It’s a Hands Free World, Almost…

Standard

UPDATE: I originally wrote this post yesterday, but had to share a few things from my ride home after having posted this.  While in traffic just south of Providence, RI, I snapped a quick picture of the very clear signage that is displayed on the highway about the new law.  Yes, I was stopped in traffic at the time.

RIDOT

What I found so ironic was the driver in front of.  A professional looking guy in a dress shirt who was continually looking down at his phone while in this traffic.  When cars would begin to move, he would leave a large gap, so he could keep looking at his phone and when he finally looked up, he would speed ahead until he had to stop or slow down again.  Repeat, over and over and over.  Any wonder why these laws are necessary?  He almost caused a rear ender at least twice and then zipped across two lanes to make his exit that he almost missed.  Unreal.

Even more unreal was the woman just south of Boston.  Again, bumper to bumper keep-calm-baby-on-board-1traffic.  This lady had a sticker on her rear window that read, “Keep Calm, Baby on Board.”  That’s nice, expect she was on her phone texting the entire time we were in traffic.  She had her phone in her hand, about level with her steering wheel.  I wish I was kidding.  Her window was down and were it not for my wife’s voice in my head imploring me not to do it, for fear of freaking her out, I would have rolled down my window and yelled to her that she was being incredibly foolish.  So yes, we clearly need these laws and we need them enforced.

Below is the original post:

Hands-free-law

I am working in our Rhode Island office today and while driving in this morning, the highway signs were all aglow announcing the implementation of Rhode Island’s new hands free law, which goes into effect tomorrow, June 1, 2018.

One of the things I like about the Rhode Island law is that if you are cited for a violation, you may receive a waiver of the $100 fine if you show proof of purchase for a hands free device.  This only applies to your first citation, but I like that it encourages you to comply by incenting you to do the right thing.

I also like the fact that car manufacturers are embedding ever improving technology in their vehicles so that you can truly be hands free while you drive.  I recently purchased a new car and I can be 100% hands free thanks to various technologies, including Siri Eyes Free, which allows me to send text messages or call people without ever taking my eyes off the road.

My home state of New Hampshire, has had a pretty strict hands free law on the books for several years now.  Obviously, the intent of these laws is to prevent distracted driving from drivers making calls, using apps and texting while driving.  Unfortunately, even with these laws in place, I still see a lot of people holding their phones and using them while driving.

You know what I’m talking about.  You see the cars just sitting at a green light, because they were stopped and picked up their phone to text or check social media, etc. and then the light turns green and they are staring at their phone instead of the road and the traffic light they are at.  Or, you see a car drifting between lanes on the highway, often you will see the driver looking at their phone.

As of tomorrow, 16 states, D.C., Puerto Rico, Guam and the U.S. Virgin Islands prohibit all drivers from using hand-held cell phones while driving.  When it comes to text messaging, 47 states, D.C., Puerto Rico, Guam and the U.S. Virgin Islands ban text messaging for all drivers.  These are referred to as primary laws, meaning you can be pulled over and issued a ticket just for this.  It does not have to be in conjunction with another reason for being stopped by the police.

I wish it were all 50 states and territories and a complete ban, not just texting, but at least we are getting closer.  According to the Governors Highway Safety Association, only Montana has no laws regarding cell phone use or texting.  The GHSA has a great overview of laws, state by state, which you may review at this link.  Just click the + sign next to any state to see the specifics.

It’s Here

Standard

gdpr_checklistGDPR went into effect on Friday.  A friend and colleague has posted an excellent piece about GDPR and what you need to do to be ready.  Chris Chase is well known in the MSP industry.  He is a respected business owner and the creative genius behind his company, Directive and JoomConnect out of Oneonta, NY.  Chris publishes some truly excellent content and when I saw his latest post, I asked if I could repost it and link back to his original post.

Included in Chris’ post is a free download of a privacy policy template that encompasses language required for GDPR compliance.  I highly recommend you give this post a read and check out the video and links thoughout the post.

With permission, I have copied the post here for ease of access.  You may refer to the original post here.

GDPR was introduced by the European Union, but it applies to businesses all over the world, especially if you could potentially collect personal data from a person residing within the EU. We feel, as a business, it’s important to safeguard personal data of your prospects and customers, and think the GDPR is a big step in the right direction to provide transparency and understanding to your users.

The key elements of the GDPR are the following:

  1. You must process personal data in a way that is lawful, fair, and transparent.
  2. You must only use personal data for the specific purpose that you have declared.
  3. You must collect only the minimum amount of personal data required to achieve your stated objective(s).
  4. You must take all reasonable steps to ensure that any data you collect is accurate and kept up-to-date.
  5. You may only hold personal data for as long as it is required to achieve the stated objective(s).
  6. You must process personal data in a way that ensures appropriate security.

There is a lot to the GDPR (it’s over 255 pages long), but we’ve found a lot of the concepts make sense. Chances are, if you are handling your marketing and the data you collect as white-hat as possible, you are already mostly there.

Want to Update Your Privacy Policy?

We’ve also built a template that our clients can use as a starting point for their privacy policy. We took into consideration the services most of our clients use and how we advise using them.

Click here to download our free privacy policy template.

A few big things to look out for:

Automatic Opt-Ins are Not Okay

If you have Newsletter or ‘More Information’ checkboxes pre-ticked on forms, that is not enough to be considered an opt-in.

Enable SSL

If your website doesn’t have SSL, reach out to us and we’ll provide you with a free one under your hosting agreement. You can also purchase one, but for non-ecommerce sites, the free SSL is a good alternative.

Check Your Lists

It never hurts to run the occasional re-opt-in campaign to ensure you aren’t sending unsolicited emails.

Updating Your Privacy Policy

You’ll want to be as transparent as possible in your privacy policy. We’ve included a template to work off of, but don’t assume it is ready to publish for your business. You’ll want to review it with your lawyer, along with the rest of the GDPR. Updating your privacy policy alone going to make you compliant.

Document Any Extra Tracking/Analytics

We’ve covered the basics that we apply to most of our clients – Google Analytics. If you use a third-party service for tracking analytics or metrics on your website, or you have other scripts that collect data, you’ll need to make sure that it is applied to your Privacy Policy and that those services are GDPR compliant.

Check With Your Host

If you host the website yourself or use a third-party besides us, you’ll need to make sure they are GDPR compliant.

It Doesn’t Stop There

Be sure to review the GDPR to determine if you are within its scope and to ensure that your business is compliant. This will involve reaching out to any vendors that you might share or transfer data to and reviewing their policies, and making sure you are protecting any personal information you collect.

You can learn more about the GDPR by checking out the official site: https://www.eugdpr.org/

You can also read the original regulation here: http://eur-lex.europa.eu/eli/reg/2016/679/oj

There is also a great breakdown of the GDPR here: https://gdpr-info.eu/

Disclaimer: We’re Not Your Lawyer

Please be advised that Directive is not your attorney, and this information is not legal advice. This information does not provide, nor constitute, and should not be construed as, legal advice. It is for educational purposes only and is not to be acted or relied upon as legal advice. Use of this information does not create any attorney-client relationship between you and Directive. The information does not constitute legal advice and is not a substitute for competent legal advice from a licensed attorney representing you in your jurisdiction. Applying or asking us to apply the privacy policy template to your website does not make us responsible in any way for the accuracy of the content or your compliances. You should seek advice from your legal counsel to determine your legal obligations.

Effects of GDPR Becoming Apparent

Standard

The following was published in today’s Foster’s and Seacoast Sunday.

Have you received a ton of privacy update messages this week? GDPR is why.

The European Union General Data Protection Regulation came in to effect Friday. Two weeks ago, my column, “GDPR and What it Means for U.S. Companies” shared some insights into why this new European law will impact companies in the United States.

As you’ve undoubtedly seen over the last week it impacts you too. Everyone I talked to this week commented on the marked increase in email messages received about updated privacy policies and to confirm existing email subscriptions. You can thank GDPR. Many companies are sending these updates to all of their customers, regardless what country they are nationals of or residing in, to be in compliance with GDPR.

One key provision of GDPR is clearly communicating your data privacy and retention policies to people who register with your website. Some sites consider these new requirements so ominous they have chosen to shut down out of fear of not being able to comply. If a website asks you to register to login or receive email communication, it is likely collecting enough information to be governed by GDPR. The new law requires companies that collect personal information to make it clear to those people exactly what information is being collected and stored. In addition, the individual has the right to request that information be purged from the company’s databases. The individual may also request to know what data the company has stored about them at any time. In other words, you have the right to be forgotten at your request.

Companies that collect this type of data are required to have a data protection officer or DPO. Part of the DPO’s responsibility involves ensuring personal data is removed from company systems once it is no longer needed. They are also responsible for processes that will remove personal data of anyone who requests it be removed. The DPO is basically charged with making sure your business practices comply with GDPR.

Another key part of the law is that you may only send email communication to individuals who request it. That is why many of the email messages sent over the last week ask you to take steps to reconfirm you want to receive email from the company. Some state right up front that you will no longer receive emails unless you go to the company website and in effect re-subscribe to receive email subscriptions you may have been getting for years.

This is why you’ve been seeing a flood of emails about privacy policies and email subscription leading up to Friday, May 25. Now that the law is in place, it will be interesting to see what may change over the weeks and months ahead. There is a lot of concern about hefty fines GDPR allows to be levied against violators. In my opinion, there is still a lot of education and awareness training that must take place before fining a company. As evidenced by the uptick in privacy and email update messages, many companies are scrambling at the last minute to do what they think they need to. That’s the fault of the company for sure, but I hope any infractions will be dealt with fairly and reasonably and not just resorting to the letter of the law when it comes to financial penalties. Certainly, everyone is hoping GDPR and other laws like it help drive a culture of protection of personal information and better overall security across the board.

If you are a U.S.-based company doing business in the EU, employing citizens of the EU or foreigners residing in EU countries you need to be sure you are in compliance. GDPR is here, are you compliant?

FBI VPNFilter Cyberattack Warning

Standard

The FBI has issued an urgent advisory that will impact many, if not most, home users of the Internet.  The specific threat, which is felt to be State sponsored, is known to have infected over a half million home and SOHO router devices.

VPNFilter

Specifically, if you own a home or SOHO router or NAS (network attached storage) device made by Linksys, MikroTik, Netgear, TP-Link or QNAP, the advisory recommends rebooted the device as soon as possible.  Rebooting will disrupt a portion of the malware.  If the malware has already embedded itself in to the device, there may still be a risk after the reboot.  To ensure maximum safety, you may wish to perform a factory reset on your device and set it back up with a secure password and wireless passphrase (if your device doubles as a wireless access point) that is different from what you had previously.

While not likely that you, individually, are the target of the hackers, your device may be being prepped to help execute a broader cyberattack that could, theoretically, put your data at risk.  An abundance of caution is warranted given the urgency of the FBI advisory.  It is also recommended to be sure your device is running the latest manufacturer firmware version and that you disable all Internet accessible remote managment of your device.

You may read the FBI advisory here.

GDPR Insight from Onepath

Standard

Our awesome marketing team at Onepath put together the following informational piece to help our clients and friends understand GDPR and its potential impact on you and your business.  There are some excellent resources below, which I encourage you to read.

onepath-banner00bb

The GDPR goes into effect tomorrow. Does it apply to you? Are you ready?
Here are five hand-picked articles from around the web that will tell you everything you need to know.


webp.net-resizeimage1a816What is the GDPR?

So what is the GDPR exactly? Here’s an overview that includes the key elements of the far-reaching and complicated European Union legislation.
1path.com

 


Yes, The GDPR Will Affect Yourwebp.net-resizeimage26285
U.S.-Based Business

What about companies that have no business operations in the European Union? Read about the homework they need to do.
Forbes.com

webp.net-resizeimage3294bA Practical Guide to the European Union’s GDPR for American Businesses

American businesses operating or serving customers in the EU need to understand what they need to do to prepare for a new reality.
Recode.net

 


How might GDPR affect your website?blur-blurred-background-communication-908287e097

If companies are affected by this new regulation, they need to continue to research GDPR policies, and create a plan.
1path.com

 


arachnid-close-up-cobweb-27634710b60GDPR in Real Life: Fear, Uncertainty, and Doubt

Why are most organizations still not ready for GDPR? And what are the implications and mechanisms of applying GDPR provisions for companies, individuals, and regulators?
ZDNet.com

 

Beware GDPR Scams

Standard

Yesterday, I posted What’s With All The Privacy Updates?  I was referring to all of the messages being sent this week, updating privacy policies and asking you to confirm email subscriptions as a result of GDPR going in to effect on Friday.

To no surprise, the scammers are right on top of this, sending their own messages, seeming to be related to this, but trying to trick you into revealing your credentials to sites you visit.

GDPRPhishIf you get a message from a company asking you to confirm their privacy policy or your email subscriptions or anything related to your identity, DO NOT click on the links in the message.  Go to the actual website and look for the places where you would normally update your settings and see if you are being asked to do so.  Otherwise, you may find yourself landing on a fake site that’s sole purpose is to get you to enter personal information and credentials that will compromise your identity.

What’s With All The Privacy Updates?

Standard

Is your Inbox overflowing with messages about updated privacy policies?  From the manufacturer of your computer to the publishers of all the software, apps and websites you use, you are probably receiving an undrecedented amount of privacy updates.

While you probably reflexively delete most of these messages, you may want to play closer attention to them.  Some are informing you that unless you take specific action, you will no longer receive the email messages that you have subscribed to.

So why is this happening now?  GDPR, that’s why.  The General Data Protection Regulation of the European Union goes in to effect in three short days on Friday, May 25, 2018.  This new legislation mandates more transparency when it comes to data privacy and requires that individuals be made aware of what personal data a given company has about them.

Because of this sweeping new legislation, companies are scrambling to let people know that they need to authorize them to retain the private data they hold about you.  They also need you to reconfirm that you give them permission to email you.

Now you know.  These messages are to ensure compliance with the new law.  Even tough this is a law of the EU, it applies to companies outside the EU, so give these messages a quick review before you delete them, just to be sure you want the company who sent it to you, to have personal information about you in their databases.

Here are a couple of examples I’ve received in the last 24 hours, along with links to other blog posts about GDPR:

GDPR and What it Means for U.S. Companies

GDPR Isn’t Just for Europe. What US Companies Need To Know.

It Happens One Month From Today

Here’s a Pretty Lame Scam

Standard

Scam1-538x218

I got the following voice mail today on my home phone.  It’s a pretty poorly done scam, yet some unsuspecting people will take it as legitimate and call the number as directed.

Here is the transcription of the voice mail:

“Or 584-0766. Let me repeat. This is a very important call to notify you that your Microsoft Windows license key has been expired on your computer. So Microsoft Corporation has stopped the Windows Services in your computer to renew the Microsoft Windows license key please call 844-584-0766. I will repeat 844-584-0766. Thank you.”

If you want to listen to the actual message, you can by clicking below.

It’s safe to click as I uploaded the voicemail recording to this blog, so that’s where it is playing from.  The actual message is pretty bad as it’s likely a foreign hacker using a generated voice so as not to sound foreign.  Even so, it sounds pretty bad.

Pretty bad, right?  But think of an elderly person getting this message.  They are likely to return the call as it seems important.  Worse, if the person being called actually picked up, it’s likely a live person would have been on the other end of the phone.

Just another social engineering attack, to trick unsuspecting people into giving the bad guys money.  Spread the word that this is going around, so no one you know gets taken by this.  Yes, it’s lame, but it obviously works or they wouldn’t be doing it.

Happy Anniversary to Us!

Standard

IMG_0558-2257245482-1526568334383.jpg

It’s hard to believe that today was our one year anniversary of becoming part of the Onepath family!  One year ago, our CEO Ben Balsley came to our old office, together with our former owners to announce our acquisition by Onepath.

Fast forward 12 months and Ben was back in town today, so we took the opportunity for a small celebration at our new office, the heartbeat of Onepath in the northeast.  What a year its been!  We’ve made more acquisitions, added new members to the team and engaged with new and old clients to bring even more value to our partnerships.

Things have worked out very well.  We’ve had our challenges and have risen to the occasion to address them, learn from them and improve our people, processes and technology with a singular guiding purpose; to deliver the absolute best outsourced technology experience available.

People who know me ask me if I’m still having fun and enjoying what I do.  The answer is a resounding yes.  I love what I do and I love being part of the amazing Onepath team.  The last 12 months have been challenging, fulfilling and rewarding and I am excited about our future!  Happy Anniversary to the Onepath northeast team!  Full speed ahead…

2018-05-17_17-34-32

 

CompTIA Statement on Administration’s Elimination of Top Cybersecurity Official

Standard

White-House-eliminates-Cybersecurity-Coordinator-role

We all know how serious cybersecurity threats are.  It seems new ones are reported almost daily.  I was surprised to learn that the administration had eliminated the White House Cybersecurity Coordinator position.  CompTIA has released a statement on this action and I fully support CompTIA’s position and recommendations on this topic.

Source: CompTIA Statement on Administration’s Elimination of Top Cybersecurity Official