, there is a real risk. While the incidence of this is still relatively low overall, it is a threat and needs to be considered. No one likes to be overly paranoid and looking over the shoulders of others, but an appropriate level of suspicion and prevention is a prudent business practice.

One of the more common forms of insider threat is data leakage. This is when data leaves the company without authorization or knowledge. In many cases, this may be completely innocent, yet exposes the company to data loss. Too many people use file sharing services not approved or monitored by the company, allowing users inside the network to copy data to an external source where it could be obtained by unintended parties. When this type of leak occurs, it is often because the person inside the company is simply trying to easily share data with someone outside the company. If this sounds familiar, it’s probably because of how common it is. This is why more and more organizations are controlling what data is able to be copied outside the corporate network and what tools may be used to securely share information with specific people.

When thinking about threats, both internal and external, you want to think about how data enters your network, how it leaves your network and how it is accessed and moved within your network. It is also important to understand where your data resides on the network and who has access rights to what information.

Once you understand these important elements of data integrity, you can begin to design and apply appropriate policies to ensure the safety of this data. Auditing is another consideration. At a minimum, data classified as the intellectual property of the company should have appropriate auditing controls applied, so you know who has accessed that data, when and what they have done with it.

Data integrity and safety is a complex matter that involves far more than just installing a firewall and antivirus software on your network. Hopefully, this information will help you think about your business practices and make any necessary changes to protect your organization from threats, inside and out.

Really New Hampshire?


A new report identifying the ten states with the highest rate of malware infections in the country lists New Hampshire in the #1 spot.  This is a not a first place ranking to be happy about!

New Hampshire often rates extremely well in rankings for quality of life, tax burden, technology, tourism and more.  To rank as the worst state in the nation for computer users infected with malware, is nothing short of terrible.  One could almost say that it is inexcusable.

The full report, released by Enigma Software, is available to read online here.  The reporthighest-malware-rates-usa-50-states does not draw conclusions as to why New Hampshire was hit so hard, but I will attribute it to lack of awareness and preventive education and general vigilance.  I would further argue that people are just not taking the time to stop and think before they do something online.  It only takes a moment to be sure an email is coming from who you think it is, or check to see if a link or attachment could be a trick.

New Hampshire ranks a whopping 201% above the national average for incidences of malware, adware, spyware, ransomware and malicious software.  This is a huge exposure to residents and businesses in the state.

Educate your self and your employees about the ways users are tricked into getting hit with these infections.  Deploy proactive and reactive training and technologies to help protect yourself and your company.  I would absolutely hate to see New Hampshire tarnished by this unenviable distinction.

Uber’s Technology Innovation


Most coverage of Uber has not been very positive lately. Despite that bad press, I had some very interesting interactions with Uber drivers over the past few days that painted a distinctly positive view of the popular ride sharing service. 

I’ve been in Atlanta this week for meetings at two office locations in Smyrna and Kennesaw, while staying at a Hilton in Marietta, along with a trip downtown to visit cousin’s while in town. Uber has been my primary transportation these past three days.

Being in an established metro like greater Atlanta, the availability of Uber when and where I needed it was consistent and reliable. Uber’s technology is constantly evolving, so some of this is not new, but the technology is clearly enabling an improved experience for both rider and driver. Here are some of the things I find innovative and empowering about Uber’s technology:

  1. When requesting a ride, the app searches for drivers closest to your pickup point and a driver confirms your request and you immediately know the drivers name, rating, vehicle make, model, color and plate number. The app encourages the rider to verify the plate before entering the vehicle for security purposes. 
  2. If traffic is heavy or something happens that significantly delays your pickup, the underlying technology re-scans for a closer driver and reassigns your pickup to a driver that can get to you more quickly.  The driver who originally claimed your pickup is re-prioritized for a new pickup to replace your fare. This is smart and effective as it maintains driver and rider satisfaction and conveys a loyalty and customer experience focus. 
  3. If a driver is driving to fast, the app will alert them and nag them until they reduce their speed to an acceptable and safe level. This is done leveraging the drivers smartphone GPS capabilities and helps the company ensure rider safety and will also alert the company to a potential problem driver if this happens repeatable or with no corrective response to the alert. 
  4. As a platform, the technology enables some quality of life choices for its drivers. I spoke with a few drivers this week who credited the Uber system with providing them the flexibility to live their life with flexibility in their work schedule, allowing them to provide better care for their families and use their time behind the wheel to earn a respectable income rather than just to commute.
  5. I also learned that Uber will contact random drivers very identity verification that appears to be tied to analytics driven by the technology platform. In other words, if the system detects an out of character pattern in a drivers work habit, driving style, etc., such activity may trigger a verification request as a form of quality control and system integrity. 

I found this all very interesting and a great example of technology driving a market disruption with more positive results than negative.  I know some will disagree with my assessment.  That is perfectly fine.  The main point I hope to make is that Uber, despite its flaws, is a good case study for how technology advances have enabled a new business model to shake up a market that is not typically known for being customer centric, while also improving both the provider opportunity but also the consumer experience.  Happy riding!

Nation States and IT Vendors


You may have seen recent reports about US government concerns about Kaspersky Lab, the cybKaspersky_Laber security software company that is based in Russia.

The concern centers around potential ties between the cyber security firm and the Russian government, obviously magnified by the revelations surrounding Russian government hacking related to the 2016 Russian FlagPresidential Election.  Bloomberg Business Week has published articles that state that Kaspersky Lab has ties to the Russian intelligence agency, the FSB.  This concern has reached the level that the General Services Administration (GSA) has removed Kaspersky Lab as an approved vendor for use by the US government.  Following on this, efforts are underway to ensure that no Kaspersky Lab software is installed on any US government computer systems.

It needs to be noted that both Kaspersky Lab and the Russian government both deny these assertions.  Kaspersky Lab has issued a multi-point denial of the allegations that have been identified in the Bloomberg Business Week article.

It should also be noted that this is not the first time a foreign government has been accused of potential ties to a technology company that could have national security implications.  When the Chinese firm Lenovo purchased the former IBM PC and server business units, the US government removed Lenovo from the list of GSA approved hardware vendors.  The concern was that the Chinese government could have influence over Lenovo and have it install components that could theoretically have capabilities that would allow the Chinese government to spy on anyone using one of their computers.

As with the current situation with Kaspersky Lab, there are concerns, but those concerns have not been validated with actual findings supporting the concerns.  This is tricky territory.  I do not mean to say that the concerns are unfounded, nor that the concerns are valid.

There is irony with each of these cases.  Almost every computer manufactured in the world today has at least some manufacturing capability that comes through China.  While a hardware or software firm may be based in a country that generates national security concerns for the United States, theoretically a software company anywhere in the world could be involved in collusion with a foreign power.

While there are political implications here, we should be cautious and rely on fact not conjecture.  We will see how these concerns play out in the coming weeks and months.  For now, if your business has concerns about specific vendors like these, you should review your business practices and determine whether a change in vendor would be appropriate to alleviate these concerns.  I’ll keep you posted if I learn more about either of these examples.

Have You Considered Skype for Business?


The following was published in the Sunday, July 9, 2017 Seacoast Sunday and Foster’s.

If you have not, you should. Skype for Business is the business version of the popular Skype service that many individuals use for chat and calling over the Internet. With Microsoft’s ongoing enhancement of the Office 365 platform, Skype for Business has been bundled into most of the business class subscriptions.
Skype_for_Business_Standard_Blue_CMYK1Skype for Business has become a very powerful collaboration platform for businesses. This is for both internal use within the company as well as collaborating with external business partners and customers. It is tightly integrated into the Office 365 platform and Office software applications, providing instant messaging, online meetings, meeting recording, screen sharing, Voice over IP (VoIP) calling, phone system functionality and recording.

In terms of collaboration features, Skype for Business is a powerful meeting platform, allowing you to share anything on your screen, collaborate on documents and presentations, conduct interactive polls, collaborate in real-time using whiteboard functions, manage questions throughout the meeting and facilitate public and private chat with meeting participants. During these online meetings, you are also able to make other participants presenters so that more than one person is able to present content to the meeting participants.

Security is forefront in Skype for Business. All communications, both audio and video, are encrypted. Skype uses both Transport Layer Security (TLS) and Advanced Encryption Standard (AES) to encrypt its audio and video traffic to ensure that if a Skype stream were to be intercepted, that they hacker would only see encrypted text and not the actual audio, data or video. Keep in mind, regarding calls that this only applies to VoIP calls. Calls made over the traditional phone network, often called the PSTN network, that part is not encrypted.

If your business is not yet using Skype for Business, especially if you are already using Office 365, you should really look into it. I see more and more organizations using Skype for increased collaboration and productivity and it has a very positive impact for those who use it.

The instant messaging features make it easy to see if a colleague is available or not. This is called presence and it’s tightly integrated into calendaring, so that Skype will let you know if someone is in a meeting, offline, available or on a call (if you are using the calling features). It’s helps to avoid phone and email tag, trying to connect with someone. This also works between organizations, so if you have a Skype contact that is at a customer of yours, for example, you can see if they are available when you wish to speak or message with them.

Another key benefit is that Skype for Business is a truly cross platform product. You can run it on a PC, Mac, iPhone, iPad, Android smartphone or tablet and even through a web browser. It truly facilitates communication between parties, no matter what each person is working on. When it comes to using the phone system features of Skype for Business, this also lets you make phone calls from the app on your smartphone, making it appear that you are calling from your office.

With most computers having built in webcams these days, video calls and meetings are becoming more common. Skype for Business fully supports video calls and meetings, so if you walk by an office and see someone on a video call, it’s quite likely it may be Skype for Business. There are several other tools that support this as well, but the key with Skype for Business is that it is all integrated into a single platform and subscription. This makes integration more efficient, so that people are more productive and also holds cost down. The infrastructure can be entirely Cloud hosted and features added to existing Office 365 subscriptions for as little as $2 more per month, for basic services.

As I mentioned earlier, if you are not currently using Skype for Business, check it out. I have yet to see a business that can’t benefit from implementing even just the basic features associated with messaging and presence. It’s a great way to employ technology that used to be reserved for only the largest companies that could afford to implement it. It’s now available to even the smallest businesses, so take advantage of the opportunity to increase your productivity. You’ll be glad you did.

Here Comes Smishing


I jusSmishingt received a warning from the company KnowBe4, who my firm works closely with, about a new form of phishing.  I wanted to share the details with you right away.

Internet bad guys are increasingly trying to circumvent your spam filters and instead are targeting people directly through their smartphone with smishing attacks, which are hard to stop.

They send texts that trick you into doing something against your own best interest. At the moment, there is a mystery shopping scam going on, starting out with a text invitation, asking you to send an email for more info which then gets you roped into the scam.

The practice has been around for a few years, but current new scams are mystery shopping invitations that start with a text, social engineering the victim to send an email to the scammers, and then get roped into a shopping fraud.

These types of smishing attacks are also more and more used for identity theft, bank account take-overs, or pressure employees into giving out personal or company confidential information.  Fortune magazine published a great article about this yesterday.  Here is the link.

Always, when you get a text, remember to “Think Before You Tap”, because more and more, texts are used for identity theft, bank account take-overs and to pressure you into giving out personal or company confidential information.  Here is a short video made by USA Today that shows how this works: https://www.youtube.com/watch?v=ffck9C4vqEM

In addition to the video, here’s a great PDF that explains this type of social engineering.  It’s from our friends at KnowBe4.  Feel free to print, share and use.

Prime Day Phishing Examples


Yesterday, I posted a warning about scams associated with Amazon‘s upcoming Prime Day on July 11th.  Here are a few examples, to help you remain alert and avoid getting caught by the hackers trying to exploit this popular online shopping day.




In each of these examples, you will notice the following:

  1. The sender address may look like it’s coming from Amazon, but if you take the time to look at the actual address within the <> symbols, you can clearly see that it’s not.  Some email programs will show you this like in these examples.  Others, you may have to hover your mouse over the “from” name to see what the underlying address is.
  2. The message contains only links.  DON’T CLICK.  These links will bring you to malicious sites that will load malware on your device.
  3. The messages all have an Unsubscribe link at the bottom.  As with #2, DON’T CLICK.

Hopefully these examples and warnings will help you enjoy Prime Day safely!

In case you missed my original post yesterday, about this, here is the link.

With Prime Day Comes Scam Days


Amazon Prime Day is coming and along with it, hackers are actively trying to scam users of the popular Amazon service.

What is Prime Day?  From Amazon’s web site: “This July 11 is the third annual PrimePrime Day Day. Prime Day is our annual deals event just for Prime members. We want Prime Day to be one of the world’s best days to shop, with awesome prices on everything you’re into. We’re bringing you hundreds of thousands of deals, new deals starting as often as every five minutes, and special offers across everything included with Prime—from music and video to reading and voice shopping.”

This year, hackers are really taking advantage of Prime Day, perhaps in part because Amazon has been more aggressively promoting Prime Day each year.  Prime Day deals are available for several days prior to the 11th.

Be on the lookout for phishing email messages, with subjects and sender names referencing Amazon Prime and Prime Day.  Even if you just placed an order, double check the sender address and hover over any links before clicking to be sure they are really from and going to amazon.com.  And don’t forget, never open an attachment.  Amazon doesn’t send them, so that would be a clear indicator of a potential phishing attack.

I have already seen numerous examples of phishing email messages that say they are from Amazon Prime or reference Amazon Prime Shipping in the subject or other similar names and subjects.  Be careful while enjoying Prime Day!