Monday, May 27, 2019

Millennials are changing everything



The year 2019 will see Millennials overtake baby boomers as the largest generation. They already make up the majority of the U.S. workforce and are considered the world’s most powerful consumers. They are also the most technologically engaged. If your business has been overlooking them as potential employees or customers, you may be making a big mistake.

Hiring

My July 2018 post, A generation changes hiring explains how business has had to adjust their hiring process to attract this pool of candidates. Millennials are not shy about talking to bosses or jumping jobs. They’ll move until they find the right fit and expect salary increases and better working environments. 

Declines or poor planning

As far as consumers, they are driving the marketplace and causing change. A variety of recent studies regarding business and products have claimed that Milliennials are to blame for their decreased sales. A few examples are fabric softener, bar soap, canned tuna, casual dining, and department stores.

Proctor & Gamble believes that Millennials are unaware of what is the intent of fabric softener. Market research company Mintel found that 18 to 24 years believe that bar soap is full of germs. The Wall Street Journal reported in December 2018 that canned tuna sales have declined due to this generation’s decision that the cans are too difficult to open. There was also a report that breakfast cereal sales are declining due to claims of the product being too messy. This may also explain the lack of interest in casual dining restaurants, which have claimed that Millennials are not interested in sitting down for longer periods of time to dine. They’d rather eat on the go. Department stores may have trouble blaming a generation more than a technology phenomenon. While it’s true that Millennials are less interested in brick and mortar stores, e-commerce is probably more to blame. Consumer goods companies that have not adjusted are filing Chapter 11.

All of these products or services have seen sales decline. They’ve had to resort to price reductions, closings, or even bankruptcy to adjust. Are they looking for something to blame for declines or excusing poor planning? Some of the reports and research were based on interviews while others were based on declining sales and attributed to Millennials. Of course, claims run rampant on the Internet further fueling Millennials as scapegoats.

Reviews

They read them and they give them.  Online reviews and apps like Yelp cannot be ignored. Millennials make informed decisions about large purchases and where they are going to eat. How many stars and positive reviews your business has can drive business as well as detract. If you’re noticing a decline of business from a certain demographic, check your reviews. 

Make sure your business has listings set up on Google, Yelp, and any other app that may service your industry. Encourage reviews and be interactive, for the good and the bad. If there are bad reviews try to respond in a way that shows empathy and what is being done to correct the problem.

Home delivery

Even fast food restaurants are getting into the home delivery game. Partnering with services like Grub Hub and Door Dash major franchises are providing home delivery. More than likely another way commerce is changing to accommodate a generation of buyers. To keep up or ahead, delivery or some sort of convenience offered to customers may be another consideration in your business model.

It is yet to be seen if the largest generation will become the next greatest generation, but, currently, they are a powerful economic force. Recognizing this and adapting could literally mean the future of your business. 

Visit the blog archives for more articles on how Millennials have affected the marketplace. http://mazzellainvestigations.blogspot.com/search/label/millennials

Monday, May 13, 2019

What Real-ID means to Maryland drivers

Maryland Real ID
You may have seen news reports about the need for Maryland drivers to further document their identification and citizenship or risk confiscation of driver’s licenses. This isn’t hype. It is true and deadlines are fast approaching. If affected drivers do not update their status with the MD MVA, their license will not be considered valid. Which means a police encounter could result in the confiscation of your license and TSA will not accept the license as proper ID.

REAL ID Act

The REAL ID Act was passed in 2005 setting the benchmark for personal forms of identification and establishing minimum security standards for driver’s license issuance and production. The act prohibits federal agencies, like the TSA, from accepting driver’s licenses from states that do not meet the standards. The deadline set by the Act is October 1, 2020. After that date residents of all states will need a Real ID Act compliant driver’s license to pass through airport security. 

How does this affect Maryland?

Maryland began issuing Real ID Act compliant licenses in 2016 and is listed as a state compliant with the Act. The licenses feature the state flag as the backdrop and the Real ID star logo. The license has multiple security features to guard against counterfeiting and was touted at the time as the most secure license in the U.S. 

The problem? While Maryland issued a license that met all of the Real ID Act physical security features the MVA did not always require the license holder to submit proper documentation for proof of identity or citizenship. Now those with the new “Flag” license are in danger of either losing their license or not being able to pass through federal security. 

MD MVA estimates that over a million drivers have the new license but not the necessary documentation on file. Trying to alleviate a renewal nightmare Maryland officials have set staggered renewal dates in June and November 2019 to clear the backlog before the federal October 2020 deadline. Over sixty-six thousand drivers have deadline dates in June 2019 to provide documentation. 

Is your license compliant?

Those holding the older licenses with the blue banner and crab logo are not required to update their records and may maintain their licenses until they expire. However, after October 1, 2020, these style licenses will not be accepted by TSA or other federal agencies. Even if you have been issued a flag design license you may still need to update your documentation with MVA.

You should get a notice by email and/or mail notifying of the MVA need for documentation. Rather than wait for the MVA renewal notice you can check if your license is compliant at this link RealID Lookup . After searching your license number you will be told if anything further is required and what to do next.

Documentation

If you are required to update your records you will need,
1) Proof of age and identity-Original or certified copy of your birth certificate OR a valid U.S. passport
2) Proof of Social Security-Original Social Security card or W-2 form, or SSA-1099
3) Proof of Maryland residency-Two documents required: insurance card, vehicle registration, credit card bill, utility bill, or bank statement. Any must have your name, Maryland address and be from two separate entities.

This link has further information on Real ID FAQs .

Good luck!

Previous blog about licenses at "Real" ID .

Tuesday, May 7, 2019

Shut down Apps?


The thought for this blog post started with the idea of security regarding remaining logged in to mobile apps. The question being does that open any doors for hackers to access data on either other apps or your phone? It ended up going down quite a rabbit hole of security and hacking techniques that only go to show that cybercrime and security is ever-present and evolving.

Cross-Site Request Forgery (CSRF) has been a known vulnerability since 2001. According to The Open Web Application Security Project CSRF is defined as:
A type of attack that occurs when a malicious web site, email, blog, instant message, or program causes a user’s web browser to perform an unwanted action on a trusted site when the user is authenticated. A CSRF attack works because browser requests automatically include any credentials associated with the site, such as the user’s session cookie, IP address, etc. Therefore, if the user is authenticated to the site, the site cannot distinguish between the forged or legitimate request sent by the victim. 

If you are logged in to sites and the cybercriminal can get you to visit one of their web sites or open an infected email or IM they then can make your browser send requests to the other sites posing as you. Thus, gaining access to whatever you have open. This kind of attack generally only occurs within the same browser. In other words, having clicked on a malicious site the attack could flow across any other sites you have open within that browser. Not jump to another browser say Safari to Firefox. An open browser could not transfer the attack to an open app as the two store their own credentials or cookies and do not share. The same goes for apps themselves. They store their own data. The malware would need a conduit to access other apps or your phone.

Heck of an opening to a business blog. Why do you need to know this? It is why it is important to log out of company websites and software either on your desktop or your mobile.

Developing security

Over the years sites and apps have become more security conscious. Shutting down your logon after a period of non-activity and/or making you log in every time. Sometimes a pain to log back in but it’s for your own security. With the addition of biometric features on mobiles, even the pizza ordering apps require a fingerprint to gain access. Games and social media apps/sites tend to keep you logged in. The term being “frictionless” because the developers want you to have easy access, at all times, to keep you engaged in their product.

We do a lot of browsing and an increasing amount on our mobile devices. Lots of times your thumbs get fat and you errantly click on the wrong thing. It doesn’t take much to click on the wrong link, even if you close it right away it may be too late. The same goes for links within emails. We get a ton of email to business accounts. It’s hard to distinguish every email between real and spam. Spam emails and links get opened. When employees are accessing company databases and files they are using those same computers to access their company email. Depending on computer use policies or adherence to the policy, employees may also be accessing their personal email accounts and browsing the web. This is when the company system becomes vulnerable to CSRF attacks and others.

Watering hole attack

It is what the name implies. A cybercriminal monitors a company’s employees to determine where they congregate, e.g.-restaurants, bars, etc. The criminal bets that one or more of the employees will access the “watering hole’s” website for menu information, reservations, etc. The criminal places malware on the establishment’s site. When an employee does visit the site the criminal then has access to the employee’s computer or phone. Any company files or databases that are open (logged in to) are now free game for the criminal.

None of this is or the precautions are new. The same security tenets we’ve heard over and over still hold true.  
Don’t open or click on suspicious emails or links in emails texts/IMs especially while logged into other accounts.
Don’t keep sites open-Logout
Change passwords frequently
Don’t use the same password for multiple sites
Don’t save passwords on your browser
Keep system security updated

I’m not a cybersecurity expert just a security conscious user. Hope that this information has been helpful.

Regarding the initial reason, I started doing this research, open mobile apps. It appears that it is OK to leave them open. Again most security conscientious apps like financial will time out and require login. So a criminal gaining access to your phone and then entering your bank account through your bank app is probably low.

Most risks to mobile apps occur at the server level or through poor app development, not actions by the user. Although using public WiFi (Wifi for dummies) is one of the biggest user faults to app security.
Research for the blog revealed information debunking an iPhone myth. Quitting apps does not help save battery life. The iPhone OS is designed for multitasking and places the app in suspension until needed. Closing and reopening the app actually causes the phone to use more power as it is starting the app from scratch. So keeping open frequently used apps doesn’t affect battery life.

Please feel free to share. Check the archives for other posts about privacy and online security.
Are you being watched? February 2018
Keys to the vault August 2015
There’s been a breach February 2015