Will New TSA Rules Change Your Plans?

Standard

TSAThe Transportation Security Administration (TSA) has announced that all electronics larger than a cell phone will need to be removed from carry-on baggage and placed in their own bin for x-ray screening.  Prior to this, only laptop computers were required to be removed for screening.  You may read the announcement here.

With most people carrying multiple electronic devices with them while traveling, will these new rules change what you bring onboard?  I know for myself, my bag has my computer and my iPad Mini.  Fortunately, I have TSA PreCheck and will not have to remove any of these from my bags, for the traveling public that does not have TSA PreCheck, you will have to.

The new rule is to allow screeners to be able to properly examine the devices.  Due to the airlines baggage fees, more users are carrying on and stuffing those carry-on bags more than ever.  This is making it harder for screeners to do a proper job reviewing the x-ray images, so this only makes sense.

I’m just wondering if it will change what people bring with them.  Will Kindle’s and tablets be packed in checked bags or simply left at home?  Will this have any impact on your business travel?

Uber’s Technology Innovation

Standard

Most coverage of Uber has not been very positive lately. Despite that bad press, I had some very interesting interactions with Uber drivers over the past few days that painted a distinctly positive view of the popular ride sharing service. 

I’ve been in Atlanta this week for meetings at two office locations in Smyrna and Kennesaw, while staying at a Hilton in Marietta, along with a trip downtown to visit cousin’s while in town. Uber has been my primary transportation these past three days.

Being in an established metro like greater Atlanta, the availability of Uber when and where I needed it was consistent and reliable. Uber’s technology is constantly evolving, so some of this is not new, but the technology is clearly enabling an improved experience for both rider and driver. Here are some of the things I find innovative and empowering about Uber’s technology:

  1. When requesting a ride, the app searches for drivers closest to your pickup point and a driver confirms your request and you immediately know the drivers name, rating, vehicle make, model, color and plate number. The app encourages the rider to verify the plate before entering the vehicle for security purposes. 
  2. If traffic is heavy or something happens that significantly delays your pickup, the underlying technology re-scans for a closer driver and reassigns your pickup to a driver that can get to you more quickly.  The driver who originally claimed your pickup is re-prioritized for a new pickup to replace your fare. This is smart and effective as it maintains driver and rider satisfaction and conveys a loyalty and customer experience focus. 
  3. If a driver is driving to fast, the app will alert them and nag them until they reduce their speed to an acceptable and safe level. This is done leveraging the drivers smartphone GPS capabilities and helps the company ensure rider safety and will also alert the company to a potential problem driver if this happens repeatable or with no corrective response to the alert. 
  4. As a platform, the technology enables some quality of life choices for its drivers. I spoke with a few drivers this week who credited the Uber system with providing them the flexibility to live their life with flexibility in their work schedule, allowing them to provide better care for their families and use their time behind the wheel to earn a respectable income rather than just to commute.
  5. I also learned that Uber will contact random drivers very identity verification that appears to be tied to analytics driven by the technology platform. In other words, if the system detects an out of character pattern in a drivers work habit, driving style, etc., such activity may trigger a verification request as a form of quality control and system integrity. 

I found this all very interesting and a great example of technology driving a market disruption with more positive results than negative.  I know some will disagree with my assessment.  That is perfectly fine.  The main point I hope to make is that Uber, despite its flaws, is a good case study for how technology advances have enabled a new business model to shake up a market that is not typically known for being customer centric, while also improving both the provider opportunity but also the consumer experience.  Happy riding!

Here Comes Smishing

Standard

I jusSmishingt received a warning from the company KnowBe4, who my firm works closely with, about a new form of phishing.  I wanted to share the details with you right away.

Internet bad guys are increasingly trying to circumvent your spam filters and instead are targeting people directly through their smartphone with smishing attacks, which are hard to stop.

They send texts that trick you into doing something against your own best interest. At the moment, there is a mystery shopping scam going on, starting out with a text invitation, asking you to send an email for more info which then gets you roped into the scam.

The practice has been around for a few years, but current new scams are mystery shopping invitations that start with a text, social engineering the victim to send an email to the scammers, and then get roped into a shopping fraud.

These types of smishing attacks are also more and more used for identity theft, bank account take-overs, or pressure employees into giving out personal or company confidential information.  Fortune magazine published a great article about this yesterday.  Here is the link.

Always, when you get a text, remember to “Think Before You Tap”, because more and more, texts are used for identity theft, bank account take-overs and to pressure you into giving out personal or company confidential information.  Here is a short video made by USA Today that shows how this works: https://www.youtube.com/watch?v=ffck9C4vqEM

In addition to the video, here’s a great PDF that explains this type of social engineering.  It’s from our friends at KnowBe4.  Feel free to print, share and use.

DocuSign Hacked, Exercise Caution

Standard

DocuSignLast week DocuSign, one of the market leaders in online eSignatures and contract execution and management, announced that it had discovered a data breach.  The result?  A targeted phishing campaign using social engineering gathered from the breached data to trick people into executing a document that is not a real DocuSign document.

If you are not familiar with DocuSign, here is an excerpt from their About Us page on their website.  “DocuSign® is changing how business gets done by empowering more than 300,000 companies and 200 million users in 188 countries to sign, send and manage documents anytime, anywhere, on any device, with confidence.”

The phishing attack, which DocuSign acknowledges, targets those who have used DocuSign to sign and execute contracts in the past.  It is doing this using data obtained from the breach.  Through social engineering techniques, users are tricked into activating macro code in an attached Word document that loads malware onto the victims computers.

An important thing to note is that DocuSign never sends attachments and asks the recipient to open the attached file.  That should be an immediate red flag.  If you have used the system, you know that the document you are being asked to sign in the DocuSign system is presented within your web browser over a secure SSL session.  You “sign” the document online and are then presented the option to download a PDF copy of your signed document.  This should be an easy phish to spot, yet people are falling victim to it.

Here is a recommendation that has been put out in collaboration with KnowBe4, our partner in helping to educate our clients about risks like this:

“Hackers have stolen the customer email database of DocuSign, the company that allows companies to electronically sign documents. These criminals are now sending phishing emails that look exactly like the real DocuSign ones, but they try to trick you into opening an attached Word file and click to enable editing.

But if you do that, malware may be installed on your workstation. So if you get emails that look like they come from DocuSign and have an attachment, be very careful. If there is any doubt, pick up the phone and verify before you electronically sign any DocuSign email. Remember: Think Before You Click.”

Simple, but important advice to always verify the source, especially when you are not expecting something that you have received.

DocuSign maintains a good site regarding their security posture at https://trust.docusign.com.  I recommend you keep watch on this site if you are a regular DocuSign user.

 

 

 

Microsoft Authenticator App-The New 2FA Kid on the Block

Standard

In yesterday’s post, I talked about two factor authentication and why it’s important and supported virtually anywhere you logon.  I did not mention Microsoft’s Authenticator app, which is a newer option and one that is gaining momentum and support.

Last night, I came across an article that highlighted some of the new capabilities of the Microsoft Authenticator and this has prompted me to post this update.

The Microsoft Authenticator is quite similar to the Google Authenticator app.  And in true rival fashion, Google and Microsoft continue to one up one another and right now, it appears Microsoft has moved into the lead.

Microsoft AuthenticatorThe latest features available in the Microsoft Authenticator allow you to use your Microsoft Account without having to enter your password and then the Authenticator code that is generated.  Instead, when you enable muti-factor support for your Microsoft account, you have the option to set the default logon action to notify you via the Authenticator app on your smartphone and approve the logon from your smartphone.

Especially if you have multiple Microsoft accounts, this is a huge time saver as well as considerably more secure.  With more people using Office 365 and other Microsoft Cloud services like Azure, this will make navigating the Microsoft Cloud ecosystem considerably more efficient.Authenticator Notification

This type of push notification for logon approval is becoming more common.  Like other authentication apps, you can scan QR codes to enable the Microsoft Authenticator as your 2FA choice on sites like Facebook and yes, Google.

With all these developments in the 2FA space, you can expect to need to use multiple authenticators to secure your accounts.  Myself, I use three.  Four if you consider receiving authentication codes via text message another authentication method, which it is.

My current 2FA apps include AuthAnvil, Google Authenticator, Microsoft Authenticator and text message OTP’s (one time passcodes).  What are you using?

Ski Technology at its Finest

Standard

While I would love to be talking about the technology in my 2017 K2 Pinnacles, that’s not what this post is about.  However, it you are looking for an incredible all-mountain ski that performs above expectations on both east coast mountains and the Rockies, this is the ski for you…but I digress.

I spent a week skiing in Colorado with a good friend and my son.  The skiing was fantastic, as expected.  What I was pleasantly surprised with was the use of technology on the mountain to make the experience even more pleasant.

We mostly skied at Vail Resort mountains.  Vail, Beaver Creek, Breckenridge and Keystone.  We also skied a day at one of my all-time favorites, Steamboat.  The ticketing systems at both mountains leverage RFID technology to make the experience simple and efficient.

Here is a picture of the RFID card issued at each mountain.

EpicDayCard_LIThe EpicDay card is Vail Resorts card.  You can go online and purchase single or multiple day lift tickets and just pick up this card on your first visit to any of the mountains.  Once you have the card, it just needs to be on your person, somewhere on its own, so the mountain RFID readers can scan and validate your card as you ski.

When at the base lifts on the mountain, lift staff carries a Symbol/Zebra RFID reader and will wave the device in front of you to pick up and validate your ticket.  Once you are up the mountain, there is no longer a need to read the ticket, as you wouldn’t be able to get there without riding a base lift first.  However, every lift still has RFID readers and they are used for a couple of purposes.  Namely, they keep track of the lifts you ride and they are used to calculate the wait time in the lift line.  Vail Resorts has a mobile app called EpicMix which will track all of this for you.  There are even photographers on the mountain and they too will use RFID to track your photo opps.  If you hold a season ticket, these photos will automatically post to your Facebook account if you allow that.

At Steamboat, their technology is called QuickTrax and SteamboatCard.jpgworks similarly.  You register the card and it’s good for 3 years.  You don’t have to visit a ticket window again during this time.  You may simply go online, purchase your ticket or tickets and load them to your card so you can walk right to the lift and get to the slopes.

One thing to keep in mind with RFID technology is that you don’t want to have interference issues.  If you have both of these two cards in the same pocket, only one will read and you might have issues getting on the lift if the card that reads is not the mountain you are at.  Credit cards and cell phones may also interfere, so just be sure to have the card in an outside pocket on its own and you should be fine.

 

Mr. Shoer Goes to Washington

Standard

us-capitolMy younger readers probably won’t get the reference in the title of this post.  If you’re that person, Google Mr. Smith Goes to Washington and learn about the classic 1939 movie starring the late, great Jimmy Stewart.  Now on to my post…

CompTlA DC FLY-IN

Businesses like mine are the lifeblood of our national economy. They employ more than half of the country’s private sector workforce.

Internet & Telephone, LLC is proud to be part of the economy. We employ professionals with IT infrastructure expertise and contribute to our local economy through our work with regional and national employers to keep their businesses competitive by leveraging IT as a strategic asset.  We also help our local communities through philanthropic activities and work closely with higher education to provide internship opportunities for students interested in exciting IT careers.

I am thrilled to join forces with fellow IT colleagues to advocates in Washington, D.C., on
February 14-15, to speak with Members of Congress about issues that are critical to the future of my business and the overall tech industry. The annual “Fly-ln” is organized by CompTlA to advocate on behalf of the tech community.

logo-small_jpegCompTlA, the Computing Technology Industry Association, represents technology companies of all sizes and is committed to expanding market opportunities and driving the competitiveness of the U.S. technology industry around the world.

Innovation is a key force behind a strong 21st century economy, and our leaders should prioritize issues that affect growing companies like Internet & Telephone, LLC.

While in Washington I will visit Senator Hassan‘s, Congresswoman Shea-Porter‘s, Congresswoman Kuster‘s, Senator Warren‘s and Senator Markey‘s office to advocate on tax reform, workforce development, cybersecurity, broadband communications and digital privacy – all are central to our industry. These legislative issues are key ingredients for helping technology firms like mine to become more competitive.

I am particularly looking forward to discussing with my elected officials the importance of:

Data Breach Notification

THE ISSUE:

There is currently no national standard for how a company must notify its customers in the wake of a data breach. Instead, companies must navigate a complex web of 47 different, often conflicting, regularly changing state data breach notification laws in the aftermath of a breach. With the increasingly mobile and decentralized nature of our economy, data storage and dissemination technologies, it can be nearly impossible for companies to determine which state laws apply when a breach occurs. The current regulatory landscape not only places an immense financial compliance burden on businesses, but also delays the process of getting information into the hands of those who need it most: the customers whose data was compromised.

WHAT CompTlA SUPPORTS:

A national standard for data breach notification would provide consumers and businesses
with consistency and predictability on how consumer notice must be provided. Until
Congress passes a national standard, CompTlA and its membership continue to advocate
for the following in breach notice bills:

“Harm” Trigger for Acquired Data: The notification requirement should be triggered when there is a real risk of actual harm, not a theoretical concept that could lead to over-notification about data breaches that aren’t harmful.

No Private Right of Action: Individuals should not be able to sue companies who have suffered a data breach for actions covered by federal data security and data breach notification laws. The businesses who have suffered breaches are victims of criminal activity.

Narrow Definition of “Personal Information”: To avoid over notification of consumers and unnecessary costs, the definition of “personal information” in the legislation should not include information accessible through public records. For example, merely the combination of a name, address and birthday should not qualify as personal information.

Preemption of State Laws: Any federal data security and data breach notification law should preempt State laws and requirements. Without strong preemption language, the compliance burden for small businesses will not be alleviated and the effectiveness of any law would be significantly undermined.

Exemption for use of Technology that Renders Data Unusable or Unreadable: Federal legislation should include an exemption from notification requirements for companies
who utilize technologies to render data unusable or unreadable. This exemption should
be technology-neutral.

Limits on Financial Penalties: Massive financial penalties are unwarranted, and could force small businesses out of existence. Penalties should be reasonable, and should take into account the size of the company that suffered the breach and the type of data that was accessed.

No Fixed Data Security Requirements: Data security requirements should not be specifically enumerated within the legislation. Instead, the legislation should direct the government to work with industry to develop a set of flexible “best practices.”

No Over-Burdensome Notification Requirements: Data breach notification legislation
should avoid overly prescriptive notification requirements. In the event of a breach, companies should dedicate their resources to efforts that most directly notify and protect consumers. Additional requirements, such as those mandating the creation of call centers or the provision of credit reports, would divert resources away from small businesses seeking to protect and inform their customers.

Reasonable Notification Timeframe: Legislation should require a reasonable timeframe for notification, which includes allowances for risk assessment without requiring a specific time limit that must apply to every case.

Take Other Laws into Account: Companies that are subject to other data security and/or
breach notification laws, such as HIPAA, Gramm-Leach-Bliley or the Fair Credit Reporting Act, should be exempt from these requirements.