Discover how mastering email communication can boost business efficiency, avoid common pitfalls, and ensure secure, respectful online interactions.
Turkey Revenge
The turkeys are pissed this Thanksgiving they are seeking revenge.
Germs Infest 60% of Americas Phones
60% of Americans sleep with their phones, harboring germs. Cleaning regularly with UV sanitizer or alcohol wipes can help keep your phone and bed germ-free.
Smartphone Sanitizing: A Practical Guide
Securely erase personal data from your old smartphone before recycling. Protect your identity from hackers—easy steps to follow.
Why Soft Skills Matter in Today’s Job Market
Boost your career with essential soft skills like communication, teamwork, and emotional intelligence. Learn why they’re crucial for workplace success.
Quicken Fiber Coming to the D
Crain’s Detroit Business is reporting that real estate mogul, Lebron James’ boss, founder and chairman of Quicken Loans Inc., Dan Gilbert announced the formation of a new Detroit-based high-speed Internet provider to bring service to downtown Detroit – Rocket Fiber LLC. Mr. Gilbert (@cavsdan) tweeted:
Yes, it’s true @RocketFiber coming to downtown Detroit in near future. Fast as Google or faster. Details in a few weeks pic.twitter.com/fTPRSbauoN
Mr. Gilbert formed Rocket Fiber LLC in 2014. He called the company a “community investment initiative.” Matt Cullen, president and CEO of Rock Ventures, called the new network “the generational leap forward” – leapfrogging where the city is at this point. It’s starting in the downtown and hopefully spreading out to the neighborhoods. There is some interest along the riverfront.
The first wave of installations will happen in the downtown area between the Lodge on the west, I-375 to the east, and I-75 to the north. Rocket Fiber will expand services to residents and businesses in Midtown Detroit along the Woodward corridor.
Crain’s reports that construction is already happening on the “advanced fiber-optic network.” The system will use hard-wired fiber-optic lines that will be connected to buildings. Users will connect devices in their homes or businesses by either an Ethernet cable or WI-Fi. An outdoor Wi-Fi offering also will be available, Rock Ventures said.
The effort is not entirely altruistic. Undoubtedly part of the project will be to connect the Quicken campus downtown to the new Corktown technical center Bedrock is building at Rosa Parks and Porter which includes a 10,000-square-foot server room.
rb-
Mr. Gilbert is doing something ATT or Comcast could or would not do. – I worked on a job in the City to bring in 12 AT&T (T) POTS and Comcast (CMCSA) Business circuits.
– OMG – It took ATT a week to get the last three POTS lines in and Comcast projected 6 months to install a city block away from Ford Field and 100 yards from a known working drop. (and now they are going to stop service in Detroit). Thankfully 123.net was able to get the customer up, working on time and budget.
Related articles
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.
Category: Uncategorized |
Tags: 123.net, 2015, AT&T, Bedrock, Comcast, Corktown, Dan Gilbert, Data center, Detroit, Fiber, Gigabit, Michigan, Networking, Quicken Loans, Rock Ventures, T
Anthem Data Breach Allows Phish of US Cyber Forces
– Updated 10/25/2018 – Anthem, Inc. has agreed to pay a $16 million HIPAA fine to the U.S. Department of Health and Human Service, Office for Civil Rights. The OCR found that the data breach between December 2, 2014, and January 27, 2015, cyber-attackers stole the electronic protected health information of almost 79 million people. The stolen information in the data breach included names, social security numbers, medical identification numbers, addresses, dates of birth, email addresses, and employment information.
The $16 million settlement is the largest HIPAA settlement.
—
Many online believe that the Anthem (ANTM) hack was a strategic cyber-war strike by China. Stu Sjouwerman at CyberheistNews writes that PII thefts would normally be a Russian operation. However, the Anthem data breach appears to be a Chinese attack. CNN reports that Chinese hackers tend to target trade, economic, and national security secrets that could help the Chinese economy. Mr. Sjouwerman says he received an insider tip that most of the three-letter U.S. Government agencies have their employees insured through Anthem’s Blue Cross Blue Shield. Anthem also provided health insurance defense contractors Northrop Grumman and Boeing.
Knowbe4’s Sjouwerman speculates that the Chinese now own the identities of all the people fighting them. The stolen data can now be used in a multitude of social engineering scenarios. Dmitri Alperovitch, co-founder of security firm CrowdStrike told CNN that the attack fit the profile of a hacking group believed to be Chinese government spies called “Deep Panda.”
The objective of the “Deep Panda” data breach according to the CrowdStrike CTO is to amass a large collection of Americans’ personal information to find citizens willing to spy for the Chinese and find potential U.S. spies operating in China. Mr. Alperovitch told CNN that’s why Chinese hackers broke into U.S. federal employee network last year. They also broke at least three hospital chains and two insurance providers the public hasn’t yet heard about.
Knowbe4 speculates that many people in the Government have steam coming out of their ears about the Anthem hack. Cyberwar has suddenly become very personal to them. This may be why President Obama recently signed an executive order that will nudge private companies to share data about cybersecurity threats between each other and with the federal government.
Apart from the cost of the Anthem data breach are likely to smash $100 million barrier, it’s surprising that Anthem did not encrypt SSN’s which allowed wholesale identity theft of thousands of American cyber-warriors.
CEO Sjouwerman explains that hackers are going after healthcare records because they are much more valuable. He points out that healthcare records stay active for several months after a hack, as opposed to credit card numbers which quickly get nixed after a few days. Since Anthem is a healthcare company, you would expect them to take HIPAA compliance to the max and even top the required controls with higher standards. As we all know, compliance does not equal security, but it establishes a baseline at the very least.
rb-
There is enough blame to go around.
Time to go back to a cash society and barter.
Say, Doc Johnson, I’ll trade you two chickens for measles vaccination.
Related articles
- China’s Secret Strategy Exposed (freebeacon.com)
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.
Category: Uncategorized |
Tags: 2015, Anthem, Blue Cross and Blue Shield, Boeing, China, Cyberwarfare, Deep Panda, Encryption, Hacking, HIPAA, Northrop Grumman, PII, Security
Scary PII Numbers
As you may have heard by now, the second-largest health insurer Anthem gave away at least 80 million of their customers’ PII records to hackers. I say at least because these always grow as the experts dig through the wreckage. The WSJ reports the Indianapolis-based insured did not encrypt this data (I covered encryption here and here). That means customers’ social security numbers, phone numbers, and other PII were easy targets for Chinese hackers according to CNBC.
Anthem is just the latest. There are even larger targets out there. The Business Insider published some pretty scary numbers. BI reports that somehow the biggest tech companies have done a great job at convincing people that their services for sending/receiving payments and purchasing goods are trustworthy and worthwhile. The article estimates that Apple has somewhere around a billion iTunes accounts (with plenty of PII and credit cards) on file.
This chart from BI Intelligence, Apple (AAPL) is nearing a billion iTunes accounts on file, and that number is likely to surge immensely. Customers in China can now link their UnionPay payment cards to their Apple IDs: For context, UnionPay is the largest card network in the world with more cards in circulation than Visa and MasterCard combined.
Amazon (AMZN) has approx. 300 million payment cards on file while PayPal has around 200 million payment cards on record.
A second BI article indicates that based on leaked Uber data charted analyzed by BI Intelligence, the ride-sharing firm has well over 12 million payment cards on file. Their closest competitor Hailo has 4.4 million payment cards on file.
rb-
You have been warned. The next mega data breach could come from a tech firm like Apple or Amazon.
The WSJ article argues that companies can use many techniques to secure their data, but those things slow companies down, sometimes to a degree they find unacceptable.
I think most victims of identity theft or credit fraud find that unacceptable.
Related articles
- Why Tim Cook Would Build an Apple Car (technewsworld.com)
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.
25% of Employees Access Past Employers Work Docs
More than 25% of file-sharing service users report still having access to work documents from their previous employer, according to a “Rogue Cloud in Business” survey of 2,000 U.S. adults by Harris Interactive for Egnyte, an enterprise file-sharing platform provider.
According to FierceITSecurity, the survey highlights the security risks uncontrolled file-sharing practices pose to the work place from these practices are obvious. An Egnyte presser claims The survey results illustrate a major exposure for today’s businesses when it comes to the transfer and storage of data through unapproved and insecure cloud-only file-sharing services.
The new survey uncovers deep issues around the rogue usage of consumer-based cloud services and illustrates the need for IT to deploy a secure enterprise-grade solution that meets the file-sharing needs of employees while protecting sensitive business data from the risks associated with insecure file sharing through the cloud
The survey found that:
51% agree that collaborating on file-sharing services (such as Dropbox and YouSendIt) is secure for work documents;- 46% agree that it would be easy to take sensitive business documents to another employer;
- 41% agree that they could easily transfer business-sensitive data outside the company using a file-sharing service;
- 38% have used file-sharing services have transferred sensitive files on an unapproved file-sharing service to someone else at least once; 10% have done it 6 or more times;
- 31% agree that they would share large documents that are too big for email through a file-sharing service without checking with their IT departments;
- 27% of file-share service users report still having access to documents from that previous employer.
Another report from Workshare paints a grimmer picture for those of us tasked with protecting a firm’s intellectual property. The report titled “Workforce Mobilization” shows the true extent to which mobile users are willing to bypass IT policies and use unsanctioned applications to share large files and collaborate on documents outside of the office.
- 72% of workers are using free file-sharing services without authorization from their IT departments.
- 62% of knowledge workers use their personal devices for work.
- 69% of these workers also use free file sharing services to collaborate and access shared documents.
- At companies with fewer than 500 employees only 24% of employees using authorized file sharing solutions.
Robert Hamilton, director of information risk management at Symantec (SYMC) in Mountain View, CA also told FierceCIO a continued threat to the company’s data comes from employees who feel like they live in a “finder’s keepers” environment.
Not encouraging
The results of the survey report, entitled “What’s Yours Is Mine,” were not encouraging to IT security professionals and IT management. According to the Symantec survey of employees:
68% of their company doesn’t take proper steps to protect sensitive work information;- 56% do not believe it is a crime to use a competitor’s trade secrets;
- 40% download work files to personal devices;
- 40% plan to use old company information in a new job role.
Symantec’s Hamilton told FierceCIO:
Employees are taking increasing amounts of data outside the company, and most people do not believe using corporate data for themselves is wrong … The attitude is that ownership lies with the person that created it, not with the company that employs them.
rb-
All three of these firms sell products they claim that can stop a firm’s intellectual property from leaking out through public file-sharing services. But before you engage any firm, some basic steps should be taken.
- Develop a technology acceptable use policy.
- Include public file-sharing services in the AUP.
- Incorporate the AUP in the staff handbook, and make sure staff sign it before they are given network access.
- Train staff on the risks associated with using public file sharing services for sharing corporate documents. Risks include HIPAA violations, PII release, Malware, PCI-DSS violations, and Government “Snooping.” Only then –
- Engage a service provider to implement an enterprise-approved alternative to the free file-sharing services.
Symantec Infographic
Related articles
- New Snowden docs reveal Canada spying on millions of internet users | Jan. 29, 2015 (information-machine.blogspot.com)
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.
Category: Uncategorized |
Tags: 2015, Breach, Cloud computing, Consumerization, Data center, Egnyte, File sharing, HIPAA, Intellectual property, Malware, Microsoft, MSFT, PCI-DSS, Security, Spying, Symantec, SYMC, Theft
Windows 7 Reaches Middle Age
Now that you have almost eliminated Microsoft (MSFT) Windows XP from your network and settled on Windows 7 it should be time to catch your breath. But NOOO!! Windows 7 has reached the end of mainstream support. That’s right we are already 5 years into the Windows 7 era. Repeat after me… Windows 7 still has five years left … Windows 7 still has five years left … Windows 7 still has five years left.
M
icrosoft commits to 10 years of security fixes and 5 years of feature enhancements and bug fixes for each major OS release. Windows 7 has moved from mainstream support – free help for everyone – to extended support, which means Microsoft will charge for help with the software. That will end in 2020 when Microsoft turns out the lights on Windows 7 for good.
The recent techno-flops from the boys and girls in Redmond, Vista, and Windows 8 have taught enterprises to plan for a new desktop OS every other release. This puts businesses in a bind. MSFT’s track record prevents forward-looking firms from organically growing their desktop fleet into the next cycle. There are those that argue that until Microsoft separates consumer from commercial desktops, Microsoft commercial customers will continue to skip one or more iterations of Windows, their only real answer to the high costs and disruption of upgrading.
Gregg Keizer
at ComputerWorld cites research from Gartner (IT) which prognosticates that many enterprises cannot change their processes. Many organizations will go through the same machinations they did with XP. Or maybe even balk at dumping Windows 7 at the same pace as the venerable Windows XP, making things worse. Michael Silver of Gartner told ComputerWorld that having a plan could help organizations avoid a repeat of XP’s expensive end-of-support scramble. Gartner believes that the same EOL mad-scramble we saw with XP will occur again when time is up on Windows 7. Mr. Silver claims:
[A repeat of Windows XP] is certainly likely to happen … One of the big differences that’s been under-considered is that because Vista took five years to come out [after XP], there were eight years between XP and Windows 7. So Windows XP felt pretty old. … Windows 7 won’t feel that old to people…”
Mr. Keizer argues that the failure of Windows 8 to win enterprise hearts and minds has created an oddity: Even though Windows 7 has made middle age, Microsoft continues to let OEMs sell PCs running the Windows 7 business edition. Microsoft has yet to name an end date for OEM sales of machines powered by Windows 7 Professional. But because it has promised a 12-month notice, those PCs can still be sold at least until early January 2016, when the OS has but four years of life left.
But if you are just finishing your last migration, then you don’t have all that much time to start planning the next one.
rb-
If you don’t like the Redmond hamster wheel, consider your alternatives. Sophos compares the Windows upgrade schedule to some other options. 10 years might be the best option out there. For example:
- Apple’s (AAPL) OS X is supported for mystery years,
- Apple’s mobile iOS is supported for mystery years (3?)
- Android seems to leave it up to you, but don’t expect Google (GOOG) to commit to securing it.
- Ubuntu LTS is supported for around 5 years, and
- Red Hat Enterprise 13 years (with extended support).
Related articles
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.