Episodes

  • AI Ethics, and common sources of technical debt

    AI Ethics, and common sources of technical debt
    Jun 2 2021
    Hello and welcome to Your Operations Solved, for Wednesday, June 2nd, 2021I'm your host, Channing Norton, of PC Solutions, and this is the 24th episode of our show,Listen to us Wednesday and Friday mornings at 9:30 Eastern, or on our bonus shows released on the 2nd Saturday of each month, at 2:30 PM. If you find the show helpful or informative, please do give it a like on your platform of choice, or share it to someone else who might also enjoy it.If you have a problem in your business you want solved, email us at Solutions@youroperationssolved.com, we may just feature your business on our bonus show as we tackle it to help you and others.With that out of the way, let's get started on today's headlinesFirst, an update to an existing story.We've talked several times about Google's new targeted advertising technology FLoC, on this show, and the associated controversies in its potential to target ads in a predatory manner. In response to the backlash, Google has added a new setting to opt out of FLoC in the latest build of google chrome... if you're willing to dig for it in the obscure Chrome://flags page. Alternatively, one could use another browser, as both microsoft edge and Mozilla firefox block FLoC by default. Floc is currently in early stage trials affecting about .5% of browsers in selected regions.With that out of the way, let's talk about our main story, turkish killbots.Being that this is a technology show, I try to stay as FAR away from politics as possible. I, like anyone else, have my own political leanings, but, outside of specifically discussing policy affecting the tech space, I try to keep things out of the show. Even when politics does come up, I try to constrain my commentary in scope to how a change or event will affect my listeners in the small and medium business space. That being said, when I saw this story, it's egregiousness, and its potential to serve as a vector to talk about a topic that is often overlooked in the business space, I decided that this was a conversation I wanted to have with my listeners, even if it is a bit more controversial than I like to put in.The UN has confirmed, as of a recently released report, that, back in march of 2020, Turkey deployed a fully autonomous weapons system in Libya. When I say, fully autonomous weapons system, I mean an Unmanned drone, that, armed with artificial intelligence, made decisions entirely without human input or confirmation as to if a target should be fired upon. If a person should live or die. This is a literal autonomous killbot. This is thought to be the first time such a weapons system has seen combat in a fully autonomous mode. Certainly its the first recorded case. As someone who dabbles in AI in their spare time, and interacts with software made by much smarter programmers than I at all stages of the software lifecycle, this terrifies me. Fully automated AI systems shouldn't be trusted with a number of far less impactful or permanent decisions than to end or not end a human life; I wouldn't trust an AI judge to handle a case of a traffic ticket without human oversight, let alone the decision of if someone should be killed. This isn't just my opinion, talk to anyone in the AI or software engineering spaces what their thoughts are on trusting software to run highly critical applications, like voting, or indeed war, and the near universal consensus is that these systems are not ready for prime time. Via how they operate on a technical level, their decisions are near impossible to audit, even for the engineers who designed them, they, like any software, have bugs that no amount of testing will ever uncover, and that's in an ideal case where we assume the code is secure, everyone involved in developing it is highly capable, that management doesn't rush project delivery or force any decisions upon the engineering team that negatively affected the quality of code delivered, that the physical constraints of sensors and cameras, processing power, or other hardware didn't result in tradeoffs being made, and that all the hardware works perfectly all the time. Needless to say, I doubt a single engineering product in the history of software development has been free of a single one of these concerns, let alone all of them. It's no wonder that the UN tried to ban systems like this back in 2018, though both Russia and the US exercised their Security Council veto power, leaving such systems as fair game in war. Yikes.So, let's take the time we have left in our news segment to talk a little bit about AI ethics, why they are important for businesses, what biases in AI might look like, and how these systems make decisions. We will follow up on our friday episode with a larger conversation about AI, and the value it can bring to businesses.Modern AIs are constructed with software patterns designed to mimic the structure of neurons in the human brain. However, the scale at which they do so is much, MUCH smaller than that of the brain. ...
    Show More Show Less
    18 mins
  • Square's upcoming business banking, and technical debt's ugly head

    Square's upcoming business banking, and technical debt's ugly head
    May 26 2021
    Hello and welcome to Your Operations Solved, for Wednesday, May 26th, 2021I'm your host, Channing Norton, of PC Solutions, and this is the 23rd episode of our show,Listen to us Wednesday and Friday mornings at 9:30 Eastern, or on our bonus shows released on the 2nd Saturday of each month, at 2:30 PM. If you find the show helpful or informative, please do give it a like on your platform of choice, or share it to someone else who might also enjoy it.If you have a problem in your business you want solved, email us at Solutions@youroperationssolved.com, we may just feature your business on our bonus show as we tackle it to help you and others.With that out of the way, let's get started on today's headlinesFirst, an update to a prior story. We have discussed the increase in regulatory activity surrounding the tech industry worldwide on several occasions on our show. Such activity continues as, on Tuesday, the DC attorney general filed an antitrust suit against Amazon, complaining that Amazon's requirement that third party sellers not offer their products at a better price or better terms on any platform than what they offer on amazon's marketplace platform is anticompetitive and stifling. This case could have large implications both for amazon's Ecommerce dominance, and for other eccomerce players that are able to find major leverage in other niches, like game developer Valve's stranglehold on the online videogame market, which places similar constraints on developers wishing to be released on their platform "Steam." If successful, the case seeks to force amazon to change their policy and extract damages. This case could serve as important precedent to limit such pricing agreements from being standard cost of admission on many ecommerce platforms. I remember the days when you could always seemingly find a better source offering a slightly cheaper price on a product. A promo code here, a bundle deal there. The deal hunting and digital couponing world has simply collapsed over the past decade, and i'm sure many price savvy consumers, myself included, would like to see its' return. This move is also good for those businesses selling consumer goods over the internet, as it potentially threatens amazon's hold on that market. These days, businesses have to operate exclusively on amazon, or nearly so, eat amazon's fees as a cost of doing business, and be very careful not to do anything that could draw the Yellow Giant's wrath, at threat of losing their customer base. By being permitted to offer their products at better prices elsewhere, it gives small sellers the opportunity to build themselves a customer base independent of Amazon, allowing for more robust businesses, and potentially the opportunity for more innovation in products. This is good news for everyone. Except Amazon, of course.Now, onto our main story today, Payment processing giant Square appears to be preparing to launch a full fledged banking system for small and medium businesses reliant on the platform. While no official announcement has yet been made as of time of writing, data mining of their PoS terminal app shows that a recent update added references to this platform in the code. Adding code underpinning new features before they are released is extremely common in software development, and that appears to be what's going on here. According to what we can find, as best we can tell, these accounts will hook in with the existing Square debit card, and offer no fees for overdrafts or minimum account balances. This would appear to be a potentially VERY good option for retailers already relying on square's platform. We await an official announcement, and will of course keep you updated on whatever goings on happen with this developing story.With that done, let's talk about our business issues today, technical debt.Technical debt is a problem that plagues many businesses, and one that every business needs to be aware of. As any business leader knows, if you dedicate less time and resources to your technology, your business can still work. So, since technology is a cost, what's stopping us from operating on no budget, and just fixing critical problems when they come up? Well the answer here is technical debt. Much like issues anywhere else in business, it gets more expensive to fix problems the longer you let them go on. Imagine a car with a slight alignment problem. Getting your alignment adjusted at a car shop costs 300 dollars max. But if you let it go on for a thousand miles or so, all of a sudden, you're out a tire or two. Let it go on for 5 thousand, and all of a sudden you have some serious suspension issues, Let that go on, and all of a sudden, your suspension issues result in an accident you never would have had if your car handled more true. A 300 dollar fix just became a 3000 dollar fix with injuries. In the model of fixing things as they break rather than looking at matters proactively in your business IT, you run into the same issues. It ...
    Show More Show Less
    16 mins
  • Customer feedback - Learning from the fast food industry

    Customer feedback - Learning from the fast food industry
    May 21 2021
    Script 22Hello and welcome to Your Operations Solved, for Friday, May 21st , 2021I'm your host, Channing Norton, of PC Solutions, and this is the 22nd episode of our show,Listen to us Wednesday and Friday mornings at 9:30 Eastern, or on our bonus shows released on the 2nd Saturday of each month, at 2:30 PM. If you find the show helpful or informative, please do give it a like on your platform of choice, or share it to someone else who might also enjoy it.If you have a problem in your business you want solved, email us at Solutions@youroperationssolved.com, we may just feature your business on our bonus show as we tackle it to help you and others.With that out of the way, let's get started on today's headlinesFirst, an update to an existing story. We've talked a lot about the ongoing global semiconductor shortage on this show. Recent press releases by Cisco have given indication that, once again, the shortage is exceeding expectations, and not in a good way. Cisco confirms that, while they have successfully locked in their own supply and pricing, that capacity of their component manufacturers proves extremely limited. Cisco also cites an increase in demand as a factor worsening their existing issues. Cisco is seen as an important indicator in the computing market, as their hardware typically gets bought in advance of large business rollouts. As such Gartner has updated their predictions on the chip shortage, and now anticipate it stretching to the second quarter of 2022. Quite a few businesses are trying to buy early to get ahead of the anticipated further squeeze in prices. Meanwhile, elsewhere in the industry, AMD has announced a new line of computer processors that, uniquely, rather than focusing improvements on speed or power efficiency like any new release line in normal times, instead focuses on intercompatibility and ease of manufacture. They are betting that the higher yield rate that these chips may be able to offer them will be enough to get consumers to buy them for sake of being available. In short, AMD is betting that the shortage will last long enough for them to fully bring manufacturing of several new products on multi year cycles up to speed for manufacturing, with enough time left over to still make a profit over R&D costs. Regardless of how you look at it, the shortage is going to be going on for a bit.Now, onto our main story, GDPR Fines. This one is a bit more relevant for our European listeners, but any listeners in america or other regions that do any business or have any presence in an EU country are subject as well. For those not familiar, GDPR, or General Data Protection Regulation, is a broad regulation covering how companies handle personally identifying information for consumers. Among other things, it requires that EU citizens be able to opt out of data collection activities, be notified of them, things like that. The law is too comprehensive to cover in detail here, though if there's interest, I can certainly break down the implications. One snag of GDPR compliance is that it applies to EU citizen data, even when they are not physically located in the EU, so, functionally, if your company does business in the EU, or serves EU customers, even simply via selling products on the internet and shipping them into the EU or delivering them digitally, you have to be GDPR compliant. In practice, of course, if you aren't subject to EU jurisdiction, then, well, there's not a whole lot they can do to you. Next Tuesday marks the third year anniversary of GDPR being enforceable, and we see that, unlike data protection laws in the US, it's far from a slap in the wrist for violators. Collectively, all 28 EU countries, plus the UK have handed out well over 330 Million Euros, or 415 Million US Dollars in fines that we are aware of (not all fines are listed in public databases), with the largest going to google, at 50 Million euro for failures to observe GDPR principles in the design of the Android Mobile operating system, and the smallest fine amusingly ALSO going to google, at $28 for failing to fulfill an individual's request for an inventory of google's collected personal information on themselves in an acceptable timeframe.Regulators have been unafraid to go after entities as small as individual people, and as large as Google in their enforcement efforts, So, what does this mean for your business? Well, if you're subject to GDPR and EU jurisdiction, compliance is key, as the fines for noncompliance are getting more and more frequent (incidentally, if you want to check out the fine listings, Privacyaffairs.com keeps a record of every GDPR fine ever issued that's listed publically), so it's a matter of when, not if, noncompliant companies get fined. Nor is it simply one regulatory body you have to keep track of; GDPR is enforced individually by every individual country subject to it. So, how do we get in compliance? Well, the only way to know that you are in compliance is a thorough ...
    Show More Show Less
    17 mins
  • The Executive Order on Cybersecurity, and its Impact on YOUR Business

    The Executive Order on Cybersecurity, and its Impact on YOUR Business
    May 19 2021
    Hello and welcome to Your Operations Solved, for Wednesday, May 19th, 2021I'm your host, Channing Norton, of PC Solutions, and this is the 21st episode of our show,Listen to us Wednesday and Friday mornings at 9:30 Eastern, or on our bonus shows released on the 2nd Saturday of each month, at 2:30 PM. If you find the show helpful or informative, please do give it a like on your platform of choice, or share it to someone else who might also enjoy it.If you have a problem in your business you want solved, email us at Solutions@youroperationssolved.com, we may just feature your business on our bonus show as we tackle it to help you and others.With that out of the way, let's get started on today's headlineThe Biden Administration has released an Executive Order detailing government and infrastructure cybersecurity. This covers immediate changes that are being enacted right now, as well as longer term plans that expand further into the private sector. This response to the SolarWinds, pulse secure connect and Colonial Pipeline hacks is an attempt to shore up US government agencies against attacks.In the early stage changes over the next 30 to 90 days, we see most of the guidance being directed towards outsourced IT providers for government agencies. For instance, a lot have to do to how these outsourced providers respond to cyber incidents. It's all good stuff. Unfortunately, the experience of myself and colleges in this industry would indicate that these new policies are unlikely to be followed. As an example case, let's take the requirement for these providers to report anything that looks like a breach, immediately, to the government, and have the government respond to it. Sounds reasonable, and it absolutely is. Best practice is absolutely to notify the hacked entity immediately, and give them the option for specialist mitigation, if you as a vendor don't have the capabilities, credentials, or experience to do it in house. Cyber forensics is a very specialized field, and one that has relatively few practitioners, and said practitioners tend to have very narrow scopes of expertise. By contrast, IT firms by their nature tend to focus on hiring generalists, and while mature ones certainly have cybersecurity teams and expertise to perform such work, notification of the client is still essential, especially in more serious incidents where legal needs to be looped in. Nevertheless, many providers can be seen sweeping security incidents under the rug; Cyber incidents are expensive, take large amounts of time, potentially stressing other accounts, and reflect poorly on them as providers, so the small stuff gets handled quickly and haphazardly, even if that's horrible from every angle legal, technical, security, and most importantly ethical. The reason I don't think that, for instance, this notification requirement will be followed is that these decisions are not made just by the legal department that only has the goal of not getting the company in hot water. The decision to determine something to be a breach and NOT sweep it under the rug is one that is individually made by every technician and team that touches the ticket. Most incidents start out as very low level, very routine things, either an alert from an antivirus, which is most of the time a false alarm, so is relegated to a low level tech triage, or an unrelated issue is being investigated when something strange is discovered. When we, as IT professionals, find a potential security breach that needs investigating, it is almost never a case of "Sound the alarm, we've been breached this is bad," so much as "Wait, why is that doing that, let me run an extra scan... Oh crap, it found something. This is a problem. Let's figure out how big of one it is." As a result, a dozen or more Technicians, Managers, Security analysts, Account managers, and executives have to ALL choose to do the right thing with a breach for it to be reported, each person with their own motives and faults that may fail to report a breach. The account executive who's afraid to get fired if they loose another account this quarter. The manager who doesn't want to loose a team member for a few hours to investigate things on a busy day, the executive who doesn't want to handle the paperwork of being involved here. Sure, mishandling breaches is unethical, but from the perspective of a stressed manager who doesn't want this breach to reflect poorly on them, it can be easy to ask "Is this one incident really THAT bad? I mean, its just one little bit of malware. Odds are it won't do any harm." While good companies are structured to make sure that security incidents are well handled, and that there's adequate oversight, not all organizations have these controls. I'm not saying that the changes coming out of the white house are bad, on the contrary, they are much needed, just that this problem is one that's very hard to regulate the industry out of.Moving into the midterm, the measures begin to ...
    Show More Show Less
    18 mins
  • The Email Enigma part 3, Colonial Pipeline, And Frag Attack

    The Email Enigma part 3, Colonial Pipeline, And Frag Attack
    May 14 2021
    Hello and welcome to Your Operations Solved, for Friday, May 14th, 2021I'm your host, Channing Norton, of PC Solutions, and this is the 20th episode of our show,Listen to us Wednesday and Friday mornings, or on our saturday afternoon bonus shows. If you find the show helpful or informative, please do give it a like on your platform of choice, or share it to someone else who might also enjoy it.If you have a problem in your business you want solved, email us at Solutions@youroperationssolved.com, we may just feature your business on our bonus show as we tackle it to help others.With that out of the way, let's get started on today's headlinesFirst, a mini story. I would be remiss if I did not at least mention the colonial pipeline ransomware attack. We are, after all, a tech news show, and this ransomware attack is front page news nationally. The fact of the matter is though, beyond the obvious knock on effect of increased fuel costs, this doesn't have direct impact on small businesses, despite the flurry of followup marketing activity by cybersecurity vendors and firms. As this is a show looking to help small businesses out, covering this story in depth would be nothing but fluff. Use this as a reminder to do a test restore on your backups, if you haven't done so recently. Anyone trying to tell you that the colonial pipeline attack changes ANYTHING for a business that doesn't have thousands of employees, is trying to sell you something, and isn't able to let the quality of their product stand by itself.Next, our main story, also a security issue, is a major bug in the modern implementation of wifi security, leaving virtually all wifi devices vulnerable.When I was looking for the main story for todays episode, I happened upon an article on a hypothetical security vulnerability with wifi. I opened it thinking that it likely wouldn't be a good fit for the show, but that I wanted to read it to keep myself informed. As I read more, however, I realized how truly unprecedented this flaw, or set of flaws was, and decided to cover it.back almost nine months ago, researchers discovered an exploit in the security protocols that underpin modern wifi that could leave virtually every wifi network on the planet open to very serious attacks, They dubbed this set of exploits FragAttacks. As is best practice when researchers discover a flaw like this, the flaw was not disclosed publicly immediately. Instead, the researchers contacted vendors to try to get the issues fixed before they became public knowledge. This is known as "responsible disclosure." After the vendors are given an opportunity to fix the bugs, the public is then given the knowledge publically. The idea here is that this minimizes the time between when a potentially dangerous issue is widely known where anyone can develop malware for it, and patches being available that protect users of the compromised product. The disclosure period, which for this flaw was 9 months, is over. Microsoft has released a patch that should ensure that windows computers connected to affected networks are not vulnerable provided they are on the latest version of windows 10.So, this bug specifically would allow someone within wifi range to-connect to a network and use it without a password-eavesdrop on the traffic between a user who was connected to the wifi, and the internet-modify or fake that traffic while pretending to be the wifi access point, for instance by loading a fake version of Amazon.com to users who tried to do online shopping, one that steals your credit card info.and much much more. This is a scary flaw.So, what do you need to do to keep yourself, your business, and your customers safe?Well for one, recognize this is a flaw that affects WIFI, and only wifi. So, any devices or computers that are connected to the internet via a network cable are unaffected. Similarly, any networks running on hardware from before the standard with these flaws was created, so older than 1997, is unaffected, though, if you're running 1997 era networking gear, you likely have bigger security problems.Two, patch your systems. Microsoft has released a patch for windows computers to be able to use affected networks safely, so, if you're on windows 10, update with the patches released on tuesday the 11th, and that PC will be safe. If you're still on windows 8.1, 8, 7, or earlier, there is no patch coming, and these systems will forever be vulnerable to these issues.Three, recognize that this flaw affects wifi hardware. So your wifi access points are vulnerable. If you are on enterprise grade or prosumer grade gear; Fortinet, ubiquiti, cisco, sonicwall, meraki, watchguard, HP enterprise, palo alto, whatever, there's likely a patch either applied or incoming, research your specific product and install it ASAP. If you are using prosumer networking hardware, its highly, highly likely that nothing will be done, and that you'll need to replace the hardware with something that's not fragattack ...
    Show More Show Less
    17 mins
  • Google's MFA changes, and fixing email headaches part 2.

    Google's MFA changes, and fixing email headaches part 2.
    May 11 2021
    Script 19Hello and welcome to Your Operations Solved, for Tuesday, may 11th, 2021I'm your host, Channing Norton, of PC Solutions, and this is the 19th episode of our show,Listen to us Tuesdays, Wednesdays, and Thursdays, or on our Saturday compilation episodes. If you find the show helpful or informative, please do give it a like on your platform of choice, or share it to someone else who might also enjoy it.With that out of the way, let's get started on today's headline.Google has announced that 2FA by default will be rolled out to google consumer accounts over the coming weeks. Even for accounts that already exist. If 2 factor CAN be enabled, it WILL be enabled.This is great news from a security perspective. A LARGE number of successful cyber attacks are able to do a large chunk of their damage due to compromising an email, and gmail, which this change affects, is by far the largest host of consumer email. While it's hard to know exactly, market research would give google a marketshare of between 30 to 70% of the personal email market by actively used mailbox count, and about 40% marketshare over the business email market. Right now, they are just forcing 2FA for consumer mailboxes, but its likely that, in the coming months, administrators of their Google Apps platform, which is used for business email, will have to specifically opt out of 2FA if they don't want it to be defaulted on there. Between these two platforms going to near universal 2FA, the internet is about to get noticeably safer. According to Verizon's 2020 cyber breach data, two thirds of successful cyber attacks against businesses leverage compromised emails. 2 Factor authentication makes compromising an email much much harder. Possible, but not without much more effort. While I don't have hard numbers to give you, I will anecdotally say that I've handled several hundred to a thousand compromised email account scenarios in my career. Of them, only a SINGLE one was on an account with 2 factor set up, despite, across the environments I've worked in, the split of people with 2FA and without was roughly 50/50. As such, this change promises to make a SUBSTANTIAL chunk, about 50% of these business cyber attacks considerably harder.With that done, let's continue our conversation from Thursday about structuring our email system.So, as a review, for our address types, we had standard addresses, aliases, distribution lists, and shared mailboxes. In structuring our mail system, we had 8 focuses.1. A good email system should leave you open for growth.2. A good email system should reduce the exposure of turnover to customers.3. A good email system should allow for customers to feel they are having personal interactions when necessary4. A good email system should provide a framework for clear internal communication.5. A good email system should allow your employees to easily identify what mail they are responsible for6. A good email system should be as free of spam and phishing emails as reasonably possible.7. A good email system should allow segregation of mail by type and purpose.8. A good email system should not allow messages sent to former employees and addresses to go unnoticed.Using the tools we outlined above, how can we accomplish these goals most effectively? It obviously depends on your business, and who your customers are and how they get in touch with you, but let's get an idea of what a good structure might look like. Give every living, breathing, human in your organization an email address. I suggest first initial last name as the format, as it scales very well and is the defacto standard, but take any format you want for naming these accounts. Just standardize it. These first initial last name accounts will be primarily used for INTERNAL communications with your employees between one another, as well as administrative functions like signing up web accounts. The only cases where employee specific accounts will be external will be in high touch positions like salespeople and account managers, where, should turnover occur, you would expect to directly notify clients of their handover. As a good rule of thumb, if the person in question is issued business cards, you can expect traffic from your customers or vendors to this address.Next, examine every external facing department or activity. These are the areas that you want to protect from turnover. As such, they should be assigned shared mailboxes, with access granted to each person who could handle such requests.There's a few applications here. Broadly speaking, they fall into 3 categories.1. Emails that you post online. For instance, the bottom of your website might list Sales@company.com, or Customersupport@company.com. Depending on the nature of this email address and the level of personalization required, you will then either respond to incoming emails by reaching out to submissions from a direct email address, like what you'd want with a sales inbox, or merely by replying, for ...
    Show More Show Less
    13 mins
  • Better email management for small businesses.

    Better email management for small businesses.
    May 6 2021
    Hello and welcome to Your Operations Solved, for Thursday, May 6th, 2021I'm your host, Channing Norton, of PC Solutions, and this is the 18th episode of our show,Listen to us Tuesdays, Wednesdays, and Thursdays. If you find the show helpful or informative, please do give it a like on your platform of choice, or share it to someone else who might also enjoy it.With that out of the way, let's get started on today's headlinesFirst, an update to a prior story. On our eleventh episode, entitled "China's Changes, and Supercharging your Sales Engine," we discussed China flexing it's political muscles to reduce the independence with which its Tech Giants such as Tencent and Alibaba were able to operate. The CCP regime has again made its will known via the Bank of China, which has released new guidance in how companies within the country are expected to operate. While a slew of changes were introduced, the most sizable are in regards to curbing the activity of epayment apps like Tencent's WeChatPay, and Alibaba's AliPay, equivalents in function to Venmo or CashApp. As per our previous reporting, we can expect the Chinese tech titans to focus more on the Chinese market rather than external markets, which may cause supply chain interruption, but also clears the field for others in their niches.With that out of the way, let's move onto our main story,, another big data breach.I'm beginning to think that we need to have a dedicated podcast section for important data breaches, cyber attacks, and compromised supply chains. It seems that it's almost half of the news we cover here. Regardless, a product called "Pulse Connect Secure VPN," used by primarily large networks, has been confirmed to be compromised by a major security flaw. Worse yet, the US CyberSecurity and Infrastructure Security Agency has confirmed that Chinese affiliated state actors have been utilizing the flaw for at least a month, and has compromised at least 5 known US agencies, though CISA did not indicate WHICH agencies were compromised in their press release. If pulse secure connect is in use on your network, there is a tool available, the pulse connect secure integrity tool, to plug the hole that this vulnerability in your network represents. That being said, most small businesses will not be *directly* affected. What's far more concerning about this particular breach is the fact that we have confirmed exploitation of US government agencies. This is, to say the least, scary. With over a month of uncontested access, we could see this turn into an incident as large or larger than the 2013 OPM hack, which, to this day, remains one of the most damaging cyberattacks on record because of the volume and detail of the information that was compromised. In that case, it was full security clearance background checks for anyone who had requested a background check since the switch to computers for OPM, affecting government employees, contractors, and private industry employees in the defense sector. Right now, as a small business, beyond a check to confirm that you don't use this product, there's not a whole lot you need to do directly, but I imagine, as more details are released on what entities were successfully compromised by the attackers and what data was exfiltrated comes out, that's sure to change, so I'll keep you posted.With that done, let's talk about today's solution, improving email flow in small businesses.So, let's start by exploring what email looks like for a lot of organizations in the 5-25 person size range. I typically see one of two options. One, typically present in low turnover organizations, is the simple, personalized system. Either First Initial lastname @ company.com or firstname @company.com. Everybody gets their own mailbox, and, when people leave, mail is either forwarded, checked by another employee, or simply ignored, possibly with an out of office responder set to notify people of the employee taking over the persons responsibilities. There are significant benefits with this system. Namely, customers feel more attached with the personal touch of reaching out to individual reps, and everyone has a clear scope of what mail is their responsibility and what isn't. There are, however, some downsides. Turnover for customers can be very jarring. I've set a lot of autoresponders on these types of mailboxes for people who have left a place of employment, and the only one that ever seemed to me like it would be pleasent to get from an inbox was one to the effect of "After 15 years of service, Beth has retired, we wish her the best in her endeavors going forward." The other side of this is some people will not get the message. Indeed, I can recall, in the months after setting that autoresponder, I myself hit it at least twice... There were two Beths at the company, and the person in charge of triaging tickets at the tech support company I was working for at the time occasionally put the retired Beth in as the affected user. Finally, ...
    Show More Show Less
    14 mins
  • Reduce your rings. Handling calls better.

    Reduce your rings. Handling calls better.
    Apr 29 2021
    Hello and welcome to Your Operations Solved, for Thursday, April 29th, 2021I'm your host, Channing Norton, of PC Solutions, and this is the 17th episode of our show,Listen to us Tuesdays, Wednesdays, and Thursdays, or on our Saturday compilation episodes. If you find the show helpful or informative, please do give it a like on your platform of choice, or share it to someone else who might also enjoy it.With that out of the way, let's get started on today's headlinesFirst, we have an update to the ongoing global semiconductor shortage that we have discussed on several occasions on this show. Major chip manufacturer UMC has annouced that, rather than focusing their capacity and resources to increasing production of newer chips, they will begin producing older chips at a higher volume, citing the higher yield rate of these easier to manufacture chips. These computationally weaker designs require higher power, and are below modern standards for use in computers and the like, they are sufficient for replacement of chips in embedded systems applications like the automotive industry. This promises to ease the supply shortage slightly that is affecting these embedded systems industries, but may worsen the shortage for higher power uses like game consoles, and desktop and laptop computers as the capacity is diverted. This is a rare and unusual move, as most fabrication companies like UMC race towards producing the most advanced chips they can, as they can be sold at much higher margins and stay relevant for longer.The end result of this is that equipment purchases that fall outside the range of traditional electronics such as vehicles and industrial machinary are likely to have their prices be less affected by the chip shortage, making them cheaper to buy several months from now than they otherwise were likely to be until late 2022 or so.The shortage for computers and computer components, on the other hand, is likely to be worsened, with major online retailer Newegg having expanded its already unprecedented raffle system for the chance to buy some hard to find components, leading to even further inflated prices.next, our main story. Following the ongoing trend of regulators around the world taking a recent interest in big tech, lawmakers from the US senate judiciary comittee spoke with the leaders of Twitter, Facebook, and Youtube on Tuesday. Rather than the confrontational tone that such discussions usually take, however, today the tone was one of collaboration and cooporation, as the leaders of both public policy and social media discussed how the technologies we have today can be used to achieve important goals such as reducing the spread of misinformation and extermist content, as well as what regulatory measures can be imposed to ensure these goals are achieved. As part of these discussions, the committee also met with experts in the field of digital ethics, who were subject to similar questioning and discussion.Making the interaction even  more unusual by the standards of discussing regulation in business is that these discussions seem to have broad bipartisan support, bringing together members as diverse as Senators Ben Sasse and Dick Durban, as well as other notable voices such as President Biden's acting chair of the FTC, Rebecca Kelly Slaughter. This high degree of cooperation in regards to working to reduce the spread of extremism and misinformation online is certainly a signal that the political winds are changing. The result of this for your business is that there are likely to be changes in the algorithms that drive what posts appear in social media news feeds, which are an essential means of advertising for many businesses of all sizes. It's likely that local, accurate, and time relevant content will be pushed to the forefront, as that seemed to be the desire of many of those speaking on capitol hill on Tuesday. The precise details of these algorithmic changes and what content will get prioritized at the expense of what existing content that is presently successful on these platforms, is yet to be seen. Should any company announce algorithmic redesigns in the future relevant to advertising, or major regulation that could force such changes be put under consideration, we will certainly make an update.With that done, let us discuss our business improvement for today.  The benefits of a properly deployed, cloud managed phone system.While increasing amounts of our business are conducted over email or other electronic communication means, there's still nothing quite as convenient for some conversations as a phone call. As such, we all have phones. The most common setup I see in offices with 5 or fewer people is a single line, with a phone at everyone's desk, and all phones ring at once. With offices with 5 to 25 people, I tend to see a dedicated receptionist, who picks up all calls, and routes them to the correct extension manually. Basically every office past around 25 people, has a cloud phone ...
    Show More Show Less
    9 mins