Thursday, December 31, 2009

How good is the new cybersecurity chief?


Howard Schmidt, (photo courtesy of white House) the former chief security officer of Microsoft and vice president for security at eBay was just appointed cyber security chief in the Obama administration. Schmidt also served the Bush administration's Critical Infrastructure Protection Board after Sept 11, 2001.

The seattleweekly.com had a VERY derogatory article about his qualifications as a security man. when he was at Microsoft windows 2000 was hit by the Code Red worm and other attacks. That was LONG ago but the cyber community is less than impressed.

Here is what By Mark D. Fefer had to say about him:

"With a top banner featuring a 10-year-old iMac (the big, bulbous, colored one) and various 1's and 0's, the site looked roughly like what an aspiring IT consultant from Des Moines might have ginned up in 1999. The home page featured the R&H logo; Schmidt's oft-used tagline about the country's need for a "mosaic of security"; and the phrase "Under Contruction" [sic]. Indeed every page at www.cyber-security.us—Contact, About Us, and News—was under construction. No PayPal buttons or interactive functions for Schmidt; his site was locked down tight.

A few days after we posted a blog item about Schmidt's site, it was taken down entirely."

Labels: ,

Tuesday, December 29, 2009

Social Networking and Some Employment Law Snafus (Part 2)

     In this article, we try “round two” of stumping the HR person!  That is to say -- let’s take a look at a few additional employment-related social networking challenges, and how an HR person (or supervisor) might best respond.

1.     Management allows some online posting during work hours, but notice one employee who averages 100 Tweets per day on Twitter.
Does it matter if it is part of their job to post Tweet updates?  How many posts are too many, is the question!?

A reasonable course of action by any standard, would be to warn the employee of the excessive number of posts.  Thereafter, it needs to be determined whose function it is to monitor such media outreaches – HR? Corporate Communications? IT? – which may depend on resources.  Larger employers may consider having a media department that would oversee such outflow.  Tweets can positively impact business! 
One Wall St. Journal article noted that the number of Tweets regarding a movie release does affect the numbers at the box office!

2.      You receive a phone call saying one of your employees has been posting derogatory comments on her ex-husband’s blog.
Does it matter how high-profile the employee or ex-spouse are?  What about whether it was posted during work hours or whether it depicts a company uniform or logo?

Ask for evidence of the postings!  (Such as a print out of the posting.)  Certainly one would need to determine whether or to what extend the company was identified within the post, and whether it was posted during work hours, and warn accordingly.

3.      What if you WANT your employees to help grow your business through social networking??
Are you going to want to require that employees join a social networking site?

A good solution for this may be to identify which sites would be acceptable for business purposes, (some favor Linked-In, for example).  You will need to decide if such postings are mandatory (in which case, you need to be prepared to pay for this time), or optional (in which case, you need to decide if work time can be allotted for this).  In any event, some guidelines ought best be established regarding content, and all postings should be monitored. 
Some employers are finding ways to block social networking, although that can turn away employees as well!  Why not have a separate business page from personal, on those sites that allow it?!

Continue your feedback…we may have a social networking and employment law snafu, part 3 at some later time! 

Labels: , , , , ,

Monday, December 21, 2009

Social Networking and Some Employment Law Snafus (Part I)

Imagine yourself the Human Resource Specialist for a large employer – as the arena of social networking explodes, you are faced with a series of issues that were never even considered before the days of internet insanity. Let’s try out a handful of these situations, and see how you would fare –
1. One of your employees is found to have posted their photo, complete in company logo shirt, on Facebook.

Does it matter that it’s a personal site? How ‘bout that the logo is represented in the photo?

The outcome might be to consider prohibiting the display of a company logo, or product, etc., on even an employees’ personal site. (Keeping in mind that certain businesses may want to have their logos or products given higher exposure.)

2. What if the employee’s photo is of themselves at work in a skimpy bikini?

Certain websites have privacy abilities where such photos may not even be seen, however, coworkers often bring to your attention items that even the employee themselves may not realize is visible. Can someone’s behavior after work hours be monitored? How does such monitoring balance with freedom of speech protections?

In reality, a situation like this is probably best handled in consultation one-on-one with the involved employee. The best case scenario would be the employee didn’t realize the photo was publicly visible and agrees to remove it. However, another outcome might be to consider prohibiting the posting of photos of work area, or on-duty activities. (For certain companies there is a security justification for such posting prohibition.)

3. What if employees take a pay cut because business is down, and then photos are posted by the boss’ wife on Facebook?

And then the employees start circulating a union petition…and demand a raise?? Isn’t there some similarities to the boss driving up to work in a new car?

At its heart, this is all about perception. If workplace executives or managers are counseled on the business impact of personal posts, along with the encouragement of using privacy settings, it should help. Also, it can’t hurt to increase your transparency, so to speak, of business finances. (And possibly gear up for a union election campaign at the same time!)

We want to hear from you – send your social networking and employment law snafu situations to us this week at suebmartines@gmail.com, and stay-tuned for Part II!

Labels: , , , ,

Friday, December 18, 2009

Terrorists using Internet for Money Laundering, Fundraising…and Identity Theft

by Aleshia Altizer

How serious would you be about protecting your identity if you knew terrorists were on the prowl, seeking to use fraudulent funds to finance activities? Discovery.com has posted a Q&A with Tom Kellermann, a former member of the Treasury Security Team at the World Bank. Kellermann advised central banks on monitoring illicit online activity and had some startling things to say about how terrorists are funding their attacks.


In the article, Kellerman discusses how one terrorist funded an attack with more than $150,000 he hacked from American bank accounts and credit lines. On top of that, he wrote a book on hacking to educate his followers.


Terrorists don’t have to be hackers themselves to get their hands on stolen data either. They can hire assistance from underground chat rooms. “There is a complete community now where you essentially can hire mercenaries to build code to attack a targeted system and to data mine that system for your own use,” said Kellerman.


- - - - - - - - - - - - - - - -


Aleshia Altizer is a Corporate Writer at Pre-Paid Legal Services, Inc. Pre-Paid Legal's signature products, including the Life Events Legal Plan and Identity Theft Shield, serve more than 1.5 million families in North America.

Labels: , , ,

Friday, December 11, 2009

Dogged by Charities Wanting Donations? Don’t Give Up on Helping Good Causes, but be Wary of Scams

By Stacy Whelchel

The holidays are known for bringing out the best, and unfortunately, the worst in people.
From the familiar sound of the Salvation Army kettle ringers to phone calls soliciting for charities, the cry for help is even louder this time as families continue to struggle and the desire to lend a hand becomes even stronger.

Regrettably, giving is not always the right thing to do thanks to holiday scams which work to take instead of give to those who want to help and those in need.

The Federal Trade Commission has issued a warning to remind everyone wanting to give to charities that a donation request is not always what it seems. Here are a few tips for giving wisely: Donate directly to the charity and not paid solicitors on the phone, who sometimes keep a portion of the money collected. Check out a charity before you donate. Several websites like the Better Business Bureau’s Wise Giving Alliance, http://www.bbb.org/us/charity, can assist you with nonprofit information. Don’t give out personal or financial information, including bank accounts, Social Security Numbers or credit card info to anyone who calls to solicit a contribution from you. Scam artists can use this to commit identity theft fraud against you.

Happy holidays to everyone and may this be a season of giving wisely in abundance!

- - - - - - - - - - - - -

Stacy Whelchel is a Corporate Writer at Pre-Paid Legal Services, Inc. Pre-Paid Legal's signature products, including the Life Events Legal Plan and Identity Theft Shield, serve more than 1.5 million families in North America.

Monday, December 07, 2009

Medical Identity Theft on the Rise

By Aleshia Altizer

Imagine finding out that someone has used your identity to get more than $100,000 worth of medical treatment. Imagine finding out there’s incorrect information in your medical file like the wrong medical history, blood type and allergies. The Wall Street Journal recently posted an article on the increasing prevalence of medical identity theft and the impact it has on its victims.

As more and more medical records become electronic, the information becomes easier for thieves to steal. Unfortunately, many don’t realize an identity theft has occurred until their medical records have been distorted and medical bills ran up.
The impact can be very serious if personal medical records are altered with the wrong medical history, blood type and allergies. The article says that consumers could also exhaust their lifetime coverage or be considered uninsurable, if their insurance has been used by someone else.
- - - - - - - - - - - - - -
Aleshia Altizer is a Corporate Writer at Pre-Paid Legal Services, Inc. Pre-Paid Legal's signature products, including the Life Events Legal Plan and Identity Theft Shield, serve more than 1.5 million families in North America.

Labels: ,

Tuesday, December 01, 2009

CPA’s, Identity Theft, and the Law

By: Sue B Martines J.D.

The attorneys may have gotten off the hook for the Red Flags Rule requirements, but so far, not the CPA’s, among other “professionals” (such as physicians). Picture this – two so-called “professionals,” one an attorney and one a CPA, discuss identity theft and the Red Flags Rule implemented by the FTC to help businesses develop “Red Flag” indicators for fraud – the conversation might go something like this:

Attorney, “being a busy professional, I sure am grateful to not have another burdensome requirement made of me by the government!”

CPA, “being a busy professional, I sure am grateful for the opportunity to have guidance on how to better guard against the time-consuming, professionally-damaging and high client impact of an identity theft or data breach!”

Two different professionals, two different treatments so far, by the law!

In a previous posting, we discussed the recent court decision finding attorneys exempt from the “burdensome” requirements of the Red Flags Rule; here we make the somewhat absurd double-standard comparison, you might say, to one of their counterparts -- CPA’s.

We all know there’s no immunity from identity theft risk. The American Institute of CPA’s itself fell prey to the #1 risk factor – human error – when in 2006 a damaged hard drive containing personal information was sent out for repair and was lost in transport. (http://www.pro2net.com/x52999.xml)

However, in an IRS online publication regarding CPA’s and identity theft, you will find zero things unique to the CPA that wouldn’t equally apply to an attorney! (http://www.irs.gov/pub/irs-utl/identity_theft_what_cpas_need_to_know.pdf)

Certainly the fight may not be over for CPA’s, or other “busy professionals” whose attorneys will challenge the Red Flags Rule “requirements” to have an identity theft prevention and mitigation plan in place by June 1, 2010.

Yet, if only all CPA’s could look at identity theft and data protection measures like the one in the discussion above – it could mean less lawsuits for the “burdened” attorneys, and better protection of client data!

Maybe the requirements of the law aren’t that bad of an idea after all!

Sue B Martines is a recovering attorney of 12 years now living in Oregon. Sue can be reached at, suebmartines@gmail.com

Labels: , , , , , ,

  • All Material is Copyright © 2009 Michael McCoy and SEAS, L.L.C
  • Deter. Detect. Defend. Avoid ID Theft - www.ftc.gov/idtheft