Chamber Holds Fourth Annual Green Symposium

April is finally here and we turn a special focus to celebrating and protecting our Earth and honoring Earth Day (4/22).  As co-chair of the Dutchess Chamber’s Living Green Committee, I am happy to invite one and all to a free event aimed at providing the local business community with actionable steps to achieving sustainability.  Our fourth annual Green Symposium is scheduled for Tuesday, April 29 from 8:30-noon at the Cornell Cooperative Extension, located at 2715 Rt. 44 in Millbrook.

This year we will also feature an Agriculture Showcase highlighting the farming and agriculture members of the Chamber.  Several are signed up to display their local products, food samples and services. Part of the morning will focus on green energy programs, marketing strategies and business organic recycling and be filled with expert presenters, exhibitors, networking and Q&A forums. The event is complimentary to attend and is open to members as well as non-members. A continental breakfast will be provided.

Ajax Greene, founder Re>Think Local and co-founder of On Belay Business Advisors, will deliver the Symposium’s keynote address.  Greene will discuss his perspective on building “place-based” organizations and a business community that expresses a strong commitment to being conscious of the triple bottom line: people, planet and prosperity.  He will talk about combining synergies including marketing and branding, people management, finance, operations and a strategic commitment to social responsibility.

To register for the Green Symposium, please visit dcrcoc.org or call 845-454-1700 ext. 1000.

The Dutchess County Regional Chamber of Commerce’s Living Green Committee works to implement greener practices for businesses that choose to reduce their ecological footprint. Throughout the year, they host numerous symposiums and events including the popular bi-annual Electronic Recycling Days.  For complete information about the group, visit dcrcoc.org and select ‘Living Green Committee’ under the ‘Committees’ tab.

For more on environmentally practices, please visit www.hvshred.com

Hope to see you April 29th!

Class Action Data Breach Lawsuit Settlement Rings Alarm Bells

The Emergence of the Class Action Data Breach Lawsuit:  Just one more reason it is imperative to take all means possible when it comes to protecting customer information.  A recent $3 million class action data breach lawsuit awarded by a Florida court in mid-March of 2014 sets the stage for many more such settlements.

The suit was the outgrowth of a laptop lost by AvMed, a Florida-based health insurer. According to widely published reports, after having been dismissed twice by lower courts, the U.S. Court of Appeals for the Eleventh Circuit allowed several of the claims, including those pertaining to negligence and breach of contract, to remain, and remanded the case back to the district court. The failure to dismiss the claims, a first in this type of legal action, is what then promoted AvMed to seek a settlement.

According to industry expert Bob Johnson, “Up until this Florida ruling, however, every such attempt had been summarily dismissed based on the absence of demonstrated financial damages. That’s why this is so significant. For the first time in history, with no damages directly related to the breach, the court allowed the case to proceed.”

This ruling could mean that in addition to the cost of breach reporting, credit monitoring and embarrassing headlines, class-action awards are more likely to be a costly consequence of data breaches in the future. Second, this precedent will provide an incentive for lawyers who specialize in class-actions to bring more such cases.

Following up on our recent posts on The Red Flags Rule, the key is better policies, better employee training, and heightened awareness of safe storage and disposal of customer data.

For more information on on-site shredding service and best practices in identity theft prevention, please visit www.hvshred.com

HV Shred Participates in local event to Benefit Small Businesses in the Hudson Valley

As the president and owner of HV Shred, I am honored to be a part of The Women’s Enterprise Development Center, Mid-Hudson Valley (WEDC-MHV) “The Road to Growth: Scale Your Business. Up Your Game.” The Thursday, March 27th conference will provide future and current business owners the opportunity to gain valuable information about how to grow their businesses in the current economic environment.

The keynote speaker for the conference, Willie. C. Taylor, Regional Director of the U.S. Economic Development Administration, will address the critical importance of small business as a key to economic development and growth in the region. The day will also include workshops for small businesses with guidance on how to grow their businesses and access capital.

Our main involvement is as part of a round table of successful Hudson Valley business owners, moderated by Tom Sipos, host of Hudson Valley Live Radio on critical issues affecting small business. Panelists are: Frank Campagna, President, ColorPage Marketing and Publishing; Judith Papo, President, HV Shred, Inc.; Lou Paradise, President and CEO, Topical Biomedics, Inc.; and, Kimberley Williams, Senior Vice President, Williams Lumber & Home Centers.

To register, email Laurie Rich, WEDC-MHV Program Manager at Lrich@wedcbiz.org or call 845-575-3438.

The Women’s Enterprise Development Center, Mid-Hudson Valley (WEDC-MHV) is the premier small business training center in the Hudson Valley focusing on equal opportunity for employment and business ownership for both men and women entrepreneurs. All are welcome to take advantage of WEDC-MHV’s affordable, high-quality business training, advisory services, disaster recovery consulting, and access to capital, so every entrepreneur can be empowered to build successful businesses and contribute to the local economy. The WEDC serves the counties of Dutchess, Ulster, Orange, Sullivan, Putnam, Westchester and Rockland in New York State. For more information please visit wedcbiz.org.

For more information about HV Shred and our involvement in the community, please visit www.hvshred.com

Part 3: Red Flags Rule Compliance

Continuing with our goal to educated businesses on proper compliance with the Red Flags Rule, today is an overview of the 4 step process.  We will cover each step in more detail in the coming weeks.  For now, here is an overview of the 4 steps:

Step 1: Identify relevant Red Flags- the potential patterns, practices, or specific activities indicating the possibility of identity theft.  These include taking into account risk factors and sources of red flags,.

Step 2: Detect Red Flags: Sometimes, using identity verification and authentication methods can help detect red flags. Consider whether business procedures should differ if an identity verification or authentication is taking place in person, by telephone, mail, or online.

Step 3: Prevent and mitigate identity theft: Upon spotting a red flag, be prepared to respond appropriately. The response will depend on the degree of risk posed. It may need to accommodate other legal obligations, like laws about providing and terminating service.

Step 4: Keep the program up to date: The Rule recognizes that new red flags emerge as technology changes or identity thieves change their tactics, and requires periodic updates to your program. Factor in personal experience with identity theft; changes in how identity thieves operate; new methods to detect, prevent, and mitigate identity theft; changes in the accounts offered; and changes in the  business community, like mergers, acquisitions, alliances, joint ventures, and arrangements with service providers.

Tune in again next week for more details.  Our goal is to help our business community with compliance which will, of course, also help protect every individual in the community as well from identity theft.  More at www.hvshred.com

 

Legal Responsibility to Protect Consumers’ Private Information

This week, we start a series aimed at educating business about their legal responsibilities regarding protecting consumers’ private information.

First, some background:  According to the Federal Trade Commission (the government organization charged with consumer protection), an estimated nine million Americans have their identities stolen each year. Identity thieves may drain accounts, damage credit, and even put medical treatment at risk. The cost to business — left with unpaid bills racked up by scam artists — can be staggering, too.

The Red Flags rule requires many businesses and organizations to implement a written identity theft prevention program designed to detect the “red flags” of identity theft in their day-to-day operations, take steps to prevent the crime, and mitigate its damage. The bottom line is that a program can help businesses spot suspicious patterns and prevent the costly consequences of identity theft.

The Federal Trade Commission (FTC) enforces the Red Flags Rule with several other agencies. Stay tuned over the next couple of weeks for our series detailing the rule.

For instant resources on identity theft protection, please visit www.hvshred.com

Perhaps the lowest scam of all?

In a recent press release from the FTC, it seems scam artists have perhaps hit a new low.  In the latest lure to trick people into clicking on links that will download malware to their computers, scammers are sending bogus emails with the subject line “funeral notification.” The message appears to be from a legitimate funeral home, offers condolences, and invites recipients to click on a link for more information about the upcoming “celebration of your friend’s life service.” But instead of sending you to the funeral home’s website, the link sends you to a foreign domain where the scammers download malware to your computer.

Malware, short for “malicious software,” includes viruses and spyware that get installed on your computer without your consent. These programs can cause your device to crash and can be used to monitor and control your online activity. Criminals use malware to steal personal information, send spam, and commit fraud.

If you get an email about a friend or loved one’s passing, the Federal Trade Commission, the nation’s consumer protection agency, says hit Delete. Don’t click on the link. You may then want to contact the funeral home or family directly to verify the information.

More tips from the FTC to reduce your risk of downloading unwanted malware and spyware include:

  • Keep your security software updated.
  • Don’t click on any links or open any attachments in emails unless you know who sent it and what it is.
  • Download and install software only from websites you know and trust.
  • Make sure your browser security setting is high enough to detect unauthorized downloads.
  • Use a pop-up blocker and don’t click on any links within pop-ups.
  • Resist buying software in response to unexpected pop-up messages or emails, especially ads that claim to have scanned your computer and detected malware. That’s a tactic scammers use to spread malware.
  • Back up your data regularly.

 

For more information on Identity Theft Protection, please visit www.hvshred.com

Another Scam to Watch Out For

Perhaps even more frequently than every day, it seems like there is a new scam hatching.  Here’s a new one we learned about from a fellow member of the NYS CPA Society.

In a recent message board post, Mr. Mendlowitz warned to be on the lookout for ‘One Ring’ cell phone scams.

It’s called the “One Ring” scam, because the scammers program computers to send thousands of calls to random cell phone numbers to ring once, and then disconnect. The scammers hope you are curious enough about the call and that you will return the call right away.

When the cell phone owner returns the call they are charged $19.95 for the international call fee. After that there is a $9.00 per minute charge. Often the victims will first hear music, then maybe advertising but it’s easy to see how quickly these charges can add up.

If anyone thinks they may have fallen for this scam, they should immediately alert their cell phone carrier and keep an eye on their cell phone bill.

For all matters related to identity protection and data safety, please visit www.hvshred.com

Keeping Children Safe on the Internet

On-site shredding service is our main gig but those who follow this blog know we like to use this space to share public service announcements as well.  There are few topics more important than protecting our children.

The FTC has just released a its latest update on a great resource for helping to protect our children when they are on line.

Te revision of the FTC’s free guide, Net Cetera: Chatting with Kids About Being Online, is now available. The booklet has updated tips for parents, teachers, and other adults to use when talking with kids about online safety and digital citizenship.

The guide reflects changes in the online space since it came out in 2009. Among other timely and important issues, the guide includes tips on:

The booklet also includes information about the recent changes to the Children’s Online Privacy Protection Act (COPPA), and the rights and choices parents have in protecting their kids’ privacy online. And, of course, the guide covers key issues like cyberbullying, sexting, phishing, and computer security.

Net Cetera has topped the Best Seller list at the FTC for years. More than 9.3 million copies of the original version of the booklet were distributed in just over two years, making it one of our most-requested publications.

Order free copies of Net Cetera from the FTC’s bulk order site. Use them at the kitchen table, the all-purpose room at school, even at your local library.

For more information about identity theft protection and related topics, please visit www.hvshred.com

More on Apps Safety-Mindfully Sharing Location Data

HV Shred is all about helping our community protect private information.  Last week, we covered the basic overview of app safety.  More specifically this week, we cover location data.

Some apps use specific location data to share maps, coupons for nearby stores, or information about who we might know nearby. Some provide location data to ad networks, which may combine it with other information in their databases to target ads based on our interests and our location.

Once an app has permission to access location data, it can do so until we change the settings on our phones. If we don’t want to share our location with advertising networks, we can opt to turn off location services in the phone’s settings. Of course, if that is done, the apps won’t be able to share information based on our location unless we enter it ourselves.

In addition, the phone uses general data about its location so our phone carriers can efficiently route calls. Even when we turn off location services in the phone’s settings, it may not be possible to completely stop it from broadcasting location data.

The point is to be mindful and selective of the apps we choose.

A recent case both metaphorically and literally shed light on the locator capability and possible abuse of apps:

Dating back to early 2011, people have downloaded the Brightest Flashlight app to more than 50 million Android devices — making it one of the most popular free apps on the Android marketplace. According to the FTC, most of these users probably didn’t realize that anytime they launched the app, it collected and broadcasted their locations and device IDs to advertising networks and other third parties.

Goldenshores Technologies, the developer behind the Brightest Flashlight, has agreed to settle FTC charges that the company didn’t adequately disclose what information it collected and shared — not in the app’s user agreement or anywhere else.

For more on identity theft protection best practices, please visit www.hvshred.com

Mobile Apps and Security

As always, HV Shred aims to provide valuable guidance to our  community on how to protect confidential data. These days, we use apps for everything from banking to listening to music to finding the best restaurant for lunch.  One thing we must consider in the process is the data we are sharing–even broadcasting as we take advantage of the tools provided by apps.

When we sign up with an app store or download individual apps, we may be asked for permission to let them access information on our device. Some apps may be able to access:

  • phone and email contacts
  • call logs
  • internet data
  • calendar data
  • data about the device’s location
  • the device’s unique IDs
  • information about how we use the app itself

Some apps access only the data they need to function; others access data that’s not related to the purpose of the app.

If we are providing information when using the device, someone may be collecting it – whether it’s the app developer, the app store, an advertiser, or an ad network. And if they’re collecting data, they may share it with other companies.

Spend some time verifying the extent to which downloading and using each app is sharing your information.  Consider what you know about who created the app and what it does. The app stores may include information about the company that developed the app, if the developer provides it. If the developer doesn’t provide contact information – like a website or an email address – the app may be less than trustworthy.

Android operating system users have an opportunity to read the “permissions” just before installing an app. Read them. It’s useful information that tells what information the app will access on our devices. Ask whether the permissions make sense given the purpose of the app; for example, there’s no reason for an e-book or “wallpaper” app to read text messages.

Apps are tools for tremendous convenience but also need to be implemented judiciously.

For more on identity theft protection, please visit www.hvshred.com