Category Archives: Security

Digital Reality

I have previously posted a BLOG entitled – Social Media Rethink – April 2018 (http://www.roslynsrants.com/?p=398)

This takes the comments from that BLOG further, as, once again, during a face to face interview, I was, albeit, very politely asked why our company does not have a Digital Presence, the candidate and several of his friends had a conversation about the veracity of our existence, given our absence of any kind of Digital Presence.

It is fascinating that today with the explosion of online everything, that no can actually step back, THINK, and consider that, if KNOWING that over 50% of what we see online is FAKE, why we would question someone who does not wish to be present. From over 60% of Linkedin Resumes being fake, over 800 fake online University Degrees ( see CBC Marketplace Report) an extremely high percentage of Facebook postings being fake, FAKE NEWS, much from Russia, which severly influenced the 2016 US Presidential Election, Millenials posting selfies in the entryway to high end stores, posh restaurants, going into high end boutiques and posing with the merchandise just long enough to take a selfie….

We see companies with spectacular web sites, proclaiming their vast international experience, only to dig and find out it is one man in his basement who has been fired from absolutely every position he has ever held. His Social Presence however, is extraordinary. His web site was magic.

We see companies proclaiming their incredible technical experience, in one case, I actually printed the Linkedin resumes of the entire company (ten people)…..then laid them out on a table, side by side…there was something bothering me……they were ALL IDENTICAL…….including the President. Furthermore, no one was over 30 years old. But on the Corporate Web Site, they spoke of their huge list of clients, turns out it was the previous employers of the employees……NOTHING was real. One questions the fact that NO ONE else ever did even a minor amount of research on them, yet one of my previous clients actually hired them. No, they could not deliveer. But they did pay their invoices……Seriously??!!

Virtually EVERY individual who has questioned our lack of Digital Presence has been an employee within a large corporation, and non have ever owned a company, or considered why one would not wish to be all over the web.

As a long time female business owner, let me describe the horrors of a DIGITAL Presence.

We work in a very defined, very technical segment of the industry. We do HIGH end Information Technology Consulting and Search, and only work with individuals with experience, a high level of education, and in many cases, Security Clearance. Our business was built on WORD of MOUTH. Why could we possibly be interested in receiving over 100 resumes from some low level computer institute pushing out low level computer repair men?? We are NOT.
But we used to receive them en masse, and had to respond, politely.
We are not interested in Plumbers, Cegep Graduates with no experience, people who have held 10 jobs in 3 years……..computer technicians, repair men……..
And then there are the people who would arrive at the door, pound and kick at the door of our offices, and absolutely terrify our Secretary.
Shall I continue??

People who call on the telephone, are aggressive, rude, insulting, and insist that the female on the other end of the phone line, give them what they are requesting, whether it is an interview, the name and direct phone number of the executives…it is endless……

But when someone is desperate for a job, all sense of decency and courtesy seems to fly out the door…….

Endless solicitations by email, mail, and telephone by aggressive, often condescending sales people, most of whom do not have the good manners to even inquire whether it is a good time before pushing themselves and whatever product they have decided we require. They overtalk and are extremely beligerent to the female on the other end of the line, never for a moment presuming that the woman they are being rude to is actually the President and decision maker.

I can continue endlessly, as our experiences have been far from pleasant.

One mind numbingly rude salesman called 10 times, insisting on being given the name and mobile number of the President. I politely inquired as to how I could help him. He screamed insults at me and hung up repeatedly, only to call back and once again hear my voice on the end of the line. He rudely told me I should provide the information and not question him. I repeatedly asked politely as to how I could help him. He repeatedly insulted me and hung up.
Finally, I asked a male associate to watch for the number on call display, and to answer his next call. I requested that he demand the caller’s name, company, and phone number. He Did. Then he passed the caller to me. I recorded the call. When he was speaking to the male, he was polite, calm and provided his information with no objections. He was then put on hold and referred to me. Yup, President and Founder of Copeland, St James…..No sooner than I said hello and he started insulting me once again. At this point, I used his name, and advised him that he was insulting the President, NOT the Receptionist. I advised him that my next call would be to his employer at which time I would play the recording of this beligerent person and tell them, that under no conditions whatsoever, were they to ever call our company again. Yes, I did exactly that. No, he never called again.
The problem with this, is that he disrupted our business day, he disrupted several people, and this time was NOT spent on running our business.

Our Company was bombarded by phone, email, mail, and people coming to the door. NON of them ever took the time to consider who they were soliciting and whether or not we could possibly be interested in their services or products.
We were solicited by low level personnel agencies, companies selling paper products, life insurance, financial planning, light bulbs, travel services, accounting services, payroll services, web development companies, hardware repair men, the list was endless. ALL of which took away our time from actually providing services to OUR clients.

Time is MONEY.
Being polite to rude people takes time and money.
Being polite and responding to 500 people who have sent unsolicited resumes takes time and money.
Answering the door and trying to explain to the hardware repair man, the plumber , the accounting clerk, that we are not interested in their services takes time and money.
Having to call the Doorman to come and physically remove the rude person kicking and pounding on our front door not only creates extreme anxiety, but also costs time and money , not to mention endless tips to the poor Doorman who were, at times, threatened by these unwanted visitors.

For all these reasons, and many more, we DO NOT have a Digital Presence.

Please follow and like us:
error

It’s in the CLOUD!!!

Do you really know where your data is??

Open a magazine, TV, You Tube Hosted news, and see endless advertisements from large companies professing their professionalism and boasting about their ability to host and manage your data in the cloud.

Very few people actually even know what that means. Speak to most people particularly those who are not from the technology sector, and they will actually point to the sky and show you a fluffy cloud, amusing, yes, but frightfully inaccurate. Many Senior Executives in huge corporations are equally naïve, even though slick salesmen are offering them spectacular deals if they put their systems on their particular ‘cloud’.

But WHAT IS the cloud??

Remember outsourcing?? Service bureau’s?? Cloud is the latest, greatest new buzzword to describe putting your business’s critical information on SOMEONE ELSE’s COMPUTERS!!

NOW are you paying attention??

The financial wizards in large corporations, always quick to embrace a new scheme to reduce costs are jumping on the bandwagon as the cost of hosting your own data and managing your OWN off site back up facility have escalated due to the increased costs of real estate and highly technically competent individuals to run it. But at what long term cost??

Being a skeptic at the best of times, I have serious issues with the fact that an unknown third party is hosting all my financial or personal data without either my approval or knowledge, not to mention the fact that it may be hosted in another country with lax privacy controls or legislation. Most companies brag endlessly about their enhanced IT Security, but the truth is, if you speak to the truly Senior Security Specialists in the industry, most will laugh at the pathetic controls of most Fortune 500 corporations.

We have been working in the Security and Privacy field for more years than I will attest to, and have interviewed and worked with endless individuals who are ethical hackers, individuals with high level Security Clearance working in the Government or large corporations, and very few believe that most companies have a fraction of the controls which are necessary. Security may be tight going through the front door, but who is watching the back door?? Yes, it is expensive, but so is being hacked, and losing control of EVERYTHING.

SO, Financial Companies, Healthcare, Legal, Insurance, Government, Transportation, all state unequivocally that your personal information is secure with them, only to turn around and host everything on a third party computer, over the internet, often in a foreign country.

So, what is cloud computing??

It is the practice of using a network of remote servers over the internet to store, manage and process data.

Please pay particular attention to the above. Read it twice, thrice, and PAY ATTENTION.

You DO NOT KNOW where your data resides, or who truly has access. All the promises of security are of absolutely NO VALUE if a junior network technician in the hosting facility clones your data.

Furthermore, to be very clear, Canada, the USA, and other countries have very different levels of legislation to manage the privacy of data.

The next issue, which no one ever wants to address or acknowledge, if what exactly happens if the systems go down, you have absolutely no way of resolving the problem, and lastly, my absolute favourite, is what exactly happens if your provider goes bankrupt or is sold?? Non of which are within your purvue.

SO, to summarize, your business processses are at risk, your confidential data is at risk your technical publications are at risk, your R & D is at risk, your client’s confidential information is at risk, your financial information is at risk………

Are we paying attention yet???

Please follow and like us:
error

George Orwell’s 1984 has arrived with a vengeance

Let me begin by saying that I have spent most of my career working within the Advanced Technology Industry, with some of the most gifted individuals in the industry.
It has been extraordinarily exciting to see the development of new ground-breaking technologies, but at the same time, the utter erosion of our privacy is extremely concerning, and most people blindly GIVE everything away, with absolutely NO thought as to their actions.

If you continually provide your confidential information willingly, and sign your rights away, as well as your ability to pursue legal action, do not be surprised to know that the government has more information on you and your movements than ever before.

NSA monitors over 20 BILLION conversations and messages every 24 hours.

Airport Security is increasingly demanding both IRIS scans and Fingerprints depending upon your country of origin.

Facebook sold the confidential information of 87 MILLION users to Cambridge Analytica, as well as that of their contacts, without their knowledge or consent.
Equifax lost the confidential credit information on over 15 MILLION people, and have the audacity to aggressively promote online credit scoring and verification, FOR A FEE, as if they could possibly be trusted.
Saks, Lord & Taylor just lost credit data on 5 MILLION clients.
TJX lost 45.7 MILLION
UBER lost 57 MILLION.
And the list goes on and on…….

Today nearly all mobile phones contain GPS, as well as the majority of new vehicles.

Should I go on???

There is a company advertising endlessly that you should send them your credit information and they will choose the best credit cards for your needs.
‘Send us your DNA” to check your ancestry
“send us your DNA’ to check if you have colon cancer…

Submit your income tax returns online using our software…..
Send us your confidential financial information so that we can source the best mortgage, home re-financing, student loan re-financing, life insurance, health insurance, investment opportunities……..the list goes on and on……
All I can say, is DO NOT DO IT.

You have NO IDEA WHATSOEVER who is receiving your confidential information, or what they are actually doing with it. So, when your identity is lost, where do you look??…. by providing the information willingly, and agreeing to the terms of use, you have signed away all your rights. YOU are the product, and you have given these companies free reign to do as they wish with your data.

The latest scam is companies offering to do a ‘dark web scan’ for a fee, seriously??? … it is laughable, as there is NO SUCH THING. The dark web is not indexed, so it is a fraudulent offer…….

Are you afraid yet?? Every time you do a quiz or survey on line you are giving away more of your information.

Consider the increasing use of facial recognition in airports, parking lots, on the street, stores, and businesses. It is being used to follow people, watch their behaviour, and increasingly target them for store offers……
There are an increasing number of companies monitoring the phone calls and emails of their employees, some with knowledge and approval, others not.

Most people have never considered privacy or encryption, or the retention of their private information.

It is YOURS, it is worth guarding. Be vigil.

Please follow and like us:
error

Security Experts

Low tech or High tech – can you trust yours??

Just to make things interesting, we will start with lower technology, i.e., burglar alarms and work our way up from there.

Several years ago I was seeking a reputable burglar alarm company for my home. Spending as many as 5 months away made the concept become more of a necessity. It is not difficult to see uncut grass and hedges, and no footprints in the snow over an extended period of time.

Being a blonde female sole homeowner made things more than unpleasant.

I approached over 16 companies on the telephone, many were eliminated immediately when they insisted on speaking with my husband. No second chance on that as you know the service will be terrible.

Round two of those who were actually invited to visit after getting through the initial phone screening. Same issue, usually 10 minutes into the visit, when the proverbial question of when they could meet ‘the man of the house’ . A couple of them were formally introduced to my male cat, and rapidly escorted out of the door.

The level of incompetence and arrogance encountered in this process was extraordinary. One mind numbingly rude woman proclaiming herself as an ‘EXPERT” ….oh…how I just LOVE these people…..somehow made it through the initial screening and visit, but then came back with a drawing of the layout of my house and her ‘expert opinion’ of how to alarm the house. The price was absolutely over the top, and the lack of vision was terrifying. She kept pushing me over and over to sign the contract…….all in French, as she claimed she could not speak English, or more importantly, didn’t choose to, She droned on and on at how she was an ‘EXPERT” and at the top of her trade. I walked her into the middle of my back garden and insisted she look at my house in the bright daylight and asked if she noticed anything. Blank Stare. No Comment. Asked again. Was blasted with her physical signs of agitation at my disrespect, she clearly had NO idea what I was referring to.
Shook my head in disbelief, only to be met with a look of total condescension. Seriously?? This is how you close a sale for in excess of $10,000??? …..just saying……..

I pointed out the dining room window off in a secluded dark corner, then the shed leading to the basement door, also in a dark corner, then the basement windows under the deck which were enclosed with lattice work. And asked whether or not she had considered them as potential points of illicit entry.
She huffed and puffed and exclaimed that they could be added to the original quote. Really??? No apology, no explanation, just changes and more charges.
Once again, in the back door, and rapidly out the front door she went, becoming increasingly unpleasant along the way.

I guess we stupid blonde women need to be bossed around by ‘EXPERTS” like her. The concept that I might actually know something was beyond her comprehension.
She probably thought my husband gave me the house in a divorce. ABSOLUTELY NOT THE CASE. House was purchased by me, with my money, earned by ME. PERIOD.

An altogether unpleasant experience and appalling waste of time. The time lost is seriously galling, as it is time not spent on my business.

The last person to come was strangely from up North, and was actually my last resort. After going through all the ‘BIG BRAND’ alarm companies and being totally disgusted by them all, he had been recommended by a friend. He arrived with a smile, and a wonderful sense of humour. What a pleasure. After a house and garden tour, he looked at me and suggested that he felt I knew more about my house than him, and perhaps we should do the design together. What a concept!!! Along the way, he admitted that he had missed 2 key points of entry which I did not. He got the contract!!!
Many of the new alarm companies are pushing cellular technology as it is cheap and easy to install. DO NOT DO IT.

There are simply too many people driving around with devices to hack into these systems, it is just too easy.
Make sure that you TOTALLY understand the critical entry points and security issues regarding a system as well as the security of your person and your possessions. Not much point having a system if the most expensive article in the house is not properly covered. From roof entrances, to basements, back doors, windows and garage windows, ensure they are totally covered. Simply having the door from the garage monitored does not prevent someone from getting in and waiting for your arrival. Your life may depend upon it.

Also, make absolutely sure that the technicians and installers coming into your house have had proper Security background checks and that the company has certified this in writing. Some installers have been known to have criminal records and you do not want them to have access to your system or your home.
HIGH TECH

We constantly read about huge technology hacks where the confidential information of as many as 500 million individuals has been compromised. Unfortunately many very large well known corporations are unwilling to make the investment into proper Security Professionals, for both the data and the physical site.
They are constantly seeking ways to save money on infrastructure costs, and look to outsourcing as a way to save money. The only problem is that no one knows who has access to your data.
Senior Security Professionals are expensive, ideally with a Master’s degree in Cyber Security, and knowledge of penetration testing and physical security. Hiring some kid out of university in an entry level position is like advertising your utter disrespect or the critical data of your clients.
Think about it, travel companies have your date of birth, credit card numbers, a scan of your passport cover page……….shall I continue???
Retailers have similar information, including your shopping habits, and locations…….
Financial Companies have your personal information including such private information as Mother’s Maiden Name and passwords……
Credit card companies even more information including education, job history, locations of previous and present home……..and then the awful Credit agencies………

I hope I am frightening you………..
The big question, of course, is whether this whether or not this data is protected at all, or is easily available for a good hacker or unethical employee to access……

One ‘Security Expert” in a large retailer bragged to all his friends that he had ALL the confidential information on all the key executives in his firm, and all the client credit card numbers and pin codes……..He went on from there to a large Financial Institution, and on to his current gig where he is now considered the ‘RESIDENT CYBER SECURITY EXPERT”…….all through rabid self promotion on Linkedin and Security blogs. But, wait for it……….he continues to BRAG about the information he gathers…………albeit to a much smaller audience………and much more discreetly.

Several well known hackers have been offered high paying positions in large companies who feel they are well protected by these clowns, unfortunately, I do not share this trust or optimism. Once a thief, always a thief, and unless you know what trigger put them over the edge in the past, you certainly cannot foresee the future.

I will stick to only working with individuals with clean pasts and ideally a high level of Security Clearance.
If you are running a large infrastructure, complicated networks, and security, it is up to YOU to protect the data. PERIOD.

So, dear readers, be careful what information you share and where you share it.
Someone is always lurking around the corner trying to obtain it.

Please follow and like us:
error