Temperature in the mid 50′s.  Not too windy.  Beautiful day for an end of year bike ride.  Except…

Almost made it back home before I dropped the bike in the street.  Water, ice and skinny tires do NOT mix.  The good news is that I only have bruises and abrasions on my hip, elbow, ankle and thigh.  The bad news is that I cracked my helmet and messed up the bike.  I wanted to have it serviced in January anyway, but I guess it’ll need a little more work now.  Sigh.

In any event, have a very Happy, Safe and Healthy New Year and don’t ride your bike like I do.

It’s Holiday Season, Do You Know Where Your Wallet Is?

While it’s worth remembering all year long, it doesn’t hurt to remind ourselves that the holiday season brings our the best and worst in people.

The con artists will be out in full force this year.

Here are some tips that will help you get through the holiday season safer and hopefully with your wallet and credit card intact.

1. When shopping in brick and mortar stores, watch your wallet and purse.  Pick pocketing is still a thriving occupation.

2. When you take your purchases to your car, stow them in the trunk.  If you go back into the store or mall, you’re leaving an invitation for a broken window and missing packages when you return.  I put my things in the trunk, then move the car so anyone who is watching thinks I’m leaving.  OK, I’m paranoid; I also don’t like sitting with my back to a window or door.

3. Watch the people around you when you check out.  It’s easier than ever to use a cell phone to take a picture of your credit card while you’re at the register.

4. If you’re purchasing a gift card, pick one at random from the display.  Con
artists will take a card or two, steal the information from it and put the card
back onto the display.  Then wait patiently for the card to become activated so
they can use it to shop online.  Also, don’t buy cards online unless you know
the seller.  Sometimes, worthless cards are sold online.

5. Tis the season for heartache and charity scams.  Be especially careful with
your email messages.  Return addresses and organization names are easily forged.  Beware of similar sounding organization names; Make a Wish Foundation is not Leave a Wish Foundation.  You get the idea.  Know your charities.

6. Don’t wire money to Joey in England who can’t get home for Christmas because he lost his wallet.  (Unless you know Joey is your son and you spoke to him on the phone.)

6. Did you get an email from a charity and the request came from a Yahoo, Hotmail or Gmail account?  Any organization worth your donations has its own domain name and email system.  Be suspicious of any charity with a free email address.

7. One last low tech reminder.  Don’t leave you purse or wallet where it’s visible.  Years ago, my mother had her purse stolen from beside her desk when she was away for just one minute.  The thief walked into the office, picked up the purse and was gone before anybody came back to the front.

Have a safe, happy and healthy holiday season.

Phishing is the practice used by internet criminals of using false information to extract personal or financial information from unsuspecting computer users.

Use the following guidelines to avoid getting hooked by the scammers:

- When you receive an email message that asks for personal or financial information, delete it without clicking on any links in the messages. Do not copy/paste a link into your browser; subtle misspellings can send you where you do not want to go. If you want to verify the information, open your browser and type the URL of the company yourself (or find it with your favorite search site). Get the telephone number from the “Contact Us” section
and talk to an agent of the company and report the phishing attempt.

- Do not use a telephone number supplied in any email that asks to to update your account or request a refund. Telephone numbers are no longer what they seem. Automatic forwarding systems and VOIP (Voice over Internet Protocol) systems mean you cannot tell where the destination really is. If the phishing message is about your credit card (and it’s really the same financial institution where you have your account), use the telephone number on the card. Use your bank statement to get the telephone number if it’s about your checking or saving account.

- Install anti-virus and anti-spyware software and keep it up to date.

- Review your bank and credit card statements when you receive them. My wife and I check our accounts daily (not that I’m paranoid).

- Beware of attachments you don’t recognize or didn’t expect regardless of whether you recognize the sender. Infected attachments can compromise the security of your computer and harvest and deliver personal information while you’re browsing.

- Never email personal or financial information. Email is not secure.

- Learn how your browser indicates that you are using a secure connection to your bank, credit card company or online store before you enter any personal or financial information.

If you do receive a phishing email, forward it to the company that has been impersonated and also to spam@uce.gov (a part of the Federal Trade Commission).

If you got caught, file a complaint with the FTC at www.ftc.gov/complaint.

Safe surfing.

Ever notice how most disaster recovery/business continuity articles seem to overlook a critical component of the plan – the people.  The best plans, the most technically advanced hot data centers, are of no value if you have no people to run your business.

There is plenty of information available on the internet on how to prepare for a natural or man-made disaster.  I want to share a few thoughts about the human side of a disaster.

Let’s say a hurricane or tornado has struck your region.  Your building survived, your data center is operational and you’re ready to get back to business.   Who is going to show up in the morning?  The victims of this disaster (your employees and co-workers) have just been traumatized by the loss of their home and are more concerned about the welfare of their families and their own survival than they are about their jobs.

Can your key employees travel (even if it’s to work at the same place)?  Are they willing to travel?  Given the choice to stay home, care for their families, and salvage whatever’s left of their house and possessions, how many will rush to their jobs instead?

Even if their families are safe and their homes secure and they are willing to get to work, can you contact them to find out?

Miles of telephone and power lines have been torn down by high wind.  Cell phone towers are out of service or so overloaded that few calls get through.  You need to reach them if only to find out if they’re all right.  What are you going to do?

Even supposing you can contact them and they’re willing to help, how do you get them from where they are to where they need to be?  Count on the roads being littered with trees, power poles, sections of roof, covered in water and generally impassable.  The street signs have all been destroyed.  How do you find your people?

Are you going to invest in redundant hardware, the most sophisticated backup solution, the most detailed disaster recovery plan and forget the people who have to implement that plan?

Think you don’t need to worry about it and that it can’t happen to you or your business?  On September 15, 1995, Hurricane Marilyn tore through St. Thomas and damaged 80 percent of the buildings, left roads closed for days and power disrupted for weeks.  Disaster Recovery teams used runners on foot to get information around the island.

Your may not remember Hurricane Marilyn, but I’ll bet you remember Hurricane Katrina.

Now, I won’t claim to have all the answers to these questions, in fact I don’t have any answers for these questions.  So…

What do you think?  How do you prepare your people and organization for a major disaster that can disrupt your business and your co-workers’ lives?

It can sometimes be difficult to determine if a message purporting to be from your bank is legitimate or is an attempt to steal your personal information.  Wikipedia.com defines phishing as, “the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from PayPal, eBay, Youtube or online banks are commonly used to lure the unsuspecting.”   Our anti-spam firewall processes over 100,000 messages a day so I get so see a lot of quarantined and blocked email messages that have tried to phish for personal information.

Since phishing emails are sent out in bulk to purchased or stolen email lists, it’s more likely that you don’t do business with the company named than that you do.

Here are some of the things to check before responding to any messages that claim to be from your bank.

1. Is it really from your bank?  I have seen hundreds of messages from different banks and received many with whom I don’t do business.  If it’s not your bank, it’s probably a scam.

2. Does the message look professional or that the sender is comfortable and competent in the messsage’s language?  Look for spelling and grammatical mistakes.  If there are mispelled words, awkword sentence structure, misplaced punctuation, then the message probably didn’t come from a legitimate source.

3. Does the salutation contain your name or is it a generic message sent to “Account Holder”, “Valued Customer”, “Dear Bank Member”, etc?  Your bank should know your name.

4. Does the message ask you to send your personal information, either by responding to the message, or by fax, or even telephone?  I’ve never seen a legitimate company send an unsolicited request for personal information.

5. Does the message contain dire warnings about locking, closing or deleting your account?  Scam artists try to scare you into acting without thinking.  Take a deep breath and review all the other items on this list.

6. Should you follow the link to the web site?  Even if the URL on the page looks legitimate, take the time to look for these telltail signs of fraud:

• Pausing the mouse over the link shows a different URL than you would expect for the web site.

• Does the URL contain a numeric address (for instance: http://10.100.10.151/login.html)?

• Does the URL have a misspelled company name (http://secure.bnkname.com/ instead of http://secure.bankname.com/)?

• Does the URL have an altered name (http://secure-bankname.com/ instead of http://secure.bankname.com/  Notice the ‘-’ and’.’ in front of bankname.com)?

• Does the message claim that the link is secure (using SSL) and your data is safe?  The URL should start with “https://”, not “http://”; notice the missing ‘s’?

If, after all the above, you’re still not sure if you’re being scammed, pick up your phone book (don’t use any telephone numbers in the message) and call the institution.  You can be reasonably sure that if you call them, you’re at least talking to a legitimate company.  Mention that you received a suspicious email and want to verify that the message is legitimate.

You can also visit the institution’s web site (don’t follow the links in the email; open a browser and enter the web site’s address in the browser address bar).  The institution’s web site will have a Contact Us form where you can ask if the information you received is legitimate.  You can also log into the site and verify your account information.