Author: Stuart Crawford

Sign In With Apple…Should You Use It?

Apple recently reported that its new “Sign in with Apple” feature will be part of the iOS 13 release in the fall of 2019. It promises to protect your privacy, and authentication experts say it could have an enormous impact on data privacy.

What Is Sign In With Apple?

With Sign In With Apple, you’ll be able to log into your applications. It offers a single-sign-on functionality, much like other sign-in buttons such as Facebook’s, Google’s and Twitter’s.

What Are The Benefits Of Using Apple’s Sign In?

When you sign onto apps, Apple will mask your personal information and email address. But the application will still be able to contact you.

Unlike with Google, Facebook and Twitter, your email won’t be passed on to the developer. You can opt not to allow this, but you won’t be able to use their sign-in service. If you do choose to let Google, Facebook or Twitter track your email, they will also be able to see the applications you use.

Aaron Peck from Oauth explains:

“The way most “sign in with [blank]” systems work is that the app you’re signing in to will get your username on that service and likely also your email address,” he explained. “These apps can sell your email address to advertisers, or correlate your activity between unrelated applications by matching your username.”

Apple solved this problem with its single-use anonymous email address. You’ll be able to share the information you choose with the application. Apple creates a random, anonymous, single-use email address for each application. Apple then forwards emails sent to that address on to you. You have the option of deactivating the single-use email address whenever you want.

By using Sign in with Apple and the single-use email address, your true email address won’t be tracked. Apple is offering this to provide a more private option for use. And they are offering developers a way to provide a fast one-step login without forwarding their user’s data to another company. Apple’s button will also work on websites.

Can You Use Apple’s Sign In With Any Application?

No… only applications that integrate their systems with Apple’s Sign In button. Some may opt not to because they won’t be about to use your information for marketing purposes.

What Phones Can Use iOS 13 & Sign In with Apple?

These are the devices that will be able to use iOS 13:

• iPhone XS
• iPhone XS Max
• iPhone XR
• iPhone X
• iPhone 8
• iPhone 8 Plus
• iPhone 7
• iPhone 7 Plus
• iPhone 6s
• iPhone 6s Plus
• iPhone SE
• iPod touch (7th generation)

Is There Anything Else To Consider When Using Sign in with Apple?

If you are a developer, there may be. There are some concerns surrounding Apple’s terms and conditions for application developers. If they offer Google, Facebook or Twitter’s sign in, they must also offer Sign in with Apple.

And there’s more. According to Reuters:

Apple will expect developers to place their login button above Google’s or Facebook’s.

Apple Inc will ask developers to position a new “Sign on with Apple” button in iPhone and iPad apps above rival buttons from Alphabet Inc’s Google and Facebook Inc, according to design guidelines released this week.

The move to give Apple prime placement is significant because users often select the default or top option on apps […]

Apple’s suggestion to developers to place its login button above rival buttons is part of its “Human Interface Guidelines,” which are not formal requirements to pass App Store review. But many developers believe that following them is the surest way to gain approval.

This means that some app developers won’t have an incentive to actually add the Sign in with Apple feature. But Apple is getting around this by mandating that if developers what to place their app in the Apple App Store, and they already offer a third-party sign in, they must offer Apple’s.

Apple’s terms and conditions don’t require this for applications with a dedicated login system, and those that don’t use third-party buttons from Google or Facebook.

What’s The Benefit For Apple?

Sign in with Apple will improve users’ privacy and provide a far better experience than others.

Will LaSala, director of security services and security evangelist at OneSpan, tells us more:

Apple is going one step further than traditional single sign-on, they are forcing their users to use stronger authentication, such as Apple’s FaceID and TouchID,” he said, noting that Sign in with Apple will ask mobile app users to use the biometrics functions.

The use of adaptive authentication is what should be celebrated – the ability to prevent login tracking or protect a user’s information is a secondary benefit. Any way that we can get users to move to adaptive authentication that is easy and portable across many sites and platforms is a security win for the internet.

Apple is positioning themselves as the privacy provider. So when we want more privacy, Apple hopes we’ll choose to use their technology. It’s a great marketing strategy…something that Apple excels at. We think many people will want to use Sign in with Apple due to its privacy features.

If you’re a CEO — whether your company is big or small, new or old, successful or working on it— there’s no doubt certain problems do a great job of keeping you up at night.

These are the challenges you just can’t seem to master. They plague you day-to-day, quarter-to-quarter, year-to-year. Yet try as you might, there seems to be no getting around them.

The good news is, yours are likely the same problems that all CEOs face. In other words, you’re in good company.

Below, we take a look at a few of these common CEO challenges and offer up some useful tips for tackling them once and for all.

Top Challenges CEOs Face

#1 – “How do I hire the best talent (and keep them motivated)?”

Attracting the best employees is certainly a leading cause of concern among CEOs. As a CEO, your team is the engine that drives your business. You may be the “ideas man” or “ideas woman,” but you need great talent to bring your concepts to life.

The Solution: Top employees can definitely hard to find, but it’s important to take your time. Quality hiring is doable if you know where to look, what to look for, and how to entice the right people.

First, make sure you’re clear about your job descriptions. Don’t be wishy-washy with prospective candidates.

Next, know where to look. Job fairs, sites like LinkedIn, and open job searches are good places to start. Still, you should always thoroughly review applications and prescreen candidates with a tight checklist before narrowing your best options.

Be thorough about checking your candidates’ references, backgrounds (job and education history), and experience. After you’ve made a short list, hold in-person interviews to get a feel for each candidate’s interest level and how they behave.

Lastly, when you find the right candidate, make sure you have a stellar hiring package ready to show them. Make it one they won’t be able to say no to. Budget restraints are certainly a challenge here, so if your resources are tight, find ways to promise pay and benefit increases with improved performance and company success. This shows your investment in your company — and in your employees as members of the larger company family.

#2 – “How do I retain my talent?”

Keeping employees motivated is certainly essential for extending and prolonging the flow of unique, creative ideas and hard work. Still, if you’re not taking care of your employees in other basic ways, some of them will walk away. Of course, this won’t necessarily be because they want to … they simply might have to.

The Solution: To ensure a consistent, long-lasting team of the best talent in your industry, you have two jobs:

1. Find ways to keep your employees motivated to do well.

2. Reward them for their hard work.

Many CEOs have trouble grasping the fact that their best employees won’t necessarily hang around just for the love of the work. This is often because, as CEOs, they’ve turned over their own life over to their business.

But remember that your employees — no matter how similarly passionate they are about your company — have lives of their own. Many have mouths to feed at home, student loans to pay, and second mortgages on their homes. If you’re not providing for them (as you said you would when you hired them) and incentivizing them to continue doing amazing work … you can probably expect their two weeks’ notice sometime soon.

In order to motivate employees, you’ve got to have a great idea that’s worth working for. Of course, it helps if you’ve hired a team that’s passionate about the same things you are.

Team-building is another great way to keep employees motivated. Organized company events, fun incentive programs, a comfortable work space, and opportunities for self-development within your company are key.

# 3 – “How do I make my product (or service) stand out?”

Yes, your company solves “problem A” … but so do six other companies. What you have to decide upon and sell is how you solve your problem better than anyone else.

Easier said than done, right?

The Solution: For the most part, the key answer here is creativity. Unfortunately, whether you like it or not, there are a lot of creatives out there doing awesome work. You’re probably creative too. But you have to be more creative than your competitors.

The good news is you have some options.

If you know for sure that your company is just like another company, for example, look for ways to differentiate by:

• Unique branding
• Varied size, shape, or level-of-service options
• Amazing discounts and sales
• Bonuses for loyal customers
• World-class customer service
• Added, unique features
• Exceptional marketing *

* This is key. By investing in your marketing strategies, you’re tinkering with the first thing potential customers and clients will see — and that’s the right place to begin.

It’s true, if you can get someone to your website to read about your unique product features or see your amazing discounts, you might be able to turn them on to your product or service. But if you can “have them at hello,” you’re going to see a much higher and more immediate rate of success. Smart marketing will also give you one of the highest returns on your investments.

Generally speaking, all CEOs will face the above challenges at one time or another. The key to overcoming them is two-fold: First, try to anticipate whatever key issues you’ll have before they become serious dilemmas. Second, using the advice above, don’t be afraid to face these issues head-on. When something doesn’t work, don’t give up — simply try a new tack.

Are You One Of Many Affected By The LabCorp Data Breach?

Financial & Personal Information of 7.7 Million Exposed

Just yesterday we wrote about the Quest Diagnostics’ breach affecting nearly 12 million. Today we’re writing to tell you about a LabCorp breach affecting 7.7 million people. Both of these breaches were caused by a third-party; the American Medical Collection Agency (AMCA). AMCA provides billing collection services to both LabCorp and Quest Diagnostics.

AMCA has informed LabCorp that it is in the process of sending notices to approximately 200,000 LabCorp consumers whose credit card or bank account information may have been accessed. AMCA has not yet provided LabCorp with a list of the affected LabCorp consumers or more specific information about them.

In a filing with the U.S. Securities and Exchange Commission, LabCorp said the breach happened between August 1, 2018, and March 30, 2019.

A section of the filing reads:

“AMCA’s affected system also included credit card or bank account information that was provided by the consumer to AMCA for those who sought to pay their balance. LabCorp provided no ordered test, laboratory results, or diagnostic information to AMCA. AMCA has advised LabCorp that Social Security Numbers and insurance identification information are not stored or maintained for LabCorp consumers.”

The information included in the breached system includes:

• Bank account information,
• Credit card information,
• First and last name,
• Date of birth,
• Address and phone,
• Date of service and provider, and
• Balance information.

Forensic experts are investigating the breach. It’s possible that the AMCA breach could impact other companies and millions of more consumers.

What Should You Do?

Anyone who was affected by the data breach should freeze their credit report to prevent criminals from opening credit card accounts in their name. They should also be concerned that their Social Security numbers were exposed.

If you believe that your information has been leaked, you can contact LabCorp customer service on their contact page.

For today’s tech blog we’ll tackle a topic that’s become much more visible over the last couple years. What are tracking cookies? How do they get on your devices? Can they harm your devices? We’ll answer these three questions in this post.

What Are Cookies?

Tracking cookies are a specific type of cookie, so we first need to define cookies (the non-baked-good variety). In the digital world, the term cookie describes a text file saved onto your device that contains information specific to you, the user. Every time you log in to a site and click the “remember me” box, your browser creates a cookie. Just about anything a website “remembers” about you isn’t stored on the website. It’s stored in cookies on your device. The next time you visit the website, it sees the cookie on your device and picks up where it left off.

What Are Tracking Cookies?

Tracking cookies take this concept much further. A site that uses tracking cookies will store marketing data on you. They may keep track of things like which links or stories you clicked on and especially which advertisements you clicked on.

Why do they do this? For data and advertising. Advertisers pay by the click, so websites are motivated to get you clicking on their advertisements. Remembering what you clicked last time enables a site to serve a more relevant ad to you this time. For example, if you clicked on a car advertisement last time and ignored one for beer, you’re fairly likely to do the same this time. The site will then serve up a car ad rather than a beer one.

Some firms take tracking cookies even further. Google, for example, serves ads on millions of sites. It has the ability to track your browsing and even shopping history across a wide range of sites. Google and others use this kind of information to retarget ads to you all across the internet.

How Do They Get On Your Devices?

Tracking cookies get loaded on your devices through the natural process of browsing the web. There’s no real way to stop them from loading, either. In the past few years, an initiative called Do Not Track was supposed to limit tracking cookies, but it hasn’t worked. Apple is even removing support for the feature and looking for other options.

Can They Harm Your Devices?

The good news here is that tracking cookies won’t harm your devices. That said, if you dislike them, you can get rid of them. You can delete all cookies manually in your browser’s settings, though this deletes the helpful ones (like “remember me”) along with the nuisance ones. The NAI Consumer Opt-Out can also limit tracking cookies for your accounts.

On May 17, 2019, security firm Tenable announced that one of its researchers, David Wells, had discovered a Slack bug affecting Slack’s Windows desktop client. The bug affects version 3.3.7 of the Slack desktop app, which was just last week the most current version. Read on to learn more about this bug: how it was discovered, what it can do, and how to protect yourself.

Discovery and Reporting

Wells discovered the Slack vulnerability and reported it via HackerOne’s bug bounty program. This program allows white hat hackers to receive financial compensation for disclosing previously unknown vulnerabilities so that companies can address them before serious damage is done.

Under the terms of this program, the bug was not disclosed publicly until Slack had the opportunity to release a fix. Slack has since released that fix, but the segment of its 10 million active users that haven’t yet updated may remain vulnerable.

What the Bug Can Do

Wells discovered that slack’s protocol handler, “slack://”, can do quite a bit. It even has the ability to modify sensitive application settings. Attackers could abuse this protocol by creating a “slack://” link that reroutes the user’s download location. The powerful “slack://” protocol even allowed rerouting to an attacker-owned location.

The result of that action would be that files downloaded from Slack would actually be saved to the attacker’s server. The attacker would even be able to modify those files before the reviewer had a chance to open them.

The attack can also be hidden fairly well. Slack’s “Attachment” feature allows users to change the text that displays with a hyperlink, meaning the malicious link could be disguised as “Account Report 004.docx” or any number of realistic-looking files.

Lastly, an attacker with sufficient skill could inject malware into an Office file (like a Word document or Excel spreadsheet) using this exploit. This is a real danger, because Office files are tossed around as attachments all the time. Office warns users that downloaded files can be unsafe, but users will nearly always ignore this warning when they think they’ve downloaded a document from a trusted colleague.

The Danger Level

A bad actor gaining access to all downloaded documents isn’t good, of course, but how dangerous is this bug, actually? Tenable reports that it has scores 5.5 on the CVSSv2 scale, which is a medium score. We see two reasons the bug doesn’t score higher.

One, exploiting this vulnerability requires user involvement. If you don’t click the link, the attacker gets nothing.

Two, exploiting this vulnerability in a convincing way requires compromising the credentials of a Slack group member. It’s difficult if not impossible to send a message to just anyone using Slack. You have to first be a member of the same channel. This means that this exploit is more or less limited to disgruntled channel members and attackers who’ve hacked or stolen a channel member’s credentials.

How to Protect Yourself

The good news on this vulnerability is that Slack has already patched it. All you need to do to protect yourself and your organization is ensure that anyone using Slack for Windows has updated to version 3.4.0 or later. You can check yours by looking at the “About” window in the program. If you don’t have the access needed to update your application, contact IT right away.

IT Administrators looking to update a Microsoft Install deployment should check out these instructions provided by the Slack team.

More Good News: No Real-World Impact, Yet

There’s more good news about this bug and associated exploit. Because Tenable reported the bug to Slack through HackerOne, Slack was able to address the vulnerability before it became publicly known. According to the company’s reporting on its own research, they find no evidence that the vulnerability has been exploited in the real world yet.

Conclusion

Exploits like these are discovered every day. Are you protected? If you’re not sure, give us a call. We stay up to date and we keep our clients safe.

With the adoption of technology in the personal and commercial spheres ramping up to breakneck speed, the need for clear objectives for key business personnel like CMOs has never been greater. CMOs need to know what their responsibilities are. It may seem like a question with an obvious answer, but the reality of tech and business has made the answer much less clear than it once was. It can be argued that the role of the CMO has changed dramatically in recent years, far more than it has changed at any time since CMOs first came into existence. Marketing and tech are now inextricably interwoven and are unlikely to separate anytime in the foreseeable future.

Given the importance of tech in marketing and the necessity to make marketing efforts successful for the growth and maintenance of business, CMOs must be included in the decision-making process related to digital technology. When it comes to anything to do with marketing and customer engagement, including tech decisions, the CMO needs to be consulted. What tech a business uses, how it uses it and what changes need to be made—all of these choices should be made with the input of the CMO in today’s modern business.

Marketing and Tech—Ways Businesses are Investing in Technology

Saying that spending on marketing-related technology is increasing is an understatement at this point in time. In fact, the 1% of business spending that is common for marketing technology in the past few years is expected to grow to 10% by 2025. That is a huge increase, one that gives a clear indication of why key marketing decision makers, CMOs to be specific, are going to be much more involved in making tech decisions in the coming years. Some of the areas that are primary focuses for business spending today include:

CRM

CRM or customer relationship management software is drawing heavy investment from a wide range of industries because it offers an efficient way to manage and analyze the data produced from customer interactions. A single interaction might not tell a business too much about its overall market, but a thousand interactions do begin to paint a picture. When so many interactions are added up over the years, the potential for gaining important insights into how customers behave and react to the activities of a business is huge. CRM is an area where CMOs and CIOs can come together to learn an incredible amount of information about their market.

Digital Marketing

Marketing used to fall under the category of creative work much more than it did technical work, but modern tech has greatly blurred those boundaries. Marketing teams are engaging with consumers through a variety of digital platforms—with more and more platforms popping up regularly. Keeping up with the digital marketing options and what tools are effective at any given moment is a significant task, one that requires ongoing investment from businesses. Digital marketing is only expected to take a bigger piece of the marketing budget pie in the coming years. CMOs are the leaders of marketing for their perspective businesses. They certainly need the help of CIOs to implement their ideas, but in the end, it is the CMOs who are best equipped to choose a path forward in the marketing arena for businesses.

Marketing Automation

All the digital marketing opportunities available quickly create situations where human marketing teams cannot keep up with all the tasks on their plate. Marketing automation offers tools to automate many of the basic tasks that are required for businesses to keep their customers engaged and satisfied with their experiences. Automation can reach out to share new offerings from businesses, as well as react to actions performed by customers as they reach out to companies. Automated chat options on company websites are one example of how automation has grown increasingly prevalent and essentially required for businesses that want to stay on top of all the expectations that consumers have.

CMO Responsibilities for Digital Tech Decisions

Once it becomes clear how much marketing and technology are combined in today’s business environment, it becomes obvious that the role of the CMO must include participating in tech decisions. CMOs do not necessarily always have to be the leader in the decisions a company makes regarding its technology, but in most instances, they should be included in the decision-making process.

There are a few ways to determine if a tech decision requires the CMO, including:

• Does it involve marketing? If the technology decision in question has anything to do with company branding, consumer interaction, or other marketing focus, the CMO most definitely needs to be involved.
• Does it involve customer interaction? The marketing team specializes in creating and developing customer relationships. If the technology involves customer relationship management, the CMO needs to be involved.

There are technology decisions that may not need the input of the CMO, or at least they do not require the CMO to lead the way. For example, deciding which servers are best for the company does not involve marketing. It is clearly a hard tech decision, which is more appropriate for the CIO.

Ideally, CMOs and CIOs should be working together to make tech decisions for the company. The more they can work together and contribute their expertise, the better the company will be able to navigate the complex future of businesses and technology.