Ulistic Projects Blog

In 2016, Uber suffered a data breach that exposed the personal information (names, email addresses, and phone numbers) of 57 million users. In the same breach, some 600,000 driver’s license numbers of Uber drivers were exposed.

So, What Was The Response?

The Federal government and state governments have laws protecting data privacy. Most of them require rapid reporting of data breaches to both the governments and the individuals whose data was exposed. Instead of following the laws, Uber decided to bury the bodies. With a careless indifference toward the rules and regulations that Uber has shown previously, the company got caught in a most unusual manner this time.

In this data breach, hackers first proved to Uber that they had stolen their data, then they demanded $100,000 not to reveal it. That’s a new twist for cyber-thieves.

How Did The Hackers Get The Data?

GitHub is a site where programmers and systems architects publish code and other information, both to store it privately and to show it off to others. The hackers got into the private side of Github and obtained user credentials of the Uber development team. Once they had those, they had free run of Uber’s systems.

What Did Uber Do?

Rather than reporting the breach as required, Uber’s Chief of Security paid the bounty of $100,000, got the hackers to sign a non-disclosure agreement, and disguised the $100,000 payout as a bug bounty on Uber’s internal records. The affected individuals were not contacted. The whole incident was covered up (hopefully).

Uber was already under investigation by the Federal Trade Commission (FTC) for failure to protect consumer information. In the course of that investigation, the 2016 hack was uncovered. The first settlement where Uber confessed to failing to protect customer and driver information was dated August 2017.

Then in November, Uber’s new CEO disclosed the massive breach. At that time, Uber had agreed to pay reparations to exposed individuals and various states to the tune of $148 million. One state attorney general called Uber’s behavior “Just inexcusable.”

Uber agreed to follow relevant laws in the future and hired outside counsel and an outside data firm to assess its security practices and safety measures. The results of those efforts have not been disclosed.

It was also learned that Uber paid the hackers to delete their copy of the data. That potentially violates a law that forbids companies from destroying any evidence in cases of cybercrime. Uber eventually fired their chief of security and several others.

It is the nature of the beast that Uber could not, in fact, confirm that the hackers had deleted every copy of the data. They could have, for example, made another copy and sold it on the Dark Web. Cyber Thieves are not known for their honesty. So, Uber’s efforts to conceal the breach and repair the damages may have been overshadowed from the start.

What Are The Lessons We Can All Learn From This?

Ever since the resignation of Richard Nixon in 1974, the phrase, “It’s not the crime, it’s the cover-up” has been well-known and understood.

The home décor and cooking guru Martha Stewart was convicted and imprisoned, not for a stock transaction that was, in fact, legal, but for lying to the FBI about it. Aside from their general legal and public relations futility, cover-ups usually do not succeed. Somebody leaks, or (as happened in this case), law enforcement stumbles across the cover-up while investigating something else.

When an incident like this happens, companies need to proceed on the assumption that the cover-up will be, at best, a temporary patch on a continuing problem.

What else can be learned from this?

Another lesson is that things that are supposed to remain private may not. The hackers were able to penetrate a supposedly private area of Github. In addition, the database they stole was on a third-party server, not one directly managed by Uber.

Even though the credentials stolen from GitHub were valid for the third-party server, had something like two-factor authentication been in place, the hackers would not have been able to access the server even though they had the proper credentials. There is more than enough blame to go around here. And, of course, the data on the third-party server was not encrypted.

Funding Hackers Is Not A Good Idea

In addition to everything else that was wrong in Uber’s response, the company wound up, in effect, rewarding the hackers with additional funding, enabling them to hack even more victims. Cybersecurity experts agree that funding hackers, no matter how desperate the situation seems, is never a good idea.

Uber’s response here can be compared to the similar reactions of Experian, a credit reporting agency, to a hack of its database that exposed the data of several hundred million users. First, it concealed the breach, then it denied it every happened, then Experian confessed that it did happen. Finally, they tried to monetize the breach by creating and advertising several “security” products to consumers.

Every move was deceptive and demonstrated just how little Experian cared about the privacy of its users. The lesson from Uber and Experian for the general business community is simple: “Don’t handle breaches the way we handled ours.”

Last year, Markets and Markets Research released a report that revealed that 50% of companies were considering the use of BYOD (bring your own device) policies. IT departments were tasked with developing a policy that allowed employees to use their personal devices without endangering the security, but things seem to have changed. More and more companies are moving toward company-owned devices – but why?

Costs

Most people think it would be cheaper for a company to have employees bring their own devices, but there are some hidden costs involved. One, of course, is the loss of productivity which we’ll discuss more in a moment. Given that BYOD devices can raise the probability of an organization suffering a cyber attack, there are also costs that can be traced directly to the fallout of a data breach. The potential cost of a data breach can easily be calculated using a tool like this one from IBM.

Productivity Issues

When employees bring their own smartphones, tablets, and other devices to work, those devices are going to be a distraction. The temptation for employees to check out social media sites such as Facebook and Instagram or to play games on their phone during working hours are even worse if they are already using their personal device for work-related tasks. While being forced to use a company-owned device isn’t going to eliminate this problem, it will at least reduce the temptation to waste company time. It will also discourage the use of electronic devices to access inappropriate material while at work.

Bad Habits

Employees who are accustomed to using their own phone to access company email are, by force of habit, going to be less likely to be cautious about opening phishing emails or files that could contain malware. If an employee isn’t in the habit of carefully checking out emails before they open them for their personal email on their device, they aren’t suddenly going to become careful about company email they open on the same device. Employees are likely to be more careful with a company-owned device, in part because they don’t want to be blamed for putting the company at risk.

Remote Wiping of Personal Devices

If a device is stolen, there is an extremely high probability that sensitive data will be on that device. One solution that many IT departments depend on for dealing with device theft or breach is a remote wipe. While this is an excellent idea for devices that belong to the company, employees will not like the threat of having their personal device remotely wiped without warning. The loss of personal information such as contacts, pictures, and messages could not only anger the employee involved but lead to potential lawsuits.

Too Much Reliance on Non-IT Employees

When employees are allowed to use their own devices, there is a major shift in responsibility. In most cases, it is simply not possible for IT to ensure that every employee device has the right security measures in place and that they are updated on a regular basis. When employees fail to do this and a breach happens, IT will most likely receive the blame. IT should not be held accountable for risks they cannot reasonably control. Company devices in the hands of those who truly understand cyber dangers are safer as long as they have access to the tools needed to minimize cyber risks.

Cybersecurity Threats

In 2016, researchers discovered that 56% of respondents felt that BYOD was one of the biggest threats to endpoint security for their organization. Another study indicated that 20% of organizations had experienced a breach related to BYOD, which doesn’t bode well for its continued use. One of the major reasons behind companies moving away from BYOD policies is undoubtedly the threat of ccyber attacks A company may have the most bullet-proof BYOD policy possible, but if it cannot be enforced or if employees can find ways to work around compliance, then those BYOD devices become a major threat.

Conclusion

There are pros and cons to both the BYOD approach and the company-owned device approach. Quite a few companies are easing off on their BYOD policies, implementing partial BYOD or eliminating it completely. Reasons behind this change include:

• Costs
• Employee productivity issues
• Employee bad habits
• Physical theft of devices
• Reliance on non-IT personnel to avoid security threats
• Increases in cyber threats as more employee-owned devices are put into use

Add all of these issues to the fact that employees may be annoyed at having to supply their own equipment for work and it is easy to see why many organizations have realized that BYOD is not a good fit for them. Whether the widespread implementation of BYOD continues to grow as predicted remains to be seen.

“Digital transformation” is a term likely circulating around IT departments everywhere. The vast majority of businesses today, no matter how big or small, will likely need to further digitalize their operations in order to keep up with competitive markets and an ever-growing list of digital trends.

There are endless components associated with digital transformation. Late last year, tech company MuleSoft conducted their annual Connectivity benchmark for 2018, which surveyed more than 600 ITDM across a variety of industries. The results shed light on the importance of digital transformation, the issues that stand in the way of these transformations, and what ITDMs (Information Technology Decision Makers) believe to be the future of IT.

According to the survey, the stakes are high. The vast majority of ITDMs surveyed admitted their business’s revenue would be negatively impacted if digital transformation didn’t take place, and soon. Companies simply can’t afford to let their IT operations fall to the wayside.

Digitalizing your business operations is no easy task. Creating an online portal or creating new online processes doesn’t mean you’ve digitalized. You’ve got to have clear goals before you begin this undertaking. More often than not, the top goal of businesses is to streamline their operations to run more efficiently.

Analyzing The Data

The vast majority of ITDMs understand the importance of upgrading their digital enterprises, with only 3% of organizations surveyed revealing they had no intentions of a digital revamp. In fact, approximately three quarters (74%) of those surveyed said they were currently undergoing digital transformation initiatives. Another 23% revealed plans to do so over the next three years.

Establishing Clear Goals

Digital transformations are futile without an end goal. Therefore, in order for ITDM to effectively transform their digital operations, they need to know both what is at stake, and in which ways they’d like a revamp to serve the organization.

Of ITDMs surveyed, more than 83% cited increasing IT’s operational efficiency among their top priorities. Other areas of high importance include improving business efficiency, and introducing new products and faster services. Digital transformations can help enhance a number of aspects of your company, rendering them vital in today’s business landscape.

The MuleSoft survey revealed that ITDMs intend to focus on a few specific initiatives to achieve their IT goals. These include modernizing their legacy apps, integrating SaS apps and investing in mobile apps. Other areas of focus include migrating apps to the cloud and establishing an e-commerce platform.

Enhancing The Customer Experience

One other major goal for businesses undergoing digital transformation is to improve the customer experience. This means improving the customer experience by connecting customer-facing systems. The vast majority, 92% of ITDMs, revealed that forging a connected experience for both customers and employees is a priority for their respective organizations. As of December 2017, only 39% of those surveyed revealed their organizations offered a completely connected user experience. These figures are in line with a previous MuleSoft survey, which found that over half of consumers believe they are receiving a disconnected experience when dealing with businesses like retailers, banks, insurers, and other public services.

Common Roadblocks

IT departments face a number of issues that hinder the potential for successful digital transformation. In addition to time constraints, there are other factors at play, such as misalignment between business and IT, problems within legacy infrastructure and systems, and a lack of resources and budget.

For today’s businesses, there is often a disconnect between what IT professionals must do, versus what their departments can realistically handle. While it’s commonly the responsibility of IT to implement development projects and focus on innovation, much of their workload involves helping the business run. In fact, the survey data shows that 63% of IT departments’ time is spent on business operations, rather than exploring new ways to drive profits through technology.

Integration Issues

Of all the roadblocks between IT departments and their goals, integration seems to be the largest barrier. Nearly 90% of ITDMs revealed challenges with integration, with 81% saying point-to-point integration creates the biggest headaches. Not only is this an issue for efficiency, but it presents financial repercussions, with organizations spending almost one-quarter of their yearly IT budgets on integration.

The Benefits Of APIs

It’s common knowledge in the IT circle that APIs make life easier for developers. They’re also critical for success in today’s digital landscape. Not only do APIs expand a business’s capabilities, but they also make it easier for employees to consume data in a simple, standardized way. According to MuleSoft’s Connectivity survey, organizations have both increased IT-self service and decreased their operational costs by leveraging APIs. And the results can be seen in revenue, as well. More than 35% of ITDMs surveyed through the Connectivity survey revealed that more than one-fourth of their revenue was the result of APIs.

Digital transformations are a fact of life for many businesses today, and if they’re not yet, they soon will be. From managing operations to improving customer and employee experiences, digital transformations are just one-way businesses are further embracing the power of the internet age.

Most homeowners and renters understand the importance of home security. In fact, in today’s world, it’s not uncommon for homeowners to spend hundreds or even thousands of dollars on home protection. But while securing your belongings is considered good common sense, homeowners don’t as often consider the concept of data security. This is understandable, but in reality, it’s just as important to ensure that your data is protected as well.

Unbeknownst to many, your home’s security system and its surrounding technology may even leave you susceptible to a data breach. These have the potential to wreak havoc from a personal data standpoint. Paying close attention to the technology you are using to protect your home can help you avoid the ever-growing risk of a cyber breach.

Here are a few things homeowners can do to keep their networks protected.

Strengthen Your Wireless Security

Securing your wireless router is paramount to effective data security. Your wireless networking security will depend heavily on the health of your router.

One useful tip?

Don’t leave your Wi-Fi on unless it’s necessary. This means that if you and your family are planning a long trip, don’t forget to turn your network off.

Other precautions include disabling your Wi-Fi Protected Setup, or WPS. The WPS is intended to make it easier for those within your household to join the central Wi-Fi network. However, it can also be used by hackers to gain unauthorized access.

Configuring your Wi-Fi’s signal strength is also important. Casting too wide of a net can leave you susceptible to outside hackers. As a security measure, configure it so Wi-Fi is only accessible to those within your home’s area. You can also disable your network’s remote management, and be on the lookout for any unknown devices or connections showing up on your network.

Update Your Software

Keeping your security systems up-to-date is important in ensuring nothing falls through the cracks. Applying updates and patches ensure you are running the most recent technology available for your device.

Your work doesn’t stop at updates, though. Installing an anti-virus solution built to detect, prevent and clear your system of viruses ensures a strong line of defense against hacking. While antivirus solutions won’t protect your system from, say, zero-day exploits, they can be helpful in preventing malware from entering your devices.

Install A Network Firewall

Firewalls are extremely useful in maintaining the security of your systems. This type of solution blocks unauthorized users from acquiring access to your private data. Installing a firewall is a solid step toward keeping your data safe. These can be installed via software, hardware or a unique combination of both.

Back Up Your Data

Computer users understand the frustration that comes with a hardware failure. In the event that this happens to you, it’s best to be prepared. Keeping a solid backup solution will give you peace of mind in the event of an accident. Test your backups thoroughly and regularly by creating dummy files and deleting them, or scheduling a day to unplug and determine how long it takes to get your system up and running. All this can help you form a legit plan of action to help you recover from a hardware failure.

Maintain Strong Encryption

Configuring your router improperly can pave the way for a data breach. You should use the strongest possible encryption methods for your device. Some of these protocols may include Wi-Fi Protected Access 2 (WPA2), Temporary Key Integrity Protocol (TKIP), and Personal Advanced Encryption Standard (AES).

Here are some tips to help you create a strong line of defense against a breach.

Update Your Router Password

It can be tempting to begin using a new router fresh out of the box, but be cautious. While your router has a set password, it may be easy to guess, or worse, printed right on the router itself. Changing your router’s password to something safe and known only by you is necessary if you’re hoping for optimal protection. The same goes for your Network name. While these typically come standard, you’ll want to change yours, though be careful not to include personal information such as your last name or address.

There are some things you can do to ensure a strong password. First, avoid using the same one for all of your accounts. If your password is stolen from one site, all other accounts for which you use it may be put at risk. You also shouldn’t share passwords with anyone or divulge them to anyone.

Approach Email With Caution

You may have taken all the necessary precautions to keep your home network secure from hackers, but often it’s not the technology that’s to blame for a breach. While it’s true that cyber criminals take advantage of unencrypted data, an inadequate firewall or out-of-date software, they also frequently target individual users. E-mail, for instance, is one of the most frequently used platforms by hackers. And while these attacks can hit suddenly and without warning, there are still things you can do to protect yourself.

If you receive an e-mail from someone you don’t know, don’t answer right away. Always first verify the person’s identity before responding. If you suspect an email from an organization may contain malware, first contact the company directly before replying. One giveaway is a misspelling in the URL of a malicious website. Also be sure to never share personal or financial information via e-mail or telephone.

Don’t leave your data security up to chance. All of these steps combined can help you form a solid plan for preventing a cyber breach.

 

Today’s small business owners are tasked with managing operations, employees and a wide range of things pertaining to the modern day business. It’s no surprise, then, that amid the hustle and bustle, some areas of importance are thrown to the wayside. Cybersecurity is often one of them.

According to studies, the majority of small business owners don’t believe their businesses are at risk of a cyber attack. This mindset is dangerous for business owners because they will not be prepared for a cyber-attack. In the event of an attack, it can wreak havoc on a small business that hasn’t yet armed itself with proper security protocols.

According to the Ponemon Institute, cyber-attacks cost small and medium-sized businesses an average of $2,235,000 in 2017. In order for small businesses to form a strong line of defense against cyber attacks, they’ll first need to evaluate their risk, and what’s at stake. Here are a few things small businesses should consider when preparing to amp up their data security.

Securing Your Data

Implementing solid data security for your business is a complex task that requires manpower. And although it can present quite the conundrum for small business owners, it’s something that, according to the FCC, must be done.

First, you’ll need to evaluate your current system. Which data do you actually need? While keeping customer data is important, it’s just as important to only ask for customer information that will actually be utilized. For instance, don’t ask for a social security number if you don’t need it.

The same notion applies for how long to keep this data. Don’t store your customers’ data longer than needed. The longer you keep it, the longer you are liable in the case of a data breach. And if you don’t have a retention policy in place, it’s time to implement one. Don’t forget that hand-in-hand with a retention policy is a process for how to delete the data. Do keep this in mind.

Strengthening Your Passwords

Implementing a strong password policy can make all the difference in keeping your data protected. Complex, unique passwords are paramount to data security, but how can you be sure those you’re using are really up to par?

You may want to look to the NIST for a list of digital identity guidelines that can help clarify what you should and shouldn’t be doing when setting new passwords. From two-factor authentication to the inclusion of symbols and capital letters, there are plenty of ways to strengthen your passwords to minimize the risk of an attack.

Establishing Network Segmentation

While, yes, one of the main goals of a small business should be to have a reliable network set up for operations, there’s a lot more to be done to ensure adequate data security. If your office frequently has customers traveling through your space, it’s best to implement a separate network that will prevent access to your data by just anyone. Doing this both minimizes the impact on your employees’ network and keeps internal data safe.

Don’t Ignore Updates

A constant bombardment of update notifications is annoying, and can even hinder productivity. And although it’s tempting to ignore these and push on with your work, updates are important in keeping your systems working properly. This is why it’s so important to stop ignoring them. In fact, small businesses should adopt a policy for updates and scheduled maintenance to ensure things aren’t falling through the cracks. A service provider can help you keep all your devices inline with the most current standards, and ensure updates are carried out accurately and within the proper timeframe.

Training For Success

If your business is one that employs mobile workers, data security becomes a bit more complicated. You’ll need to ensure these mobile workers’ devices are as secure as those within your office. Keep in mind that deleting company information in the event of a lost or stolen device is crucial.

A company may have the very best security in place to protect their data, but all it takes is one employee incident to destroy the reputation you’ve built. If your company’s salespeople do not require access to secured customer ddatabases don’t authorize them to use it. Giving access to crucial data only when it’s needed can help you minimize the chance of a cyber-attack.

You may be doing a fantastic job at training your employees for proper data security, but human error will always be an issue. This is not something you can prevent entirely, but you can teach your employees what to look out for. You can also help them understand the negative consequences associated with data breaches and the true impact of failing to be alert.

Data security for your small business is definitely not something you want to ignore. As an entrepreneur, you are likely both excited and weary of what’s to come. Don’t let a data breach put an end your empire before it starts.

If you are old enough, you may remember when making phone calls from an airplane was an expensive luxury, with sound quality so bad that conversations at times were impossible. Times have changed. Calls from planes are usually clear and carried over satellite connections. The big electronic question mark in the sky is not whether Wi-Fi is available, it is, how good is it?

So How Do We Rate The Quality Factor?

Different flight amenity rating services use various methodologies, so one has to dig to get useful information. Traveloka, a major booking site for Southeast Asia, ranks the top 50 carriers on aspects like speed, quality of signal, availability of USB ports, etc. According to them, the top three airlines for Wi-Fi service are Qatar, Emirates, and Delta, in descending order.

Digging a bit, one finds out that the fastest Wi-Fi available is on British Airways, which has speeds up to 20 Mbps (your mileage may vary.) In contrast, Emirates, Etihad, and Eva offer a top speed of only 2 Mbps. Obviously, this is not going to support streaming from Netflix and video conferencing.

Theoretically, even HD video conferencing should require only 384 Kbps (see here.) But we’ve all had the experience of video conferencing where lagging was an issue, even on connections that are high speed. The devil is in the details; the need for bandwidth goes up with each separate device used for the video conferencing, and for the bridge that ties it all together. The bridge has to have access to adequate bandwidth to provide all the images and sound streams at the same time. Of course, the speed with which it goes to the PC or phone depends on the bandwidth from the Wi-Fi transmitter to the user’s device.

The most important question in choosing an airline for Wi-Fi service is knowing what you need. On airlines though, you may not have much of a choice, especially if looking for low airfares. If you will absolutely need video conferencing during the flight, Qatar is about your only choice. Qatar pledges speeds up to 50 Mbps, but Traveloka rated the average speed as only 8.

(See this article from CNN travel for a summary that is a bit easier to interpret than Traveloka’s. )

What Does It Cost?

Emirates Air offers the first hour free and unlimited usage for the rest of the flight is only $10. Delta offers unlimited access for the entire flight for $16. Surprisingly, JetBlue, known as a discount airline, is now offering Wi-Fi but there are no details yet as to cost.

Singapore Airlines, rated the best in the world, offers only 1.17 Mbps for $8.80, but oddly, does not offer the ability to make phone calls. All-Nippon Airways (ANA) offers only 0.56 Mbps at a cost of $9.43. On Hong Kong Airlines and China Southern the service is free. Emirates does offer 20 Mbps, but it has to be used within two hours.

What’s The Underlying Technology?

In-flight Wi-Fi is provided by satellite. The plane has an antenna that picks up the signal and broadcasts it inside the cabin. Since all airlines get the same quality and speed of the signal from the satellite, the speed, and quality within the cabin depends on the hardware that the airline has installed.

If an airline wants to provide 50 Mbps, which is comparable to home or business internet service from a cable provider (not fiber optics) in the United States, it can do so. It’s just a matter of will. Since the equipment needed to offer 50 Mbps and the equipment needed to offer 0.56 Mbps are similar in price, it is a bit of a mystery why all airlines that provide the service do not offer the higher speeds.

And if some airlines provide it for free, why not all? No immediate answers forthcoming. One item of note is that with satellite Wi-Fi, as with many earthbound internet service providers, uploads are much slower than downloads.

Incidentally, virtually all the reporting on Wi-Fi availability and quality on airlines comes from the 2016 Traveloka report.

What’s The Upshot?

Even if you’re on one of the airlines that Traveloka rated as among the best, your Wi-Fi speed will vary. Some things that are easy to do in the office will be difficult to impossible while in the air. It’s best to plan accordingly. Do not schedule a critical meeting with the chairman of the board while you’re on a flight on Singapore airlines; this is just not going to work. Even email may be dicey in flight.

The moral of the story is that doing serious business that demands strong connectivity is best done on the ground, not while in flight. If it’s absolutely necessary, then plan accordingly before you leave the office and take to the road. People who travel a lot will understand.

October Is Cyber Security Awareness Month
Tune In At Any Time To Watch Our 15 Minute On-Demand Training

Cyber Criminals Have A 6 Month Head Start.

Is Your Business Protected?

Find Out.

Tune Into Our October Free Online Training By Clicking Here.

Every 39 seconds, a hacker is attacking someone. 

Are you next on the list?

You can’t afford to miss October’s free online training.  Why?

{company} takes cybersecurity seriously. This is why we have put together this free online training for everyone.  During this online training, our cybersecurity trainers will share how your business can defend itself from becoming another statistic.

During this 15-minute on-demand training we’ll show you many quick and very important tips you and your team must know in order to protect your business from cyber threats and how employees can keep all your confidential and critical information secure.

Google+ Social Media App Will Soon Move Off Into The Sunset

Google+ has never really been a popular social media network. In fact, most people say they’ve never used it and don’t know how it works. So it’s not too surprising to hear that Google has finally decided to pull the plug.

Google just announced a ten-month sunsetting period, which begins now and will end in August of 2019.

Besides the site simply not being popular, Google has had serious security issues. Project Strobe discovered a bug in Google+ that may have leaked the personal information of thousands of users. Though Google says the vulnerability was not discovered by hackers and that no profiles were compromised, their senior executives felt that rumors of a breach would likely trigger “immediate regulatory interest.” So they simply didn’t tell anyone.

Other Social Media Data Breaches

For several years, Facebook has been under scrutiny for allowing the data firm Cambridge Analytica to access their user information. This data was in turn used to create targeted social media ads that eventually swayed the presidential election of 2016. Since that incident, Americans have become much more aware of the effects and dangers of data breaches and social media manipulation.

Given the fact that almost no one was using the Google+ app and the high risk for potential data leaks, Google execs said they simply felt that it was best to discontinue Google+. Users will have 10 months to migrate their data before the platform is officially dissolved in August of next year. However, the company has decided to continue supporting the Enterprise version of Google+ so businesses using that app will not be affected.

More About the Google+ Security Breach

Last March, Google discovered a privacy breach, which allowed third-party apps using their programming interface to access the personal data of users. This data includes usernames, addresses, email addresses, birth dates and other bits of personal information.

The Wall Street Journal reported some details about the security breach and said that Google executives had been informed about the breach soon after it occurred. These executives made the decision not to disclose the breach to its users for fear of tarnishing their reputation.

Reporting Security Breaches

In a blog post, Google said that it decides when and if the organization should notify users of data breaches. They take into consideration the type of data that was leaked, whether there’s evidence of misuse and whether there’s anything that users can do about it.

According to security breach laws, any organization that experiences a data breach must inform those affected. And they only have a specific amount of time to do so. This varies by state but there are severe penalties for not correctly reporting a security breach.

Executives at Google say that the gap has been fixed and that users do not need to worry about any further data leaks. However, there is ample evidence that Google did not follow the law once they learned of the data breach. This can result not only in penalties from the federal government but also users can file individual lawsuits if they believe their personal info has been compromised.

How Data Breach Laws Are Changing

With the new European Union GDPR (General Data Protection Regulation), more countries and organizations are implementing stronger security measures. The GDPR affects anyone who does business with an entity that resides within the European Union. This has caused many business owners to revamp the way they collect and store personal information from their users.

Once a company has collected an individual’s personal information, they have a legal responsibility to keep that data as secure as possible. In spite of these advances in data security regulations, hackers seem to be one step ahead. Their tactics change, improve and evolve making it necessary for all organizations to be more cautious.

Senate and House Committees Get Involved

This past year, many social media and technology companies have come under scrutiny due to their data and privacy practices. Executives from Twitter, Facebook and Google have testified before various Senate and House committees. Under fire are their security measures, but also their political biases. The government is considering types of regulations that would prevent these companies from meddling in important things like the elections.

Now that everyone is fully aware of how easy it is to sway voters in one direction or the other, there is a very real fear that future elections may be manipulated by these companies. They not only have the knowledge, but they have the resources to influence the way people vote. And this ability holds within it a great deal of potential power to change our society in ways that can only be speculated about at the moment.

What Should Google+ Users Do?

In the meantime, if you are a Google+ user, it’s best to go ahead and make copies of any content you have on the site, then delete your account. Once it has been deleted, you’ll no longer have to worry about losing it to hackers who have found yet another weakness in the site’s security protocols.

Happy Thanksgiving From Our Team To Yours!

Why Not Show Your Thanks By Helping Another Business Use Technology To Succeed?

As the days get shorter, and the nights get cozier, Canadians across the nation turn our minds to gratitude. It’s a season where we take a little time to appreciate the best things in our life.

We’re thankful for family, for friends, for a job we love, and for you, our clients who make it all worthwhile. Thank you for putting your trust in us as your IT service company.

We know that you have options for your IT service. And to show our thanks as your technology service provider, we’d like to offer a complimentary assessment to a local business that you refer.

Why Are IT Assessments Important?

An IT Assessment is a comprehensive view of your business and technology needs. It reveals the health of your IT assets and infrastructure. Routine assessments mitigate the risk of downtime and security breaches. They also ensure your technology is running at peak performance, so your workers can too.

What Do IT Assessments Reveal?

An IT assessment will optimize your system to improve security, mitigate the risk of computer crashes, interruptions and inefficiencies. It also ensures you’re getting the ROI from your technology investments that you expect.

It tells you:

• If technology is truly supporting your business goals and objectives.
• If best practices are being employed in when using technology solutions.
• The strength of your IT security posture and if there are any gaps in your defense.
• If your business could stay up and running after a disaster like a fire, flooding, accidental data deletion, or malware infections.
• If you are getting the most value and use from your IT investments.
• If your IT solutions are integrated properly.
• What steps to take to improve your IT environment.

Why Are Regular IT Assessments Valuable?

An IT Assessment will tell you what is working and what isn’t. The ever-evolving nature of technology and rapid changes and advancements make IT Assessments more important than ever. You won’t always need the latest applications or solutions, but it’s essential to detect any deficiencies that may be impacting your efficient and secure operations.

The most technically knowledgeable companies continually evaluate the status of their IT operations and whether they match their organizational goals. Assessments provide insight into what you will need for the future as your company grows and changes. It’s like an IT business plan that helps you stay on course and use the tools that will help you succeed.

Are You Wasting Money On Technology Solutions?

Are you getting the most value from your current technology? An IT Assessment will reveal if you’re paying for software and hardware you don’t need. It determines what technology is required to fill gaps without you buying more (or less) than you require. Plus, it helps you better control your IT spending.

Newer technologies like cloud computing can significantly lower your technology costs. Software-as-a-Service and Hardware-as-a-Service and other pay-per-user solutions can provide the technology you need without the upfront costs. They also provide flexibility and scalability as they can be increased as your company grows or decreased in slow times.

Is Your Technology Properly Integrated?

It’s not enough to know what applications you have and how they work, you must understand how well they integrate. With so many types of software and hardware being used today, integrating them correctly can be a challenge. And, if they’re not properly integrated, this can negatively impact your operating efficiencies.

For example, say you purchase a new software application. If it’s not supported by your operating system and web browsers, it won’t work as it should. Or perhaps you’re using a VoIP business phone system. Does it integrate with your data network as it should? It’s essential that all elements of your technology infrastructure work together seamlessly.

What Can You Expect After An IT Assessment?

We’ll provide a written report detailing your current IT standing and any suggestions we have for improvement. If during the course of the Assessment we detect backup failures, security gaps or misconfigurations, we’ll report on these right away and how they can be cost-effectively remediated.

Your leadership team will be apprised of our findings, so they can make decisions and work with us to develop an IT Plan that prioritizes recommendations based on their importance and impact on your business.

An IT Assessment Is The “Gift That Keeps On Giving”

Referring a business associate or other organization for an IT Assessment will not only help them succeed through the best use of technology but it will build goodwill between your companies. And once they realize the value an IT Assessment provides, they’ll refer another business, and so on, and so on.

So, give thanks by sharing your knowledge about technology and how it can help others succeed. Contact us, and we’ll get the process going. And thank you again for your business.

Happy Thanksgiving.