Your Medical Device May Be A Computer. Treat It Like One!

Medical Device Security

We all know about Food and Drug Administration (FDA) food recalls. Remember the ban on romaine lettuce from Arizona? That was finally tracked down to a contaminated irrigation pipe. Quite a bit of tainted lettuce was eaten or discarded before that happened.

Medical Device Security

The FDA is in charge of more than just food. It also regulates and recalls medical devices. It is little appreciated that many medical devices nowadays either are essentially computers or contain subassemblies that are computers. So, they have all the issues that computers do: bugs, hardware failures, and cybersecurity risks.

What Are Some Examples of Medical Device Error?

Some medical devices, like bone screws, get recalled because they break before their intended end-of-life. Or because their sterile packaging does not protect them until the product’s expiration date. There are many others like this.

With medical devices involving computers, the reasons for recall are countless. Below are just a few:

  • One recall was due to a device that was intended to generate radiation for cancer treatment giving too high a dose without warning.
  • Another included anesthesia carts that go into failure mode and shut off the flow of anesthetics and oxygen unexpectedly.
  • Still another, automated blood testing equipment, was giving false results.
  • IV infusion pumps were giving the wrong dose or shutting off unexpectedly.
  • Implantable insulin pumps were delivering the wrong dosage.

Any of these could have results that are fatal.

Why Is Security An Issue?

Many medical devices are part of the “internet of things” (IoT) and communicate with each other or medical records systems via wires or wireless technology. Unfortunately, this means they are potentially “hackable.”

An intruder could say, cause an anesthesia cart to stop delivering an oxygen/anesthetic mixture and deliver only the anesthetic gas. This could kill the patient, while at the same time displaying results on the monitor that would indicate to the anesthesiologist that there was nothing wrong.

An implantable insulin pump could be wirelessly told to deliver a fatal overdose of insulin. Any device that is connected to a medical records system could be hacked to deliver false data. The possibilities are literally endless. And they are scary.

What Is the FDA Doing About Safety and Security?

The FDA has a plan in place to dramatically improve its current surveillance of medical device problems. Obviously, this will involve a lot of infrastructure and database development and will involve all the usual privacy and security issues.

The FDA has in place a system of post-marketing surveillance that is designed to provide early warnings when problems arise in medical devices. Of course, there will be a wide learning curve. Checking the incoming data for indications of device problems is potentially an ideal application for artificial intelligence (AI).

The FDA has also issued guidance on cybersecurity to manufacturers of medical devices. That advice will strike cybersecurity experts as behind the curve:

  • Give different users different levels of authority
  • Require strong passwords
  • Make sure users are notified of software and firmware patches
  • Many similar recommendations

So far, none of them address one of the most fundamental security flaws that repeatedly show up in software: elevation of privilege. Once a hacker has control of processes in the operating system (and even the most primitive devices have analogues of them), the hacker can create a Super-user who has control of the entire system and can bypass any security measures that are in place.

The software industry as a whole has no solution to this, because the concept of user privilege is fundamental to almost any operating system. The only way around it is to have “locked down” systems in which changes can be made only by the physical replacement of a chip. But that defeats all the advantages of the IoT and connectivity in general.

Medical Devices For Consumers: What’s Good Enough?

Medical device makers whose target market is medical professionals have focused on “more” –more accuracy, more graphics, better resolution, more connectivity, and so on – all of which translates into more expense.

With an increasing focus on costs in healthcare and with more devices aimed at consumers, the market will begin to ask, “What is good enough?”

Consumer-oriented blood glucose meters for diabetics are not as accurate as those designed for use in hospitals –but they are faster, far easier to use, and the newest designs do not require a fingerstick. Instead, they are read from a sensor stuck to the skin. Some newer hearing aids can be adjusted with a smartphone app, sparing the patient a visit to the audiologist.

The Holy Grail of consumer-focused medical devices might be this: an implantable device that will capture data on all critical physiological parameters and transmit warnings to the patient’s physician when something is out of line, or, in a real emergency, summon an ambulance. Smartphones can already broadcast locations to emergency medical services, adding the capability to transmit the patient’s physiological data.

This means that paramedics would arrive knowing what is wrong (heart attack, trouble breathing, severe blood loss) rather than having to assess the situation from a standstill. Of course, if the machine malfunctions or is hacked, it could send the wrong data to paramedics. Those dangers do exist and are very real. The hope for medical professionals is that we will find solutions to these problems so that medical devices can be counted on for accuracy and are oblivious to hackers.

Before we get to that place, we will need to find ways to ensure that our systems and medical devices are much more secure than they are at present, or we will widen the possibilities for disasters.

What Are PhishPoint Attacks And How Can I Best Protect Against Them?

PhishPoint Attacks

What’s PhishPoint?

Phishing attacks are attempts to get e-mail recipients to provide sensitive information that can be used by the sender, generally presented as the authority of some account or business. They request that recipients provide information that could be misused for some type of illegal practical gain of the sender. An example of this would be a fake email from PayPal requesting that the reader verify their bank information to address some kind of update or security risk. These phony requests will result in the fraudulent use of the user’s info.

PhishPoint Attacks

SharePoint or PhishPoint attacks are a specific kind of phishing attack that involves SharePoint users being targeted by hackers using malware to misuse information, or otherwise induce undesirable consequences to unsuspecting and vulnerable users. PhishPoint attacks are not unique in that they still involve the basic attempts of hackers to deceive the consumer. They are designed to make someone believe that the sender is a representative of a viable organization. They pretend to be approaching the consumer for valid and honest reasons. They are intended to seem genuine.

PhishPoint attacks target SharePoint users and OneDrive accounts in an attempt to get vital personal information from the user. If the recipient clicks on the bad link, they open the door to malicious software or malware that steals the user’s information. The user’s system is infiltrated through malicious HTML and URLs that can steal banking information or spread malware as described.

Victims of this form of attack may also experience an impersonation of a standard access request to business documents stored within OneDrive accounts. These may then be stolen through hacking codes. Sometimes access is made possible through a fake Office 365 login redirection.

What Are Examples Of Vulnerabilities And Demands?

Illegal logins have been reported through this form of attack in increasing numbers in recent times, as hackers continue to find new ways to penetrate the best security efforts at Microsoft. Secant Technologies explained that business documents used in OneDrive should be protected by a combination of software and general best practices in addressing third-party or spam email requests. Users should be skeptical of redirections to login screens that have any unusual or seemingly unofficial characteristics. It takes a keen eye to spot them.

Although firewalls and antivirus software may fully recognize and detect phishing scams, they are simply not enough to stop phishing scams from being successful. A new report shows that users are the weak link when it comes to internet security. A careless employee may click on an email attachment that downloads a destructive virus or ransomware. This will cause chaos in any organization. Eventually, companies pay out thousands of dollars to cyber thieves.

Cloud or email security can do little to eliminate phishing scams; it takes educating users on what to look for. While senders should be able to recognize spam or otherwise unofficial emails, they simply get busy and don’t pay enough attention.

PhishPoint campaigns of this nature may be detected and blocked within a matter of days or even hours, but any transmission of sensitive information during this time can still result in major consequences to individual users or the entire organization that they represent.

According to Security Affairs, approximately 10% of office users were affected by attempts to induce a PhishPoint attack within the two weeks of observation included in their assessment. This showed the extent that hackers are able to reach out to users in mass campaigns. While security developments such as ATP and Safe Links have been improved to reduce vulnerabilities, the basic nature of these attacks makes them dangerous. Many aspects of general security are left up to the individual user.

Office 365 currently involves yearly subscriptions with packages that can be upgraded to include ATP, Safe Links, and other security features. These will reduce vulnerabilities and increase security to avoid many forms of hacking, but cannot eliminate all forms of attack.

Office 365 security measures currently are capable of scanning links or URLs included in HTML code or the bodies of emails. They attempt to match recognized threats that have been added to blacklists, but they cannot prevent users from carelessly clicking on a malicious link.

Using baseStriker attack techniques, malicious links can be disguised. This technology is able to split a URL so that security software does not detect it as being malicious.

According to Avanan, hackers have been increasingly taking advantage of SharePoint files in phishing campaigns. Advanced security such as ATP and Safe Links can be beneficial but other layers of security protection are recommended. Office 365 contains excellent online security protection, but ccybercriminals consistently search for ways to bypass it.

Secant Technologies provides more information regarding common practices and recommendations for overall safety or protection from phishing campaigns.

What’s The Bottom Line? What Should My Business Do?

  • Learn more about the basic nature of phishing campaigns and protection.
  • Use email addresses with the best protection.
  • Install the strong protection features and update or upgrade as is determined most beneficial.
  • Regularly train employees on how to spot phony emails and phishing campaigns.
  • Hire IT consultants to audit your network and computing resources and recommend improvements.

 

What Are the Legal Impacts of California’s Potential Privacy Policy?

California Privacy Laws

California is known for being on the cutting edge of most things, and consumer privacy is one of them. Scheduled to take effect in 2020, the California Consumer Privacy Act gives consumers broader control over how their personal information is used. This was developed in part due to ongoing security breaches that have recently escalated. The new privacy laws in California include disclosures to consumers about how their personal information is collected, stored, transmitted, and shared. The new laws also outline the sharing and selling of certain information without the individuals’ knowledge or consent.

California Privacy Laws

After massive data breaches, such as the Experian beach, consumers were rightfully angry. As outrage grew, it became apparent that changes needed to be made. Private citizens deserved protection. The industry fought back, as the implementation of new privacy regulations was seen as a hardship to companies. This was why the law was delayed. It allowed a period for businesses to organize and develop policies and procedures that would ensure they were compliant by the deadline. Few outside the legal community and the California business community understand what the California Consumer Privacy Policy is, and how it may affect them.

What Does the Law Cover?

There are several aspects that fall under the category of one’s personal information. Many people would immediately realize that their name, address, and phone number would be among those items. They would also think of their social security number, driver’s license, and/or state identification number.

With a bit more consideration, they might realize personal information includes commercial information like records of their personal property. It covers biometric information, which includes fingerprints retinal scans, and DNA. Under the new law, it also covers things like your Internet use and browsing activity history.

Protected aspects even include more obscure personal information like the sound of your voice and thermal information. How this is to be implemented, and even what one’s thermal information specifically is, will be defined by the Attorney General.

What Rights Are Provided to Individuals?

When the new law takes effect, there are several privacy rights that will be guaranteed to the citizens of California of which they had been hitherto deprived. For example, in many companies, it is commonplace to collect the personal data, often relating to consumer purchase patterns, and sell that information to other companies. Under the new law, the consumer has the right to opt out of having their information used in that way. The primary rights provided by California Consumer Privacy Policy are the following:

  • The right to transparency of who is collecting their personal information and with whom they are sharing it.
  • The right to demand the information.
  • The right to have the information deleted.

In many cases, if a company fails to comply, the consumer has the right to bring a lawsuit. This is something that was not available to consumers before.

How Will This Affect Businesses?

When first conceived, there were many industry concerns as to how this would affect their ability to actually conduct their businesses. These were primarily raised by smaller companies. To relieve their anxieties, and reduce their disapproval, several modifications were installed. These ensure that larger California businesses receive the brunt of the impact.

There were three “thresholds” that are included. If any one of these three are met, the law applies and the company has to comply to data collection regulations:

  • The company has an annual gross income that is over $25 million.
  • The company annually buys or receives (for business purposes) the information of 50,000 or more consumers, whether personally or from their household devices, i.e., online use.
  • The company receives more than 50-percent of their annual revenue from selling personal information.

If any one of those thresholds is met, even by small companies, the business is subject to the law. Additionally, it impacts companies that are not actually based in California, but meet one of those thresholds while doing business in the state.

Will California Lead the Way to Privacy Policy Changes?

There is speculation that, since California often leads the way in policy changes, perhaps other states will begin to implement their own progressive privacy laws. Although it is unlikely to occur right away, an increasing number of areas may begin to see its merits for consumers. They will also note the minimal, if any, impact it has on most companies.

Additionally, as more states develop their own new set of standards, there is likely to be a push for unification. Federal guidelines emulating California’s privacy policy may be put into effect. This would make compliance, especially among companies with interests in multiple states, much easier to achieve.

In Conclusion

Currently, California businesses are required to at least have a privacy policy that includes data collection and information regulations. They must also maintain reasonable security for the personal information of consumers. These include efforts to avoid breaches, but requirements to notify individuals of breaches within a certain length of time when social security numbers, banking, and credit card information have been stolen by cyber thieves.

The new law will clarify, expand, and enhance these regulations. Perhaps, in time, these safeguards will be in place throughout the United States. Until then, it’s important for all individuals to do their best to protect their private information from cyber criminals.

How Can Instagram Accounts Be Hacked?

Instagram Hacked

What Is Instagram And How Is It Vulnerable?

Instagram Hacked

Instagram is a recently created social media site that allows users to share images and videos. It is owned by the same soul that owns Facebook, Mark Zuckerberg. Originally created in the partnership of Kevin Systrom and Mike Krieger, and officially launched in 2010, it first appeared on iOS before its increasing popularity brought it to Android in 2012 and Windows in 2016. Its features include editing filters, messaging, location display, tag browsing in searchers, content ‘liking,’ and trend viewing.

Last year, the service reported that they had 800 million users, only five years after being purchased by Facebook. Bought for $1 billion, 40 billion people all over the world have been uploading images for years. While it is generally considered a beneficial and popular social media app, the software has been targeted by critics for several reasons:

  • Changes to interface features and use policy
  • The nature of censorship used
  • The ability for users to upload content that’s illegal or inappropriate.

Many aspects of the service are potentially vulnerable. Users have reported that their passwords were hacked. Google searches currently display websites instructing users how to hack passwords in the first few pages of search results. Hacked accounts can potentially lead to a wide range of problems, which may include social inappropriateness, crime, businesses negatively impacted, and more.

What Examples Are There Of Recent Account Hack Risks?

Security professionals believe that Instagram account users should better understand the specific security risks related to the use of this software. Many people sign up each day with no understanding of the various ways hackers can get into their account and use it for personal gain. Of course, Instagram advises users to create strong passwords. This is the first and most important step to prevent hackers from getting into your Instagram account.

Below are a few tips on creating strong passwords:

This: 378jsoTTkm84 NOT This: password1234

The password on the right would be cracked by hackers in less than one second. Here’s a website where you can check the strength of your passwords to see if they are good enough to fool hackers.

Guess how long it would take to Bruteforce the password on the left? 33 centuries (Quite a long time). Below are a few more to try in the password checker:

Account123: This password would be bruteforced in 21 minutes.

Home1234: 5 minutes

Car2233: 20 hours (better)

Many people use their own name or their pet’s name with a series of numbers after it. These are usually very easy to crack as well.

Charles1234: 3 minutes to crack

Rover2323: 46 minutes (woof-woof!)

Carol3434: 4 minutes

Spot8888: 18 minutes

Two-Step Authentication

Two-step authentication is one of the best and simplest ways to provide your account with the high level of security it requires. You can go a step further and use biometric authentication. This solution uses your fingerprint and/or photo of your iris as a password to your account. New ways to protect users from hackers are constantly being created.

Getting Lock Out

Some users have been locked out of their accounts when hackers took control of them. This can be scary and infuriating. The Sun reported on an ‘epidemic’ hacking of Instagram that occurred when hackers in Russia took over many popular accounts, then changed the names and photos. Some users reported that it took them weeks to get their accounts back. They said that Instagram wasn’t very helpful so they had to do a lot of the work themselves.

Despite improvements in security, hackers have increasingly been able to break into all types of software programs, social media platforms, email accounts, and even company databases There seems to be nowhere that hackers can’t go if they want to. They apparently have the tools, resources and backing to focus all their efforts on hacking day in and day out.

Some of these hackers are sponsored by big governments like China and Russia. These countries have realized how much money there is in hacking and they seem to have no conscience about committing this crime. One good ransomware attack against your company could net thieves $30,000 or $40,000. Most people will pay the ransom to get their files back, though this doesn’t always ensure that you will.

Instagram Security Improves

Instagram security has been improving in a number of ways. They are now being upfront in the media about the hacking experiences their customers are enduring. They have stated that they will continue to dedicate themselves to addressing all reports of hacks. With each one, they will:

  • Record all the details of what happened
  • Examine the relevant security aspects
  • Get the customer’s account restored as quickly as possible
  • Improve the relevant software through updates
  • Make or suggest any other improvements that could prevent the breach from occurring again

Mashable Gets Hacked Too

In a recent article, Mashable explained that some of their users were having the same experiences as those on Instagram. Hackers would break in, change the name on the account, change the photos and pretty much just take it over. Even contact information and profile image were changed, leaving account holders to scratch their heads. It’s a story being told more and more often.

“It’s embarrassing and frustrating to feel so vulnerable,” said one Mashable patron.

How Could My Account Be Hacked And What Resources Exist For Security?

Users should be aware that accounts can be hacked by:

  • A forgotten password hack
  • Coding
  • Phishing
  • CheatDroid
  • A range of third-party applications

Conclusion

UGTechMag is a good source of online guides and tips available to help protect users. It’s best for Instagram users to learn all they can about how to keep their account secure. Today, it takes a proactive approach. All over the world, hackers are working non-stop to find ways to hack into your computer, your network, your social media accounts, your email … whatever they can do to find personal information about you and use this to exploit you – that’s what they’ll do. That puts each of us in the position of having to remain vigilant and proactive. We must each do everything possible to protect ourselves from cyber thieves.

 

Microsoft Files Patent Application for Eyewear that Measures Blood Pressure

blood pressure

Why are Tech Giants Diving into the Health Care Business?

blood pressure

In a report by Christian Holz and Edward Wang of Microsoft Research, the researchers revealed that Microsoft is creating eyeglasses that measure blood pressure. What Microsoft is calling Glabella, the glasses are equipped with optical sensors hidden inside the frame. These sensors can recurrently measure pulse waves at three different locations on the face. By gauging the time and rate between these three areas and the heart, it can determine the user’s blood pressure. Concurrently, the eyewear can be used as an activity tracker as it also collects information on the individual’s physical activity.

Tech Giants Clamoring to Enter the HealthCare World

Microsoft’s newest eyeglass patent arrives on the heels of its rivals. Apple, Google, Amazon, and Samsung have also filed patents for products in the area of healthcare technology. Google has already filed a patent for eyeglasses that monitor heart rate and Apple recently filed a patent application for a monitoring cuff that measures blood pressure. Samsung’s forthcoming new Galaxy Watch is rumored to be able to calculate your heart rate by using polarized light that can identify the amount of the scattered light.

Amazon is working on a new partnership with JPMorgan Chase and Warren Buffett. Apple is building state-of-the-art medical clinics. Google’s umbrella company Alphabet, is entering the Medicaid market with plans to serve low-income urban residents covered by Medicaid and Medicare. Also, studies show that more and more people are opting out of emergency ambulance service in favor of Uber taking them to the hospital.

Why Are these Tech Giants Making Big Health Care Moves?

Why are the most proven and forward-thinking companies in the field of technology deciding that healthcare should be their next big move? With technology rapidly advancing, these tech titans are noticing a health care system full of administrative ineptitudes, out of control prices, and frustrated customers. To the movers and shakers in Silicon Valley, they see this as a huge opportunity to enter the complex world of health care and make it better.

The Pros and Cons of Tech Businesses in the Healthcare Field

Is health care similar to other areas of the economy that Silicon Valley currently manages? Health care is one-sixth of the American economy, and it is currently managed by a scrambled assortment of manufacturers, providers, administrators, payers, and patients. The complex, murky, and massive healthcare industry has many vested players. They aren’t going to stand idly by and allow Silicon Valley to unseat them.

Also, health care operates in a highly regulatory environment with its complex interactions between patients, health providers, and insurers. For example, Amazon has taken interest in online pharmacies. Look at the complexity of entering the pharmacy world:

  • The Food and Drug Administration regulates drugs.
  • Health insurers try to rein in their drug costs.
  • Drug manufacturers set their own list prices.
  • Pharmacy managers coordinate deals between health insurers and drug manufacturers.
  • Consumers are trying to traverse through all this complexity and get their medications at the lowest prices.

In contrast, the benefits of the tech giants’ entrance into the healthcare industry cannot be overstated. Electronic medical records, mobile phones, and health assisting apps have slowly received widespread implementation by the healthcare world. The conglomeration of the two worlds has been at play for several years now. And yet, health care is still incredibly timid in its use of information and consumer technologies.

With the huge amount of money at stake in health care, the tech world’s disruption of this industry could be just what the doctor ordered. Imagine companies like Microsoft adding their knowledge, expertise, organizational skills, operational know-how, and other advantages to the healthcare industry. Patients will receive much better care at a fraction of the cost.

Can They Just Get Along?

Whenever the new kid shows up on the block, there is always fear, mistrust, and jealousy that is felt throughout the neighborhood. In order for tech companies to succeed in the healthcare market, they will ultimately need to forge relationships with professionals who are deeply rooted in this tangled system.

But when push comes to shove, they both can learn from each other. Case in point: Microsoft’s Glabella, which will try to replace the traditional cuff monitor with eyeglasses for tracking blood pressure. The sensors on this new product have only been shown to be accurate for taking the systolic pressure. For optimum accuracy, blood pressure should be measured by taking both systolic pressure and diastolic pressure.

According to the CDC: “The first number, called systolic blood pressure, measures the pressure in your blood vessels when your heart beats. The second number, called diastolic blood pressure, measures the pressure in your blood vessels when your heart rests between beats.”

While systolic pressure is commonly recognized to be more important than diastolic pressure, both readings are important. Systolic pressure is better at assessing your risk of having a stroke or heart attack. Diastolic pressure shows whether or not the heart is relaxing enough and can help doctors prevent future cardiovascular problems in a patient.

As Microsoft’s prototype medical device evolves, developing a way to measure both systolic and diastolic pressure is a perfect example of why the tech and healthcare people need to find common ground in the modern world.

Wrap Up

Consumers in general will benefit greatly from the excellence that companies like Google, Apple, and Microsoft can bring to the healthcare industry. And, most people will agree that this is one area that has not been well-organized for many years. Pharmaceutical companies are well-known for suddenly raising the price of drugs to ten times what they were for no apparent reason. With these tech giants in control, prices should be reasonable. They should stabilize. Care should be improved as well. And with wearable healthcare devices, people will be able to better monitor their health.

In the end, consumers will be the real winners here. For too many years, the healthcare industry has loomed out of control and missed opportunities to provide better care for patients. Their bottom line has always been profit over patient care. With these tech giants now pushing forward, we can expect all that to change.

Tropical Storm Gordon Update

Are You Ready For Tropical Storm Gordon?

Gordon made landfall over the southern tip of the Florida Peninsula on Monday, September 3rd.

It’s now predicted to make its 2nd landfall as a Category 1 Hurricane over the central Gulf Coast from Louisiana to Mississippi late today (Sept 4th).

Are you ready for the storm?

(Courtesy of Fox News)

Tropical Storm Gordon is continuing to gain strength this morning and is expected to become a hurricane by the time it hits the central U.S. Gulf Coast, including coastal Mississippi.

Voluntary evacuation orders have been issued for parts of Louisiana for residents in areas outside the levee protection system.

We’re looking a 3 to 5-foot storm surge along the coasts. And the Weather Channel is predicting 75 mph winds on the Alabama and Mississippi borders. They also warn that there will be flooding inland, so even if you’re away from the coast, you should still make plans to protect your property. That means your business technology.

Here’s What You Should Do Now:

  1. Make sure all of your computer equipment is off the floor, in case of flooding.
  2. Back up all of your critical data in case your computers fail.
  3. Unplug all of your computers when you leave the office.
  4. Make sure everyone reviews your disaster plan in case you need to put it into action.
  5. Keep backup copies of your important documents, such as insurance documents and vendor contact information. Take them to an area that won’t be affected by flooding or high winds.

According to FEMA you should also take these precautions NOW:

(ELEVATE, WATERPROOF, AND CLEAR DEBRIS Your goal now, before a flood occurs, is to reduce the risk of damage to structures from flooding.

  • This means elevating critical utilities, such as electrical panels, switches, sockets, wiring, appliances, and heating systems, and waterproofing basements. In areas with repetitive flooding, consider elevating the entire structure.
  • Make sure that basements are waterproofed and that your sump pump is working and then install a battery-operated backup in case of a power failure. Installing a water alarm will also let you know if water is accumulating in your basement.
  • Clear debris from gutters and downspouts. Anchor any fuel tanks. Move furniture, valuables, and important documents to a safe place.
  • Know your evacuation routes; plan your transportation and a place to stay. The safest way to survive a flood is to evacuate the area if advised to leave. To ensure that you will be able to act quickly should the need arise, you need to plan ahead. – Know your community’s local flood evacuation plan and identify several escape routes for your location if roads are blocked; include plans to evacuate people with disabilities and others with access and functional needs, pets, service animals, and livestock.
  • If you will evacuate by car, keep your car fueled and in good condition. Keep emergency supplies and a change of clothes in your car.
  • If you will need to share transportation, make arrangements now.
  • If you will need to use public transportation, including paratransit, contact your local government emergency management agency to ask how an evacuation will work, how you will get current information during an evacuation, the location of staging areas, and other information.
  • If you need to relocate for an extended period of time, identify a place away from home now where you could go if you had to leave. Consider family or friends who live outside of the local area.
  • If you expect to go to a shelter after evacuating, download the American Red Cross Shelter Finder app. This app displays open American Red Cross shelters and provides the capacity and current population of each shelter. Visit https://www.redcross.org/get-help/disaster-relief-and-recovery-services/find-an-open-shelter.html You can also text SHELTER + your ZIP code to 43362 (4FEMA) to find the nearest shelter in your area.
  • If you have pets and plan to go to a shelter, call to inquire whether the shelter can accommodate your pets. Shelters will accept service animals.

Imminent Flooding Action Plan (Courtesy of Interstate Restoration)

If you are in an area where flooding or flash flooding has been an afterthought, and are suddenly facing the possibility of a flood, or you simply haven’t prepared, your top priority should be the safety of customers and employees. Here are some key steps to protecting people and your business:

  • Pay attention—In addition to listening to local weather alerts, keep an eye out in your area for signs of trouble.
  • Don’t wait to move or act—If there is a chance of flash flooding that could impact your business or leave people trapped in your business, heed official advice for evacuations or other measures and carefully consider the best evacuation routes. Remember as little as six inches of fast-moving water can sweep a person away, and two feet of running water can move a vehicle.
  • If you have time, grab key documents and information—Hopefully, you have backups of key insurance and business information at another safe site. If not, and the circumstances allow, try to get your most important documents and information to a safe place.

Be safe everyone. Remember, we’re here to help with the restoration of your technology if you need it.

Happy Labor Day

Labor Day

Happy Labor Day (Labour Day – International Workers Day –  May Day)!

You’ve worked hard all summer. This Labor Day before going back to work and back to school, take some time to relax and enjoy one more backyard barbeque, one more trip to the beach, one more night sleeping under the stars, one more bonfire, and create one perfect summer memory.  After all, you’ve earned it!

When Is Labor Day Celebrated Around The World?  

In both Canada and the United States, Labor Day is celebrated on the first Monday in September. It’s to honor the achievements of American and Canadian workers. In Australia, it’s celebrated on different days according to which state/territory you’re in.

For some countries around the world, it’s connected to International Workers’ Day that’s celebrated every May 1st.  And yet for others, it’s celebrated on different dates that hold a unique significance for their labor movement. Over 80 countries around the world celebrate International Workers’ Day on May 1st.

The History Of Labor Day In The U.S.

Labor Day

The first national Labor Day was held in 1885. The late 1800s was in the height of the Industrial Revolution in the U.S. At this time, the average laborer worked 12 hours a day, 7 days a week.  Plus, children ages 5 and above worked in factories, mills and even in mines.

On May 11, 1894, laborers in Chicago working at the Pullman Palace Car Company went on strike. They were protesting wage cuts and the firing of union representatives. Because of the massive unrest, it caused, and to repair relations with American workers, Congress made Labor Day a legal holiday.

As the story goes (no one is really sure) Peter J. McGuire, general secretary of the Brotherhood of Carpenters and Joiners and a co-founder of the American Federation of Labor, suggested we honor our workers.

But some believe that Matthew Maguire, a machinist, was the founder of Labor Day. He was also the secretary of Local 344 of the International Association of Machinists in Paterson, N.J., and it’s said that in 1882 he proposed we have a holiday to celebrate the work our laborers do.  At this time he was serving as secretary of the Central Labor Union in New York.

The History Of Labour Day In Canada

In 1872 the Toronto Trades Assembly organized Canada’s first demonstration for worker’s rights. It was held to promote the release of 24 leaders of the Toronto Typographical Union who were imprisoned due to a strike they held for a nine-hour working day. Trade unions were illegal at this time.

There was such an uprising of support that the house of Canada’s first prime minister, Sir John Macdonald promised to repeal all Canadian laws against trade unions. This led to the Canadian Labour Congress in 1883.

In 1894, Labour Day which had been celebrated in the spring, was changed to the fall to be held on the same day as the U.S. The celebration of workers’ rights continues, and many Canadians take the day to relax, take a late summer trip or get together with family and friends at picnics, fairs, and festivals.

Labour Day In Australia

Labour Day in Australia is held to honor the granting of the 8-hour working day and to recognize the contributions of workers to the country’s economy. Before then, the workday was 12 hours and people worked 6 days a week.

In Australia, Labour Day varies between its different states and territories.

  • In New South Wales and South Australia, Labour Day is celebrated on the first Monday in October.
  • In Tasmania and Victoria, it’s recognized on the second Monday in March. (Tasmania calls it the Eight Hours Day).
  • Western Australia celebrates Labour Day on the first Monday in March.
  • Queensland and the Northern Territory celebrate it on the first Monday in May, and they call it May Day.
  • On Christmas Island, they celebrate it on the fourth Monday in March.

Labour Day Is Called May Day In The United Kingdom

May Day is a bank holiday in the UK and coincides with Labour Day. It’s also known as Labour Day.  It’s commemorated on the first day of May each year.

May Day goes as far back as the Gaelic festival Beltane.  In Britain, communities celebrate May Day with village gatherings where folks erect a maypole with ribbons attached that children and adults hold onto while dancing.

A competition is typically held to name one of the girls the May Queen in honor of the Roman goddess Flora. The winner then dresses in a white gown and a crown of flowers is placed on her head.  Then, she leads the others in a May Day parade.

Labor Day/Labour Day/ May Day/ International Workers Day

Labor Day, Labour Day, May Day or International Workers’ Day, it’s a public holiday for all to enjoy.  Whatever you call it, Labor Day constitutes an annual national tribute to the contributions workers have made to the prosperity of our countries.  So, take the time to celebrate.  You work hard, and you deserve a nice long weekend!

Happy Labour Day Everyone!

Happy Labour Day

Happy Labour Day (Labor Day – International Workers Day –  May Day)!

You’ve worked hard all summer. This Labor Day before going back to work and back to school, take some time to relax and enjoy one more backyard barbeque, one more trip to the beach, one more night sleeping under the stars, one more bonfire, and create one perfect summer memory.  After all, you’ve earned it!

When Is Labour Day Celebrated Around The World?  

In both Canada and the United States, Labour Day is celebrated on the first Monday in September. It’s to honor the achievements of American and Canadian workers. In Australia, it’s celebrated on different days according to which state/territory you’re in.

For some countries around the world, it’s connected to International Workers’ Day that’s celebrated every May 1st.  And yet for others, it’s celebrated on different dates that hold a unique significance for their labor movement. Over 80 countries around the world celebrate International Workers’ Day on May 1st.

The History Of Labour Day In Canada

In 1872 the Toronto Trades Assembly organized Canada’s first demonstration for worker’s rights. It was held to promote the release of 24 leaders of the Toronto Typographical Union who were imprisoned due to a strike they held for a nine-hour working day. Trade unions were illegal at this time.

Happy Labour Day

There was such an uprising of support that the house of Canada’s first prime minister, Sir John Macdonald promised to repeal all Canadian laws against trade unions. This led to the Canadian Labour Congress in 1883.

In 1894, Labour Day which had been celebrated in the spring, was changed to the fall to be held on the same day as the U.S. The celebration of workers’ rights continues, and many Canadians take the day to relax, take a late summer trip or get together with family and friends at picnics, fairs, and festivals.

The History Of Labor Day In The U.S.

 

The first national Labor Day was held in 1885. The late 1800s was in the height of the Industrial Revolution in the U.S. At this time, the average laborer worked 12 hours a day, 7 days a week.  Plus, children ages 5 and above worked in factories, mills and even in mines.

On May 11, 1894, laborers in Chicago working at the Pullman Palace Car Company went on strike. They were protesting wage cuts and the firing of union representatives. Because of the massive unrest, it caused, and to repair relations with American workers, Congress made Labor Day a legal holiday.

As the story goes (no one is really sure) Peter J. McGuire, general secretary of the Brotherhood of Carpenters and Joiners and a co-founder of the American Federation of Labor, suggested we honor our workers.

But some believe that Matthew Maguire, a machinist, was the founder of Labor Day. He was also the secretary of Local 344 of the International Association of Machinists in Paterson, N.J., and it’s said that in 1882 he proposed we have a holiday to celebrate the work our laborers do.  At this time he was serving as secretary of the Central Labor Union in New York.

Labour Day In Australia

Labour Day in Australia is held to honor the granting of the 8-hour working day and to recognize the contributions of workers to the country’s economy. Before then, the workday was 12 hours and people worked 6 days a week.

In Australia, Labour Day varies between its different states and territories.

  • In New South Wales and South Australia, Labour Day is celebrated on the first Monday in October.
  • In Tasmania and Victoria, it’s recognized on the second Monday in March. (Tasmania calls it the Eight Hours Day).
  • Western Australia celebrates Labour Day on the first Monday in March.
  • Queensland and the Northern Territory celebrate it on the first Monday in May, and they call it May Day.
  • On Christmas Island, they celebrate it on the fourth Monday in March.

Labour Day Is Called May Day In The United Kingdom

May Day is a bank holiday in the UK and coincides with Labour Day. It’s also known as Labour Day.  It’s commemorated on the first day of May each year.

May Day goes as far back as the Gaelic festival Beltane.  In Britain, communities celebrate May Day with village gatherings where folks erect a maypole with ribbons attached that children and adults hold onto while dancing.

A competition is typically held to name one of the girls the May Queen in honor of the Roman goddess Flora. The winner then dresses in a white gown and a crown of flowers is placed on her head.  Then, she leads the others in a May Day parade.

Labor Day/Labour Day/ May Day/ International Workers Day

Labor Day, Labour Day, May Day or International Workers’ Day, it’s a public holiday for all to enjoy.  Whatever you call it, Labor Day constitutes an annual national tribute to the contributions workers have made to the prosperity of our countries.  So, take the time to celebrate.  You work hard, and you deserve a nice long weekend!

How Can ATP And Safe Links Help Me Prevent Hacker Attacks?

Microsoft ATP

What Are ATP and Safe Links?

ATP is a form of security feature developed by Microsoft for Office 365, an acronym for its Advanced Threat Protection software package that users are able to purchase for improved security features within the program. They are recommended by Microsoft for business use, claiming to help organizations better secure their operations through the providence of programming that verifies the websites used in emails and document files created through the software within its packages.

Microsoft ATP

After the upgrade to Office 365 is purchased and installed, users working as administrators can create a custom ATP policy that affects website recognition and email security features across the entirety of the network. Additionally, security reports can be reviewed to show sources of attempted violations, potentially identifying internal vulnerabilities or violators in addition to providing some groundwork for ongoing security developments and improvements.

The security feature has been increasingly used in businesses since the final business quarter of last year, and now is considered a viable benefit in addition to email account securities. According to Microsoft, businesses should consider whether the software is a worthwhile investment, while users may wish to combine the investment with Gmail accounts to avoid vulnerabilities to BaseStriker approaches to email phishing.

How Can ATP and Safe Links Help Against Cyberattacks?

Microsoft has developed a number of improvements to ATP in an attempt to increase the security of their customers’ accounts. Following their initial development and release for sale, the software has been upgraded several times. As of last year, Safe Links were added to ATP to relate to URLs for the ProPlus documents of Office 365, including those that are connected to Excel, PowerPoint, Visio, Word, and Office apps available on iOS and Android.

In March of this year, Safe Links were improved to be used to address security vulnerabilities involved in emails sent by business employees and users. To better address security violations and potential hacking from all sources, Microsoft has applied numerous patches and upgrades.

As this threat had not been considered sufficiently addressed through previous versions, new upgrades would be considered beneficial to users and organizations. Safe Links were further improved for application in commonly used Office 365 programs for their online versions, better protecting online users of Word, Excel, PowerPoint, and OneNote.

The software was further updated to better protect Mac-based ProPlus users. In May of this year, ATP developments have been upgraded as well to give more consideration to color schemes, email details, and site links. While ATP is included in extended Office 365 subscriptions, such as the Enterprise E5, Business, and Education A5 subscription packages, it is not offered to basic users. Microsoft currently recommends that users reaffirm the effectiveness of their purchased ATP Safe Link protection through the maintenance and examination of the latest threat reports possible through ATP, as well as updated Safe Links policies. These explain the extent that the features apply to hyperlinks in messages and files.

While Safe Links are considered a useful and practical improvement, they have security vulnerabilities that should be addressed. They are regarded as a fundamental step in protecting against phishing, but are not considered all-encompassing. Outlook email accounts can experience better protection against phishing vulnerabilities when various security programs are combined.

Avanan recognizes Gmail as being the best choice for use in combination with ATP and Safe Links, although this may change in the future as both security and the nature of remaining vulnerabilities change in line with phishing developments.

What Is baseStriker?

BaseStriker is an example of a phishing approach that currently can bypass even the more advanced ATP and Safe Link developments. It involves the use of an additional tag that the security features of Microsoft alone currently cannot detect. This has led to the recommendation that organizations use Gmail rather than Outlook to safeguard against this aspect as well.

Avanan also recommends that users give consideration to the potential for Safe Links to be bypassed with misdirected IP traffic. In addition, they may have the capacity to be bypassed with obfuscated URLs, and the inability to perceive where email links go.

According to findings at Vanderbilt University and through program use, one of the biggest criticisms of Safe Links is that they create false senses of security. Users may believe they are protected against certain phishing and cyber threats when they are not. Therefore, businesses that fail to use other recommended precautions can actually increase their vulnerability. In the end, Microsoft Office 365 security is better than many other similar programs available.

What’s The Bottom Line?

ATP and Safe Links can:

  • Protect users from harmful links recommended in emails
  • Check Microsoft’s database for blacklisting and exclusion demands upon clicks
  • Redirect users to safety

ATP and Safe Links do not, however:

  • Provide a universal solution to phishing
  • Protect against BaseStriker or base-tag HTML disguise attempts
  • Reduce the overall demand for common practice phishing security recommendations

Education: Digital Literacy and Access Are No Longer Optional

Computers Classrooms

The debate about whether or not tech should be in schools has largely been put aside, technophobes and Waldorf School Curricula notwithstanding. In its place, education stakeholders must sort out the edtech baggage of privacy concerns, equity & accessibility, protecting children from harmful materials and misuse of technology, and how best to develop and implement effective education technology integration strategies.

Computers Classrooms

At the heart of this matter is what’s best for the nation’s children.

The Department of Education’s Office of Educational Technology published Reimagining The Role of Technology in Education: 2017 National Education Technology Plan Update gives an overview of the current state of edtech in the US and offers recommendations for educators. The report spends a lot of pages discussing the problem of, and possible solutions for, lack of access to hi-speed internet for low-income or rural students.

The “Homework Gap”

The authors note that poor and also rural students face obstacles that will certainly put them at a disadvantage vis-a-vis affluent students with reliable service. To be cut off from the internet is to be cut off from the world. Those students without access to reliable hi-speed internet access slip into a “homework gap.” They fall behind due to a lack of resources at home. This comes on top of the other disadvantages of relative poverty.

Acknowledging the persistent encroachment of computers and other tech in classrooms is relatively easy; finding effective, efficient ways to synthesize traditional and modern lessons is hard.

Go With What You Know

One way to dip your toe in the tech pool is to use tech that’s already familiar to you. For instance, every teacher who is part of the public education system and mainstream society has sent an email. Start there! ELA instructors can have units on electronic communication etiquette and formatting, even including resume writing as part of the lesson for either a general composition or business communications class. It’s information that students genuinely need, and requires computers to teach it. Voíla! A computer-based, engaging learning activity is born.

Single Sign-on

Issue computer profiles to students, staff, and faculty alike so that once individuals sign on they will have access to all of their password-protected software and resources.

Tech Training For Teachers

Ongoing updates in edtech and regular training will help keep everyone on the same page, so edtech must take a prominent place during Professional Development in-service time. However, taking time for self-education throughout the year by interacting on sites like Edshelf.com can enhance lesson planning with inspiring results.

BYOT/BYOD Problems And Suggested Policy Strategies

A host of issues flood in with students using their own personal devices to complete work in school. While no educator should be held liable for the activities of minors at home on their personal devices, the picture gets fuzzier in the classroom.

Computers in Schools

Bring your own Technology and Bring your own Device (BYOT or BYOD) offers breathing room to cash-strapped school districts, with the trade-off being the slight headache BYOD brings on. BYOD raises the following issues:

Potential Barriers To Interoperability

Personal devices come with personal tastes, in multiple platforms and operating systems. Naturally, they’re not always going to be compatible. If a lesson calls for students to work from their digital devices to participate, look for apps or software that works across multiple platforms – for instance, Microsoft Word is now available on the iPad.

When sharing is desired, students with compatible devices can be put into groups together. Additionally, when developing a BYOD policy, districts may put limits on the types and brands of acceptable devices in order to minimize incompatibility issues. For instance, the policy could specify that any Chromebook made after 2017 is acceptable, and offer Chromebooks for use by students who do not wish to purchase one.

Accessibility and Equity. Any time that students bring in devices from home, the differences between the haves and have-nots push to the surface. Again, allowing only a narrow range of devices in the classroom per the official BYOD policy can mitigate this effect.

Computers As A Means To Closing The Equity And Accessibility Gap

Technology can increase equity and accessibility of learning by allowing access to databases and tools previously out of reach for those in rural areas, poorer sections of cities, and lower income areas in general. For example, offering Chromebooks or tablets to all students as a default, with BYOD as an alternative, gives students without the family resources to purchase computers or maintain hi-speed internet service, a way out that giving devices only to students “in need” does not. More importantly, the difficulties raised by the aforementioned Office of Educational Technology report are completely resolved if students have access to devices that include broadband internet service.

In her article “The Homework Gap,” Clare Mclaughlin discusses the conflict that comes up when tech innovation runs up against the brick wall of funding restraints:

“This past year, Qualcomm teamed up with AT&T and Samsung to run a pilot program at Alvin Dunn that provided the school’s sixth-graders with tablets connected via AT&T LTE mobile broadband service.  More than half of the sixth-grade class does not have wireless access at home. With these connected devices, they no longer have to arrive at school 45 minutes early to finish an online assignment or stay later to get through some online reading.”

Indeed, hi-speed internet has moved from a luxury to a real necessity as other information centers presuppose individuals’ possession of it. Not having it now is the equivalent of NOT having a computer in the mid-late 90s. Yes, teachers still accepted hand-written papers or offered more lab time to students without them, but the students who had access to the computer at home were clearly able to plan out the assignment more easily, do more work in less time, and not have the additional emotional stress of having their family’s finances once again interfering with their learning. The same is true of hi-speed internet service. Lack of reliable, consistent access to the internet acts as a barrier to learning and a mechanism of social isolation. Since many services and utilities now run or partially rely on an internet connection, the Department of Education points to 100% coverage in every area for every student as a goal to reach by the end of the decade.

Parental Consent

With all of these great opportunities available in educational Technology, students easily run the risk of having their data compromised or being exposed to harmful material. To protect themselves from liability, software developers may require that students first have their parents give consent via parental email to use software – sort of like confirming a link before being able to receive newsletters from a blogger. In order to save some time and headaches, instructors can draft general letters of authorization for parents to sign. Schools can keep these authorizations on file and submit them in lieu of individual parental consent emails being sent whenever a new app is used. Not all developers will accept this.

Computers (And Apps) Are The Way Of The World

If educators cannot teach students how to get along in an increasingly digital age, then they will, by and large, limp along. Students need guidance in order to understand how to manage the overwhelming amount and type of information, and teachers must be the guides.  We let go of slates, and someday, we may likewise do away with paper assignments.

A Moral Imperative

Computers are taking over and there’s no turning back. To behave as though the analog world is not passing away into the past jeopardizes the future employment of our students. As the Office of Educational Technology urges, districts must find ways to provide digital access to all students regardless of their location or socioeconomic status. In order for the nation as a whole to compete, and in the interest of parity, the educational community must adjust.