Data Breach of 2.9 Million Desjardins Customers Including 173K Businesses

Quebec-based Desjardins Group is the biggest conglomerate of credit unions in North America, that includes Desjardins Insurance, The Personal, Zag Bank, and others in its portfolio of businesses.

Guy Cormier, the president and CEO of Desjardins Group, announced on Thursday, June 20, that an employee has improperly accessed and shared information. This has led to the private information of 2.7 million customers and 173,000 businesses being shared with people outside the organization. This was not a cyber attack. But that does not make it sound any better. It actually makes it worse. Why?

A company can put in a firewall, invest heavily in cyber security and other counter measures to stop a cyber attack. But when an employee shares, wittingly or not, login info or other private information, there is no counter measure. That employee has been fired. But the damage has already been done.

This highlights the importance of ensuring that staff is trained in cyber security, privacy, and spotting phishing emails as well as other spam. Every employee should be aware of the real dangers of sharing, deliberately or not, passwords and usernames.

The shared information includes names, phone numbers, social security numbers, email addresses, info about transaction habits, etc. What you would need for identity theft. According to Cormier, login data has not been compromised. If that is any consolation.

Don’t Sell Your Brand Equity to Social Media Sites

Google Plus is just the latest social media network to fall and close its doors. Who can remember Friendster, MySpace (still live but lost its popularity), Google Buzz (the predecessor to Google Plus), plus a host of now defunct social networks. Although at the time of this writing LinkedIn, Twitter, and Facebook (which includes Instagram) are the dominant social networks, it is impossible to predict where they will be in a few years. Facebook already had a number of crises in recent years and is struggling with maintaining growth while battling privacy and security issues.

Google Plus was backed by the biggest Internet company in existence today. Yet here is the email announcing the decision to shut down the social network:

You’ve received this email because you have a consumer (personal) Google+ account or you manage a Google+ page.

In December 2018, we announced our decision to shut down Google+ for consumers in April 2019 due to low usage and challenges involved in maintaining a successful product that meets consumers’ expectations. We want to thank you for being part of Google+ and provide next steps, including how to download your photos and other content.

On April 2nd, your Google+ account and any Google+ pages you created will be shut down and we will begin deleting content from consumer Google+ accounts. Photos and videos from Google+ in your Album Archive and your Google+ pages will also be deleted. You can download and save your content, just make sure to do so before April. Note that photos and videos backed up in Google Photos will not be deleted.

The process of deleting content from consumer Google+ accounts, Google+ Pages, and Album Archive will take a few months, and content may remain through this time. For example, users may still see parts of their Google+ account via activity log and some consumer Google+ content may remain visible to G Suite users until consumer Google+ is deleted.

As early as February 4th, you will no longer be able to create new Google+ profiles, pages, communities or events.

See the full FAQ for more details and updates leading up to the shutdown.

If you’re a Google+ Community owner or moderator, you may download and saveyour data for your Google+ Community. Starting early March 2019, additional data will be available for download, including author, body, and photos for every community post in a public community. Learn more

If you sign in to sites and apps using the Google+ Sign-in button, these buttons will stop working in the coming weeks but in some cases may be replaced by a Google Sign-in button. You’ll still be able to sign in with your Google Account wherever you see Google Sign-in buttons. Learn more

If you’ve used Google+ for comments on your own or other sites, this feature will be removed from Blogger by February 4th and other sites by March 7th. All your Google+ comments on all sites will be deleted starting April 2, 2019. Learn more

If you’re a G Suite customer, Google+ for your G Suite account should remain active. Contact your G Suite administrator for more details. You can also expect a new look and new features soon. Learn more

If you’re a developer using Google+ APIs or Google+ Sign-in, click here to see how this will impact you.

From all of us on the Google+ team, thank you for making Google+ such a special place. We are grateful for the talented group of artists, community builders, and thought leaders who made Google+ their home. It would not have been the same without your passion and dedication.

As you can see, if a business would dedicate countless of hours to create content and build their presence on Google Plus, all that time, money, and effort would be lost. Is that social media platform that last to be scrapped? No. We can only speculate which social network will lose popularity or be sold to another company that will mismanage it.

As a business owner, you want to create a brand that you have full control over. You do this by selecting the best domain name for your brand and getting a professional website built that you control. And use social media to attract attention and traffic to your website and brand.

Why Gutenberg Editor For WordPress Should Be Optional

Gutenberg is the code-name for the new editor included as part of the core in WordPress 5.x. It is a bold update that has quite frankly ticked off a lot of people. Just look at the reviews of Gutenberg. The editor is the most critical part of any CMS (Content Management System) and making drastic changes to it can have detrimental effects to the overall usage of the software if not done correctly.

We’ve updated a few sites to WordPress 5.0 then to WordPress 5.0.2 (current version as of the time of writing) with the hopes of any improvements to the editor. But the results have not been satisfactory. Here are our top views as to why the Gutenberg editor is not an improvement and forcing it upon users is a bad idea:

  1. It takes twice as long to do simple things such as adding a hyperlink in visual mode or removing bullet points.
  2. The editor breaks everything into blocks: titles, headings, paragraphs, etc. It may be good for design purposes but makes writing a document or a simple post confusing and frankly, weird.
  3. It is too drastic of a change. All the things you may be used to, such as Screen Options and sidebar options, are gone or you have to search for them. This is counter-productive and makes everything take much longer to do.
  4. The focus of the Gutenberg project is too much on the writing experience itself (which is not great) and, as such, many of the other options surrounding page or post creation suffer (i.e. are more time consuming or missing).
  5. Keyboard shortcuts appear to be gone. For example, control-b does not make the text bold.
  6. Full-screen mode is not really full-screen. If you go full-screen the writing area remains the same. WordPress calls it “Distraction-free writing mode”, so I guess we shouldn’t expect true full-screen mode.
  7. Also gone is the option to display and select tags previously used. A very useful feature if you want to link similar articles together.

Hopefully more updates soon will result in significant improvements. However, I think that most users would appreciate to have the Gutenberg editor as an option rather than turned on automatically.

What Can We Glean About Facebook From Mark Zuckerberg’s Congress Hearings

Last week, the CEO and founder of Facebook, Mark Zuckerberg, has spent 2 days before 2 committees of the US senate answering questions about privacy concerns at Facebook in light of the Cambridge Analytica scandal. As a Web programmer myself, I found these series of exchanges and Mark’s responses fascinating as well as enlightening. I replayed most of the sessions thanks to YouTube. Here are some key observations.

It was particularly amusing, and concerning at the same time, that many of the senators simply did not understand the fundamentals of how Facebook works, what it actually does, or its business model. A good number of them relied on questions submitted by their constituents who, in turn, did not have much better understanding themselves. As a result, too many questions were irrelevant to the most recent data breach and, instead, focused on advertisers, how users’ data is used, shared, or sold relative to advertising. Zuckerberg had to repeat numerous times that data is not sold to advertisers, neither is it shared with them directly. He also had to repeat that advertising is Facebook’s business model quite a few times. The way Facebook uses users’ data is to decide who sees specific advertisements based on the advertiser’s selections and the users’ expressed interests, as well as their browsing history. This is a pretty standard way how online advertising works across the board. Nothing particularly new or noteworthy there.

From those interrogations, it was made apparent that there are three distinct platforms that are integrated into what is Facebook today. These are the publishing, advertising, and developer platforms. The issue at stake is not the first two but the third one, which the senators spent extremely little time discussing. The key question should have been, “why does Facebook allow developers to collect data from users through their apps?” This is how Cambridge Analytica acquired the data of 87 million Facebook users when a Russian-American researcher, Alexandr Kogan, created a simple quiz app. He was somehow able to collect that data of those that accessed the app and the data of all their friends (without their knowledge). Kogan then sold that data to Cambridge Analytica. It is safe to say that the vast majority of Facebook’s users don’t know that their personal data (and those of their ‘friends’) may be, and likely is, shared with 3rd party app developers when they interact with the apps, including game apps.

It is also noteworthy that as much as 29,000 data points are collected by Facebook on each user. What is a data point? A data point is a unit of identifiable information about you. For example, favorite dessert, favorite food, favorite ice cream, favorite pet, favorite color, favorite vacation destination, married, single, divorced, name of significant other(s), location(s) you live(d) traveled, religion, and so on, etc. That is just a small number of data points. It is hard to know exactly what each of the 29,000 data points are beyond the ones that are obvious. But that is far more information than you or anyone else close to you knows about you. The more you post personal details, use apps, or interact with Facebook in any other way, you help them fill each of the 29,000 plus data points.

In the same senate sessions, it also was stated that Facebook collects data points even on non-Facebook users. Now, you may ask how is that possible if you are not a Facebook user? Zuckerberg gave some clues on that. He said that it was for security reasons. So, if you have ever had an account on Facebook and closed it, or if you tried to access Facebook with a phony login, or even just visited Facebook, there is what is known as ‘cookies’ which can be tracked and collected between visits. Cookies are tiny bits of code stored on your browser that are used by almost every website from simply tracking visits to that website to allowing visitors to log in and do stuff on the website. This is one potential way that Facebook may track non-Facebook users. If that is the case, those are some pretty sophisticated ‘cookies’. Generally speaking, ‘cookies’ do not store personally identifiable information.

Facebook is not the only player that is going to great lengths to collect as much data on Internet users as possible. Google and Amazon are other competitors for such data. What makes Facebook unique is that it is marketed as a platform that allows you to connect with friends and, as such, encourages users to post personal information. I remember one time it asked me to upload a copy of a photo ID such as a driver’s license or passport page. Just to unlock a recently created account or perform certain action. It was very eerie to see that and I refused. The account remained locked and I couldn’t access it even to delete it. Thankfully there wasn’t much on it.

Your most precious commodity is you and your privacy. Be careful how you share any information about yourself online and don’t give up that privacy readily. Keep in mind that if something is offered for ‘free’, there always is a catch. Oh, and Mark Zuckerberg’s personal data was stolen as well.

Facebook’s Most Recent Scandal Illustrates the Dangers of Using Facebook For Business Exclusively

With the surge of popularity of Facebook over the recent years, many small business owners have made the decision to use a Facebook page to market their business exclusively on that platform without having a separate domain name and website. And why not, they reason, a Facebook page is free and most of their clientele is also on Facebook. So why should they fork out the money to build a website as well. But the recent scandal with Facebook and Cambridge Analytica shows just how short-sighted such thinking is. The scandal is still very new in the news and who knows how long it will continue for, what new information will surface, and what long-term effect, if any, it will have on Facebook as a company. But it does show that this scandal or the next one, or the one after that, can impact Facebook in very significant ways. This most recent breach in trust will most definitely have the consequence of people leaving or, at the very least, spending less time on the platform.

Using a Facebook page, exclusively, to promote your business online is very short-sighted because it assumes that the platform will stay as popular as it is, or was, indefinitely. Do you remember what happened to MySpace and Friendster? Two of the biggest social media platforms prior to Facebook. They both had their peak user base and then their decline. Reports are already showing that Facebook had a 5 per cent decline in the time users spend on the platform in the second quarter of 2017, and that’s before the scandal came to light. It may very well be that it may rebound, but what happens after the next scandal? Using Facebook for business today maybe a good decision for you. But the platform should be used to direct traffic to your own online property, your business website.

Even if Facebook fully recovers from this scandal unscathed, they still have control of your business page on their platform, they have the power to shut it down if they perceive their terms have been broken or another reason. On the other hand, only you have control of your website and its traffic. And your domain is your online identity that will be uniquely yours for the life of your business.

Be Extremely Wary of Those that Promote Building a Website in Quick and Easy Steps

There are many individuals and companies promoting the idea of building websites very quickly and easily with little technical knowledge and, even being able to build websites for free. Many are quite simply marketing scams designed to sucker in the inexperienced and then charge them for so-called ‘premium’ features. Others are just dangerous and careless ‘how-to’ YouTube videos or Web pages attempting at getting more subscribers or boosting their search rank as well as getting clicks on affiliate links. We have a lot of experience building websites on the popular open-source CMS (content management system) software as well as building custom CMS solutions. Here is why you should be extremely wary of the false claims mentioned at the outset.

Although it is true you can build a website for free, it is not really free in the long term. Not free from the business perspective. You are paying with your time. By the time you realize that the site is not working, how much time have you spent already? Free websites are not SEO-friendly. Free websites come with 3rd party advertising. Free websites will not allow you to control or own the code. Even if you upgrade a free website to a DIY (do-it-yourself) premium version, you are still stuck with the same company and code that is not SEO-friendly.

What about cheap hosting that comes with easy-to-install CMS software? Today’s Web hosting control panels, such as the popular cPanel platform, come with quickly installable CMS software functions to install popular open-source software such as WordPress and even DIY quick site builders. And while it is true that you can register a domain name, get hosting, and launch a bare WordPress site in minutes, this is a far cry from launching a fully functional, full of SEO’d content, completely secured business-class website. Those two things are worlds apart. And this is what you are not learning from those individuals and/or companies pushing free and quick DIY (Do-It-Yourself) website builders. This is very misleading. Launching a WordPress site in minutes using the click-to-install features of the hosting control panel may save some time, but it is extremely little time compared to an experienced Web developer. An experienced Web developer can manually install WordPress in a few minutes and can do it much much better.  That is, she or he can implement some basic security measures that don’t require much time but make the installation far superior to the click-to-install method of the hosting panel. The same is true of any other open-source software.

The issue here is not necessarily with the DIY website builders or the click-to-install functionality of the hosting control panel. The issue is regarding the misleading claims and representations made by the individuals and companies promoting them. The claims that you can build a website in minutes. This is simply not true. Installing a CMS application on a domain name is not building a website. Using a free or ‘next-to-free’ DIY website builders to launch a site in minutes is also not building a website. If you buy into such claims, you will quickly learn that there is much more involved.