Batting Cleanup...before March Madness

My last Blog post was at the end of January. Now, in late February - as the baseball teams get into the swing of Spring Training (see what I did there?) - and after Shawn, Chris, and Richard posted excellent Blog articles in February, I’m in the #4 spot. I’m “batting cleanup.” Don’t worry, I think the Astros are in good shape with a talented set of choices; it’s merely a sports analogy from a geek. We’re not going to compete in Minute Maid Park, but we will be there to cheer on the team when they start home games in April.

But I digress…back to late February and my thoughts for this riveting post.

Hmmm…so many passwords, so many post-its!

Hmmm…so many passwords, so many post-its!

Adding a key point to Shawn’s insightful post about Passwords, and combining with Chris’ thoughts about small business security, PLEASE STORE YOUR PASSWORDS IN A SAFE PLACE!

In January we blew through the 1-year anniversary of Hawaii’s bizarre “2018 end of the world” panic, prompted at the time by an emergency management signal that warned (falsely, it turned out) of inbound ballistic missiles from North Korea. In Houston it went largely unnoticed for several reasons, primary of which is that it didn’t happen here. However, in preparing discussion topics for an upcoming talk, I dug into the details to refresh my memory. My research (searching “hacked credentials: password in photo led to Hawaii emergency alert, north korean missile inbound”) centered around a key point: a password critical to the process had been compromised.

My time in government service, predominantly in the Army but in a wide variety of joint-service and civilian-heavy organizations, spanned a 30-year career that began in 1984. Over that period I saw more than a few changes in IT and our use of computers, electronics, gadgets, and other tech toys. I also worked in restricted access areas requiring secret and top-secret clearances, most obviously denoted by wearing a “Blue Badge.” This backdrop prompts me to note several disturbing aspects of the Hawaii incident:

1) A password was written on a post-it note and stuck to the monitor of the alleged source of the incident.

2) The post-it note with password was photographed in July 2017 and published on social media.

3) The photo was published by a proud government civilian, who wanted to share his great work environment with friends and family.

Sadly, the 3d item should never have happened. TOTALLY INAPPROPRIATE, and obviously the #2 and #1 items ALSO would not have happened had #3 never occurred. So it begs some questions: Why was the photo taken? How did a restricted space with a “blue badge” employee even allow the photo to be taken? If the photo was sanctioned, why was the area not “sanitized,” i.e., why did he show his access badge and post-it note, along with a host of other items and physical cues to what goes on in the command center? It is THE STATE of HAWAII’s EMERGENCY MANAGEMENT Command and Control Center! Can you imagine walking into the Pentagon, the White House Situation room, or Jack Bauer’s CTU crisis center and just taking a happy-snap for your Instagram post? I cannot.

Circling back to both Shawn’s and Chris’ posts, here is my point: just like not leaving keys in the ignition to your car with the windows down and doors unlocked, it REALLY is NOT SMART to write your password and store it in an obvious place near your computer. At Envision, we have fantastic tools to help individuals, small businesses, non-profit organizations, government entities, and even large corporations manage their information. You can trust me - in my life I have served at various levels of each of these types of organizations.

Pointing out Richard’s #3 Blog post of February, we have developed great loyalty and trust with our existing clients. Our amazing clients have helped build Envision Design into Houston’s oldest member of the Apple Consultants Network. We specialize in securing and monitoring their computer systems 24x7. And we are doing it in diverse situations, including the very restrictive, high-penalty world of HIPAA compliance and regulation. I’d like to highlight a key point of Richard’s “How to become an "En-Visionary"...” rewards program: because our clients TRUST us with the life-blood of their businesses, and because we have to earn their LOYALTY and retain it monthly, we understand that every customer matters. Chris pointed it out with his question of “So why should small businesses partner with a MSP?” EVERY business should have protection in place. We all owe it to our own patients, clients, customers, and business/practice/firm team members. The price of failure could be…well, failure.

In looking ahead to March, the elite teams will emerge in the NCAA basketball tournament. Another sports reference from Tom: March Madness is on the way! Love it or hate it — or even for those just indifferent to it — March Madness frenzy is measurable, and HUGE. Reflecting on our Blog posts, we’d love to see a frenzy of referrals in March, fueled by true passion to help each other secure, safeguard, and monitor sensitive information. As much as it’s about “NCAA tournament brackets,” I’d love to see March Madness become a business referral principle, as well. Send me your thoughts!

Data-driven targeted ads and Facebook's response

Seems we could do something more productive with these data than encourage a sad teen to buy something as a "confidence boost". But, according to this article by MIT Technology Review and Ars Technica, it seems the data was used in this way. Facebook has responded to this article here, and corrective steps are being taken.

For reference and further reading: