Blog

April 8th, 2014

Raj Goel can add one more title to his already impressive list of credentials: Genius. Raj was named Genius of the Month by Robin Robins of Technology Marketing Toolkit, Inc., a national marketing and sales expert.

In 2013, Raj travelled to 5 countries, spoke at 7 conferences, delivered 4 key-notes in 4 different countries, was profiled in the largest paper in Holland, and was on TV multiple times. Raj has also received high praise for his first book, “The Most Important Secrets To Getting Great Results from IT: Everything Your Computer Consultant Never Told You”.

Of her newly dubbed Genius, Robin said Raj “…is more interested in making things happen than in making excuses. His book launch was nothing short of brilliant and something I would strongly recommend…” Raj also has high praise for Technology Marketing Toolkit, saying “Thanks to Robin’s strategies, we’ve experienced tremendous upsurge in revenues, profits and client satisfaction!” with a mission to help small and medium-sized businesses get a real return on their technology investments. His expertise has been sought out by Security groups such as ISC2 and ASIS, media outlets such as WPIX11, Geraldo, PBS, New York Times, Entrepreneur Magazine, ISC2s Infosecurity Magazine and many others. He is a highly praised public speaker nationally and internationally. He resides in Queens, NY.


Topic Articles
April 8th, 2014

The best way to protect yourself from RFID and NFC skimmers is to keep your credit cards, passports, etc. in RFID-shielded cases.

Here’s my favorite RFID Wallet: Royce Leather RFID Blocking Wallet

http://www.amazon.com/Leather-Blocking-Passport-Currency


Topic Articles
April 8th, 2014

A phishing e-mail is an e-mail sent by a hacker designed to fool the recipient into downloading a virus, giving up their credit card number, personal information (like a social security number), or account or login information to a particular web site. Often these e-mails are well designed to look exactly like an official notification from the site they are trying to emulate.

For example, a recent phishing e-mail was circulated that appeared to come from Facebook stating that videos or photos of Osama Bin Laden’s death were posted online. These e-mails looked exactly like a legitimate Facebook e-mail and even appeared to come from “Facebookmail.com.” Once you clicked on the e-mail the phishing site would attempt to install a virus on your machine.

And now due to recent security breaches with Sony and e-mail marketer Epsilon, phishing attacks are going to increase – and they are going to get more sophisticated and harder to distinguish from legitimate e-mails. That’s because the hackers that were able to access the private databases of the above mentioned companies now have the name, e-mail and interests of the subscribers, and in some cases birthdays, addresses

That means a phishing e-mail can be personalized with relevant information that the user provided to Sony, making the e-mail appear to be more legitimate and the user more likely to click on the links provided and take the actions requested. Now more than ever it’s critical that you are wary of e-mail notifications and the actions they request you take. Even having good anti-virus software installed won’t protect you if you give your account information away freely.

Topic Articles
April 8th, 2014


MICHAEL APPELL

CEO, Appell Associates
mappell@appellassociates.com
917-821-2930


Why you should meet Michael Appell:

Mike and his associates have decades of experience in the NYC Real Estate market and can usually find the right solution for any client. Whether you’re looking to buy buildings, build hotels or navigate the city’s complex real estate market, you need to work with professionals.

Mike also owns a fabulous apartment and has amazing art works. As a member of the “Greatest Generation”, Mike brings gravitas to any conversation. Both Mike and Shelley also attended CCNY (‘60) with Colin Powell, Andy Grove, Judd Hirsch and other luminaries. Mike has published artworks by Robert Rauschenberg and James Rosenquist. One of the things that brings a smile to Mike’s eyes is that he & Shelley produced the Broadway musical NINE. Talk about a renaissance man! Not content to sit on his laurels, Mike gives back by being very active in mentoring the next generation of CCNY graduates.

- Raj

Topic Articles
April 8th, 2014

I’m often asked about the ROI (return on investment) for technology. Truth is, I don’t believe you “invest” in technology. Investments are things that provide a measurable, quantifiable return for your money.

Of course it can easily be argued that technology does provide a return for your money. If you don’t think so, try communicating with your clients and market without email or tracking inventory with pen and paper. And the right technology applied with a smart strategy can certainly give any business owner a strategic advantage in faster delivery of goods and services to customers, greater productivity, lowered production costs and the like. In fact, there aren’t too many businesses that can operate without a few core IT applications. But the reality is that your bank account is going to be a bit lighter after you install that new upgrade or technology, so how do you know if that IT upgrade or project is worth the money?

The right way to look at the true price of any IT project or upgrade is to look at TCO or “total cost of ownership” and not just the PRICE of the project or upgrade. For example, if you buy a car, the price of the car is only one cost of owning it. You also have to consider insurance, gas and routine maintenance like new tires and oil changes to get an accurate look at what you’ll pay. Therefore, the total COST of owning a car is far more than just the price tag – and a cheaper car up front can end up costing more in the long-haul if frequent repairs are needed.

In IT, the same principle applies. You have to look at the TOTAL cost of a particular IT decision, not just the price tag, when comparing options. For example, the real cost of not upgrading a network may actually be higher than spending several thousand dollars on new equipment and upgrades when you accurately assess the total cost of maintenance, service fees and poor performance. These days, many business owners are looking at “going to the cloud” because they want to save money. And in many cases, it will do just that, but the cost savings will often come in the form of cheaper devices, less maintenance and low (or no) upgrade costs over a 3 year period – not in a month to month service fee. So before you say “No” or “Yes” to that next IT project, make sure you are taking into consideration the TOTAL cost of your decision, and make sure you are talking to a true pro who understands the difference between the price of something and the total cost.

Topic Articles
April 8th, 2014

  • If you stand at the equator on the first day of spring, you will see the sun pass directly overhead. This only happens two times a year: the first day of spring and the first day of autumn.
  • Baby birds are born with the ability to sing, but they must learn the specific songs of their species. They are thought to acquire these songs between 10 to 60 days of age and begin to sing them the next spring, when they have matured at about 300 days old.
  • Spring fever is real! It commonly occurs when a sudden warm spell follows a long cold period. When the temperature rises, there’s a dilation or expansion of the blood vessels so that blood can be carried to the body surface where heat can be lost quickly. This makes some people experience an energetic feeling.
  • Spring cleaning often accompanies spring fever. And with the warmer weather, windows and doors can be open, which allows ventilation for dusting and the fumes of cleaning products. It has been suggested that spring cleaning dates back to the Persian New Year, when they practice “Khoneh Tekouni,” which means “Shaking the house.” Another possible origin can be traced to the ancient Jewish custom of cleansing the home in anticipation of Passover.
  • Children tend to grow a bit faster in the spring than during any other time of year.
Topic Articles
April 8th, 2014

When it comes to backing up and protecting your company’s critical data, you need to know for certain – without any lingering doubts – that you could recover your files and be back up and running again fast after a natural disaster, server crash, hacker attack or other data-erasing event. Here are 3 critical elements you must have to guarantee a painless recovery when things go wrong.

Critical Element #1:

Secure, Encrypted Off-site Backup While we recommend that you have on-site backup, it’s absolutely critical to keep an encrypted copy of your data off-site as well. If a fire burns your office to the ground – or a thief breaks in and steals your server and equipment – or a natural disaster floods your office or makes it impossible to access your PCs and server – the on-site backup will be useless to you. And copying your data to an unsecure device and carrying it home every night isn’t the safest or smartest system either. Data needs to be encrypted to prevent it from falling into the wrong hands.

Critical Element #2:

A Data Recovery And Disaster Recovery Plan A HUGE mistake many business owners make is thinking that data backup is the same as disaster recovery – it’s not. Many business owners are shocked to find out just how long and arduous the process is to get all their data back after a disaster – and that’s IF they have a good, clean copy of ALL their data (most are surprised to find out they don’t). Just having a copy of your data isn’t enough; you need to have a plan in place to get everything restored quickly, which is something that many solutions don’t offer.

Critical Element #3:

Test Restores After you have a good backup system in place, you need to test it regularly to make sure it works. Point is, there’s

Topic Articles
April 8th, 2014

Brainlink congratulates Cyberoam for their impressive 5-star review of the CR200iNG-XP firewall from SC Magazine. The CR200iNG-XP scored high marks for features, ease of use and performance.

We are proud to work with industry-beating partners like Cyberoam to deliver advanced security solutions to our

Brainlink is proud to salute technology partner Datto on winning 5 awards at the ASCII Newport Beach Area Success Summit. Datto, the leading global provider of backup, disaster recovery and business continuity solutions was honored with “Best in Show” and “Best Revenue Generator.”

“To be recognized by the ASCII community of MSPs and VARs reaffirms that we’re on the right track,” stated Rob Rae, Datto Vice President of Business Development. “Datto is always innovating and developing solutions that enable our Partners to mitigate costly downtime for their business customers. Datto solutions and support further empower our Partners to expand their customer base and establish strong recurring revenue models.”

Datto is the bedrock for our industry-leading backup

Topic Articles
April 8th, 2014

What does a missing Malaysian aircraft, passports and IT security have in common?

Recently, I was interviewed by WPIX-11 on “How to protect yourself against high tech passport thieves”. We discussed the privacy and security threats associated with RFID-enabled passports. Over the past decade, the US government has started embedding smart chips inside US passports, to enable better screening of US citizens. See the video at www.brainlink.com/aboutus/press/.

On the face of it, this seems like a really good idea – let’s make passports smarter, harder to counterfeit. In practice however, the approach the US government chose is flawed. Unbeknownst to most, RFID was invented to deal with a logistics and warehouse problem. How does a company find the right part in a warehouse of million items? How do we track a shipping container from factory dock, to the truck, rail, ship, and ultimately to the retailer?

In practice, this means Walmart, Amazon, USPS, FedEx and others have spent billions making RFID cheaper, faster, better.

Notice that SECURE is nowhere in their design principles. RFID is the equivalent of digital barcodes. The very idea of shielding or blocking barcodes defeats their efficacy.

What does that mean to me & you? If you travel with your passport, you must take special steps to protect RFID passports.

Old-fashioned, paper-only passports required a thief to snatch your purse, pick your pocket or steal them from your hotel room. The RFID-passports however, can have their information stolen from several feet away. And you can’t tell when they’ve been read. The stolen information can lead to ID theft,

A stolen passport (whether old-fashioned or new) is the ultimate in ID theft. A stolen US passport is one of the most highly sought after credentials in the world. On the black market, each one is worth anywhere from $300 to $10,000.

Tips to protect yourself:

  1. Carry RFID passports, smart credit cards, NFC cards in shielded wallets
  2. Never leave your passport lying around
  3. Don’t flash it around – treat it as you would a $10,000 bill.
  4. Be wary of fake police officers, or corrupt ones, who try to steal your passport
  5. Be wary of strangers who try to buy yours in bars, restaurants and hotels
  6. Carry a photocopy of the main page with you
  7. In case of loss, contact the State Department or your
Topic Articles
March 14th, 2014

NEW YORK (PIX11) – But revelation that two Iranian passengers on the flight were able to board using stolen passports – has not eased concerns about what appear to be gaping holes in the international security net that we all rely on once we leave America’s sphere of influence.

As more information pours in regarding the two passengers in question investigators are now slowly turning away from any terror link.

Interpol currently maintains a database that contains millions of lost and stolen passports.

Only three countries – the United States, United Arab Emirates, and the U.K. run travelers’ information against that database.

Sal Lifrieri is a terror and security analyst who tells PIX11, “So if you’re flying through a country, and that’s what we see with this particular case, you can fly into this country, and have a very minimal passport check – and move on to the next country.”

So how can you protect your passport – especially if you’re traveling internationally?

Technology consultant Raj Goel says the answer involves treating biometric, high-tech passports like cash.

“Correct. It’s the same exact concept, except you use slightly thicker plastic. So that somebody walking by can’t just do a brush pass and do RFID cloning of my passport, driver’s license, credit cards – or whatever have you. It takes a few seconds,” said Goel.

Keep it close, and remember that a criminal doesn’t even have to physically snatch your passport if it’s made with something called RFID technology in order to steal the information embedded in it.

Read more: http://pix11.com/2014/03/11/how-to-protect-yourself-against-high-tech-passport-thieves/#ixzz2vvrEsqat

Topic Articles
February 24th, 2014

“The age of personal surveillance is here…”


NEW YORK (PIX11) -
JAY DOW INTERVIEWS
RAJ GOEL

Once upon a time, when it came to hi-tech phone surveillance, the NSA used to be the only game in town.

And while some of the capabilities exposed by former contractor Edward Snowden are indeed mind-blowing, these days anyone – from your best friend, to your worst enemy — now has the ability to listen into your most intimate conversations, and it’s only a few smartphone clicks away.

One of the newest apps that puts that kind of once formidable processing power – in the palm of your hands is called Crowd Pilot.
“It’s a loaded gun that there giving to people without a lot of controls on it,” says tech expert Raj Goel. “Ultimately, the question of privacy in our daily lives will need to be addressed by the user – not the technology.”

“The age of personal surveillance is here. What the Stasi and the CIA could only dream of in the 50s and 60s now we can do with a two hundred dollar smartphone. And the real challenge for us as parents and grown ups in society is going to be, “are our laws up to date? Are we teaching our kids, and our business partners, and our spouses, girlfriends, and boyfriends proper behavior?” said Goel.

Watch the video clip at: http://pix11.com/2014/02/21/why-the-nsa-isnt-the-only-threat-to-your-phones-privacy/

Topic Articles
February 24th, 2014

Have You Heard This Before?

“March comes in with an adder’s head, and goes out with a peacock’s tail.”
- Richard Lawson Gales

“Up from the sea, the wild north wind is blowing under the sky’s gray arch; Smiling I watch the shaken elm boughs, knowing It is the wind of March.”
- William Wordsworth

“Who in this world of ours their eyes In March first open shall be wise; In days of peril firm and brave, And wear a Bloodstone to their grave.”
- Unattributed Author

“Ah, March! We know thou art Kind-hearteli, spite of ugly looks and threats. And, out of sight, art nursing April’s violets!”
- Helen Hunt Jackson

“Slayer of the winter, art thou here again? 0 welcome, thou that bring’st the summer nigh! The bitter wind makes not the victory vain. Nor will we mock thee for thy faint blue sky.”
- William Morris

“March: Its motto, ‘Courage and strength in times of danger.’”
- William Morris

“Beware the ides of March.”
- William Shakespeare

“In fierce March weather White waves break tether, And whirled together At either hand, Like weeds uplifted, The tree-trunks rifted In spars are drifted, Like foam or sand.”
- Algernon Charles Swinbume

“With rushing winds and gloomy skies The dark and stubborn Winter dies: Far-off, unseen, Spring faintly cries, Bidding her earliest child arise; March!”
- Bayard Taylor

“All in the wild March-morning I heard the angels call; it was when the moon was setting, and the dark was over all; The trees began to whisper, and the wind began to roll, And in the wild March.. morning I heard them call my soul.”
- Lord Alfred Tennyson

Topic Articles
February 24th, 2014

The Target Corp credit card breach has been in the news for months, and it may end up reshaping how credit cards are issued and used in the US. While Target’s customers were the final victims, and ID theft is the largest white collar crime hitting Americans; Target itself was a victim.

Target’s systems were broken into via a weakness in one of their contractors — Fazio Mechanical.
From KrebsOnSecurity.com:

The breach at Target Corp. that exposed credit card and personal data on more than 110 million consumers appears to have begun with a malware-laced email phishing attack sent to employees at an HVAC firm that did business with the nationwide retailer, according to sources close to the investigation.

(why it took the Fazio so long to detect the email malware infection): The company’s primary method of detectina malicious software on its internal systems was the free version of Malwarebvtes Anti-Malware.

It doesn’t matter howFazio was selected as atarget — what mattersis what happenedafterwards.Due to lack of propersecurity tools, a lack ofsecurity managementand simple myopia,Fazio was broken into.Thru Fazio, Target wasbroken into.

To be clear, Malwarebytes Anti-Malware (MBAM) free is quite good at what it’s designed to do — scan for and eliminate threats from host machines. However, there are two problems with an organization relying solely on the free version of MBAM for anti¬malware protection: Firstly, the free version is an on-demand scanner that does not offer real-time protection against threats (the Pro version of MBAM does include a real-time protection component). Secondly, the free version is made explicitly for individual users and its license prohibits corporate use.

So, what lessons does the Target breach hold for contractors and consulting firms?

  1. If you are relying on free, unmanaged tools to protect your company — STOP. STOP RIGHT NOW.
  2. If you are relying on free or expired anti-virus software to protect you, STOP.
  3. And most importantly, no one is too small a target.

Some facts:
The long weekend bank hack has been the most lucrative attack against small
businesses for the last 7 years
Patco construction company had $588,000 stolen from their accounts and had to sue their bank to get some of the
money back

A medical billing firm declared bankruptcy after thieves broke in and stole files

A $1.5 million cyber theft caused an Escrow firm to declare bankruptcy I’ll bet that Fazio’s management never thought they would be an attractive target to cyber criminals.
The reality is that criminals are creatures of habit and seize opportunities, like any good business owner. The broke into Fazio using email phishing attacks, stole documents, credentials, etc. and accidentally discovered that Fazio had access to Target’s network. Or they did research on Target, identified their key suppliers, and kept attacking the suppliers until the weakest link broke.

It doesn’t matter how Fazio was selected as a target — what matters is what happened afterwards. Due to lack of proper security tools, a lack of security management and simple myopia, Fazio was broken into. Thru Fazio, Target was broken into.
And 110 million (that’s 110,000,000) credit cards were compromised.

On top of it all, both Fazio Mechanical and Target received visits from the FBI, Secret Service and DI-IS. • Are you prepared to handle a visit from the FBI or Secret Service? How about a call from your largest client telling you that you were the source of their break-in? Do you have proper E&O, P&C and Cyberliability insurance? Do you have active defenses to Detect, Defend and Protect your users from criminals and themselves?
The $ 1,000 challenge
If you think all your ducks are in a row, let me interview you. And at the end of the interview, I will donate $1,000 to your favorite charity. If you don’t think you have everything, and need help in building a proper security and disaster recovery plan, then let’s meet. When your firm becomes a client, I’ll still write a check for $1,000 to your favorite charity.
What have you got to lose? (except an unexpected visit from the FBI)?
- Raj

References:

Topic Articles
February 24th, 2014

deadend

This is it.

No more patches. No more updates. No technical or legal protection.
And you could be violating HIPAA, PCI-DSS, State & Federal Privacy Laws and New York State Ethics Rules 1.6 as it relates to client privacy.

What does end of support mean to you?

Running Windows XP 5P3 and Office 2003 in your environment when support ends may expose your company to potential risks. Therefore, any computer or server with these software programs installed will be completely exposed to serious hacker attacks aimed at taking control of your network, stealing data, crashing your system, and inflicting a host of other business-crippling problems you do NOT want to have to deal with.

Top 7 Reasons to Upgrade

  1. XP has tons of viruses.
  2. XP is OLD. (Almost 12 years old!)
  3. XP is the least secure operating system.
  4. XP was built for a simpler time.
  5. XP is out of Band-Aids.
  6. XP support is ending.
  7. XP has more malware than ever.

Negative Impacts if Action is Not Taken

  • No new security updates.
  • No more band-aids.
  • No hardware support.
  • No more free support options.
  • Elimination of paid assisted support.

How do I begin my migration?

Call Raj at 917-685-7731 today to develop a migration plan for the hardware and software upgrades you need to avoid a serious security risk to your organization and stay competitive.

Topic Articles
February 23rd, 2014

NEW YORK (PIX11) –
JAY DOW INTERVIEWS RAJ GOEL

Once upon a time, when it came to hi-tech phone surveillance, the NSA used to be the only game in town.

And while some of the capabilities exposed by former contractor Edward Snowden are indeed mind-blowing, these days anyone – from your best friend, to your worst enemy — now has the ability to listen into your most intimate conversations, and it’s only a few smartphone clicks away.

One of the newest apps that puts that kind of once formidable processing power – in the palm of your hands is called Crowd Pilot.

“It’s a loaded gun that there giving to people without a lot of controls on it,” says tech expert Raj Goel. “Ultimately, the question of privacy in our daily lives will need to be addressed by the user – not the technology.”

“The age of personal surveillance is here. What the Stasi and the CIA could only dream of in the 50s and 60s now we can do with a two hundred dollar smartphone. And the real challenge for us as parent and grown ups in society is going to be, “are our laws up to date? Are we teaching our kids, and our business partners, and our spouses, girlfriends, and boyfriends proper behavior?” said Goel.

Read more at http://pix11.com/2014/02/21/why-the-nsa-isnt-the-only-threat-to-your-phones-privacy/#axzz2txxsVWsR

Topic Articles
February 16th, 2014

Building the ULTIMATE Marketing & Operations Machine

The Holiday 2012 issue of The Economist had a fantastic article on the history of hotels (Hilton, Marriott, Ritz, etc) and it quoted J.W. Marriott, Jr.

When I say that the company’s prosperity rests on such things as our sixty-six-steps-to-clean-a-room manual, I’m not exaggerating.
J.W. Marriott, Jr. Former CEO, Marriott Worldwide
Be My Guest >

That quote resonated with me. In 2013, we embarked on a mission to create a “SOP Culture” at Brainlink and I’m happy to say, we’re succeeding.

Stats:

107 Operational SOPs created
(we average of 2 NEW ones each week)

31 Marketing SOPs created
(average 1 every 2 weeks)

Why Am I Sharing My Secrets?

We’ve been fortunate to have a large number of mentors, coaches and well wishers who have contributed greatly to our success. I’ve learned a lot from my mentors…and have even more to learn.

I firmly believe that we learn MORE by teaching and sharing, than any other activity.

I also believe that those who have received have an obligation to give back to the community.

This is my Pay It Forward process.

Learn, implement, reap the rewards, pay it forward.

- Raj

Date

Webinar

Fri 2/21/14
3 PM EST

Building and Using SOPs
How to systematize your newsletter creation
2014-02-16-Ultimate_MARKETING_Machine_005-Building_and_Using_SOPs
SOP_Template.doc
2014-02-16-Ultimate_MARKETING_Machine_004-HANDOUT-Create_Project_Plans_In_Connectwise
2014-02-21-Brainlink_Marketing_SOPs_Creating_Newsletters_SOP_v1b
https://www2.gotomeeting.com/register/310261402

Fri 3/7/14
3 PM EST

How To Write Your $1,000,000 Book
How To Write Your $1,000,000 Book (PDF)
Webinar Recording
Recommended Vendors:
- Book designVervante
- Printing & PublishingCreateSpace

Fri 3/21/14
3 PM EST

Deliver EFFECTIVE Security / Building a MSP SOC
Deliver_EFFECTIVE_Security (PDF)
Webinar Recording

Fri 4/4/14
3 PM EST

Please register for Increasing Revenues without raising rates on Apr 4, 2014 3:00 PM EDT at:

Increasing Revenues Webinar Recording
Learn how to:
- How to increase revenues without raising rates
- How to use CONNECTWISE PROJECTS to sell bigger projects
- How to create PROACTIVE Refresh PlansAfter registering, you will receive a confirmation email containing information about joining the webinar.

Fri 4/18/14
3 PM EST

Please register for Generate AWESOME Testimonials on Apr 18, 2014 3:00 PM EDT at:

Webinar Recording
Learn how to:
- Generate AWESOME Testimonials
- Leverage them in your marketing, proposals, seminars, etcAfter registering, you will receive a confirmation email containing information about joining the webinar.
Topic Articles, Blog
February 13th, 2014

On Tuesday, Feb 11, The Friars Club unveiled a brand new chair.

To say that I’m honored is an understatement.

And thanks go to my wife for an AWESOME birthday gift!  (almost as good as bourbon and … oh wait, kids might read this….redacted…)

Raj Goel Friars Club Chair

Raj Goel Friars Club Chair

Topic Articles, Blog
February 12th, 2014

A question that seems to come up a lot lately with clients, in some form or fashion, is “How should I properly budget for IT expenses?” While this is a great question, there are a lot of variables that determine the answer, so I can’t provide a “one-size-fits-all,” simple answer. However, below are some general guidelines that should help you figure this out:

  1. Hardware Refresh. No one likes the cost of a network upgrade, but it IS necessary approximately once every 3 to 4 years. PCs and servers older than that tend to run slow, crash frequently and generally become more expensive to fix and support than to replace. Therefore, your budget should include an IT refresh of all equipment every 3 years to be on the safe side.
  2. Maintenance. There is no “set it and forget it” when it comes to network maintenance. With cyber criminals becoming more sophisticated and aggressive, you MUST constantly monitor and update your network against cyber-attacks, malware, data loss, etc. A good general rule of thumb is <<$400>> per month for each server and <<$100>> per month per PC.
  3. Data Backup. Another expense you must account for is backing up your data to an offsite location (often called “cloud backup”). Since all businesses generate MORE data year after year, the backup will grow. Start by assessing the growth of your data over the last couple of years to uncover a trend. From there, forecast those additional expenses going forward at the same rate (don’t expect this to stay static year after year).
  4. Expansion. Another factor for your IT budget is upgrading software, line of business applications, CRM systems and accounting packages that can no longer support your growing company. As your company grows, systems, processes and data become more complex requiring more sophisticated (and often more expensive) software and systems. Make sure you are looking ahead year upon year to see this coming and to properly budget for it. There’s no “magic” formula for this because the timing and cost of your upgrade is unique to your company, situation and what you are trying to accomplish.
Topic Articles
February 12th, 2014

100% of all hard drives will eventually fail. This is a fact. Some will fail prematurely due to manufacturers’ defects while others will fail because a mechanical part finally wears out. The question is, how long until that happens?

Online backup provider Backblaze.com has kept 25,000 consumer-grade hard drives constantly running for the last 4 years, diligently noting whenever a hard drive breaks down. The results are very interesting.

  • 92% of all hard drives will survive the first 18 months. These failures are typically due to manufacturers’ defects (oftentimes called the “lemon effect”). Hard drives’ warranties are typically 1 to 3 years, which is basically the manufacturers saying that they are only on the hook to replace the lemons.
  • During the next 18 months, only a very small percentage of drives (~2%) will fail. These failures are from random “unlucky” issues and occur rarely anytime during the life of the drive.
  • Beginning in year 3, hard drives start to wear out due to usage. They are simply mechanical devices that are getting old. 80% of drives will make it to year 4 and then they drop off at about 12% or more per year thereafter.
  • As illustrated in the graphic, the failure rate is essentially a U curve with most failures very early on or after the 3-year mark.

So, What Does This Mean?

Simple. Back up your data. With a 1-in-10 chance that your hard drive dies in the first 3 years of its life and an accelerating chance of failure after that, there is no excuse for being caught without a solid backup. Ever.

Make a plan. Build equipment replacement into your budget at least every 4 years for most devices, with a 10% equipment-replacement expense built in over the 1st year and then again starting in year 3.

As for that 10-year-old PC in the back room still running Windows XP and your most critical reporting software, the clock is ticking …

Topic Articles
February 12th, 2014

Quick, What Do You Do?

Over the last couple of months, we’ve come across some alarming statistics that you should know. Studies show that as many as 16% of smartphones are lost or stolen each year with only 7% of the stolen devices ever being recovered. Despite the fact that 60% of the missing smartphones are deemed to contain sensitive or confidential information, 57% of these phones were not protected with available security features, leaving the company exposed! In fact, only 14% of companies currently have a mobile-device security policy in place. The bottom line is, no matter how careful your employees are with their smartphones, losing a smartphone (or having one stolen) is likely to happen to you or your employees at some point in time.

In the hands of even a relatively unsophisticated hacker, all of your smartphone information can quickly be siphoned off. And time is of the essence for taking action. Criminals will remove the battery of your phone to prevent “remote wipes” of your data by your IT staff and then use a room without mobile access to break into the phone. This is akin to giving a thief the key to your data and the code to deactivate the alarm.

Asking employees to be more careful IS a good step in the right direction, but accidents happen and thieves are always on the prowl. That’s why it’s so important to take measures to lock down and secure any mobile devices you and your staff use to access your company’s network.

Here are just a few steps you can take now to be prepared:

  1. Strong Passwords. Enforce a strong mobile-device password policy and make sure your employees can’t leave devices unlocked and vulnerable.
  2. Enable Device Wiping. Prepare to be able to wipe both company-issued and personally owned devices that access company data. Make sure your employees are signing off on this before they add company data to their phones.
  3. Have A Plan In Place. If a phone is lost or stolen, act quickly! If you happen to find the phone again, then the data can likely be replaced; however, stolen data in the hands of a criminal can rarely ever be taken back!
Topic Articles
February 12th, 2014

Amazing Facts About Love

February is traditionally love month, so here are some random love facts (or myths) that might surprise you:

  1. People are more likely to tilt their heads to the right when kissing instead of the left (65% of people go to the right!).
  2. Falling in love can induce a calming effect on the body and mind and raises levels of nerve-growth factor for about a year, which helps to restore the nervous system and improves the lover’s memory.
  3. Love can also exert the same stress on your body as deep fear. You see the same physiological responses – pupil dilation, sweaty palms and increased heart rate.
  4. Philadelphia International Airport finished as the No. 1 best airport for making a love connection, according to a recent survey.
  5. Men who kiss their wives in the morning live five years longer than those who don’t.
  6. People who are newly in love produce decreased levels of the hormone serotonin – as low as levels seen in people with obsessive-compulsive disorder. Perhaps that’s why it’s so easy to feel obsessed when you’re smitten.
  7. According to mathematical theory, we should date a dozen people before choosing a long-term partner; that provides the best chance that you’ll make a love match.
Topic Articles
February 12th, 2014

I read a moving article on CNN.com about modern day slavery in Mauritania (see http://www.cnn.com/interactive/2012/03/world/mauritania.slaverys.last.stronghold/index.html/). Yes, slavery still exists and 10-20% of the Mauritanian population is currently enslaved. What really hit me hard is that unlike traditional slavery involving chains and physical restraints, modern slavery is primarily mental. The hereditary slaves are born as slaves; they live in villages that have ceremonial fences. Anyone can walk away or run away, and yet very few do. They are so enmeshed in the culture that the thought of walking away doesn’t occur to them.

To quote from the article:

Fences that surround these circular villages are often made of long twigs, stuck vertically into the ground so that they look like the horns of enormous bulls submerged in the sand. Nothing ties these skeletal posts together. Nothing stops people from running.
But they rarely do.

And a similar form of mental servitude exists in (anti-) social media today. This month, the world celebrates the 10th anniversary of Facebook. What we’re really cerebrating is 10 years of ceaseless onslaught against freedom of speech, freedom of thought and freedom against self-incrimination – also known as the 1st, 4th and 5th amendments of the US constitution.

You could say that I am being hyperbolic in my characterization of Facebook as digital slavery, or that I’m taking poetic license and it’s not really fair to those who suffered, and still suffer, from the shackles of physical and financial servitude. Fair enough.

That said; let’s consider that in traditional slavery, the slave owner claimed ownership over the physical bodies and the output of physical labor from their slaves. Slaves grew cotton, sugarcane, raised cattle, etc and the masters took control of it.

In the modern era, our wealth isn’t generated from our sinews. We don’t break our backs toiling in the fields. Our wealth is intellectual in nature, digital in its form and that is being acquired for free from the lords of the internet.

  • Facebook claims perpetual ownership on your posts, likes, dislikes, photos.
  • Twitter claims perpetual ownership of your tweets, thoughts and stupidities.
  • Instagram, Flickr, etc claim perpetual license on your images.

As Attorney Craig Delsack notes “you grant the social media sites a license to use your photograph anyway they see fit for free AND you grant them the right to let others use you picture as well! This means that not only can Twitter, Twitpic and Facebook make money from the photograph or video (otherwise, a copyright violation), but these sites are making commercial gain by licensing these images, which contains the likeness of the person in the photo or video (otherwise, a violation of their “rights of publicity”).”

Amazon controls what you get to read, and has deleted books from kindles remotely. Fittingly enough, the 1st book Amazon stole back from a paying customer was 1984. Apple claims similar rights on your iPhones, iPads, iTunes and has given itself the right to remotely block or uninstall books, movies, songs, etc.

So what exactly are you buying when you “buy” eBooks.from Amazon or Apple? What are you “buying” when you buy songs from Apple, Amazon, and Google? You’re “buying” the temporary right to read that book, watch that movie or listen to that song until the overlords decide that you’ve somehow violated their rights by travelling to a foreign country, visited wrong parts of the internet, etc. And any of these are grounds for them to delete content without reimbursement.

And how does Facebook fit into all of this?

In the 1970s and 1980s, we protested against the Communists and held up East German Stasi as particularly pernicious. At the height of its power, an estimated 10% of the East German population spied on their neighbors.

Today, approximately 128 Million Americans use Facebook. Every like, dislike, comment is private property of Facebook to be bought and sold like a commodity. Your thoughts, pictures, family photos and privacy are a good sold on the open market.

And what does Facebook provide to its real customers – the corporations and governments?

And that’s just a start…there’s much more that Facebook retains, and makes available to foreign governments.

I hear you. I hear your complaints. Without Facebook, how will you have a social life? How will you go out on dates? Or keep track of family get togethers? Without Facebook, how will you share the family photos?

Scholars find many similarities between modern Mauritanian slavery and that in the United States before the Civil War of the 1800s. But one fundamental difference is this: Slaves in this African nation usually are not held by physical restraints.

Just like the Mauritanian slaves who are held on farms, not by physical shackles, but cultural and mental ones that keep them enslaved. Even though all they have to do is walk away.
No violence, no guns, just put one foot in front of the other.

Will you raise your kids as digital slaves? Or will you walk away…one mouse click at a time?

References:


4th Amendment issues – http://www.businessinsider.com/police-make-fake-facebook-profiles-to-arrest-people-2013-10
1st Amendment Issues – http://www.huffingtonpost.com/tag/facebook-arrest
5th Amendment Issues – http://www.digitaltrends.com/social-media/the-new-inside-source-for-police-forces-social-networks/
1st, 4th, 5th Amendment issues – http://www.nbcnews.com/technology/careful-what-you-tweet-police-schools-tap-social-media-track-4B11215908
Copyright and IP Ownership – http://www.nyccounsel.com/business-blogs-websites/who-owns-photos-and-videos-posted-on-facebook-or-twitter/

Amazon erases 1984 from Kindle – http://www.nytimes.com/2009/07/18/technology/companies/18amazon.html

Further Reading:
http://www.brainlink.com/2012/10/free-video-protect-your-kids-from-facebook-social-media-threats/
http://www.brainlink.com/2013/10/teach-your-kids-about-the-dangers-of-snapchat/
http://www.brainlink.com/2012/10/prevent-your-kids-from-becoming-accidental-porn-stars/
http://www.brainlink.com/de-volkskrant/
http://www.rajgoel.com/tag/panopticon/

Topic Articles
November 26th, 2013

Raj delivered keynote presentation at The Hague, Helsinki, Curacao, Dato’s Partner Conference and other events De Volksrant wrote an amazing profile

WPIX-11 featured Raj as a cyber-security expert on 5 stories

Shival Agarwal joined our team as Senior Systems Engineer
Bernice Wright joined us as Marketing Manager
Fabian Moy celebrated his 6th anniversary with Brainlink

And most importantly, we welcome the following clients to our family:

  • John Gallin & Son
  • Alterman & Boop
  • Arbiter Partners
  • Philip Greenberg
  • Mel Lazar
  • Rachel Lurie
  • E W Howell
Topic Articles
November 26th, 2013

Author, Speaker and TV Guru
Raj Goel, CISSP
Presents:


Construction Industry Technology Day!
Learn How To GROW Your Business!

Register at: www.brainlink.com/constructionseminar/

Thursday, Jan 23, 2014 8am ‐ 10 am
The Friars Club

57 East 55th Street, New York, New York 10022
(55th Street between Madison & Park Ave)

Topic Articles
November 26th, 2013
  1. Backup Your Data Regularly
    Run at a MINIMUM Daily Backups of your Critical Data Automated Offsite Backups are Invaluable Check/Test your data backups at a MINIMUM Monthly Assure all critical data is saved in the backed up location
  2. Implement better banking practices
    One Account for Payroll & Taxes NO DEBIT OR CREDIT CARDS ASSOCIATED WITH THIS ACCOUNT One Account for Operations & Expenses AVOID DEBIT OR CREDIT CARDS ASSOCIATED WITH THIS ACCOUNT Monitor Account Activity, setup Alerts, Reporting, use strong Banking Passwords
  3. Upgrade Your Security
    Regularly Patch Systems—Windows, Applications, Java, etc. Use a current an -virus – If it’s expired or it came with your PC, it’s useless Implement a better firewall – Blocks viruses, drive-by downloads, tracks web surfing Password lock your iPhones, iPads, etc. Hardware is replaceable. Your & your clients’ privacy isn’t. Have your employees sign an Acceptable Use Policy
  4. Increase Your Productivity
    Give Your Staff The Tools They Need To Succeed Managed Support means they can call for tech support whenever they need it, without increasing your costs. Work with a fellow business owner, not just a tech-head

    Take More Vacations A week or more of no phone calls, emails, etc. Is highly recommended.

    Read My Book!

  5. Double check your insurance policies and ensure you have proper coverage
    Most general liability, Errors & Omissions and Malpractice policies do NOT cover the costs of forensic investigations, client notification costs, and cleanup costs.
  6. Hire Brainlink to conduct a Network Security Audit

    You need an expert to really assess the current state of your network and data security. And you need a business professional who specializes in building cost- effective, survivable security plans, disaster recovery plans, and business continuity plans.

And most importantly, you need someone with deep contacts in law enforcement, so when a breach occurs, the FBI, Secret Service, NYPD Cyber Crimes and the NYS Cyber Crimes teams will treat your case with speed, respect and sensitivity.

Topic Articles
November 26th, 2013

December is known around the world as a family me of celebration honoring cultures, religions and traditions that have been with humanity for hundreds of years. See below for a mix of the weird and wonderful facts about this magical month!

  1. An almanac prediction states that if snow falls on Christmas Day, Easter will be warm, green and sunny.
  2. The name December comes from the La n decem for “ten,” as it was the 10th month in the Roman calendar.
  3. December 12th is Poinsettia Day.
  4. Saint Nicholas, who would eventually be called Santa Claus, was originally the patron saint of children, thieves and pawnbrokers!
  5. December 28th is considered by some to be the unluckiest day of the year.
  6. The first artificial Christmas tree was made in Germany, fashioned out of goose feathers that were dyed green!
Topic Articles
November 26th, 2013

On November 7, 2013, we hosted a breakfast seminar titled “Cyber Criminals Are Targeting Law firms”. Here are the cliff notes.

George Schultzel , FBI:

  1. There are only 2 kinds of people.People who are about to be hacked; and those who’ll be hacked again.
    It’s as simple as that – either you’ve already been hacked and don’t know it (because most firms do NOT have the capability to detect breaches, data thefts, etc.) or those that are actively being attacked by their competitors, criminals and foreign governments.
  2. There are 3 types of assets you need to protect: Human, Intellectual Property and Financial Assets

Some recent FBI cases:

  • a law firm has $7 Million stolen, and they didn’t even know about it.
  • a group of 12-19 year olds was actively hacking D-list celebrities, just because they could.
  • Several law firms hired hackers to break into their competitors

LESSONS LEARNED:

  1. 90% of Zeus banking Trojan infections enter the network via email. You MUST invest in good spam filtering, network firewalls, and backups. And most importantly, keep a keen eye on your bank accounts.
  2. When you invite the FBI into your office, they conduct their investigations very discreetly.

For nation-state attacks, with your approval, they will monitor the attacks. During criminal attacks, they will come in, forensically image the systems, and take evidence. They WILL protect client confidentiality. They will NOT fix or repair your systems.

What can you to do protect your business?

According to Maria Treglia, PBC, a division of HUB International, Businesses and Organizations have an obligation to keep people’s information private.

Your existing Malpractice or General Liability policies do NOT provide appropriate coverage for hacks and cyber-theft.

In a recent study conducted by NetDiligence,

  • Personally Identifiable Information (PII) was the most frequently exposed data (28.7% of breaches), followed closely by Protected Health Information (PHI) (27.2% of breaches).
  • Lost/Stolen Laptop/Devices were the most frequent cause of loss (20.7%), followed by Hackers (18.6%).
  • Small‐Cap ($300M‐$2B) and Nano‐cap (< $50M) companies experienced the most incidents (22.9% and 22.1% respectively). Mega‐Cap (> $100B) companies lost the most records (45.6%).

The median number of records lost was 1,000. The average number of records lost was 2.3 million. Claims submitted for this study ranged from $2,500 to $20 million. Typical claims, however, ranged from $25,000 to $400,000.

So, unless you have $500,000 sitting around, doing nothing, you’re much better off buying Cyber Liability policy like Privacy/101.

Raj Goel, CISSP discussed several law-firm related case studies. Why are you being attacked? Because the criminals know you have valuable assets – sensitive data on mergers, purchases, law suits, etc. And because most law firms have the “I’ll never get hacked mentality”.

Some recent cases:

  • A former employee of a Pittsburgh, PA law firm and her husband were sentenced for hacking into the law firm
  • China-based hackers broke into 7 different Canadian law firms to get insider info on the Potash Corp/BHP Billiton merger
  • A partner in a small law firm discovered he’d been hacked when the FBI knocked on his door.
  • According to the Wall Street Journal, Client Secrets Are At Risk as Hackers Target Law Firms

Contacts:
George Schultzel, Special Agent, New York Division

Federal Bureau of Investigation
george.schultzel@ic.fbi.gov
Desk: 212‐384‐3250, Cell: 646‐430‐2358

Maria Treglia, CPCU, RPLU

Chief Sales Officer and Senior Vice President, Program Brokerage Corporation
(PBC), a division of HUB International
Office: 516‐496‐1345, MTreglia@programbrokerage.com

Grab the slides from www.brainlink.com/lawfirmseminar/

Topic Articles
October 30th, 2013

FBI Special Agent Kirsten Ohlson was the featured speaker at our October 3rd Seminar at the Friars Club. Here are key takeaways from her presentation:

NYC is a target-rich environment for spikes and hackers. UN and “alleged diplomats” target NYC businesses, including Architecture firms for data espionage. They will chat you up to gather information, ask you for proposals, and conveniently ask you for employee lists and other info. Things that you might think are harmless, but aren’t. They have approached mid-level employees, janitors, staff, etc.

Make friends with the FBI, Secret Service and NYPD Cyber Crimes units before you need them.

Infragard can come to your business and provide free training on cyber security and protection for your staff. Learn more about Infragard at www.infragard.org

Topic Articles
October 30th, 2013

We’ve discovered (and stopped) employees from:

  • Playing games
  • Downloading movies (which is illegal!)
  • Surfing “adult escort” sites
  • Downloading porn
  • Pirating software

If you’re concerned about what your employees are doing online, or want to make sure they don’t put your business at risk, give me a call.

My team can put together an effective internet security solution that blocks offensive surfing, puts you in the drivers’ seat, and give you daily reports on who went where, and when.

- Raj

October 30th, 2013

Support is ending April 2014 (5 Months Away!)

  • No more band-aids, patches, updates or support from Microsoft.
  • Using Windows XP after April 2014 could be a HIPAA, PCI-DSS, GLBA, etc. violation.
  • Malware Everywhere – xp is by far the most vulnerable platform to connect to the internet.

Windows XP is a relic from a different world. Use at your own risk.

October 30th, 2013

Cyber Thieves Keep A-Knockin’ But They Can’t Come In. A study presented at the International Conference on Dependable Systems and Networks showed that small-business networks are attacked every 39 seconds by some type of hacker or malicious software. Thankfully, having the proper firewall and office network security tools can prevent even the most determined cyber hacker from getting his hands on your network.

Downtime Should Be A Thing Of The Past. Thanks to monitoring and maintenance tools that are openly available, any reputable computer company can now actually notice when things go awry and prevent your computers from having issues. Hot fixes, patches and security updates are generally items that, when maintained on a regular basis, keep a network healthy and up and running. If, for some reason, your network still has some kind of downtime, cloud-based remote management tools allow your IT professional to access your system from anywhere, getting you up and running more quickly than ever before.

If Disaster Strikes, You Can Be Back Up & Running In Minutes Instead Of Days. In addition to lost data, many businesses’ operations would be completely down for days or weeks if a major disaster like fire, flood or theft ever occurred. Here’s where Backup & Disaster Recovery solutions (BDR) can help you feel very thankful indeed. Most of today’s BDR solutions include a “virtualization” component, which means an exact “picture” of your server and computers is taken throughout the day and stored elsewhere. If you ever need to get back up and running, your IT company simply restores that image…and you’re back in business.

October 30th, 2013

What do you expect from such simple creatures?

  • Your last name stays put
  • The garage is all yours.
  • Chocolate is just another snack.
  • You can be President.
  • Car mechanics tell you the truth.
  • Same work, more pay.
  • Wrinkles add character
  • Phone conversations are over in 30 seconds flat.
  • A five-day vacation requires only one suitcase.
  • You get extra credit for the slightest act of thoughtfulness.
  • Three pairs of shoes are more than enough..
  • You can play with toys all your life.
  • You can wear shorts no matter how your legs look.
  • You can ‘do’ your nails with a pocket knife.
  • You can do Christmas shopping for 25 relatives on December 24 in 25 minutes.

No wonder men are thankful.

Topic Articles
October 30th, 2013

HIPAA and HITECH have been around for quite some time. Even so, many companies covered by these laws are way behind the times when it comes to actual implementation. And when you really think about it, even companies not covered by these laws should have the requisite policies and procedures in place.

  1. Access Control Policy. How are users granted access to programs, client data and equipment? Also includes how administrators are notified to disable accounts when needed.
  2. Workstation Use Policy. Requiring secure passwords, monitoring logins and limiting unsuccessful logins are just a few of the basics covered. Policies also need to cover basic security best practices such as not allowing passwords to be written down or shared with others.
  3. Security Awareness Training. Organizations must ensure regular training of employees regarding security updates and what to be aware of. You must also keep an audit trail of your reminders and communications in case you’re audited.
  4. Malicious Software Controls. You must have documented policies for the frequency with which anti-malware and antivirus software are updated and what happens if an infection/outbreak occurs.
  5. Disaster Recovery Plan. How you respond to emergency situations (of all shapes and sizes) must be fully documented and tested regularly. A full Disaster Recovery Plan is something our company can help you with.
  6. Media Disposal Policy. How do you dispose of old computer equipment and data? You must have policies and procedures in place that cover exactly how all equipment is properly disposed of and logged.
  7. Review And Audit Procedures. There’s much more to HIPAA compliance than the 6 items discussed here; however, be certain also that whatever you do has a firm audit trail/log that shows that everything has been executed according to plan.

These are just starting points. If you’re subject to HIPPAA of just want to make sure that your company is covered by these simple best practices, contract our office and we’ll be happy to review these areas with you.

If you’d like to learn more, or conduct HIPAA/HITECH compliance audits, check out www.RajGoel.com

Topic Articles
October 30th, 2013

Snapchat is a popular service for high-school & college kids to use in place of texting, and sharing naughty photos.

The savvy kids know that sending SMS/texts or emails isn’t safe and more and more, they’re using services such as SNAPCHAT, WhatsApp, Vine, etc.

The promise of Snapchat was that the texts, photos and videos were self-deleting.

If Mike used SnapChat to send Jane photos of himself, as soon as Jane saw them, the photos were deleted.

Great for sending nude/semi-nude and crude photos, right? Awesome for flirting and gossiping, right?

WRONG!

As SnapChat admitted in a recent blog post (at http://blog.snapchat.com):

Storage

As mentioned in our previous blog post, Snaps are deleted from our servers after they are opened by their recipients. So what happens to them before they are opened? Most of
Snapchat’s infrastructure is hosted on Google’s cloud computing service, App Engine. Most of our data, including unopened Snaps, are kept in App Engine’s datastore until they are deleted.

Retrieval

Is Snapchat capable of retrieving unopened Snaps from the datastore? Yes—if we couldn’t retrieve Snaps from the datastore, we wouldn’t be able to deliver them to their recipients desired by the sender. Do we manually retrieve and look at Snaps under ordinary circumstances? No. The ordinary process of sending Snaps to their recipient(s) is automated.

So what is a circumstance when we might manually retrieve a Snap, assuming it is still unopened? For example, there are times when we, like other electronic communication service providers, are permitted and sometimes compelled by law to access and disclose information. For example, if we receive a search warrant from law enforcement for the contents of Snaps and those Snaps are still on our servers, a federal law called the Electronic Communications Privacy Act (ECPA) obliges us to produce the Snaps to the requesting law enforcement agency. For more information, see the section of our Privacy Policy that discusses circumstances when we may disclose information.

Simply put, from the moment messages are sent and until they are opened OR as long as Law Enforcement asks SnapChat to keep the messages, they will. Educate your high school kids, college kids and new hires that NOTHING IS PRIVATE ON THE INTERNET. Do NOT trust companies that promise to “hide” your communications.

Topic Articles
October 9th, 2013

Live Seminars at The Friars Club

1) Oct 3 – 8am – 10 am – FOR ARCHITECTS: DECLASSIFIED DEBRIEFING From The FBI – Cyber Criminals Are Targeting Architectural Firms. Learn How To Protect Your Business. www.Brainlink.com/architectseminar/

2) Oct 25 – 8am – noon – CSSWorks, Chicago – Protect Your Family & Business From Cyber Criminals Raj is the guest speaker at CSS’s annual Technology Day. He will discuss security and cybercrime challenges facing companies in America’s heartland.

3) Nov 7 – 8am – 10am – FOR LAW FIRMS: DECLASSIFIED DEBRIEFING From The FBI – Cyber Criminals Are Targeting Law Firms. Learn How To Protect Your Practice. Register at www.Brainlink.com/lawfirmseminar/

4) Jan 23 – 8am – noon – CONSTRUCTION COMPANY TECHNOLOGY DAY. Declassified Debriefing From The FBI on threats specific to Construction Firms Register at www.Brainlink.com/constructionseminar/

Topic Articles
October 9th, 2013

We’ve discovered (and stopped) employees from:

  • Playing games
  • Downloading movies (which is illegal!)
  • Surfing “adult escort” sites
  • Downloading porn
  • Pirating software

If you’re concerned about what your employees are doing online, or want to make sure they don’t put your business at risk, give me a call.

My team can put together an effective internet security solution that blocks offensive surfing, puts you in the drivers’ seat, and give you daily reports on who went where, and when.

- Raj

Topic Articles
October 9th, 2013

Support is ending April 2014 (6 Months Away!)

  • No more band-aids, patches, updates or support from Microsoft.
  • Using Windows XP after April 2014 could be a HIPAA, PCI-DSS, GLBA, etc. violation.
  • Malware Everywhere – XP is by far the most vulnerable platform to con- nect to the internet.

Windows XP is a relic from a different world. Use at your own risk.

Topic Articles
October 9th, 2013


Over a billion dollars are lost each year in the United States through “ATM Skimming” – far more than any losses from bank robberies – and it’s growing at a rate of more than 10% every year.

ATM Skimming is a cybercrime where the criminals steal (or “skim”) your ATM/debit card data when you’re using a typical ATM machine. They do this by fitting a small card reader over the typical ATM card slot, thus capturing your information. Additionally, the criminals install mini cameras above or near the ATM to capture your PIN number. The data is then transmitted via Bluetooth to the cybercriminals somewhere nearby. The average skimming attack usually lasts only an hour or two during peak ATM usage times (i.e. lunch hour or after work). Meanwhile, you have no idea that you’ve just been had and are at risk. These cyber-criminals will then sell the data on the cards to others so that they can either clone your debit card or wipe out your bank account.

6 Tips To Protect Credit/Savings Accounts

1) Cover your hand as you type. Obstructing the view of your pin from any cameras will render your data useless.

2) Pay attention to the area around the ATM card slot. If anything looks loose or out of place, pull to see if you can remove it.

3) Be aware of surroundings. Be extra careful of ATMs in dark or isolated places.

4) Does the machine look different? If anything looks out of place (extra signage, mirrors, etc.) then avoid the machine.

5) Put a Transaction Alert & Daily Balance Alert on your account. Our bank texts us when any transaction exceeds $400 and they send daily balance alerts via email. (yes, this means I can’t surprise my wife with big gifts, but it sure beats getting cleaned out by crooks!)

6) Review your transactions & balances daily. Notify your bank of any suspicious transactions immediately.

Topic Articles
October 9th, 2013

  • The most popular type of home-baked cookie is the Chocolate Chip cookie.
  • Over-mixing the dough or adding too much flour can result in hard, tough cookies.
  • The first animal crackers were produced in the United States by Stauffer’s Biscuit Company in 1871. Nabisco’s Barnum’s circus version hit the market in 1902.
  • The modern version of the Fig Newton was created in 1891 and is named for the city of Newton, Massachusetts.
  • The Oreo cookie was invented in 1912.
  • Ladyfingers are used in tiramisu because the cookies so readily absorb the sweet syrup and liqueur used to make the traditional Italian dessert.
  • While Italians use the word “biscotti” to refer to all types of cookies, Americans think of “biscotti” as the long, dry cookies that are served with hot drinks for dunking. The name is derived from “bis,” meaning twice, and “cotto,” meaning cooked. Baking the cookies twice results in their hard, crumbly texture.
Topic Articles
October 9th, 2013

It should not surprise you that a LOT of online sites are tied together.

Gawker.com, LinkedIn.com, Yahoo.com, Facebook, iCloud , World Of Warcraft, Farmville- they’ve all been attacked and criminals have stolen millions of user accounts. And research shows that many, many people use the same password across multiple sites. This turns a small problem (lost Facebook account, com- promised LinkedIN account) into a massive problem…for YOU!

Don’t make the same mistake!

A few lessons learned/taught:
1) The attackers were after a CEO — his password is 24862486
2) The hackers also determined that he used it on twitter, and other sites
3) They changed his DNS, hijacked his sites and caused the company deep em- barrassment and millions in cleanup costs.

We know from experience that people tend to use the SAME PASSWORDS every- where. I STRONGLY urge you to maintain separate passwords, and to change them regularly. Otherwise, a break in one location, can compromise your identi- ty everywhere else.-

Here’s a trick/technique I use to train executives in picking great passwords:

1) Pick a line from a song or a book, e.g. Somewhere Over The Rainbow Bridge
2) Pick the 2nd (or 3rd or 4th) letter from each word, e.g. 2nd letter: ovhar 3rd letter: meeni
3) Pick a BASE password – e.g. OVHAR. Add numbers and special characters (!, @, #, $, %, ^, &, *, (,), 1-0), between the letters: o$v$h$a$r, o$v#h@a$r, o@v#h$a#r
4) For dealing with websites, use a different base, and incorporate the website name in your password: e.g. BASE: MEENI; websites: EXPEDIA.com, EBAY.com, PAYPAL.com.

Sample passwords:
m!e@e#n^iEXPEDIA – with site name at the end
m!e@EBAYe#n^i – with sitename in the middle
m!e@PaYpAle#n^i – with sitename in the middle, mixed case
Any of these passwords are extremely difficult to crack, easy to remember.

TIP: Use DIFFERENT bases for different areas of life: e.g. BASE1 – work creden- tials (office desktop, office email, etc); BASE2 – home credentials; BASE3 – web- sites; BASE4 – Online banking

Or, at minimum: BASE1 – home, work, web; BASE2 – online banking

Change your password every 6 months. A weak password changed frequently is better than a strong password that’s rarely changed.

Topic Articles
October 9th, 2013

It’s no secret that cyber-crimes are all over the news. From Ukrainian hackers stealing millions to Syrian Electronic Army hijacking the AP twitter feed and (falsely) claiming that the president was injured, to teens bullying a young girl over Facebook, digital crimes are all over the news.

So, what can you do about it?

First, don’t panic. This is just another crime wave, and we WILL survive it. Secondly, don’t stick your head in the sand and pretend it won’t impact you. Just like muggings in NYC or car crashes on the highway, you or someone you love will be impacted.

Some common sense tips:

1) Talk to your kids (and grandkids) about social media. We both know that they’re going to drink & party in school at college, and not every freshman is over 21. Some of them will also smoke marijuana, drive too fast, join fraternities/ sororities and do all the (stupid) stuff that kids do. Educate them about threats from social media. Remind them that if they’re going to party, the safest course is to turn the cell phones off, and leave them in the bag/pocket/etc. Snapchat, sexting and posting pictures on Facebook will only get them into trouble.

Share this video with them: http://www.youtube.com/watch?v=HpOg1Sgmpok (or search YouTube for “raj goel social media”)

2) Protect Your Bank Accounts. See page 3 for excellent tips.

3) Ensure You Have Proper Backups. Whether it’s eFolder at home for your photos, documents and quicken files, or Datto at the office for a complete Backup & Disaster Recovery solution, invest in proper, tested backups. Computers will crash, you will lose your cellphone. Your hard drive will die. Let’s protect your information.

4) Upgrade Your Security At Home And Office. Just as you have deadbolts on your door, and The Club in your car, you have to have proper defense tools. We use and recommend GFI Vipre managed anti-virus and Cyberoam firewalls.

5) Attend one of our FREE seminars, or ask me to schedule one at your office. We invite leading experts including FBI Special Agent Kirsten Ohlson to discuss cyber threats facing businesses in the Greater NYC area.

Topic Articles
August 28th, 2013

We’ve discovered (and stopped) employees from:

  • Playing games
  • Downloading movies (which is illegal!)
  • Surfing “adult escort” sites
  • Downloading porn
  • Pirating software

If you’re concerned about what your employees are doing online, or want to make sure they don’t put your business at risk, give me a call.

My team can put together an effective internet security solution that blocks offensive surfing, puts you in the drivers’ seat, and give you daily reports on who went where, and when.

- Raj

Topic Articles
August 28th, 2013

I’ve been saying for almost a decade that cloud providers don’t care about user privacy, and Google’s real motto is “Don’t be evil. That’s OUR job”.

After years of bragging about their privacy policies, commitment to privacy, etc., here’s what Google submitted to the courts recently:

“Just as a sender of a letter to a business colleague cannot be surprised that the recipient’s assistant opens the letter, people who use web-based email today cannot be surprised if their emails are processed by the recipient’s [email provider] in the course of delivery,” the motion reads.

“Indeed, ‘a person has no legitimate expectation of privacy in information he voluntarily turns over to third parties.’”

http://www.scribd.com/doc/160134104/Google-Motion-to-Dismiss-061313

This is Google’s official position.

I’ll let you determine whether this vendor should be trusted with your data.

Topic Articles
August 28th, 2013

Support is ending April 2014 (7 Months Away!)

  • No more band-aids, patches, updates or support from Microsoft.
  • Using Windows XP after April 2014 could be a HIPAA, PCI-DSS, GLBA, etc. violation.
  • Malware Everywhere – XP is by far the most vulnerable platform to connect to the internet.

Windows XP is a relic from a different world. Use at your own risk

Topic Articles
August 28th, 2013
  • If you have 3 quarters, 4 dimes, and 4 pennies, you have $1.19. You also have the largest amount of money in coins without being able to make change for a dollar.
  • The numbers ’172′ can be found on the back of the U.S. $5 dollar bill in the bushes at the base of the Lincoln Memorial.
  • President Kennedy was the fastest random speaker in the world with upwards of 350 words per minute.
  • In the average lifetime, a person will walk the equivalent of 5 times around the equator.
  • Rhode Island is the smallest state with the longest name. The official name, used on all state documents, is “Rhode Island and Providence Plantations.”
  • When you die your hair still grows for a couple of months.Every year about 98% of the atoms in your body are replaced.
  • Elephants are the only mammals that can’t jump.
  • You burn more calories sleeping than you do watching TV.
  • The first product to have a bar code was Wrigley’s gum.
  • The word “nerd” was first coined by Dr. Seuss in “If I Ran the Zoo.”
Topic Articles
August 28th, 2013

Below is an excerpt from the Keynote presentation I delivered at GBATA 2013 in Helsinki, Finland. It is based upon my

“A Global Overview of Trends in Personal, Corporate and Government Surveillance” presentation.

Those who ask you to choose SECURITY OR PRIVACY and those who VOTE on SECURITY OR PRIVACY are making false choices. That’s like asking AIR OR WATER — which do you choose? You need BOTH to live.

Maslow placed SAFETY (of which security is a subset) as 2nd only to food, water, sex and sleep. As humans we CRAVE safety.

As individuals and societies, BEFORE we answer the question “SECURITY OR PRIVACY”, we first have to ask “SECURITY FROM WHOM and WHAT?” and “PRIVACY FROM WHOM AND FOR WHO”?

Until 1215, every Prince, King, Emperor and Conqueror thought he had divine right and was either a god or a manifestation of god. The MAGNA CARTA, for the 1st time in recorded human history, tripped Kings and Emperors of their divine right. WHY? Because the nobility had enough of the incompetencies and cruelties of the ruling monarch. In 1628, Sir Edward Coke established in English Common Law that “A man’s home is his castle” In 1791, The US Bill of Rights gave us the 4th amendment “The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.”

Each of these articles gave us, the citizens, the commoners, rights that were hardfought by a small-band of revolutionaries.

Franklin, Jefferson, Washington, Madison, Adams and countless others bled so that the masses could watch “Keeping up with the Kardashians” today.

Today, every techno-geek with classified access, every sysadmin, every spymaster and bureaucrat in the information acquisition, analysis and marketing machine presumes that he/she is god.

The internet has become a tool of the despots – and EVERY country and EVERY corporation is becoming THE STASI.

During the cold war, the US & the west demonized the USSR and the communists for denying their subjects/citizens property rights; freedom of speech; freedom of thought; freedom of religion.

Today, US, UK, AU, NZ, CHINA, Russia, India, everyone nation spies on it’s citizens. They all do it in the name of SECURITY and protecting the citizenry from terrorists. I don’t recall the US constitution or ANY other government’s charter that required it to guarantee it’s citizens 100% safety or 100% security. Defense of the common good – yes. Decent infrastructure – yes.

Freedom from crime and terrorism is possible…but only if you live in a jail cell.

Privacy of thought is a basic HUMAN right.

We prized ourselves in the west for fighting for the dissidents such as Solzhenitsyn & Sakharov. We even gave some of them Nobel peace prizes and visas to the West. Today, the US government (and others around the world) jail more dissidents, whistleblowers and freedom fighters than ever before. And corporations such as Amazon, Apple, Google, Adobe, SONY, Disney, etc. deny us basic property rights by “licensing” software and media to us.

Today, every elected politician, president, senator, prime minister and king, sees honest dissent as subversive.

Before you answer the question “SECURITY OR PRIVACY”, ask yourself the question – from whom; for who and for how long.

When Vladimir Putin praises PRISM and the NSA, then I think we have a problem. When Steve Wozniak points out the similarities between our lack of rights in cloud and the communists, I think we have a problem.

In every generation, a new King John; a new Khruschev and a new Solzhenitsyn is born. It’s OUR job as citizens to DEFEND the rights given to us by our respective constitutions and DEMAND that they be conferred on our WEAKEST citizens, not just the strongest or the wealthiest.

Feel free to have a reasonable (or unreasonable, as long as good beer or bourbon are involved) debate with me at ASIS59 in Chicago or wherever you catch me next – Hague, Helsinki, Washington DC, Chicago, Curacao, New Zealand – I will be bringing my opinions and research to a conference near you :-D

Topic Articles
August 21st, 2013

Do you have Java turned on in your web browser? If your answer is “Yes” or “I’m not sure,” it’s time to take action to find out. Why? The biggest threat to your computer systems in 2013 (and beyond) isno longer Microsoft Windows – it is Oracle Java.

After 20+ years as the poster child for insecure software, Microsoft’s newest operating systems (Windows 7 and 8) have gotten their act together.

Cybercriminals like to get the greatest bang for their buck and therefore they’re attacking the Java platform because of its huge market share and because it’s an easier platform to hack than the Microsoft operating system. Java is now installed in over 1.1 billion desktops and 3 billion mobile phones. That’s a big target that is very attractive to hackers. Hackers also love that Java is multi-platform,in web browsers.”

Which means it is capable of corrupting PCs running Windows, Mac OX S or Linux.

And since many Mac users don’t have anti-virus, hackers were able to infect over 600,000 Macs with serious malware via the Java software installed on their machines.

Right now, cybercriminals are aware and exploiting any security flaws in Java that could lead to infections on your computer. There are even automated kits now available to capitalize on any security hole found within days, it not hours, of them becoming known. It’s not unusual to see hackers use Java as a first attack to weaken the defenses before serving up an Operating System specific attack. Even the Department of Homeland Security suggested that “To defend against future vulnerabilities, their users should consider disabling Java.

Here are 3 steps you can take today to minimize your risk:

  1. Disable or uninstall Java wherever you can. If you don’t need it, remove it.
  2. Where Java is necessary, use a separate web browser only used for Java-based web sites and be sure to patch Java regularly.
  3. Have your staff report the first signs of slowness, possible infections and web browser pop-ups to your IT guy as soon as they happen. Java.
Topic Articles
August 21st, 2013

Nobody won last month’s trivia so I’m DOUBLING the prize to $50!

Now, here’s this month’s trivia question. The winner will receive a $50 Amazon gift card.

Which musician died in August of 1977, leaving behind a huge following of fans who still adore him to this day?

a) Jerry Garcia b) Jim Morrison c) John Lennon d) Elvis Presley

Call me right now with your answer!
917-685-7731

Topic Articles
August 21st, 2013

NB: I met Peter at the 2013 GBATA conference in Helsinki.  My thanks go out to Dr. N J Delener and the entire GBATA committee for inviting me to keynote, and arranging for us to meet Peter.  Learn more about the Global Business And Technology Association at www.GBATA.org.  I’ve had the honor of keynoting at GBATA in 2012 & 2013 and they are an amazing group of academics and researchers at the forefront of academia, marketing and management.

ANGRY BIRDS fans know that the most powerful character in the game is The Might Eagle – one flick and this bird gets rids of those pesky piggies!

In July, we took a trip to Helsinki, Finland and I got a chance to spend an evening with The Mighty Eagle (yes, that’s exactly how he refers to himself).

Peter used to work for HP where he sponsored a startup contest and 2 young college kids won the contest. They asked him, “hey, we’re pretty good programmers, and we like making games. What should we do next?”

Peter replied “why don’t you start a company” and Rovio was born.

As a pioneer in the mobile games space, they had a lot of failures. Rovio launched 50 games before they delivered Angry Birds.

LESSONS LEARNED:

  1. There are no failures. Only lessons learned till you find success. Just like Angry birds, if you don’t succeed, KEEP TRYING!And Peter knew he had a hit on his hand when the founder’s mother played it over Christmas…and refused to give her son his iPhone back.

    As director of Marketing, Peter is an eccentric genius. When they launched Angry Birds, the focused on making it the #1 game on iTunes in Finland. Admittedly, this was not a HUGE market, but they were able to capitalize on that marketing win.

    By advertising that they were #1 in iTunes Finland, they became #1 in Scandinavia, then the UK, and ultimately, the US.

  2. Celebrate EVERY marketing win. And market every win. BUILD ON YOUR SUCCESSES.
    Today, Rovio is the Disney Corp. of Finland, and Peter is truly Walt Disney.The Mighty Eagle has transformed Angry Birds from a simple game into a global marketing juggernaut with games, movies, books, COFFEE(!), candies, soda, theme parks, NASA missions, etc.

    Even though FOX owns movie studios, TV channels, Game studios, and newspapers, they came to Rovio to help them build the RIO game. RIO was the biggest animation movie in 2012 and took home $500M in ticket sales. Angry Birds Rio generated $200M of those sales.

    I asked Peter about that joint venture and in his words “it was a good start”.

    Last year, Rovio launched Angry Birds Cola. Today, Angry Birds cola outsells Coke Cans in Finland, Norway, Russia and China. Rovio accomplished in 6 months what Pepsi hasn’t done in 30+ years.
    And Peter said “that’s a good start”.

  3. BE HUMBLE. Everything is just a “good start”.I could go on and on with lessons from the mighty eagle…but I’ve got some piggies to destroy.

Topic Articles
July 17th, 2013
Topic Articles, Events