Author Archives: Jimmy Penttila

  • -

Google maps; saves you time, adds to your bottom line

Don’t feel like waiting in line? Check this out! Google is now able to give you wait times at local restaurants, stores and even you BMV!

I know, crazy; but it’s true! Searching for a place to eat while on a tight schedule, you can find out how long you might have to wait to be seated. Planning a lunch time trip to the BMV? Maybe Wednesday is better than Tuesday.

So not only do you have the ability to find out what others say about the new sushi restaurant that just opened, but you can now find out what the wait times are!

All you have to do is scroll down! Yes, pick your place and then scroll down. (I’m sure just like myself you have seen this little graph but paid no attention to it.) So now you can get the menu, cost, reviews, and now wait times.

This all happens by just walking in the door. Your phones GPS and WIFI sign tells Google how long you’ve been there and as more or less people come in the door and leave, it can calculate how long you might expect to stay at the place you are visiting.  This happens both in real time and historically. The more popular a place is the more data is collected.

For businesses it can be a great way to increase your business. If you are the owner of a coffee shop and use this information to see trends in your peak and off hours you can develop strategies to increase hours during down times. If you see people are waiting too long that could mean you need more staff to keep up and cut down on bad reviews (no one likes to stand in line).  You can also see how long people have normally spent at your place of business are you turning over the tables at your restaurant effectively? Look up your competition, are they busier than you at certain times? Why? Maybe that is something you need to look at.

More importantly, is there any information at all on your store? And if not, why not? This is 2018 and we live in a fast pace instant gratification world. People are on the move, and if people can’t find you or your business they move on. Google is no different, as a matter of fact Google uses only the most up to date and relevant information to move you up the ladder.  The more people go to your business (either by the web or walking into you’re your business) the more people rate your products or services, the more likes, hast tags and tweets you have the high you rate.

Google doesn’t know everything, yet. But it in today’s digital age it knows a lot. Both customers and business owners utilize it for their benefit. So, are you in a hurry to get coffee or are you in need of more customers. Google can help you with BOTH!


  • -

The partnership between your people, your tech, and your business.

Tags : 

Sometimes the relationship between the human resources of a business and its technology gets over looked. As a friendly reminder, here are some of the trappings of the partnership between your people, your tech, and your business.

  • Personal files of employees are now kept on computers instead of a locked filing cabinet. And these files need to be under electronic lock and key. That means encrypted and password protected.
  • Each employee should have their own user name and password to log into the workstation they are using.
  • Networks should be segmented and general policies should be set so that Sally in shipping does not have access to Jeff in accounting’s files. Or Tom in maintenance can’t access Frank in HR files for employees. (see your Network admin to make sure these are set)
  • When an employee leaves or is terminated make sure you contact your Network admins to ensure that all passwords are changed and access to the network is no long possible.
  • Ensure that employees using social media as a part of their job description are set up properly. Meaning after they leave they can be removed from the account without disruption of the account.
  • Security access to buildings and properties. Removal of passwords, keys, swipe cards, badges etc.
  • Vendor accounts should be contacted prior to the employee’s termination/resignation and a date set as to last access to the vendor(s).
  • Phones and laptops should have layers of protection when set up. Employees using company devices should not have administrative rights on devices. Only user rights. This ensures that information cannot be wiped from the device without your permission. It also ensures that improper software cannot be installed on device without the company’s permission.
  • Plan out who and what. As part of the employee’s role in implementation a website or social media page. Be careful as to who has ADMIN rights and what content is being broadcast. When creating accounts make sure how the account is set up (what email address communication is being sent to. Who is the primary contact? Registering a website can be painful to transfer ownership if someone has left the company and used their name to register the site)

It is easy to overlook some of the nuances that happen in the life of a business. People come and go. New technologies become available. New ideas spring to life and people are needed to implement those ideas. Always keep in mind that as you move forward with your business technology, if not done in a well thought out manner, you may try to take a step forward only to be held back by poor decision of the past.

 

 


  • -

Con men are everywhere

Technology can be challenging to all of us, and con men are everywhere. Phishing emails are one of the easiest way for hackers and thieves to gain access to your information. Once they gain access, they can steal money, use your email for spamming, dig through your emails to find bank account and credit card numbers. This can happen and you won’t know it until it’s too late.

I say this to you because it can happen to all of us, regardless of how tech savvy we think we are.  Phishing emails are slick, and effective otherwise they would not do it.  If you have parents, grandparents, kids, aunts and uncles, employees, friends that are not as savvy.  Please have a talk with them. Show them examples of Phishing emails. Tell them that Microsoft and other companies do NOT call.  It only takes one time and their life savings could disappear. Have the conversation.

Here is a list of things to do if you suspect the email you are reading is FAKE.

Go directly to the site, do not click on the link provided.  For example, if you get an email from Bank of America.  Open a new browser tab, go to their site.

  • Do not call the phone number provided. Contact the company through a KNOWN number
  • If you are savvy enough hover over the link provided and look at where it’s trying to send you (see below)
  • Do not download PDF files – one of the newest Phishing emails now has a PDF in it that when you click it asks you to log in with your username and password (it totally looks legit!)
  • If you have IT support, communicate any suspicious emails to the department or your provider immediately.
  • Inform the sender I.E your friend, your mother, your bank that you believe they have been breached.
  • Inform the police

Below are a few samples of phishing emails, the first one came directly to us last night!

Be safe out there and happy emailing!


  • -

Your information is now a commodity

A friend asked me to present to a client (and his staff) the wonderful world of cybersecurity and ransomware. So, what do you tell someone that they haven’t heard already from the news, mags and blogs that would get him or her to protect their business, their customers and themselves from attacks? How do you guard against something that seems so random, or do you just sit by and hope that it doesn’t happen to you?

 

As 2018 ends its first quarter, we must realize that information is now a commodity, a commodity to be traded like pork bellies on the stock market. It is sold to people and businesses who use this to influence your decisions on a wide range of things, from people and places to politics and products. And that’s only the half of it, for we happily give up some of that information for a rich full life.

 

What about those who mean to use the information for evil?  What about the dark underbelly of the world that means to scrape this information from us and turn it into a revenue generating source.  Credit card numbers, bank accounts, private thoughts and info for blackmail, insider trading, business secrets.  All can bring a hefty price to the right buyer.

 

So, I guess it boils down to a couple of thoughts. Do we want to protect ourselves from theft? Do we care enough about this to do something?  I mean after all it’s not like someone is breaking into our homes and stealing the TV or the few hundred-dollar bills stuffed inside our bible in the nightstand. They are not coming into our business with a gun and “sticking up the joint”.

 

I remember when my car was stolen back in the 90s. Man was I pissed, not that any vital information was in there. I didn’t have my wallet in it. No envelope of 100s in the glove box. But it was MINE. And it wasn’t like I left it running in a shopping mall parking lot with the windows down.

So why was I upset?  I didn’t do anything to provoke this. It wasn’t anything special (seriously it was an 86 2 door grand am with like 11ty billion miles) My point is, it was mine. And someone took it.

 

There will always be someone bad doing something bad. And while sometimes you can look the other way and get over it. Sometimes you can’t “get over it “.  I had insurance on my car. I got over it.

But can you get over someone stealing your life, your Identity, your life’s work on cold fusion, your retirement savings?  I really can’t find many stories out there of people or business being made whole again after these cyber-attacks.

 

So, are we leaving our proverbial cars unlocked with the keys in it?  Unfortunately, I think the answer is yes to some extent.  I equate it to leaving our valuables on the car seat in the darkest corner of the lot and mall security is on lunch.

Look, we all learn from our mistakes. And the first time we get burned we take measures to avoid a repeat performance. But the stakes are much higher and more serious now. You and your business cannot afford to have this happen. If you are attacked by cyber criminals you may not have a second chance to change things, you may not be able to recover.

 

So, what do you do?

Protecting one’s information has some easy starting points everyone should be employing. Let’s start with the easiest of them all

 

Passwords. Passwords should be case sensitive, long, and changed frequently. And this includes passwords on your desktop and laptop, server and router, access points, modem, bank accounts and phone at the very least.

 

Firewalls, antivirus, malware and ransomware. These are important watchdogs. Updates need to be done to the software on a constant basis to ensure that the newest threats can be guarded against

 

Lock the doors! Open network ports can be so easily access, mostly because most don’t know they are even open. Sad but true. And these ports almost always give thieves an opportunity to breach your network. This includes router ports and usb ports. Thumb drives ports can and should be closed by admins so employees cannot use them to up or download.  Emails are also an open door which can be used to enter your network. Have your network admin set up rules through your email account as to what emails are safe and which attachments are allowed.

 

And lastly Backups. I don’t think you can have too many backups.  One on a hard drive, one in the cloud, one in your home and one in a safe, one in shed buried in an old cigar box. It really is that important. It may be your only chance if your information is stolen or held for ransom. It also means you can be made whole again if some other catastrophe happens. It means you have options.

 

Doing all these things doesn’t mean you won’t be a victim of a cybercrime. It means you’re putting protections in place in case it does happen.  It is like buying insurance and a sump pump if you live in a flood prone area, that doesn’t mean you’re going to have a flood. It means you plan and can be made whole again if you do.


  • -

PCI Compliance still lagging in 2017

If we learn anything from 2017, it should be nothing is safe. I was recently reading a great article about PCI Compliance and it got me thinking. Why? Why are we so sure it couldn’t happen to us? Right now, the 2017 Payment Security Report Executive Summary from Verizon states that  ” For the first time, more than half (55.4%) of companies we assessed were fully compliant at interim validation, compared to 48.4% in 2015. But that means that nearly half of stores, hotels, restaurants, practices and other businesses that take card payments are still failing to maintain compliance from year to year.” That leaves almost half still Not PCI Compliant and a potential hazard to you and your personal and business information.

Now for those of you that don’t know what this is, PCI DSS  Payment Card Industry Data Security Standard. This is the standards by which the entity accepting your card as payment should be taking to ensure your information is not at risk. Think of them as doors and windows to your home. If you lock all the doors and windows it is much harder for someone to gain access to your home. Leave something open and you are creating the opportunity for something bad to happen.  But, we live in different times. When I was young, my parents never locked their doors.  Could you image leaving your doors and windows open today?

As a responsible business owner you are charged with keeping your (and your customers) information safe. This means you need to take certain precautions to ensure the information you collect (including names, addresses, credit card info, social security numbers etc.) is safe from attacks. Both online and physically. You must have training for all employees who handle this material.  No, it is not hazardous waste, but put the shoe on the other foot and try to imagine someone dumping your credit card number and name into the dumpster behind the store you just walked out of and not thinking twice. Three weeks later there is a big screen purchase and a trip to Fargo that you did not authorize.  Yes, it happens just like that.

Standards have been set for a reason, not to make it hard to do business, but to make it harder to gain access to vital information that can cause a lifetime of grief. Let us not forget that Equifax put a lot of us at risk for the foreseeable future. The data of roughly 145.5 million people was preverbally left in a dumpster to do with as they like and the ramifications will likely be felt for years to come. And that’s just one example.

So are you PCI DSS compliant? Are you taking the steps necessary to become compliant? Did you know that you can be held responsible for failure to take the necessary precautions and a breech happens?

If your business relies on credit cards for payment, you have had to submit a PCI compliance site survey. And more than likely you will have more red marks on your on your first attempt than a third grader in English class. But fear not, it doesn’t have to be hard. In fact, here are a few simple things you can do to get you started.

Install and maintain a firewall

Do not use vendor-supplied defaults for system password (admin is not a secure password)

Close all open ports on equipment (this will require conflicts with equipment and software to be resolved)

Protect stored cardholder information (lock up receipts in a safe)

Keep antivirus software up to date

Assign a unique ID to each person with computer access

Track and monitor all access to network resources and cardholder data

Regularly test security systems

Maintain a security policy and ensure that all personnel are aware of it

If you need more information or help becoming PCI compliant I can be reached at Jimmy@bitsbusinessit.com

 

Source 2017 Payment Security Report Executive Summary from Verizon


Sign up for the BITS & BYTES Newsletter Today