Data Cap Management Poses Challenges

We called it a long time ago, and now it’s a reality. Internet service providers (ISPs) are capping data, and it couldn’t happen at a worse time. As we continue to work and learn at home, use cloud-based services for application programs and data storage retrieval – and stream more entertainment, we’re set up to use more data. You’re going to need to look at data bytes like you look at calories on a menu.

We all know that calorie counts on a restaurant menu don’t tell the full story. The calorie count for a salad may be low, but dressing may raise the total through the roof. Knowing how much data you’ll use to watch a standard-definition movie on a device of any kind won’t really help you a whole lot in planning your data usage for a month. In reality, you’ll want that visual salad dressing – HD or 4K resolution – to enjoy the quality of the experience. A movie that requires 600 to 700 mbps to watch can easily balloon to 4 Gigs.

What’s really ugly about it is that most households or small businesses have multiple users on their internet plans. We’re still not going back to the office in droves in anytime soon, and the same is true for kids going back to school – although that will likely happen faster. If you have a business and have employees logging into your network from home, they’re using your data while logged into your system. They’re also using their own data to log in.

In addition to logging in to work from home, kids are logging in for classes, collaborating with classmates and doing research. That uses data.

Everyone, no matter where they are, is using cloud-based software to run applications and work with files. We’re all using data, too, for email, web browsing, social media and entertainment. That last item is a major source of data use for families that have cut the cable TV cord. The more people you have streaming different content, the faster your data usage can run up – and up.

We have no problem with that; it’s a reality. But we do have a problem with the ISPs’ lack of transparency in sharing our data usage. You can’t easily find how much data you’ve used during a billing cycle so that you can manage it. The ISPs make it easier for their big-business customers to know how much data they use. They don’t do it for small businesses or residential users.

If you don’t know how close you are to your limit or if you’ve exceeded it, you can be in for a surprise. Either your service will drop down to a slower speed, which is not cool during a business meeting or class, or you’ll wind up with an extra charge on your bill.

As the cable companies lose traditional cable TV subscribers, they need to make up for lost revenue by fine-tuning how they price their data plans. That’s fine. We knew they’d come to data caps. We just want them to be more transparent about telling us what the caps are, letting us know when we’re close and giving us realistic options for managing our caps.

Call us – 973-433-6676 – or email us if you have any questions about how to better manage your data use and monitoring at home or at the office.

Facebook and Apple Fight is About Monetizing You

If you’ve downloaded and installed Apple’s iOS 14.3 update for iPhones and iPads, you’ve put yourself in the sights of Facebook and Apple. Called “App Tracking Transparency” feature, it labels apps in the App Store, telling users what data those apps collect and whether it’s used to track them for advertising. Facebook, which makes its money from advertising, says the feature will harm small businesses that rely on targeted online advertising.

In many cases, you’re worth pennies on the dollar, but there are hundreds of billions of pennies at stake. And while both sides try to cloak their stands in privacy and free enterprise, it’s really about “fee enterprise.”

The gist of Apple’s policy is that when you download an app from the App Store, your activity on the device can’t be tracked unless you give permission. Until now, you had to opt-out to avoid being stalked electronically online. Most people usually ignore the opt-out/opt-in option, and Facebook and other web-based operations have made a lot of money by tracking you and selling the data to companies who want to sell something you want – or have indicated you may want.

According to a recent article in Forbes, Facebook itself estimates a 60-percent swing in advertising effectiveness between targeting and non-targeted advertisements. Facebook’s ad charges the article notes, will presumably match its ad-placement effectiveness. With the company controlling about 25 percent of a $40 billion online U.S. advertising market, up to $6 billion in annual revenue is at stake in the US alone. Google and Amazon also profit immensely from tracking you and selling your data.

The bottom line is that anyone who opts out is 60% less valuable than a regular customer, and that’s part of legal proceedings before the Federal Trade Commission and in 48 states. Apple, of course, has been taken to task for its practices in handling App Store operations, including who gets to put apps there, and other technical issues. They’re not saints, but that’s a separate issue from the Facebook issue.

The Forbes article likens Facebook’s operations to Ladies Night at a nightclub. On Ladies Night, clubs let women in for free expecting that they will attract men who will pay a cover, as well as spend money on the women and themselves. In a similar way, Facebook provides users with free services in the hope that advertisers will spend money on them. Facebook is like the owner-bartender who, for $10, will tell you everything he knows about a particular woman, including her relationship status and favorite drink.

I can’t speak for how a woman might feel after reading this, but anyone can feel some outrage about being put on display and sold. Yet at the same time, we’re looking for new and interesting products or services when we go online, and we may be open to new ideas when they’re presented to us. To me, that’s Facebook’s argument. You might view Apple as the guy who senses harassment and comes over to “protect” you.

To expand the transparency/privacy conversation, you have choices. You are able to use search engines and plug-ins that block unwanted ads while you browse the web and visit sites. Websites are fighting back by not allowing you access unless you unblock the ads on their site. You may not like the choices. You may not like sacrificing privacy for convenience or vice versa. But this is all part of the opt-in/opt-out battleground over who gets to profit from you.

If you have any questions about how to configure apps to meet your privacy or convenience needs, we can help. Call us – 973-433-6676 – or email us for an appointment to walk you through the process.

Understanding MFA and Other Security Measures

We recently added a new home-user client through the Nextdoor website, and during our initial conversations, we covered a lot of security issues. The new client, an elderly gentleman, had a really good handle on his online security. There’s a lot for us to unpack as individuals and as those who have elderly parents – though some of this can apply to everyone.

First, let’s look at passwords. While this discussion is inspired by our new client, our conversation can apply to anyone because we never know when someone will not be able to access vital personal information either stored on a computer or device or in the cloud.

When we take on a new elderly client, we spend a lot of time talking about online security, including passwords, password managers and MFA. We were heartened to learn our new client knew all about using his passwords properly. He seemed to understand the system better than many of our younger clients.

When he asked about using a password manager, a subject he brought up, we advised against it. While password managers can greatly enhance online security and can be extremely convenient (think about accessing a website from your mobile phone when you’re in an urgent situation), everyone needs to know the law of unintended consequences. Every password manager has an encryption key, and if you don’t have the master password with that encryption key, you won’t get in. That includes you as the account owner and anyone who might need to get into a website.

We told him it would be preferable to write all his passwords in a book. It doesn’t need to be locked in a safe, but it should be kept in a secure place – and at least one other trusted person should know where it is. This is critically important for the elderly or anyone else who may need someone to manage their affairs because of some impairment or death.

Second, let’s look at forms of security generally known as two-factor authorization (2FA) or multi-factor authorization (MFA).

We discussed using MFA for his online banking and financial activity, and he said: “That is so easy, everyone should be doing it.”

I agree wholeheartedly. It’s not that complicated to use it once you set it up. In most cases, you can link the authorization to a specific device or devices, such as a computer, tablet or phone. When you do that, you can sign into a website account from the authorized device(s) without going through the authorization every time – or you can set it up to require authorization every time. It becomes difficult if somebody is trying to sign into your account from another device, but of course, this is what the process is designed to do.

The way most MFA processes work is that when you sign in from a device, a code is sent by text message to a phone or to an email address. Once you receive the code, you enter it on a designated page associated with the website. The complication will come if someone is truly signing in on your behalf from an “unknown” device. That person will need access to the authorization message.

Another security measure that works for iOS devices is Apple’s iCloud Keychain. Functioning like a password manager to some extent, it allows you to use your device access code to activate a complex password to enter a secure website.

We can help you understand all the benefits and pitfalls of using MFA. The big problems, obviously, are to make sure you don’t lock yourself out of your account and know what do to if your phone is not working. Call us – 973-433-6676 – or email us to get comprehensive information about MFA and password managers and to configure your systems to work best for your needs.

The Ill Winds of Solar Winds

Look for a continuing fallout from the breach of Solar Winds, the giant technology management company that was responsible for the high-level federal government systems that were hacked last year. The hack is top of mind because some of our most sensitive systems were hacked, but businesses were affected, too. It’s time to look at the world of big data management.

The lesson we all need to learn from the hack of Solar Winds is that nothing is truly, truly safe. We don’t know where government agencies and private industry systems were breached – and how badly they were breached – and when it comes to the government systems, we’ll probably never know. But I don’t think we’re going out on a limb by saying that 1.) Solar Winds will need to work extra hard to regain the confidence of customers (and their customers, too) and that if 2.) they don’t succeed in repairing their systems and reputation, they’ll join a lot of other companies on technology’s garbage heap. From our various industry contacts, we had heard customers wanted to leave Solar Winds for reasons other than security.

The big data management companies should be subject to much more scrutiny by government oversight and by their customers. Strict government oversight similar to what we do to monitor CIA activity is necessary because of the extremely critical and sensitive nature of government work. Industry regulation is required to set standards for performance and accountability.

How much oversight and regulation are needed is a political question. What is not political is the need to keep our systems secure and, where possible, insist on transparency in letting us know when things go wrong. Dependency is critical because every system is so intertwined. It’s easy to see it if you look at it like a wheel. In the case of Soar Winds, look at them as the hub, and then look at every organization in their customer list as spokes connecting the hub to the rim. The rim is everyone who does business with any one of the spokes.

Solar Winds and its customers are not the first victims of sophisticated hacking, and unfortunately, they won’t be the last. Google has experienced problems, including an email issue last month, and Microsoft has had its share of issues. Look at what our nation went through with security for our elections.

As individuals we can demand that big data management companies take greater care, but we also need to own our security and asset protection. A lot of it is technology-based. We’ve implored everyone over the years to keep all operating systems, networks and application software up to date – to make sure you download and install updates, security patches and bug fixes. We’ve implored everyone to have all data securely backed up and to have a plan to get your assets – like money in your bank account – when you need them.

Beyond that, be critical of information requested when you fill out forms. Why does somebody need your social security number? Even for a job application, does your prospective employer need that information before they’re ready to do a background check or pay you? Don’t be afraid to question a request or demand a satisfactory answer. For companies where you have critical relationships, like your bank, maintain personal contacts. Know that you can pick up a phone and actually talk to a real human being when you’re concerned about your asset. We can help you with the technology part of security. Call us – 973-433-6676 – or email us for a security audit or to discuss applications and processes that can keep your computers as safe as possible when a big data manager is breached.

Shopping and Shipping 2020 Style

If you ask us to pick one word to define the 2020 holiday shopping season, we’d say “paradoxical.” With the pressure on to buy early and ship early, there’s no doubt you need to move fast. But at the same time, you should take a step back and carefully consider everything you do.

First, why the rush? Why do you need to shop early? Two reasons come to mind: 1.) You want to make sure you can get the gifts you want, and 2.) you want to make sure it can be delivered on time.

Let’s look at that second point first. It’s no secret that our major delivery services are already overtaxed. Many retailers contract with major shippers, such as UPS and FedEx, to deliver a specific number of packages during the season. They have already told the retailers they may not be able to pick up everything that’s on the loading dock every day, so it’s likely not all packages from the retailers will be delivered on schedule. We’ve seen major delays all year long because of the pandemic, and now we’re entering a time of traditionally high shipping volume. We need to take this into account if we’re ordering products that will be sent directly to the recipient.

In a sense, the retailers are competing with anyone who sends a package for that increasingly precious space on the trucks. There will be many people who will want to buy a number of items and put them in a single box to send to a family member or friend. If you’re planning on doing that this year, it’s even more reason to shop early – just so you can ship early. UPS and FedEx, which normally boast a 97 percent on-time delivery success rate, and the Postal Service, which normally boasts a 95 percent success rate, have all moved up their deadlines for the holidays.

And in the chaotic rush to send packages on time and ensure they’re received, here’s a scam tactic to look out for -fake shipping notices. We referred to it in our email, and it’s worth repeating. Scammers can send notices with fake links for tracking information. If you receive a notice, look carefully at the email address it comes from. Scammers are really good at making them look real, and it’s easy to copy and paste a logo. The better idea – if you want someone to know you sent something – is to send them the tracking info directly without any links to a website. The recipient can go to the website from a browser and add the tracking info.

Now for the products.

Don’t be so bargain-obsessed that you get sucked into a trap. There are too many to describe out there. If you see a price that’s too good to be true, be wary. This is the time of year that fake stores pop up online, including those that claim to be Amazon stores. When you do your comparison shopping, look at more than just the price. Look into the retailer. Sellers get ratings and comments just like products, and you should go to independent rating sites for retailers just like you do for products.

Make sure that phone numbers and addresses on store sites are genuine, so you can contact the seller in case of problems. Also take a second look at URLs and app names. Misplaced or transposed letters are a scam giveaway but easy to miss. Finally, carefully read delivery, exchange, refund and privacy policies. If they are vague or nonexistent, take your business elsewhere.

If you see a really good price, make sure it’s for a current model of a product – or understand you’re getting a clearance price on an older, lesser or discontinued model. That can be especially true with electronics.

Once you’re satisfied, you’re buying a legit product from a legit seller, use a credit card to pay for it – and make sure the site has the proper security. That can be tough because it’s easy for a scammer to use a fake https:// in the URL and just as easy to throw up any kind of graphic. You can always pick up the phone to complete an order. Don’t pay by wire transfer, money order or gift card. You won’t have any way to effectively dispute any charges if you’re dissatisfied with the purchase or have been duped. Sellers that demand these types of payments are generally scammers.

If you’re giving a gift to someone in your household or nearby, ordering online and picking it up at the store may solve a number of potential problems. You’ll be able to verify you got what you ordered, and you won’t need to worry about shipping delays. We’ve been using curbside pickup more and more and highly recommend it if it’s a feasible option.

We’re here to help in many ways during this holiday season. If you think you may have accidentally compromised your online security in any way, call us – 973-433-6676 – immediately. If you need help with setting up electronic gifts, email us.

What I’ll Miss About CES

I used to look forward to CES, the Consumer Electronics Show held every January in Las Vegas. Like everything else in town, it was glittery, glitzy and way over the top. But I always focused on finding the tech experts to learn more about how products worked. Now, it’s all changed. This year’s show starts Jan. 11, totally online, a reflection of where life is headed as the pandemic continues.

Being a techie, I loved talking to the engineers at the exhibits of product manufacturers. Whether it was for a product that caught my interest or one that many of my clients use, the engineers could answer my questions or explain the key areas that made a product work. They told me where I could unlock more capabilities and where I could stumble into a deep, dark hole.

You didn’t have to be a techie to get into the show. There was always something to wow anybody who attended, and there were neat toys that companies were giving away. Last year, I registered to get a flood detector that a company named Orbit introduced. It’s a good concept. It has Wi-Fi enabled sensors that you can put on the floor in a place that might flood, such as near a water pipe, sink, toilet or washing machine. It has an app that you install on your smartphone, and it warns you when the sensor detects water.

My friend, who attended the show with me, registered for one, too. They said they’d ship them; that’s what everyone says. After a while, we forgot about them. But last month, we got FedEx notices, and we could see that they were legitimately from Orbit. My system is on my basement floor, where, fortunately, it’s been silent.

But for all its glitter and glitz, CES is a show of concepts more than readily available products. Last year, as you may recall, healthcare was the major focus. If you had wristwatches stretching from your wrist to your shoulder, they would all contain features and apps that you couldn’t condense to just a few units. There were that many.

Flexible telephones, such as the one Samsung introduced, were not available until later, and the same was true of really large, really lightweight TVs with 8K resolution. Very few of them are on the market, and there is hardly any content I can think of that you can view with 8K resolution. Even 4K resolution is not universal – nor is it compelling technology for many.

I may go to the online CES, but it’s not the same. If you’re wandering around virtually, I’m sure there will be links to product manufacturers’ websites. But if you’re looking for information about the types of products you might buy, you can go directly to the websites. And if you want to actually see and touch the real thing, you might consider heading off to Best Buy.

If you’re looking for a TV, for example, you can get side-by-side comparisons by looking at multiple brand names, screen sizes and levels of technology. You can see if a specific size will fit in the room where you’ll watch it. You can do the same with any appliance and any type of smart home device you want to install. Seeing a product in person gives you a different perspective, and even with minimal sales staff, you can find somebody in a store who can answer some of your basic questions better than with most online chat services.

A trip to the store can also help us help you better with buying and configuring TVs, home electronics and smart home devices. You’ll have a better idea of what you want or need to buy and where to install it, and we’ll be better able to answer questions about what can work better and what’s possible to meet your expectations. Call us – 973-433-6676 – or email us. We can review product specs to help you make a good selection and provide whatever installation and configuration help you might need.

Finding and Thwarting Scammers

We helped a client recently resolve a personal financial issue that involved online banking and credit cards. The story illustrates some of the dangers we face in our online world. We can’t run away or hide from those dangers.

Those of us with aging parents face a gut-wrenching dilemma. Without getting involved in anybody’s specific family dynamics, we want our elderly parents to remain independent (as much as they want to be independent), but we also know they are more vulnerable to scams because they tend to be more trusting. Their vulnerability becomes even greater as they use technology more.

This story started with a credit card issued by BP, the gasoline retailer, and money that started to disappear from our client’s mother’s account through Synchrony, a bank that has close ties to Amazon and is used to finance merchant accounts. Our client manages the finances for his mother, who is in her 90s and lives in an assisted living facility. A gasoline credit card was odd because his mom stopped driving four years ago. That raised one red flag. Synchrony raised another.

We surmised that someone that someone was able to hack his mother’s bank account and then created a way to use her info get the credit card and create the transfer portal. In all likelihood, they found a piece of junk mail with the credit card offer and used it to do their dirty work. No email was involved. The credit card had a balance of $1,500, even though he had no knowledge of the card being used. So, he made a $200 payment and saw the balance transferred to what looked like a debit card. He also changed the bank account, but the connection was still there.

When our client wondered if his mom’s account had been hacked – and if any others had – we told him to investigate. He changed the bank account again and told us he was worried that his other accounts at the bank might be affected. In addition to his mother’s account, he had a personal account and one for his business. All were online. Fortunately, the scammers never got there.

To protect the money for the three accounts, our client created a sweep account in his wife’s name for personal use. This enabled him to clean out the accounts he was worried about on a daily basis to keep it safe.

At the same time, he had to send letters to the banks involved to cancel the credit card and close all the bogus accounts and open new accounts. None of this activity tied his mother’s taxpayer ID number to any of the accounts. Had there been a connection, the scammers could have done much more damage.

But it all started with the low-hanging fruit – that credit card offer that anyone could send in. The same problem can come from those “checks” you get in the mail that are really loans. Anyone can use them, and it can hurt you if your name is on the “check.”

Our advice: Pay as much attention to physical pieces of mail as you do to email. Don’t throw those offers in the trash or recycling bin. Shred them or cut them into tiny pieces that can’t be reassembled. At the same time, keep your online presence secure and check your financial info regularly to spot anything that looks out of order.

We can help you with a security audit and we can explain the technology behind various security measure you can take. Call us – 973-433-6676 – or email us to set up a consultation and implement a program.

Why Can’t We Vote Online?

We file our tax returns online. Our Social Security system is online. Businesses and financial institutions transfer billions of dollars online every day. Why can’t we vote online?

I know this is a politically charged issue, but we need to look at online voting to make our elections more accessible and more efficient. I say this as we wait for six states to reach a result, including Georgia, where my in-laws live, and neighboring Pennsylvania. We’re not complaining about the time-consuming, labor-intensive process required to count every vote, but it has given us time to think about how we can make the process better.

I’m casting a vote for online voting, and I am highly confident the many disciplines that make up our technology industry can make it happen. I know that fraud is a major concern, and while some may have overblown concerns, fraud is a valid worry. However, the industry does a good job of minimizing it.

On the personal level, we’ve already mentioned that we file our tax returns online – federal and state. Those who are part of Medicare and receive Social Security benefits can complete all transactions online, including paying their premiums and receiving their benefits by direct deposit. We can file for unemployment benefits online, access our medical records online and even re-enter the country using apps such as Global Entry, which relies on biometrics, and Mobile Pass, which relies on info accessed from a smart phone.

Businesses use all sorts of online systems to transfer money safely and securely. While government elections are sacred – as well they should be – there’s a lot of money at stake when companies and banks send billions of dollars through millions of transactions every day. When breakdowns occur, they can generally be traced back to the exploitation of someone’s sloppiness or ignorance. We know that one country’s government can have an interest in affecting another country’s government, but there’s a far larger universe of hackers looking for ways to get their hands on someone else’s money. There are more ways for them to access and monetize someone’s sensitive health information.

Therefore, if we focus just on elections, I believe we should be able to make those systems safe and secure. We have the tools in place; we just need to refine them and make them stronger. We constantly refine and strengthen tools as a general practice, so it’s not like we’re looking for something completely new.

We can also make better, more extensive use of two-factor authentication – as well as increased biometrics and other forms of password-replacement technology that can make our entire internet experience more secure.

Artificial intelligence (AI) and signature verification software has been used for years. We have systems for providing electronic signatures for financial transactions great and small. Why not apply this technology to elections? Technology can be used to verify or update many a person’s residence. We have driver’s license information and utility bills online, for example. When we change addresses, that information changes – and is recorded. In many states, we are automatically registered to vote or can register to vote when we get or renew driver’s licenses.

We have the technology to coordinate all this information. What we need now is the will to do it. Our COVID crisis has forced us to take long, hard looks at new ways of doing things we’ve always done. New processes and procedures are likely to stay as we emerge from the pandemic (we will at some point), and voting is one of them. States expanded early voting and mail-in or absentee voting to avoid larger lines and longer waits in crowded places. The overwhelming response likely means we’re not going back on that.

Going forward with online voting will require governments at all levels to change laws and requirements, and that won’t be easy. There’s a lot of passion and fears when it comes to politics and elections. The technology industry, too, will need to prove it can – beyond any doubt – provide a secure platform to hold elections.

But we, too, as individuals, will need to step up our game. We’ll need to make sure that our individual systems are secure by keeping our network and device firewalls, antivirus and malware software up to date and installed. We’ll need to make sure we have the latest operating systems – with security patches – installed, and the same goes for all the apps we use.

Online voting may not be the right option for everyone. We just think it’s time to add it to the other options already available.

And regardless of whether we have online voting, you should still take all the steps that are needed to keep your networks and devices safe and secure. If you have any questions, we can help. Call us – 973-433-6676 – or email us to discuss your online security needs – and talk about how we can promote effective online voting.

Healthcare and Ransomware

As many of you know, our family has spent a lot of time in hospitals over the past 30 days. Thankfully, we’re all healthy – and the doctors have been great. But looking at their technological support systems as a patient, parent and IT specialist, I could use an electronic sedative.

Judging from what I see in news reports, hospitals seem to be prime targets for ransomware. That’s a lot of sensitive data to hold hostage, and I have a greater appreciation of the consequences now than a month ago. Every hospital room I was in had a computer. Every member of the medical staff who examined Charlie or me had to login to enter all the data used to update our charts. Every medication we were given was logged into the system. The process created an information lifeline that was critical for every step in our treatments.

The data the hospitals used to treat us was entered before we were admitted. The doctors who examined us previously entered notes into our electronic charts. The results of COVID tests were entered. Everything, it seemed, had to be verified at every stage of our care. It was comforting to know that every caregiver had access to the latest information on a screen, where it could be clearly displayed without the need to decipher somebody else’s handwriting.

But what happens when the technology breaks down? What would have happened if just before surgery, a hacker had invaded Charlie’s chart or mine and held the records hostage as the anesthesiologist was about to administer drugs? What if one of us had a bad reaction to anesthesia during surgery? That’s not the best time for us to begin hostage negotiations, and even in the willingness to pay ransom, it’s not the same as going online to pay your credit card bill.

I’d feel a lot better about healthcare if the hospital systems put the same resources into information technology as they do into their healthcare technology. I saw truly amazing systems to treat us, but the news reports tell another story. IT systems, even in large systems in large metropolitan areas, are antiquated and don’t get regular updates for security patches and bug fixes. If I were prescribing a remedy, it would be to update those systems immediately.

And as large hospital systems acquire smaller, financially strapped hospitals, it’s even more important to take that update medicine. With telemedicine becoming more common, there’s more interaction with a variety of technology systems and networks, so I would demand the hospitals build electronic fortresses.

The same goes for physicians’ offices, regardless of whether they are part of a hospital system or in some other network. As patients, we regularly use the medical systems’ portals – websites – to access records, refill prescriptions and use other essential information. What if the doctor’s system goes down? What if someone is having a life-and-death emergency during a hostage negotiation because the doctor’s IT system was hacked?

To borrow an old phrase: Physician’s office, update thyself.

At the same time, we need to keep our systems secure. The hospital and office systems we deal with are likely to have done everything right. But if we leave a door open in our own system, it could be the opening a hacker needs to get into a healthcare system and hold critical data hostage.

We can help you make sure you keep up your end of the deal. Call us – 973-433-6676 – or email us to arrange for a security audit of your system. For hospitals and doctors’ offices, we’re always happy to provide a second opinion.

Websites and the Need to Know

Why do some companies and organizations, especially non-profits, feel the need to post the names of their entire staffs on their websites? The question came up in a recent conversation with an IT colleague.

Smaller companies and non-profits seem to get hack-attacked more often, and they tend to list everyone in the company or organization on their websites – along with their contact information. If that organization is running “lean and mean,” it could have a lot of people wearing many hats and juggling unrelated tasks. That can create a vulnerability when an outsider can distract a busy worker who has access to sensitive information.

Here’s a possible scenario that illustrates the problem.

When you list the contact info for the bookkeeper, you may be listing it for an employee who has access to all the organization’s financial data but has no need for public contact. A hacker doesn’t need to be especially skillful to use the bookkeeper’s email address to launch a phishing attack in a variety of ways. The most obvious, of course, would be to spoof a bank. But it could also be a spoof email from someone connected with the organization who is looking for something, such as wanting to know if a check was deposited.

If the bookkeeper responds to the bogus bank link or the spoofed email, it could open the door to getting more financial information or sensitive data – not only from your organization but from every person or organization you deal with.

Why take the risk? If you limit names and contact information to those whose duties involve some aspect of public contact, you can limit your exposure. If someone really needs to contact your bookkeeper, for example, they can call a general phone number for the organization where a gatekeeper can determine if it’s a legitimate call or can “take a message” so the bookkeeper or another employee can return the call. If the contact is made by email, it can go to a general mailbox, where a gatekeeper can read it and distribute it appropriately.

If you limit contact info in a small company or non-profit to the C-Suite, you can limit your exposure to hacking, ransomware and other vulnerabilities. If people outside your organization need to contact specific individuals, that information can be provided privately.

We can help. Call us – 973-433-6676 – or email us to help you set up appropriate email addresses and work with your web designer to make your website more secure.