Follow by Email

Tuesday, December 26, 2017

What's in this punch?

NOTE: This post was originally published in 2013 and has been updated with new information. 

The holiday season is upon us. Many employers are planning office parties or allowing employees to plan parties. You’ve heard the stories of bars being liable for their patrons after they leave the establishment or parents who have allowed parties to take place at their homes. These same liabilities are being applied to employers who serve alcohol at office parties.

Party on!

A 2015 survey conducted by the Society for Human Resource Managers (SHRM) found that approximately 59 percent of companies having holiday parties plan to serve alcohol. Less than half of those plan on regulating alcohol consumption by employees. While the parties can serve as an employee reward, team building, or morale booster when alcohol is involved they can also set the scene for inappropriate behavior and/or injuries. The aftermath of which employers have to deal with or could be held liable.

Many employers seek to hold the functions at offsite locations to further enhance or show commitment to the employee event. The location doesn't release the employer of liability and may sometimes encourage inappropriate behavior by employees as the offsite location and alcohol consumption lower inhibitions.

In the most notable case to date, a California Appellate court ruled in August of 2013 that an employer was liable when an employee caused a fatal accident after becoming intoxicated at the employer sponsored party. The ruling was based on vicarious liability and the employer’s responsibility for their employee’s actions. Not all courts may rule the same in all situations, but the precedent has been set.

Why take the chance with your livelihood?

The possibility of legal action should not dampen the festivities or cause employers to cancel parties. Employers have to be aware of the issues and plan accordingly. A little preparation and foresight now may save a lot of money and heartache later.

When planning the party, consider the need to serve alcohol. If alcohol is served manage the consumption by setting limits. Do not pay for alcohol at offsite locations. Arrange alternative transportation for those who do consume.

Review company policies, update as needed, and publish. Ensure employees are aware and reminded of policies regarding alcohol consumption, harassment, and behavior. Make sure social media policies are up to date and include information about the posting of photographs/videos and are sensitive to privacy concerns.

Every effort you make will help later if you were to be sued.

Tuesday, December 12, 2017

Recipe for history

This is a little off topic for this blog, but struck me a good subject. My daughter has been encouraging me to write a food blog so maybe this will be the start or the transition. Don’t expect a recipe at the end though. This is a story about what is behind a worn recipe card.

Several years ago I became interested in my paternal family history. A distant relative had already completed the maternal side and no one had looked in to the paternal side of my family. Great grandparents were traced back to Italian villages. Birth/death/marriage certificates, passenger manifests, and sundry documents were located and collected. What was discovered right in my cupboard was the impetus for this blog.

I have always treasured family recipes that live on in my daily and holiday cooking. Every family has a worn cookbook or recipe card from a relative. Sometimes more than photographs these are our connections to our heritage. The dish from the past can be created and brought to life in the modern world, living anew within our kitchen. The smells and tastes transport us to that relative’s kitchen where we helped or anxiously awaited the results from the oven or stovetop.

What set me on this culinary journey was a pastry. A little cookie that is sometimes filled with a minced citrus nut concoction. The cookies were remembered from my childhood but more recently as the cookies made their way into my children’s lives. We always knew them as Gloves as that was the name passed down by my Italian grandparents. There was a lull in the glove eating business until one day a package arrived from an aunt and uncle. Stuffed full was a box of gloves! Going Christmas tree hunting the next day the gloves accompanied us on the hunt. Every year we looked forward to the treat.

Making gloves is a little labor intensive and time consuming. Although we looked forward to the arrival of the package it did not come every year. We always got a little food gift but not always the gloves. I had family recipes but I did not have this one.

When I asked about the recipe, my aunt was quick to share. She hadn’t realized how much the gloves had become a part of my family’s holiday traditions. The preparation takes a lot of work and we all get busy during the holidays. Sometimes there just wasn’t the desire or open schedule to make the cookies. I, myself, make pizzelles every year. Some years it just seems like too much of a chore. Sometimes it takes a lot to drag out the pizzelle iron and set aside the time to make them. So I understood. I also found out from my aunt that the main reason our source dried up was because the uncle in the equation didn’t leave enough to share.

Like I needed another holiday treat to make, I never attempted to make the gloves. I did get the recipe and tucked it away. Last Christmas my daughter got me a blank recipe book for me to fill with old and new family recipes. That way they are all in one book, which could become our family’s recipe book to pass on. Certainly, all of the old recipes went in. While transcribing the glove recipe I noticed that there was an omission as to how to shape the cookies and the tool to use. Knowing that we would be visiting my aunt and uncle I put the recipe on hold until I could speak to them in person.

Once together, my aunt was more than happy to pull out her cookbook. I had family recipes, but to see the original pages and cards in her and my grandmother’s handwriting was touching. It was like visiting the family homestead in the old country or holding a certificate of marriage or birth of an ancestor. History. In your hands.

I found the information I was missing but also learned some more family history that I had never known. Turns out the crimping tool that is used to make the edges of the cookie was fashioned out of car parts by my grandfather. He wasn’t much of a conversationalist but he had an engineer’s mind and apparently (another family tidbit) was helpful in the kitchen when it came holiday baking time. When observed, the crimping tool is like any you’d see for crimping the edges of ravioli, wavy metal wheel on a wooden handle. Except it was hand made by my grandfather. Another thing to hold and behold.

Also learned was that in addition to gloves, the family called the cookies ewans. Never had I heard that reference. They were always gloves and I never questioned the meaning or origin. Just ate them. Well, my aunt and uncle could not provide any insight into the naming of the cookie. We just chalked it up to Italian-English translation diluted into family colloquialism.

But I couldn’t let it go. So once home I started researching the ingredients and names I had for the cookies to no avail. Thinking about the translation angle and no “W’ in the Italian language I was curious about the family name for the cookie “ewan”. I tried searching the Italian word for gloves, guanto or guanti. Now I know I should of started there but sometimes your mind processes the way it processes. Anyway, once that search was begun-Bingo! The recipes were filling up the search returns. Continuing the search I came across similar recipes for “wandies” and one that explained the family called the cookies “ewands”. Finally! A connection. 

Once I had all of this information I could see how the literal translation of gloves to guanti would become wandie or ewands or even ewan. 

It was an interesting journey that made me realize all of the family history that is packed into a recipe card. Although I had enjoyed the cookies for many years and passed them on to my children I had never sought the meaning behind the recipe. 

This year will be my first attempt at these cookies. Fairly confident I’ll get it close. Maybe I can encourage some family help. Make some new traditions. But I do know that they will definitely be going into the holiday baking rotation.

Tuesday, November 28, 2017

Workplace Safety

I’ve held off writing about this topic waiting for the appropriate time, which seems may never be. Prayers are offered to the victims of the senseless violence that has been taking place all too often. Public spaces and, sadly, places of worship have become unsafe. We have to be alert and on guard at all times, no matter where we go. The intent of the article began as a response to the sexual harassment accusations surfacing in the entertainment industry. Then a man shot several people at business locations in Maryland and Delaware. And the horrific murders in a Texas church. Every week brings more of these stories in the news. Staying on topic I’d like to speak about the hostile work environments caused by both violence and harassment. This article is posted with all due respect and prayers for the victims of recent violence. 

The workplace environment can be unsafe or hostile for several reasons. When the term, workplace safety, is used the first thought goes to accidents and hazards, which are some of the leading causes of injury and death. There can also be violent physical attacks against the business or the employees. Probably the most overlooked is the environment itself which can be toxic because of sexual harassment, bullying, or mistreatment. 

Hostility does not necessarily have to result in violence or injury. Many workers fear the workplace due to environments created due to sexual harassment and bullying. A survey conducted by the Rand Corp., Harvard Medical School, and the University of California, Los Angeles determined that one-fifth of Americans find the workplace environment to be hostile.


This type of workplace hostility has come to the forefront with the revelations playing out in the entertainment industry. Everyday more victims are coming forward and not only in that specific industry. The celebrity victims have empowered women and men across all industries to come forward. The Equal Employment Opportunity Commission (EEOC) defines sexual harassment as:
unwelcome sexual advances, requests for sexual favors, and other verbal or physical harassment of a sexual nature and also can include offensive remarks about a person’s sex (male/female/orientation). Harassment is illegal when it is so frequent or severe that it creates a hostile or offensive work environment. Both victim and the harasser can be either a woman or a man, and the victim and harasser can be the same sex. The harasser can be the victim's supervisor, a supervisor in another area, a co-worker, or someone who is not an employee of the employer, such as a client or customer.

The EEOC reported 28, 216 incidents of harassment in 2016 with 6,758 of those being sexual harassment incidents. These numbers do not include charges filed with state or local agencies.

Employers are responsible for providing a safe workplace. This goes well beyond ensuring the physical location is safe and employees are trained in the performance of their duties. Employers are also charged with providing a safe and healthy work environment. This starts with the owners and managers and how they conduct themselves. They must be held to the company standard and train employees on how to make an inclusive workspace.

Training and education of employees should be held at regular intervals. Ensure all employees are made aware that any type of harassment will not be tolerated. All reports must be taken seriously and employees must feel that they can make reports against any employee or supervisor without fear of retaliation. Which itself is a crime.


Workplace violence can be more than employees returning to work and shooting co-workers. Violence can manifest itself in many forms. The Occupational Safety and Health Administration (OSHA) defines workplace violence as:
any act or threat of physical violence, harassment, intimidation, or other threatening disruptive behavior that occurs at the work site. It ranges from threats and verbal abuse to physical assaults and even homicide. It can affect and involve employees, clients, customers and visitors. Homicide is currently the fourth-leading cause of fatal occupational injuries in the United States.
Following the above definition, OSHA reports over two million incidents of workplace violence every year, with many cases unreported. The Bureau of Labor Statistics reported that there were over 400 workplace homicides in 2015. However, that number does not differentiate between being a victim as a result of the job or the victim of an attack, i.e.-Killed during a robbery of the business v. killed during an attack on the workplace. With this broad definition and the way statistics are captured it is hard to differentiate the specific acts of violence, how they occurred, and against whom. The point being, the workplace can be a dangerous place. Not just physical violence, but less graphic acts of violence can occur as well.

In August 2017, a Sterling, VA woman was convicted and sentenced to three and half years in jail for poisoning co-workers. An investigation into why co-workers had become ill after drinking coffee from the break room machine revealed that the coffee had been tainted. The woman later admitted that she had poured Windex, Ajax, and soap into the coffee machine water tank in an effort to make her supervisor sick. She also admitted to putting cleaning products directly into her supervisor’s coffee cup.

Small business owners have to realize that a violent act can happen anywhere to any type of business. Whether it is a disgruntled employee or customer, or the perpetrator just chooses the business for the act, a violent attack can happen anywhere. Therefore, workplace violence is everybody’s problem. More importantly, prevention is everyone’s responsibility.

Awareness and Prevention

FBI studies have concluded that individuals do not "snap" and suddenly become violent without an antecedent or perceived provocation. Instead, the path to violence is an evolutionary one. There are subtle indicators of the potential for violence. The trick is being aware enough to detect the indicators.

Prevention is everyone’s responsibility. From top to bottom. Every employee must feel that it is there responsibility to protect the workplace. Employers/managers have to know their employees and the atmosphere of the workplace. Watch for changes in behavior and disruptions. Monitor the post disruption atmosphere.

As with harassment issues training is paramount. Make employees feel safe in reporting potential threats.  Drill them on how to handle and respond to incidents. Review company policies. Practice what if scenarios.

Being aware of the possibilities is a good first step to a safe workplace. The weekly incidents in the news show us that we cannot hide our heads in the sand any longer. But being aware is not enough. Business owners have to take the initiative to make changes and educate their employees.

Please feel to free any post. See the blog archive for other posts regarding workplace safety.

Monday, November 13, 2017

Time expired on parking meters

You approach the parking meter. It is a standalone machine in the parking lot; not connected to a building or a visible wired connection. While the meter does accept cash, it also has a credit card slot. You unsheathe your card and slide into the slot as instructed by the screen instructions. The meter reads your card and communicates, wirelessly, with the bank. If the card is authenticated, the transaction is approved and the meter distributes a receipt. Transaction complete. So what just happened? 

In the digital communication-everything is hackable world we live in how are parking meters safe? Research on this topic seems to indicate a risk reward scenario or more likely a Not worth the effort scenario. As we have seen in recent years, any system of any entity is subject to hacking. No matter the type of hardware or the owner. This article continues the discussion regarding the security of parking meters raised in the post Skimmers, August 2017.

The parking meter

Before we get into the security of the parking meter, first a little history.

According to Wikipedia, Massachusetts entrepreneur Roger Babson filed the first patent for a parking meter in 1928. The electric meter was meant to be powered from the battery of the parked car. Either due to design or necessity at the time the Babson meter never caught on. In 1935, Oklahoma City newspaper publisher Carl C. Magee had identified parking issues in the business district and was asked to find a solution. His idea was to regulate parking through coin operated meters associated with spaces determined by lines painted perpendicular to the curb. Magee asked Oklahoma State University engineering professors Holger Thuesen and Gerald Hale to develop a machine. The result was the Park-O-Meter, which Magee received a patent in 1938. The first Park-O-Meter was installed in downtown Oklahoma City in July 1935. Retailers loved the meters as they encouraged a quick turnover of cars and potential customers. Drivers, initially opposed, were forced to accept them. The cost for that first hour was five-cents.

The first meters accepted coins and had a dial to engage the timing mechanism with a red flag to indicate expiration of time. Those meters required a service person to keep the mechanism wound. Later iterations by other companies provided a system that remained wound by the action of the user setting the time, eliminating the need for service personnel. Since the parking meter made its debut there have been many styles and mechanisms deployed. All of which have completed the same task, measuring an amount of time for a price. Manual mechanisms remained in service for fifty some years until advancement in technology allowed for digital operations in the 1980’s.

At this point in our history lesson drivers looking to park their cars still had to use coins. Some machines only accepted one kind of coin. Different variations of the parking meter existed depending on the maintenance and replacement by local governments.  

Again Wikipedia tells us that in 2007 the IPS Group from San Diego, California introduced the solar powered credit card accepting parking meter. (Wikipedia is used as a source because there isn’t much out there in the way of the history of the parking meter)  The so called smart parking meter was born.

Smart parking meters

Advances in wireless technology have been applied to parking meter design to develop the “smart meter”. These meters are solar powered with wireless connectivity. This gives the meters the capability to talk to maintenance crews and banks, allowing for service calls and electronic transactions. This type of technology also allows drivers to pay through the use of phone apps and single machines to regulate multiple spaces. They also can be designed to alert enforcement personnel when cars are over parked.

The market is flooded with types and styles from a variety of vendors. Some municipalities use single pole meters per space and others use machines that regulate multiple spaces. All use wireless connectivity. Which brings up the question-Can they be hacked?

Are smart parking meters secure?

Shortly after the introduction of the smart parking meter three hackers revealed at the Black Hat conference in Las Vegas in 2009 that they had hacked meters in San Francisco. In an attempt to prove the security flaws of the new technology, the hackers’ reverse engineered the technology and found that the machines had little in the way of protection or encryption. They were able to “trick” a variety of meters into providing free parking. This infiltration manipulated the meters but did not attempt to intercept or steal credit card transactions.

Since this report was made public parking meter manufacturers have worked to improve the technology to protect electronic data transfer. Even the FTC issued a report in 2015 encouraging all manufacturers of smart devices (Appliances, thermostats, etc.) to invest more into securing the “Internet of things”

The International Parking Institute released a report titled, "What's What in parking Technology" in 2016. The report describes a point-to-point credit card encryption method, which delivers end-to-end encryption. The method instantaneously converts credit card data into an indecipherable code at the time the card is swiped to prevent hacking. Similar to how Apple Pay creates a token that has no exploitable meaning or value except to the key holders at either end of the transaction. This allows the meters to communicate directly to the banks.

This also means that any credit card data stored on the meter is encrypted as well so that it cannot be read by anyone, including maintenance personnel. As with any electronic transaction it is recommended that you keep your receipt as it contains a bank authorization number on your receipt to reference your transaction with your credit card company.

Hacking the wireless connection to obtain credit data may not be fruitful but there have been a few instances reported regarding skimming. This is when a thief attaches a device over or into the manufacturers credit card slot. The device collects credit card data as they are swiped. The problem is that parking meters are smaller than ATMs and gas pumps. So it is harder to hide the skimming devices. Not that it cannot be done or tried. On ANY type of machine that accepts credit cards you should check for evidence of tampering before swiping your card.  

So, our journey brings us back to the question, is it safe to use your credit card in a smart parking meter? For the most part, yes. The meters themselves either do not store data or the data is encrypted. The transactions also are encrypted. The machines themselves offer little space for skimming devices. Can they be hacked? More than likely a resounding yes as anything can be. Is it worth the criminals’ effort? Other than bragging rights probably not. The pay off is not worth the effort.

Another source of curiosity are vending machines that accept credit cards. There have been no indications that they’ve been targeted. But with what we’ve learned about parking meters, we’ll chalk those up to the pay off is not worth the effort as well.

Please feel free to share any and all posts. See the blog archive for more posts about wireless and personal security
Skimmers August 2017
Pain at the pump October 2016
Taking your identity on vacation June 2013

Monday, October 30, 2017

All systems down

Computer customer service

‘The credit card system is down. Our database is down. We’ve been having problems with our system. It’s the system. We don’t have any control over that.’  It is beginning to sound like a conspiracy thriller in which one computer network is controlling all retail. The last few months I’ve been having customer service issues in which the employee I’m interacting with blames the problem on “the system”.
            One dealt with annoying computer generated reminder calls. I went to the physical store only to be told they cannot interact with “the system” locally. I’d have to call a help center to correct the problem.
            A second was a similar situation in which calls were made to announce the availability of a multiple item order for pick up. Upon arriving at the store I was told that only some of the items were in. Not the entire order. When I explained the call I received, guess what the answer was?, “The system is automated and we can’t interact with or change it.”
Add to these examples all the other now forgotten times when there is a problem with an account and the customer service rep blames it on “the system”.

Does automation equal poor customer service?

Are computers and the systems they support becoming an excuse for poor service? Something the employee can pass on to the customer as to why there is a problem? It shouldn’t be. Employees may not be intentionally using the excuse to pacify customers. It may be lack of information, poor training, or the culture of the company. The problem is exacerbated when customers also interact with the system and no one on the front lines can help.

After several interactions with broken or ill performing systems I’m beginning to learn that the front line person either doesn’t care or doesn’t have the access or training to handle the complaint. However, the employee on the front lines is the face of the company. They may not be empowered to resolve the problem, but they are the person trusted by the employer to deal with customers. They are “the company” from the perspective of the customer. As far as a disgruntled customer is concerned the employee is the CEO, CFO, COO, the chief of everything. Customers who own a business or are in the customer service industry understand the necessity of quality customer experience. When they are on the other side of the counter, they want the problem fixed now or at least some definitive answer as to when and how the problem will be fixed. To shrug and say, “I’m sorry, but there’s nothing that can be done. It’s how the system is set up”, does not send the customer off in a good mood. Nor are they likely to say anything good about the interaction, either in a conversation or online. Which is probably where the frustration will be vented.

A “system” being down affects the commerce of the company. Especially in the short attention span that is now our culture. If someone visits a site and can’t perform the function they’re attempting, they quickly move on to a competitor that can get the job done. Companies cannot afford to have malfunctioning computer systems.

Empower employees

Decision makers need to monitor their operations systems. Be aware of those that are aging or malfunctioning. Educate employees up and down the hierarchy to ensure everyone knows the capabilities and weaknesses. Get feedback from the employees that have to execute the plan and use the system to interact with customers AS the system is being developed. Get their buy in before implementation. Seek out feedback from employees after launch to find bugs and problems in the process so that they can be quickly addressed.

Please feel free to share any posts. See the blog archive for other posts regarding customer service.

Tuesday, October 17, 2017

“Real” ID

The other day I jumped in a friend’s car for a quick errand. Doing the quick pocket check I noticed that all I had was my cell phone. Oh well, where we were going didn’t require the need for money or identification. If I did need money I could probably use the mobile pay feature. The thought did cross my mind though,  “What if I needed to identify myself to authorities”? Would security officers or the police accept the personal contact card on my phone as my identity?

Without a government issued ID isn’t your phone just like a wallet full of credit, library, reward cards, etc.? Lots of stuff with your name on it but no official identification. For the most part I doubt any police officer would accept information about you on a phone in your possession as a positive ID. They’d probably take it into consideration and just do it old school. Get all of the pertinent details and run a computer check to verify your identity.

Driver’s licenses as ID

When automobiles started roaming the countryside they and their operators were unregistered. In 1901 New York was the first state to require automobiles to be registered. Many states followed suit and required licenses for autos but not the drivers. Massachusetts and Missouri required the first personal U.S. driver’s licenses in 1903. Since that time driver’s licenses have been used not only as an affirmation that the state approved the holder to operate an automobile, but also as a form of personal identification.
Since the U.S. has no national identification cards, the driver’s license has filled that void.

Digital driver’s licenses, to be displayed on phones, are being considered in several states, Maryland being one of those. Security and privacy issues are at the forefront of these considerations. In the Apple v FBI standoff we saw how difficult it is for law enforcement to unlock and/or view information on a persons phone. So until your state adopts a digital driver’s license using your phone to identify yourself probably wouldn’t be taken as official.

Security? Using your phone probably a definite no, as you need a government issued photo ID to get in to facilities and to travel. Airlines accept digital boarding passes when backed by government issued photo DI’s. Even your standard driver’s license is changing. To combat fraud and counterfeits states have been updating licenses and the way they are issued. Although many states took up the license issue themselves, Congress ensured that all states would have to get on board passing the REAL ID Act in 2005.


The REAL ID Act set the benchmark for personal forms of identification establishing minimum security standards for driver’s license issuance and production. Further, the act prohibited federal agencies like the TSA from accepting driver’s licenses from states that do not meet the standards. The deadline set by the act is January 22, 2018. After that date residents of all states will need a Real ID Act compliant driver’s license or a passport to pass through airport security.

The act requires that driver’s licenses include all the identification features you would assume but also digital photographs, physical security features that prevent tampering or counterfeiting, and machine readable technology (barcodes/magnetic stripers). As the concept of digital driver’s licenses is being studied, the effective date of the REAL ID Act in 2018 will either extend or quash those studies.

List of REAL ID compliant states can be found on the Department of Homeland Security page, REAL-ID 

While you could probably identify yourself with the contents of your phone it is doubtful you’d get through a serious police encounter. You certainly couldn’t board an airplane. Probably better to add “license” to your pocket checklist.

Read the blog archives for another post about personal identification.
Can I see some ID? February 2014

Monday, October 2, 2017

Backup Safety

There was another report of a family member backing up in the driveway, running over, and killing their own child. When a parent loses a child the pain must be unfathomable. To be the cause through an accident is beyond imagination.

The child safety advocacy reports that over fifty children are backed over every week in the U.S., resulting in an average 232 fatalities. In 70% of the incidents a parent or close relative is the driver.

When learning to drive we were taught a safety checklist before turning the key. Over the years we become hurried, preoccupied, complacent. We drive the same cars every day. The seat and mirrors are always in the same place. Just start and go. Years of driving experience and familiarity with our surroundings blind us to what is right in front of us. Or behind. The safety checks become forgotten- second nature. Just like you can obscure a motorcycle with your thumb, has an interesting example of thirty children standing and sitting behind a SUV-All out of the view of the driver.

Children playing behind vehicles have no idea of the dangers. Bigger SUV’s and trucks that have high clearances can create a welcoming, shady, private area for a child to play. Electric and hybrid vehicles exacerbate the hazards, as they create little to no sound.

Children being left in cars are yet another issue that is increasingly in the news. Sometimes it is forgetfulness. Some are purposeful in the sense, “It’s only for a minute”. If casinos are nearby the chances go up. Maryland covers approximately 12,400 square miles with a population of about six million, with six casinos spread throughout the State. According to a March 2017 Baltimore Sun article, Gamblers leave their kids in cars almost everywhere there are casinos, have chronicled more than 300 cases of child abandonment at casinos nationwide since 2000. There have been fourteen incidents of children abandoned outside casinos in Maryland over the last two years.

As responsible adults we need to stop and review our driving habits and preparations. It takes less than a second to check behind your vehicle before getting in. Checking the surrounding area and the interior before getting in the car should be part of a personal security/safety check anyway.

Simple changes to our routines, education and awareness, go a long way. They may literally save a young life.

Monday, September 18, 2017

Is your business ready for wild weather?

FEMA Photo library-Liz Roll

Note: This post was originally published in 2012 and has been updated with current information.

The last two weeks Mother Nature has unleashed her fury on the southern U.S. and eastern Mexico with three hurricanes and a major earthquake. As of this posting, two more hurricanes have the potential to strike the Eastern seaboard. Millions have lost homes and businesses. Between hurricanes Harvey and Irma everyone seemed to know at least one person, if not more, directly affected by the storms. Our prayers continue to be uplifted.

When this particular post was written in 2012 the Mid Atlantic was preparing for another storm as we patiently watched the track of hurricane Sandy. While Sandy made more of an impact farther north, the Mid-Atlantic region had experienced some past wild weather. There were three blizzards in one winter, two back to back. In 2011, there were back to back tropical storms. In 2012, we experienced a derecho storm. A derecho type of storm and the name itself being new to the area. Going back to 2003 we all remember the massive flooding associated with Isabel. All of these weather events caused power outages, some for several days or a week plus. 

Getting back to business

In 2012, as now, you see businesses staying open as long as possible to service their communities. After the storm they open as quickly as possible to resume operations. Sometimes a business is lost. In addition to ensuring that their family and homes are safe, small business owners must also protect their businesses, which in many cases are their livelihoods.

We become so accustomed to having electricity we forget all that is electric dependent, e.g.-gas pumps, ATMs, cash registers and credit card machines to list a few. We also become complacent as to how dependent our businesses are to electricity.

Power outages are reported in number of customers without power, not business loss. So there is not one source to determine how small businesses suffer. There are few businesses that can operate without power. Depending on your product you may be able to conduct some business with cash transactions. In the current economic climate any business loss is crucial. Add to that the possibility of losing inventory due to damage or loss of refrigeration and small businesses can really be hurt.

Preparation for business restoration

No different than a home, business owners should prepare for storms and power outages. The logistics of preparing your business for a storm and the loss of power after the storm can be complicated. Having a written plan of action can make the task easier. Take the lessons learned from past outages and make a simple outline. The adage of “being prepared” is true and can significantly reduce either your loss or time your business is down.

Depending on your location and the type of storm you may need to prepare your facility for flooding. This may include boarding windows, sandbagging, moving inventory and equipment. Your business has many unique facets that have to be examined when developing your plan. Here are a few operational items that should be considered.
  • Purchase generators or ensure generators are in place and operational.
  • Be prepared for cash transactions.
  • What type of telephone system do you use? Newer systems do not work without power or have limited hours battery backup.
  • What type of security do you have? As with the telephone system, security systems often have only limited hours backup. 
  • Backup computer business files. Sudden and/or prolonged power outages can result in data loss. When complete, store the files offsite. 
  • Review insurance policies and coverage’s annually with your provider. Update as necessary.
  • Make sure insurance and business documents are easy to locate and safe from harm.
  • In the winter, prepare for safe ways to provide heat to your business.  

The biggest mistake business owners can make is not heeding warnings and being caught off guard. We can all learn from the recent storms and past winters heavy snows. Having a recovery plan of action to protect your business assets may be the some of the cheapest insurance available.

Monday, September 11, 2017

Cleaning Up Your Online Presence

Ever been asked at checkout for your phone number? You haven’t been in the store for a long time, if ever by your recollection, but the clerk wants to know if you’re in the system. You provide a phone number and surprise surprise you are in there! Phone number, name, and address. It’s probably not a retail conspiracy to create a super database of shared data. What it does reveal is how our lives and personal data are intertwined within the world of information.

When information was written on paper there was less of it and it was more fragile. Tear it up, burn it, poof it’s gone. Carbon paper, mimeographs, and copy machines (Younger readers will have to look those up) changed that. Documents were being copied and filed in triplicate. Computers, of course, made it all easier but it wasn’t until the ol’ World Wide Web came along that hiding in plain sight became difficult.

In the old days it was easy to disappear. You simply moved to another town. Started using a new name and slowly built your new persona. As technology progressed information began being stored on computers. Those computers could be accessed for information stored about you, but only for the specific information the entity had stored. Once computers became connected one entity could access another’s information. Then they began sharing information between each other and saving the data locally. The more digitally involved you are the bigger your online presence. As young people enter adulthood they have little to no digital footprint in the context of financial databases. What they do have is a social footprint, more on that later.

Google yourself

Have you ever searched your name? If not, give it a try. You might be surprised what pops up or how many of you are out there. The more you are in the public eye the more information that is going to be out there and, thus, the harder to clean up your online presence. A regular Joe should have limited occurrences as the result of a search. But even regular Joe’s can have an online presence depending on their interaction with social sites and images associated to their name. And that is what you need to be controlled.

Information for sale

Think about the seed system of a watermelon. You can take out a portion from the middle, but there are going to be all those strands extending throughout the melon. That is how it is in the digital world. Things truly do live forever on the Internet. You can have a record expunged from a database, but any reference to or sharing of that record in other databases is going to give it new life. Data has become a big commodity. Everything is for sale on the Internet. Data is being collected on every interaction you have on the Internet. The data collected by brick and mortar businesses is sought after. Once government databases went online (real estate, court information, etc) information brokers snatched up this data. All of this information is bought and sold and resold. The original purveyor of the data may have deleted it but the new entity has it saved and published it their own way.

Everyone that has data is looking for revenue sources, especially governments. Data mining companies buy data from phone companies (landline and wireless) and the government (real property and court records). The information is legitimately offered for sale on the Internet through pay sites or resold. Ever get those mailings and wonder how Joe Realtor knows how long you’ve lived in your house and what you can sell it for?

Your Job image

Younger people may not be in databases for real estate or financial institutions but they are using social media and sharing the media. Even someone with little life experience will pop up in a simple Google search, most likely under images. This is what haunts the 20-somethings when they start their job searches. Over the last few years’ different surveys have revealed that 40% of college admission offices and 40% of HR professionals research social media regarding applicants. Staying aware of your online presence is especially import when trying for a job.

Cleaning up online presence

You’re first step should be stop the flow of information. Review and change your social media privacy settings. Remove information from online shopping and other accounts that are old or unnecessary.

Whether it’s the garage, the basement, or the Internet before starting any clean up job you have to assess the situation. Start by searching your name and then different variations with your name, town, occupation, and any other identifier that you feel has a strong attachment to your name. Would suggest using Google as it is the most powerful, but using other search engines wouldn’t hurt. You’ll probably get different results.

Make note of the sites in which you pop up and what they are referencing. Find the source of the material you want removed and contact the source directly. Many will want sound reasoning why the post/picture should be removed. May want to read the companies privacy statements before you make the call to know where you stand and/or how to make the request.

Even though the source removes the post once it has been shared it lives on in other sites. You’ll have to track the posts digital trail and contact those companies as well. The tedious part is finding every link that’s associated with your name and going through the process each time. As with any situation where you are fighting an issue Document Document Document. Keep copious notes of your efforts in case you need to prove your attempts later or make subsequent requests.

After all that you are still going to be able to “find yourself” on government public access sites like real property and courts. People search sites and phone number search sites sell the information you are trying to keep private. Matters of public record like newspaper articles in which you’ve been mentioned are going to pop up.

To get your name removed from marketing lists there are organizations that can help. Similar to the national do not call registry, these services allow consumers to opt of marketing offers. You would be adding your name to another database, which may be counterproductive to what you’re trying to accomplish, but it does keep marketers from contacting you. Maybe. Who knows if it really works?

One such service is run by the Direct Marketing Association and allows consumers to have their names and addresses removed from direct marketing mailing lists. There is a fee-$2 for 10 years if you register online. The site can be found at The second removes the consumer from credit card and insurance offers. The service is provided in a joint venture between Experian, Equifax, Innovis, and Transunion. The site can be found at

You won’t be able to eradicate everything. If you’re serious about removing yourself from the Internet you’ll have to have as much as possible redacted. The rest will have to get buried in the voluminous amount of data filling the Internet. The less that is out there the more specific the search will have to be to find you. Not gone but harder to find.

Your personal information may be in myriad retail databases but at least you can try to keep what others read about you to a minimum. You can’t just completely disappear but can clean up your online presence so that you’re not easily searched.

See our blog archive for more posts about online presence.

Monday, August 28, 2017

Ideologies in the workplace

Watching what unfolded in Charlottesville in mid August I noticed one of the protestors wearing clothing marked with the Verizon logo, their uniform. Later Verizon issued a statement stating that the company in no way supports the white supremacist groups or the hate and bigotry associated with the groups. It may be sometime, if at all, when we hear if this person was an actual employee and was disciplined or terminated. Obviously, this person, whether an employee or not, put Verizon in an awkward position.

Publicly representing the company for which one works does limit what an employee can do in their off duty hours. Some businesses have policies specifically stating that employees cannot express political views while representing the company. What the employee does off duty when not representing the company and whether the company can control these activities has come under court scrutiny. Most notably in the use of medical marijuana. (Smoke ‘em if you got ‘em {Marijuana in the workplace})

If an employee is wearing the company uniform and participating in activities that go against the company values the company may have legal precedent to terminate or discipline the employee. The question that came to mind is what if the employee keeps the off duty activity anonymous? They do not espouse their ideologies at work and is a solid employee/coworker. Somehow their off duty activities are exposed and now the workplace becomes a hostile environment. Are there grounds to terminate that otherwise productive employee?

What are employer’s rights?

Allen Smith, J.D., wrote an excellent article for the Society For Human Resource Management website, Can or Should Employers Fire Employees Who Participate in Hate Groups? Smith reinforces what I have found, that the answer is not clear. When what employees do off duty creeps into the workplace several legal precedents have to be considered before an employee can be fired. Allen Smith makes the following points.
No federal law is violated if a worker is fired for being a member of a hate group or verbally expresses beliefs. Courts have rejected KKK members claim of religious protection under Title VII of the Civil Rights Act of 1964. Freedom of speech protections under the First Amendment does not apply to private employers.
Most states are work at will states meaning that employees can be terminated for any lawful reason. California, Colorado, New York, and North Dakota have laws protecting workers against being discriminated against while participating in lawful activity outside of work. However, if it becomes known at work that an employee was participating off duty in a hate-based protest, an employer may choose to terminate. Basing their action on violations of non harassment policies.
When dealing with customers who are offended by an employee’s ideologies, businesses have to consider the impact on the business. If the person continues to be employed will that affect business? Or is firing the employee at the risk of being sued better for the company?

Human resource issues are not cut and dried. Even though similar issues may have arose in the past, each case must be examined on their own. Always contact an employment law attorney before making termination decisions.

Tuesday, August 22, 2017

Smoke 'em if you got 'em? {Marijuana in the workplace}

Florida recently passed a medical marijuana bill becoming the twenty-ninth state to do so. State by state the legalization of marijuana for medical purposes is gaining ground. Eight states have decriminalized marijuana, allowing recreational use. (Alaska, California, Maine, Massachusetts, Nevada, Oregon, and Washington) However, the drug still remains illegal under Federal law. In fact, it remains a schedule I drug alongside opiates and synthetics drugs. The court battles that were expected with the U.S. Justice department after Colorado legalized marijuana have not occurred. The chances of employees being high at work are definitely increasing. Businesses are scrambling to adapt.

A survey of 10,000 California cannabis users revealed 58% of working professionals use daily and 31% consume while working. (Eaze Insights) Some businesses not only allow the consumption of marijuana at work, they encourage it. Those that do say that it helps employees with stress and anxiety promoting longer work days and creativity. These businesses are mainly in the legal cannabis industry or tech fields.

What is at odds are company drug policies and making accommodations for those with disabilities. Companies want to be inclusive but want to maintain standards as well as workplace safety. Medical marijuana users are looking to the American Disabilities Act for protection.

American with Disabilities Act

The American with Disabilities Act  (ADA) was signed into law in 1990. Succinctly, the ADA prohibits employers from discriminating against those who are disabled and requires employers to provide reasonable accommodations to a qualified individual with a disability to perform the essential duties of their job. Illegal drug use is not covered as a disability. However, the ADA does allow for the use of drugs taken under the supervision of a health care professional. Marijuana may be legally prescribed under a state law but remains illegal Federally. Then there’s the Drug Free Workplace Act of 1988 requiring that Federal contractors provide drug free workplaces as a condition of receiving a contract.  The ADA states that employers can require employees to conform with the Drug Free Workplace Act. Further, under the ADA drug testing is not considered a medical examination, allowing employers to test for the use of illegal drugs.

With state law in conflict with Federal law regarding the legality of marijuana, tests of the ADA are definitely heading to the courts.

Court challenges

Rights of the employer and the employee vary state by state. As examples: Arizona, Connecticut, Illinois, Minnesota, and New York laws prohibit employers from discriminating against employees who use medical marijuana and must make accommodations, some further citing-unless the employee is under the influence at work. Florida’s recently passed law does not require an employer to accommodate on site medical marijuana use. California passed Proposition 64 in 2016, which allows for the recreational use of marijuana. However, the law protects an employer’s rights to enforce workplace drug policies. Rhode Island’s law protects the employer’s right against accommodations for on site consumption but protects the medical marijuana cardholder against hiring discrimination.

A 2017 Rhode Island court case ruled that employers could not refuse to hire medical marijuana cardholders even though the person would knowingly not pass the employer’s pre employment drug test required of all applicants. (Callaghan v Darlington Fabrics Corp., No. PC-2014-5680, Rhode Island Superior Court, May 23, 2017)

Another twist to the saga is the off site or off duty use of marijuana which may be legal in the specific state but against company policy. In one of the first court cases of off site medical marijuana use the Colorado Supreme Court heard the case of Coats v Dish Network in 2010. The court upheld the firing of a man who failed an employer random drug test for marijuana use. Briefly, in 2010, Dish Network fired a telephone operator who was also a medical marijuana patient after he failed a random drug test. Although the employee claimed that he never used marijuana at work nor was he ever impaired while at work. The case was the first to look at whether off duty marijuana use, legal under Colorado state law, is protected by Colorado’s Lawful Off Duty Activities Statute. The statute states that employers cannot fire employees for doing legal activities while not at work. Although medical marijuana use is legal in Colorado, the court ruled that its use is still illegal under Federal law. The ruling supported employer rights to enforce their drug policies. Since this case, courts in California, Oregon, and Washington have also ruled against employees.

The most recent case regarding this issue occurred in July 2017 and went against the employer. In Barbuto v Advantage Sales and Marketing, LLC the Supreme Judicial Court of Massachusetts ruled in favor of an employee to use medical marijuana outside of work. The employee claimed that since they have an ADA qualified disability (Crohn’s disease) the employer must make accommodations for employee to use medical marijuana off duty. The ruling was based on the state’s anti discrimination law. The court rejected the employer’s argument that marijuana is illegal under Federal law and to allow accommodations would be unreasonable.


Maryland is still getting going on its version of medical marijuana. The law was passed in 2013 and took effect in 2016. However, there have been legal challenges to the dispensary licensing process that has slowed implementation. Maryland decriminalized possession of less than 10 grams of marijuana in 2014.  Marijuana is still considered illegal but possession of smaller amounts will result in a civil citation rather than arrest. Each year since there have been bills introduced to further decriminalize marijuana. In 2016, a law passed making possession of paraphernalia a civil offense. In 2017, those convicted of marijuana offenses may petition to have their records expunged.

What to do, what to do…

Confused? Don’t feel bad. It’s a tricky topic that is evolving almost monthly. Employer’s need to have hiring policies as well as policies to guide employees. These policies have to be living documents and open to change. Having employees and dealing with human resource issues is difficult, especially for small businesses. The rules are constantly changing. There will always be challenges to any policy or rule. You have to stay ahead of the curve and aware of what’s taking place.

See the blog archive for other posts regarding workplace discrimination and medical marijuana.
Which came first... February 2017
Ban the Box update August 2016

Tuesday, August 8, 2017


We’re not talking about water bugs, tools to clean your pool, or skipping rocks. These skimmers steal your financial identity. The news had reported that skimmers were discovered on a local gas station’s pumps. This particular station consistently has problems with pump maintenance and just the overall condition of the pumps seems to be “beat up”.  It was not a surprise that skimmers had been installed. Not that the owners had any involvement, but meaning that the owners/operators are not paying attention to the condition of the pumps. Or what is going on at the pumps. This station is also known to allow third party vendors to sell their goods on the lot and accost customers at the pumps. Big personal security peeve-Do not approach me while I’m using a gas pump or ATM. These little things add up and go back to not being surprised. The condition and environment of a business can be both a determent and invitation to criminals.

Not everyone may know exactly what a skimmer is or the extent of the problem. I thought some background might help us from becoming victims. A little education goes a long way.


So what are skimmers?  Credit card skimmers or skimmers are electronic devices that are attached to machines with credit card slots. Mostly ATM’s or gas pumps. The parasite device usually fits over top of the original slot so that the customer believes they are inserting their card into the machine’s card slot. When in reality the card is swiping through the criminal’s device. The device retrieves the credit card data from the magnetic strip and stores it until the criminal retrieves the device. Newer, more sophisticated devices attach internally to the machine’s card slot or transmit the data via Bluetooth.

Although criminals can make use of debit card information, it is much easier with the associated PIN. To gather this information there will also be a camera attached somewhere to video the customer entering the PIN on the keypad. Or a fake keypad accompanies the slot reader and records the keystrokes. Most times the operation of the machine is not affected. If the machine fails to work, you may have already become a victim.

History of skimmers

The idea of the use of credit card skimmers was mostly urban myth. In the late 1990’s, we were just getting use to personal computers, let alone tiny devices that could steal data from a magnetic strip. Nobody believed that such things existed or could work.

The skimmer myth also gained notoriety in restaurants. Wait staff would be issued a small skimming device to carry with them. They covertly slide the card through the device to collect the data from the magnetic strip on the way to cash register. The device holds all of the data until the end of the shift when they pass off device and are paid for their efforts. The victims then start seeing charges on their cards.

If you think about it, a restaurant is the only place you hand a stranger your credit card and let them walk out of sight. featured a good 2014 article on skimming history, The Evolution of ATM Skimmers 

Here is a synopsis:
2002- A CBS report confirmed the existence of skimmers when they reported devices that could record the names, account numbers and other identifying information from credit card magnetic stripes.
2008-Naples Police Department investigated a rudimentary device jammed over an ATM's actual reader. The thief inserted a "micro camera" under a plastic sheet to capture the victims' keypad strokes. This was one of the first times a device had been recovered.
2009-Skimming really takes off as the devices, in different shapes and sizes began being discovered on ATM’s.
Over the next few years the technology progressed. The Internet allowed for distribution networks to manufacture devices and kits that were identical to the machine the criminal hoped to crack. 
            2011-ATM manufacturers began cracking down on skimming by installing anti-skimming devices on their machines. These consisted of translucent, circular casings over the card reader, which the criminals quickly learned to replicate.
2012-Skimmers become too small to be detected. Some being paper thin and inserted into the card slot.
2013-Gas pumps became targets.  A series of scams in Oklahoma saw thieves take home $400,000 from a chain of Murphy's gas stations before they were eventually caught. The thieves used a card skimmer and fake PIN pad overlay to obtain the necessary information. Even more eye opening, these skimmers used Bluetooth enabled devices that sucked power from the pumps themselves allowing them to run indefinitely, and allow remote access to the data. ; once it was installed, the thieves would never need touch the skimmer again.

How it works

The devices used come in all shapes and sizes. Most fit over the card slot. Some actually are big enough to replace the machine face. The closer to resembling the original card slot the less chance of being detected. Home 3D printers are making these deceptions a lot easier. As with everything else electronic, these devices are getting smaller everyday. Some skimming devices are so small and thin, they slide inside of the card slot itself. Newer devices attach to the internal wiring of the card slot. These are mostly used on gas pumps. How do criminals get inside the pumps you ask? Universal keys are available that open the pump faces exposing the card readers. The criminal will have one or more accomplices to block camera/attendant views while they install the device. Victims never know what hit them.

Once collected, the numbers are used in different ways depending on the criminal. Some are sold on the Internet for around $50 a piece (+/-).  Some criminals use the collected numbers to make counterfeit cards, which they use to purchase items, usually electronics, for resell. (Similar to Melissa McCarthy in the movie Identity Thief) The more advanced organizations use the cards to purchase gas. They drive around in specially outfitted passenger vehicles filling up covert gas tanks. This gas is then off loaded into tanker trucks and sold to less than scrupulous gas stations. 

There are thousands of iterations of card skimmers. If you’d like to see what they look like just search “credit card skimmers” in Google images.


Criminals and the technology they use are getting more sophisticated. The Internet provides enough intelligence that consumers can protect themselves. But criminals are sharing information as well. Once law enforcement or consumers defeat one strategy, criminals learn and improve their methods. So what can you can do.

Some gas stations are installing seals to cover the seams that hold the payment box. A broken seal is obvious, but multiple seals overlaid is a clue and, of course, enterprising thieves can replicate seals. Another clue can be the condition of the machine in which you are about to slide your card. If the payment box area is not maintained or appears to have been forced open, be wary. Inspect the card slot. Give it a tug. If anything is out of sorts or the slot comes off in your hand report it to the station and the police.

If your transaction attempt doesn’t work, don’t keep trying. Stop and perform an inspection. The skimmer may be causing a malfunction.

Some habits to get in to help protect your card security:
  • Use Pumps/ATMs near attendants. Less chance they were compromised.
  • Pay inside
  • Pause before you swipe, inspect car slot, look for security seal
  • Feel for difficulty inserting or sliding card
  • Wiggle slot housing. Don’t have to break it. Criminals aren’t going to install anything that takes time or is permanent
  • Check nearby pumps, compare slots for differences
  • Guard the card number
  • Use Apple/Samsung/Android pay whenever possible
  • Check accounts regularly

Any suspicions report to the business owner, the police, and the issuing bank.

This post focused mainly on gas pumps. Another area of concern is the new style parking meters that allow you to swipe at the meter. Seems like easy targets. Get back to you on those.

Please feel free to share. See the blog archive for more articles on personal security