Tuesday, October 17, 2017

Still Can't Live With 'Em

   It's US Cyber Security Month and, like clockwork, we have Yahoo! in the news again telling us that the worst case from the past just keeps getting worster (I can make up words, can't I??? :-).  They are now counting their breached accounts at over 3 billion!  How many people are there in the world these days?...  Last year at this time, they announced the breach of 500 million Yahoo! account passwords and other info (while announced in 2016, the breach actually took place in 2014, and is not the same as the password breach they had in 2012! - yes, I know... it's hard to keep up!).  In honor of both Cyber Security Month and Yahoo!, I'm re-running a post I wrote in... wait for it... 2012!  Not only is everything I wrote in that post 100% relevant today, but I even commented on that 2012 Yahoo! breach.  The more things change, the more they stay the same.  Happy Cyber Security Month!

   They're dead.  They're here to stay.

   They're safe.  They're breached.

   They're encrypted.  They're visible.

   They're complex.  They're too simple.

   Once again, the topic we love to hate... Passwords!  And, you know what else???  It's also that greatest of holiday celebrations... US Cyber Security Month!

   Passwords are a mess!  A "good" password has these features:
  • hard to create
  • hard to remember
  • hard to enter
  • probably has to be changed as soon as you memorize it
  • plus other inconsistent, random rules depending upon the site


Tuesday, October 3, 2017

Thoughts about Change

   We've all heard the cliche, the only thing that is constant is change.  Many of our organizations are undergoing all kinds of change.  We may have professional changes.  And, of course, there are personal or life changes.

   Sometimes you have control over changes - they can be choices.  Sometimes you don't have control over the change.  But you do have control over how you respond to change.

I've spoken with many people whose organizations are undergoing change.  That can lead to some uncertainty, but that is not necessarily a bad thing.  It's really just something new.  And change often brings opportunity!

   One model that can be used to help people through change is the Bridges Model of Transition.  Bridges defines a transition path that begins when a change is announced or recognized. and ends when people are successfully in the changed state.  The key is what happens in between!  Bridges describes 3 stages that people must move through.
  1. Letting Go - this means both understanding and coming to terms with the change.  It can be characterized by fear or other negative emotions.  Leaders can help by communicating, listening, and empathizing.  Recognize that different people change at different rates.  Individuals can help by talking things through with their leaders.
  2. The Neutral Zone - this occurs once people get past their initial reaction to change.  This can be a period of uncertainty.  Leaders can help by providing direction and continuing to communicate.
  3. The New Beginning - this occurs when the organization has arrived at the new state.  Since people do change at different rates, all team members may not arrive here together. Leaders can help by recognizing the state of team, providing extra direction where needed, and celebrating successes of the transition.
   I've been thinking about the topic of change for a couple of reasons.  First, my current organization is undergoing the change of integrating in a new organization.  This is actually a great synergy and creates many great opportunities both for the business and for individuals.  But as we discussed above, change affects different people differently.

   In addition, I'll be undergoing my own change soon as I transition to a new and exciting opportunity!

   Thank you to all my current colleagues for their partnership and support!  I know our paths will cross in the future.

Tuesday, September 19, 2017


   Or maybe we should say Equi-Fiasco!

   By now you've certainly heard about the Equifax breach including leaked social security numbers and other personal information on over 143 million people.  And there's plenty more info to come with this one as the facts continue to get uncovered.

   I certainly don't mean to be jumping on the bandwagon here.  There has already been so much coverage of this breach, but it is a big deal.  And, while I've seen a number of articles on what to do now, I haven't seen any that really cover everything you must do to protect yourself.

   Let's do that now!

   The bottom line is this... it's 2017... no one can or will protect your personal information.  You must take appropriate steps to protect yourself.  And here they are... in no particular order... the top-10 things you should do to protect your personal and financial information:

Tuesday, September 5, 2017

I Have Neither Read Nor Understood

   The site masthead starts out with the statement:“I have read and agree to the Terms” is the biggest lie on the web. We aim to fix that.

   This is the lead statement on the tosdr.org website.  tosdr is an acronym for "Terms of Service; Didn't Read".  It's a play on words (play on acronyms? :-)) of tl;dr, Too Long; Didn't Read.  tl;dr has been a term floating around the interwebs for many years.  It simply expresses a sentiment that many people can relate to... that we're busy, so when there is a long article, post, whitepaper, document, documentation, etc., we might just not read it.  That also leads to the idea of the tl;dr version, i.e. executive summary!

   Clearly, Terms of Service statements fit into this category.  They tend to be exceedingly long.  They are often written FLBL (For Lawyers, By Lawyers)! :-)  You see them all over the place... on your bank's website, on social media sites, when you sign up for just about any kind of service, and with just about every app you install.

   So, if no one reads them, what's the problem?  Like a contract, the Terms of Service or EULA (End User License Agreement) provides some very important information.  For example, it may cover:
  • how the app, website or company can use your personal data;
  • if the site can sell your data,
  • whether or not you own any content you upload (such as to a social media site);
  • how, when, how much you can use the app, service or website;
  • if the site can charge you money, either one time or ongoing;
  • if you have any rights to seek damages against the company if you don't like how they conduct business
  • and more...

Tuesday, August 22, 2017

Don't Blame The IRS

  In a post last month, I include a recording of an obviously fake voice message warning about payment and fines due to the IRS.  If you've read my blog in the past, I talk a lot about scams and give tips to avoid them.  We've often discussed that legitimate organizations should not just contact you and ask for personal information.

   That just makes sense.

   But telling the difference between a legitimate call and a scam call has gotten harder.

   A reader let me know that the IRS is now using collection agencies to collect back taxes!  That just makes it even tougher to tell the difference between a legit collection call and a scam!

Tuesday, August 8, 2017

You Gotta Be You

   I just received an update from the Social Security Administration.  Yes, it was real! :-)  It was a reminder to log in to the SSA website to check my information online.  That also made me think about advice I've written about in the past... it's critical that you connect and establish your presence on critical government websites before someone else can create an account in your name.

   Here's a rewind of a 2016 post with all the information...

   I recently received a letter from the SSA (Social Security Administration).  It provided instructions for me to finish setting up my online account.  As I've written in the past you can, and need to, create personal accounts on the SSA and IRS websites.  The key issue is that you need to reserve and establish your identity on these critical government websites before someone else does it for you!  This is ID Fraud is still a big issue.

   These accounts are straightforward to set up.  One thing you will need to do is go through an Identity Proofing process.  That process asks you for some personal information that, in theory, only you should know.  I list info about the irs.gov account creation process in this post.

   Here is some info from the ssa.gov website:
You can create a my Social Security account if you’re age 18 or older, have a Social Security number, a valid email, a U.S. mailing address, and a cell phone that can receive text messages. You’ll need to provide some personal information to confirm your identity; you’ll be asked to choose a username and password; and then provide your cell phone number. You’ll then receive a security code via text that you will be required to enter when you first create an account. We’ll send your cell phone a new security code each time you log in with your username and password. The security code is part of our enhanced security feature to protect your personal information. Keep in mind that your cell phone provider's text message and data rates may apply.
   Now SSA has increased their security by offering two-factor authentication (2FA) on their site.  We've written about 2FA a number of times in the past.  SSA had said this was coming and now it's available.

   I highly recommend that you create accounts on these sites and use 2FA where available.  Here are the instructions for SSA.  Here for the IRS.  You can enable 2-factor authentication on the SSA site when you create your account.  Here's a link to a previous post looking at other sites where 2FA is available.  Double up wherever you can!

Tuesday, July 25, 2017

The Matter at the Hand

   Check this out!...

   Here's a transcript:

   Calling from Criminal Investigation Division of I-R-S.  The matter at the hand is extremely time sensitive and urgent, as after all that, we found that, there was a fraud and misconduct on your tax which you are hiding from the federal government. This need to be rectified immediately so do return the call as soon as you receive the message. The toll free number is 1-8-6-6-9-7-8-6-6-1-8. I repeat again, 1-8-6-6-9-7-8-6-6-1-8. Thank you.

   Needless to say, this is a scam.  You can look at all of these reports on phone number lookup sites.

   Now, you may think that this obviously sounds like a scam.  However, it unfortunately works.

   So what should you do if you or someone you know receives one of these calls?

  1. Don't respond.  Just leave that alone.
  2. Report it.  Here is the FTC info page on reporting scams, spams, do not call or telemarketing violations and other issues.  Here is the complaint reporting page.
   I did file a report with the FTC.  It doesn't take long and it's the right thing to do.

   While these calls can be either annoying or entertaining, the bottom line is that they work and some people do fall for these scams.  So educate yourself and others.

   Do you have any interesting robo-call or scam stories to share?