Reasons NOT to Switch SEO Providers Based on Email Solicitations

If you have an email account (and odds are that you do), you need to know that there’s another rash of SEO spam circulating the Web. It is a repeat of an old one used by several shady SEO companies that offer search engine marketing on-the-cheap. As a testimonial to the problem, I received the exact same wording from 3 different companies within a few hours of each other, which tells me that it’s a “successful email template” that SEO predators are buying and re-treading for their use to mass-email folks.

This particular fraudulent email begins with, “I was looking up websites under the keyword ‘xyz’ and found your website, (domain name). I noticed you are not ranked un the first page for your primary keyword searches. There is no reason you can’t have the top rankings based on your site’s content. I can help you….”

There are slight variations of the email, but it’s all the same junk. Too many website owners who are showing upward mobility in the search results will get the spam email and believe it. Then they’ll get suckered.

Here’s the basics of “why” and “how” the email is a fraud and a scam, and should be ignored:

The “person” (if they’re real) that says they were looking up websites didn’t actually do any work. Typically, the emails are from a fictitious person, sent by a company that mass-emails from multiple accounts much like a telemarketing center. They actually use predatory software to do automated keyword lookups on Google, then harvest the domain names of websites that appear on pages 3 through 10 (or whatever they set the software to use). The software also is smart enough to crawl the website associated with the domain name looking for any email addresses that appear on the site.

The software they’re using then plugs the variables into a form letter. The “variables” are the keyword selection, the domain name, and the email addresses it finds on the site. (When I receive these kinds of messages, I get them four or five times because a copy of the email is sent to each email address on my own website… which is another indicator that it’s spam.)

Compounding the already obvious misleading aspects of the email, many (most) of the SEO fraudsters use “email seeder” programs that are embedded in the emails or in the links contained within the emails. An email seeder program infects the computer that activates it. Simply by VIEWING the email, or simply by VISITING the link of the solicitor, a script can be planted on the website owner’s computer that does two very nefarious things:

Sifts through the computer owner’s email program (Microsoft Outlook, Mozilla Thunderbird, etc) and harvests all of the email addresses in the inbox… then adds those domain names to the list of sites to solicit, and sends additional spam emails to the addresses it finds, and

Hacks the computer user’s email account and uses the computer owner’s email program as a mail server to send out thousands of spam messages to additional recipients. (If you have ever receive a spam email from someone you know, then their computer is likely an email seeder that has been hacked).

In other words, ensure your spyware and virus protection software is up-to-date.

For more information about the nature of this spam/scam/fraud, people should read the article I published on March 19, 2009, titled, “Are You Low Hanging Fruit for SEO Fraud?” Yes, this scam has gone on for several years. Why does it continue? Because it is very effective at defrauding people out of their money.

A few points that you need to consider:

There are no good Samaritans “out there” in cyber space who philanthropically spend their day searching for websites that they can help out, and then compose individual emails to each website owner to ask for their business. No one has that kind of time. Instead, these are automated emails that are sent out as mass-spam, and the scam artists behind these emails are banking (literally) on the numbers game of 1% to 2% return on hundreds of thousands of messages sent.

Just as these fraudsters are unethical in their premise, they are also unethical in their service. When a search engine marketing campaign is done PROPERLY, there is momentum and progression towards the top of the search engines. The SEO fraudsters capitalize on the upward progression by harvesting sites as they pass through the “almost there but not quite yet” pages on Google. Once these companies seal the deal with a 12 month contract, they do NOTHING but collect money, and the upward momentum carries the site to better placement (page 1 or page 2)… which is very short-lived because the marketing efforts have stopped at that point. The next thing the website owner knows, their site has fallen in the rankings again, but the website owner is now in a “no guarantee, no money back” contract for another 8 or 9 months-another victim of SEO fraud.

An interesting side note to all of this, and a “buyer beware” caution: Sometimes the fraud emails include additional misleading assertions. For example, some claim (or infer) that the website is not performing well for “all of its primary keywords.” It’s a deceptive statement, because there’s no way for an outsider to actually know what “all of the primary keywords” are without having access to analytics reports and other marketing data that is not publicly available.

Another example, the spam emails (and often times, telephone solicitations) sometimes convey that the soliciting company is privy to Google’s super-double-secret algorithms, or that they have some other “insider” relationship with Google that gives them an edge over everyone else. Simply not true. Google (and Bing and Yahoo!) continue to change their algorithms monthly, and occasionally make major updates to their algorithms for the SPECIFIC PURPOSE of avoiding any breach of their proprietary criteria. Google vehemently and specifically does not want to show any favoritism to any company. Their entire integrity for untainted organic search results is tied to the premise that they can’t be bought. If any SEO company were “in bed with” Google, their search engine business model would crumble because of ethics and public perception.

What all of this boils down to is that there are countless unethical SEO fraudsters who prey on the ignorance and innocence of the unsuspecting website owner. Without any repercussions or precedence set in court for SEO fraud, the fraudsters are a growing component of people looking for a “free lunch”-i.e., do nothing and get paid for it. The problem won’t go away any time soon, so the important thing is to ensure that website owners are EDUCATED and INFORMED about these kinds of scams. In today’s tough economy, the temptation is there to save a few dollars and get more results for less money. Sometimes the “wishful thinker” takes the bait, and by the time they realize that they’ve been ripped off, the damage to their website is done and they have even less money to recover from it.

If you are happy with the relationship you have with your current SEO provider, and if they are demonstrating positive and/or improving results, don’t rock the boat. The old expression, “If it ain’t broke, don’t fix it” applies.

What Is Spam?

‘Spam’ is the blanket name given to a variety of different practices, the common feature of which is that they all involve the use of electronic messaging systems to indiscriminately send out bulk messages. Perhaps the most widely recognised form of spam is email spam, but there are a number of variants including blog and forum comment spam, instant messaging spam and social networking spam.

Some estimates have placed the number of spam messages sent during 2011 at somewhere around 7 trillion messages. Although it is difficult to calculate the total cost of these unethical practices, it is clear that internet service providers and the general public suffer most from the propagation of these messages as a result of wasted time and increased pressure on internet services. Unfortunately for the internet user, it is difficult to hold either businesses or individuals to account for spamming.

According to some figures, as much as 80-90% of all email worldwide constitutes spam. Fortunately for the end user, the vast majority of this is filtered out before it ever reaches the inbox of a potential recipient, although this has reduced public awareness of the scale of the problem.

Purposes of Spam

There are a number of different purposes for spam messages and these tend to dictate the medium through which they are transmitted. For example, a large quantity of email spam comes from businesses that are trying to publicise their products and services in the hope of making sales. In this context, email spam can be considered a (usually) less targeted and more modern equivalent of traditional junk mailing. Often, although not always, businesses that engage in spam are selling ethically questionable products – businesses with hard-earned good reputations will often steer clear of unsolicited email messaging because it can reflect badly on them.

Spam in the form of forum and blog comments often serves a different purpose. Although this type of spam can also include information about products and services, it most often contains links.

This type of spam came about largely as the result of search engines counting backlinks to determine the relevance and value of a given link destination. Spammers quickly realised that by sending out blog and forum comments containing links en masse (some blogs and forums are set to auto-approve comments before they are moderated) they could boost the search engine rankings of a given web page and thus drive traffic in that direction. This can generate revenue in a number of ways, the most common of which being through advertising banners.

For this reason, there are also a number of unethical search engine optimisation companies that choose to promote the web sites of their clients using spam. It should go without saying that engaging with such agencies is a poor business decision. Not only can this put the reputation of a company at risk, it is unlikely to provide value for money in the long term. Search engines are increasingly capable of detecting and punishing web sites that are promoted through spam.

Why Spamming Of Classified Ads For SEO Is So Common

Often people post the same advertisement repeatedly on classified websites, which has been either already been posted by someone else or by the same person. This is irritating for classified website owners as such activities make their website spam for search engines and to avoid it they have to remove duplicate ads every time they are submitted. Now the question is why people spam classified website while doing SEO. There can be following reasons for this:

· Most of the classified websites are free. That means many classified websites enable visitors to post their advertisements without charging a penny. This attracts visitors and entices them to post the same advertisement repeatedly. Many visitors take this advantage for granted.

· On the other front, many data entry companies force its members to separately post advertisements even if it has been posted by someone else in the same website. There is no point of posting the same ad in the same website by the different members.

· At times, some classified websites leave the loop holes that allow easy spamming of the site. One of its examples is using a powerful captcha. This is one of the best ideas to keep off spammers. Therefore, it is suggested to use any type of captcha in classified website form. Recaptcha provided by Google is the most recommended captcha.

It is easy and safe to spam other’s website in the name of SEO. Now it is your responsibility to keep such spammers away by employing good strategies. All search engines prohibits spamming be it for classified websites or some other websites. Even your website can be spammed if search engine crawlers find duplicate content or too many backlinks in your site. So, it is not just about posting duplicate ads, even duplicate content or spamming in order to have more backlinks can push you in trouble. If once your website is labeled as spam by the search engines, that means not only that the ranking will drop, but also your website will be banned forever.

Hence, it is recommended that avoid spamming, because no matter how ‘smart’ you are, if you spam your website even for a bit, it will be caught by search engines. Respect the authenticity of other websites as well. Taking unreasonable advantage of given benefit for SEO will neither you nor your website, because those backlinks hardly have any value. Furthermore, top search engines updated their system and program now and then by which they can easily distinguish between “BlackHat” and “WhiteHat”, differentiate spam and good content. SEO is about optimizing a site in an authentic way.

10 Reasons to Have a Website

Your business may not need a website. If you are happy with your market share, if you have no expansion plans, if business comes your way via word-of-mouth, and if your online competitors cause you no concern, you probably don’t need a website. This doesn’t describe our business, and if it doesn’t describe yours either, you probably need a website.

There are 1.5 billion reasons to consider launching a website, but 10 is a more manageable number, so here they are: 10 reasons to launch a website.

1. To give your business an online presence

Almost 75% of North Americans (that’s 250 million people) use the Internet. Worldwide, over 1.5 billion people are “logging on” [1]. They may not all be in your target market, but with an online presence, your message has the potential to reach over a billion people.

2. To market your products and services

A website is the perfect venue for showcasing your products and services. A website is a brochure, ad, business card and billboard all rolled into one. Depending on how interactive your site is, you may even be able to sell your products and services directly from your site.

3. To offer better customer service

With a website, you are open for business 24 hours a day, 7 days a week, 365 days a year. Your site can detail your products, services, prices, and business hours, and with a single mouse click, your customers can send you an email or post a message on your site.

4. To keep your customers up-to-date

Things change. Businesses change. Prices, product offerings, hours of operation, contact information; all of these things change. A website is flexible, so it can also change, and it can do so quickly.

5. To save money

Yes, there are development and maintenance costs associated with launching a website, but compared to more traditional forms of advertising – TV, radio, newspaper, magazine, telemarketing, direct mail, etc. – launching a website is relatively inexpensive.

6. To make your advertising more dynamic

Changing printed advertising can be costly and may be impossible post-production. With a website, however, you can make changes almost instantly. It’s never too late to correct an error or launch a new product or service. If you know a little html or use a content management system, you can even maintain your own site, saving more time and money.

7. To save a tree

One website certainly won’t save the environment. But you might save a tree. A useful business website can dramatically reduce your need for direct mail, newspaper ads and business cards.

8. To reach a new market

Your website can be customized to target any market. If you want to concentrate on a local, national or a global market, you can do so with a website. If you want to attract scuba divers, quilters, mountain bikers, new parents or members of any other niche, a website is a great way to showcase your expertise to your chosen market.

9. To compete

Does your competitor have a website? Your clients may be finding your competitor’s site when they search online. And if your competitors don’t have sites, now is your chance to gain some momentum.

10. To gather information

What do site visitors think of your company, your products or your customer service? What would they like you to change? If you want to know something, use an online poll or survey to gather information. Also, check your site analytics to find out exactly how many people are visiting your site and which pages they are reading.

And because 10 is really just an arbitrary number, I’m going to share point #11 which happens to be just as important, if not more so, as the first 10:

11. You get one chance to make a first impression

If someone searches for your business online and cannot find it, you’ve made a first impression – but not a good one. Don’t be afraid to invest some time and energy into launching a successful, professional website. It may very well be the first impression you make.

Charting the Waters at Cordell Bank

Until 1978, no diver had explored the Cordell Bank. This extraordinary place is now a National Marine Sanctuary. There’s an interesting history behind how this part of the ocean off the coast of California, northwest of San Francisco became a sanctuary.

The bank was discovered by George Davidson while conducting surveys along California’s north coast in 1853. Sixteen years later, in 1869, a more extensive survey was conducted by Edward Cordell, after whom the bank was named. What follows is some of the experiences shared by the first divers to view the bank.

At 150 feet, air bubbles slide out of my regulator sounding like gravel being poured from a metal bucket. We are 20 miles from the nearest shore on a ridgetop of a large Pacific seamount named the Cordell Bank and the scene below is incredibly bright. Anemone, hydrocoral, sponges, and algae cover everything in sight, in many places growing on top of each other.

While collecting some of these organisms, we are suddenly flushed with a euphoric giddiness. We try to smile, but numb lips and the regulator make the effort that much sillier. Struggling to control the narcosis, we keep collecting and exploring. All too soon, however, my buddy waves a thumbs-up in front of my mask. Now, where’s the ascent line? A flashing strobe catches my eye and I swim toward it. The line’s there, so we follow our bubbles – but not to the surface. At 10 feet, we both grab the regulators of full scuba tanks. The decompression wait seems eternal as we can hardly wait to tell the others about our dive to where no one has been before.

These experiences were shared with the author from Robert Schmeider, Ph.D., of Walnut Creek, California, who was obsessed with the exploration of Cordell Bank. In 1977, while studying a chart of northern California’s coastline, this atomic physicist became intrigued by Cordell Bank, which is 20 miles (32 km) due west of Point Reyes and to the northwest of San Francisco. The chart showed there was at least one shallow place with a depth of 20 fathoms or 120 feet (37 meters). It could be dived using regular scuba tanks, so Schmeider assumed it had been. But when he asked a few diving friends if they had ever been there, he discovered none had. So he talked to people with the Coast Guard, the Navy, the California Academy of Sciences, the University of California at Berkeley, the Department Fish and Game, the Geological Survey, the National Oceanic and Atmospheric Administration (NOAA) and others. After a couple of months, Bob realized to his amazement, no one knew much about the bank at all. The idea of exploring Cordell Bank soon became a serious goal.

But Bob expected many dangers. Deep-diving can always be dangerous, especially with compressed air scuba diving due to the possibility of nitrogen narcosis and decompression problems. Additionally, he knew the water was cold, and a fairly stiff current of one or two knots ran in the area. Two knots is nearly impossible to do any work in. To make matters even worse he expected to encounter lots of sharks, including great whites since Cordell Bank lies about midway between Tomales Bay and the Farallon Islands, both places where great whites are known to congregate.

The fisherman in Bodega Bay knew the Bank well as an excellent fishing area, so Bob lined up a boat and skipper from there. After extensive discussions with several of his regular diving partners, he announced his plan to divers in the Sierra Club’s Loma Prieta chapter from the San Francisco Bay area in October of 1977. He knew exploring the bank would require a large support group. At an organizational meeting held in the U.S. Geological Survey chambers in Menlo Park, the group elected a divemaster and all but one of the 40 people attending pitched in $40 a piece to kick off Cordell Bank Expeditions.

After a few practice dives at Monterey and at the Farallon Islands, Bob felt his group was ready to go to Cordell Bank. Unfortunately, he ran into numerous difficulties. Most importantly, a number of divers had dropped out of the group, so Bob had trouble gathering enough divers for a trip. Finally, on October 20, 1978, with just five divers, Bob made it to Cordell Bank.

As Bob recalls, “What we saw on that day absolutely astonished us. We were totally unprepared for the light level. Not only was it not dark, it was incredibly light. After I made the first dive with a buddy, I told the other drivers not to take their lights, as they simply would not need them. It was so light you could almost read. And we had been to a depth of close to 150 feet.”

“There were enormous aggregates of 12-inch (30 cm) fish swimming around above the pinnacle. To us, it seemed an incredible snowstorm of fish. When we finally broke through the fish on our way down, our entire field of vision was just filled with this miraculous sight. We could see colors – reds and oranges and yellows – and the rocks were covered, just inundated, with organisms. Sponges, especially Corynactics (Strawberry anemone), pink hydrocoral, hydroids, and a lot of large-bladed algae. It looked as if someone had landscaped it. We were just overwhelmed.”

On the first dive, they collected nearly 50 species, including at least one new genus of algae and one new species. By working closely with a number of professional biologists at the University of California at Berkeley, the California Academy of Sciences, the Los Angeles County Museum, the Geological Survey, the Smithsonian, and other institutions, they sorted and identified their new collections until the list included more than 400 species.

After that first dive, made possible by the Sierra Club divers and by grants from such organizations as the San Francisco Foundation and the National Geographic Society, the Cordell Bank Expeditions evolved into a member-supported, systematic, data-gathering organization that bought its own research vessel, the Cordell Explorer, which was retired in 2014. They bought a LORAN-C receiver and carried out depth surveys back and forth across certain areas, measuring depths and recording positions. From that data, they were able to generate their own set of charts. Those charts became a major help in carrying out more successful dives, as they could more reliably find the pinnacles and ridges they wanted to dive. In the summer of 1985, Bob and a colleague were able to obtain state-of-the-art hydrographic survey data on the Bank as a result of a project conducted by the National Oceanic and Atmospheric Administration (NOAA) and the U.S. Geological Survey (USGS). That survey covered the 200-mile Exclusive Economic Zone (EEZ) off the coast that the U.S. claims control over. Cordell Bank may well be the best-surveyed feature off the coast of North America.

Aside from collecting specimens and surveying, the expedition also used 35-millimeter photography, plus Super 8-millimeter, 16-millimeter, and videotape cinematography. Some of their photographs have been useful in identifying species that didn’t show up in their collections and in showing physical features the divers may not have noticed during their dives.

They have found this seamount is roughly elliptical and, at the 50-fathom depth, it is 9-1/2 miles long by 4-½ miles wide (15.3 x 7.25 km). It lies right on the edge of the continental shelf and is the northernmost such shallow place all the way to Canada. The bank is a distinct plateau with its flat top rising to the 30- to 35-fathom depth. Atop this plateau, at least four cliffy ridge systems, two in the north and two in the south, and several pinnacles reach to diveable depths. In fact, the shallowest point the expedition has found is about 19 fathoms (114 feet or 35 meters) and is part of a ridge system in the northeast. Geologically, it is considered a piece of the ancient Sierra Nevada that was sheared off by the Pacific Plate, thus explaining its granite composition.

Growing on this 19-fathom peak is a dense, whitish cap of barnacles and red algae. Below this, from 20 to 25 fathoms (36.6 to 45.7 meters), the sessile community grades to nearly foot-thick piles of sponges, anemones, including the common Strawberry Anemone Corynactis californica, California Hydrocoral Allopora californica, hydroids, and tunicates. Space is the limiting factor. The organisms are very brightly colored with reds, yellow, white, and pinks. At 30 fathoms (55 meters), the community thins to a few large, widely spaced creatures, mainly sponges, urchins, and anemone. By 35 fathoms (64 meters), bare rock dominates the scene. Around 200 feet in various places, brilliant white sediments of almost a hundred percent shell fragments accumulate.

The Cordell Bank community is very healthy showing little evidence of disease or death because the California Current brings clean, clear, cold (50 to 55 degrees F. or 10 to 13 degrees C.) water, with a high nutrient content, upwelling to the relatively shallow bank. When the disruptive El Niño current occurs off California’s coast, the water temperatures at the bank rise to over 60 degrees F. or 15.6 degrees C. The sun’s rays penetrate this water so deeply divers can take photographs using available light at 150 feet (46 meters). Visibility is sometimes as good as 100 feet (30.5 meters). Because of the water’s clarity and nutrient load, photosynthesizing organisms support a vast and complex food chain up to large fish, birds, and mammals.

Cordell Bank has long been known as a superb fishing area. Groups of rockfish congregate around the pinnacles, sometimes so thickly, divers report whiteout conditions. Besides rockfish, sport fishermen regularly catch lingcod, yellowtail, salmon, albacore, and shark. Oddly enough, the divers have yet to see great white sharks, in spite of the fact that the great white’s favorite prey, seals and sea lions, are at the bank. They have, however, seen blue and mako sharks.

Like rockfish, seabirds often congregate around the pinnacles, and it was just such gatherings that enabled the expedition to initially home in on shallow points to dive. On surveying and diving trips since 1978, volunteer observers from the California Marine Mammal Center and San Francisco State University have recorded many sightings of seabirds and mammals at or near Cordell Bank. They’ve seen 33 species of seabirds including black-footed albatross, northern fulmar, surf scoter, south polar skua, common murre, pigeon guillemot, tufted puffin, and brown pelican. The previously endangered brown pelican was particularly noteworthy because it was sighted on about two-thirds of the trips.

The observers also recorded fourteen kinds of marine mammals. Of special interest were two endangered cetaceans, the humpback and blue whales. Both species feed at the bank. The team’s most exciting encounter with blues occurred on October 10, 1982, when a pair approached from off the port bow, surfaced 30 yards away, visibly swam under the ship, and surfaced again several hundred yards astern. Marc Webber and Steven Cooper, reporting for the group, felt the number of blue whale sightings “represents a substantial number of records for this species over the continental shelf in the Cordell Bank area, and along with probable observation of feeding suggest this area is an important autumn habitat for this species.” Also of particular interest were sightings of northern elephant seals whose pelagic habits have only recently become better understood. Other observed mammal species were Minke whale, Dall’s porpoise, harbor porpoise, orca, Pacific white-sided dolphin, Risso’s dolphin, Northern right whale dolphin, California sea lion, Steller sea lion, northern fur seal, and harbor seal. These have all been autumnal observations. The expedition has restricted their trips to the autumn because the weather is most predictable at that time and because the California and Davidson currents more or less cancel each other out, which makes diving more practical.

The greatest mysteries Bob and his divers have encountered are a number of large, cylindrical holes that lie right on the sharpest, highest parts of the region. Some holes appear to be man-made, but others look natural. Hearsay has it the holes were made by the U.S. Navy during the 1960’s in a project related to submarine detection. Bob’s expedition was once followed for nearly an hour by an unidentified submarine. In spite of his security clearance, Bob has been totally unsuccessful in learning anything from the Navy about any of this.

Cordell Bank is now a national marine sanctuary. The Sanctuary Programs Division (SPD) of NOAA, which is in charge of the sanctuaries program held its first informational hearing on the bank in San Francisco on April 25, 1984, and published a draft Environmental Impact Statement and other documents.

Bob is optimistic about Cordell Bank’s future. He believes, “It’s incumbent upon those of us who wish to preserve certain areas of our environment like museums, to set up the legislation to protect those areas. We don’t give any thought whatsoever to commercially developing Yosemite because it’s become part of our national environment, our cultural heritage. And our marine sanctuaries will become the same way. I hope and believe that 50 or 100 years from now, areas like Cordell Bank, which had long since been designated marine sanctuaries, will be part of our national heritage and will be considered inviolate.”

Creating a Marine Sanctuary

The federal marine sanctuaries program was established by Title III of the Marine Protection, Research, and Sanctuaries Act of 1972. This law provides that areas in the ocean as far out as the edge of the continental shelf and in the Great Lakes may be protected.

During its first 5 years, the program crawled slowly along, because no funds were appropriated. By 1977, only two marine sanctuaries had been designated. The first was a six square mile site off Cape Hatteras, North Carolina, to protect the wreck of the U.S.S. Monitor, and the second was Key Largo Coral Reef Marine Sanctuary adjacent to John Pennekamp Coral Reef State Park in the Florida Keys, which covers 100 square miles. In that year, 1977, President Carter, in an environmental message to Congress, expressed support for the program and boosted funding. In contrast to the law’s original intent, Carter was trying to protect areas threatened, in this case, by offshore oil development. As it turned out, one of Carter’s last official acts was the designation of three new sanctuaries: Looe Key in Florida, Gray’s Reef in Georgia, and the Gulf of the Farallones off California. (Cordell Bank neighbors this sanctuary.) Once again, the program was slowed by restricted funding under the Reagan Administration.

The slowness of the marine sanctuaries program was especially disheartening because all the land is under state or federal control already and doesn’t require acquisition funds. Money was needed only for evaluating potential sites, managing a site after it becomes a sanctuary, and enforcing the protective laws.

The marine sanctuaries program works in the following way. Any organization or member of the public may send nominations to the Sanctuary Programs Division (SPD) in the Commerce Department’s National Oceanic and Atmospheric Administration (NOAA) for consideration. The idea of nominating a place need not be intimidating. As Bob Schmeider found out, “the nomination itself doesn’t need to be very specific at all. Of course, if the (SPD) already knows about a site, which they had already known about Cordell Bank from information I had given them well before the nomination, (then) the actual nominating step was simply a letter from me to them saying I would like to nominate Cordell Bank. If a site is totally unknown and you’re preparing a nomination, then you need to include some details and some information, so that they will have some knowledge of it. That’s all.”

Formerly, a nomination was automatically placed on a List of Recommended Areas, but this has been replaced by a Site Evaluation List (SEL) that includes nominated sites meeting certain preliminary criteria. After review by the SPD staff, the SPD can promote the area to active candidacy. At that point, they’ll produce draft documents, including a management plan, environmental impact statement (EIS), and a designation document. These will be circulated among interested individuals, organizations, and governmental agencies. They’ll also schedule public hearings in the communities nearest the candidate site to get additional input. From that, they’ll produce final documents and circulate those and hold more hearings. Congress has the opportunity to review a site’s candidacy and hold their own hearings. Cordell Bank was the first marine sanctuary candidate to receive such scrutiny. If the site is within state jurisdiction, then that state’s governor may veto the designation, but this won’t necessarily cancel a site’s candidacy altogether. (Cordell Bank wasn’t in state waters.) After all of these steps, the Secretary of Commerce can sign the designation document and the site will become a national marine sanctuary.

Diving in Fiji and the Mamanucas

Bula. We visited Fiji last year and dove with Subsurface, a dive operation which operates dive shops from several of the Mamanuca Islands. Overall, we would give them a rating of Fair. We’ll go into more details below.

The Mamanuca (pronounced Mah-mah-noo-tha) islands lie in a majestic arc, only a short distance from the mainland of Viti Levu, curving to the north-west, and almost touching the Yasawa chain.

There are 13 islands in all, not counting those covered by the Pacific at high tide and they all share in common pristine white sandy beaches, waving palms, crystal blue waters and, at night, the cooling influence of the trade winds.

The Mamanucas are essentially volcanic outcrops pushed up from the ocean floor in a gigantic earthquake thousands of years ago. From the air you can see that the Mamanucas group is in fact two clusters known as Mamanuca-i-ra and Mamanuca-i-cake. Within the Mamanucas is the Malolo group, three miles inside the barrier reef, extending in a curve for about 75 miles. As islands, they are certainly beautiful.

We had been asked to visit to consider taking over the operations for the new Hilton development dive concession, so we considered this a possibility we both might have enjoyed and visited on a business trip.

Here’s a rundown on the dives we managed to get in;

Namotu Reef: This reef is situated in a passage on the Barrier Reef itself. The day we were there, the currents were very strong and this was not well communicated on our dive briefing. There was soft coral, but nothing really to write about as being a must see location. Visibility was maybe 50 feet, so also, nowhere near what is being promoted.

In defense of the site, the day we were there, a local told us this was the strongest they had ever seen the current.. As far as marine life, we saw nothing. Nothing. And even if we had seen something, the current was too strong to stop in anyway.

Dive rating: Don’t bother.

Tavarua: Tavarua is very close to Namotu. We did this dive the same day, with a different divemaster. His briefing told us this was a drift dive and we were to descend at the anchor line. Once at the bottom, for some reason, he decided that swimming directly into the current to get around a small reef before drifting would be a good idea and I have never in 25 years had to work so hard to begin a dive. I was very nearly ready to leave the group when we rounded the corner, we were using so much air.

Once we got into the current, it was as if we were flying. This was not a drift dive. This was a fly dive. When I tried to stop to look at something, I was signalled to move on quite adamantly, in obvious fear that the divemaster may never see us again if we stopped.

Well, Yim and I finally decided that this was no fun at all and we would signal the divemaster we were going to ascend. We did our safety stop and went to the surface. The boat was a long way off, obviously not following our bubbles, which is the norm on any drift dive I’ve been on.

It was a good thing I had my Dive Alert siren, because I had to blow it three times to get the boat’s attention as we drifted out into, well… out.

Oh, and by the way, if there were fish or coral of any kind, there was no way to see it since we were moving so fast and visibility was maybe 40 feet.

Dive Rating: Don’t Bother.

Rainbow Reef: This was a nice dive site. Quite simply, it is a series of coral pinnacles in about 65 feet in depth at maximum depth, but the real joy is between 15 feet and the surface. The plate and table corals are beautiful. Some of the nicest coral I’ve ever seen.

But, during the dive, I was diving with six Japanese divers, who were, quite literally, standing on the reef, holding on to it to steady themselves to take photos, touching it and basically, not giving any thought to whether or not they were damaging it.

After the dive, I said something to one of the divers and was taken aside by the owner to tell me that this was a general problem with the Japanese there and I got the feeling she just did not want me to tell them not to do this. It really bugged me that no one was saying anything to them. And I somehow doubted that ALL japanese divers were like this and that all they needed was some reef education.

Visibility, maybe 40 feet.

Dive Rating: Very good.

Supermarket: This is their supposedly famous shark feeding dive. What their promos fail to tell you is that they don’t feed sharks there anymore and there are no sharks, just a lot of very dead coral. Visibility, maybe 30 feet.

Dive Rating: Don’t Waste Your Money. It’s a long boat ride for nothing.

Pleasure Point: Now this is a Dive site not to be missed! I would consider this one of the best dive sites I have ever seen. I don’t know that it is worth traveling halfway around the world to see, but if you lived in Australia or New Zealand, then it would be worth a visit.

Dive Rating: Excellent!

Seven Sisters: An assortment of coral pinnacles to meander between. Lots of small reef fish and hard coral site in the area.

Dive Rating: Good.

We had hoped to go out again, but when we arrived at the shop on Sunday, we found our gear had been given out to other guests so we could not dive on our last day out on the islands, which disapointed the two of us. This has to be the height of incompetence in a Dive Shop… to ‘lend out’ guests dive gear who have traveled halfway around the world to consider managing their dive business.

A couple of other points I really don’t like to see.

Subsurface claims all their Instructors dive Nitrox and they have Nitrox available. This is quite simply not true and is something I really dislike about the industry that so much can be said over a website and then not be there when you have already traveled long distances. I’ve seen this on a few occasions now and don’t think it is right. I asked the instructors and was told no. There were also no tanks marked for nitrox in the dive shops.

I do have to say that the Instructors and Divemasters were all very nice to us and seemed competent in their work. They were attentive to their divers and the head Instructor on Beachcomber was very patient and professional.

Since we were there for a short period, we wanted to dive as many sites as possible. At one point during a conversation, the owner suggested she had not been to most of the sites and had made up the marketing descriptions. That kind of surprised me. They claim to dive 44 sites but during our stay, even upon request, they continued going to the same sites over and over again.

Another point to be aware of. The dive shop at Beachcomber makes you carry your dive gear well over 1,000 feet to the boat, so be prepared. It’s not that bad before you dive but a real drag after the dive. Bring some water socks or you’ll have to walk across a beach that is basically sharp coral.

One last thing. We travelled halfway around the world at the request of Subsurface. Upon our return, we presented an overview of our ten days to them. They did not even have the decency to respond. Nothing. They simply chose not to bother, although they had no problem trying to get explainations on how to create a web site as nice as this one and digging deep to get my opinion on how to improve their site and marketing.

Any operation that operates in such an unprofessional manner is always sure to be reflected in your dive vacation experience.

We would recommend Treasure Island as a resort to visit for a week or two. The resort is quite wonderful with terrific snorkeling surrounding the entire Island. It also caters to families and has much to keep kids occupied. The local Fijian staff were extremely friendly and helpful.

We also liked First Landing, which is on the mainline, as a resort which catered to couples and families.

We would suggest you consider Crusoes Retreat, a resort carved into the side of the cliffs about an hour south of Nadi. We also drove to Pacific Harbour, which had what we thought was the nicest cultural art boutiques we found.

Overall, we had a very good time but would not return to the Mamanucas. And part of that would be due to the poor quality of dive experience Subsurface offers. They have a lot to learn about running a dive operation and in servicing North Americans.

To view the photographic edition of this story, go to [http://www.oceansedge.com]

—————-

Steve Roper is a PADI Master Scuba Diver Trainer with multiple speciality certifications, including Underwater Naturalist, Photography, Advanced Navigation, Night, Deep and Drift Diving, Nitrox and Tri-Gas Mix (for details on Nitrox and Tri-Gas, see techie stuff). He has been diving for well over 20 years.

His travels have taken him from Montreal throughout the entire Caribbean, both coasts of the United States, Vancouver Island, the Pacific Northwest ,much of Central America and more recently, Fiji.

Some Information About Information Technology Courses

Qualifications for most IT industry jobs include some type of higher education, certification, or computer experience. A bachelor’s degree in computer application or master degree in computer application or master degree in IT is the most prevalent requirement, but some employers accept a two years associate’s degree. Computer science is the only one of many computer related degrees that colleges and universities offer. According to Association for Computing Machinery (ACM), there are five major computing disciplines.

Computer engineering focuses on the design of computer hardware and peripheral devices, often chip level. The curriculum includes basic studies in calculus, chemistry, engineering, physics, computer organization, logic design, computer architecture, and microprocessor design. While In Online MCA course focuses on computer architecture and how to program computes to make them work effectively and efficiently. The curriculum includes courses in programming, algorithms and software development, discrete math and physics.

Students investigate the fundamental theories of how computers solve problems, and they learn how to write application programs, system software, computer software, computer languages, and device drivers. Online BCA students generally find the job as programmers, with good possibilities for advancement to software engineers, object-oriented/GUI developers. While a student of Online MBA in IT finds the job as a project manager in technical development. These professionals work as theorists, investors and researchers in fields as divers as artificial intelligence, virtual reality, and computer games.

Information system degree programs focus on applying computers to business problems. The curriculum includes course work in business, accounting, computer programming, communications, system analysis, and human psychology. For students who want to become a computer professional but lack strong math aptitude, most academic advisors recommend the information systems degree. In Online MS in Information technology course leads to a programming or technical support job, with good possibilities for advancement to system analyst, project manager, database administrator, network manager, or other management positions.

Online MBA in IT programs focus on the computer equipment and software used by business and organizations- how they work, and how they secured, upgraded, maintained, and replaced. Students in an IT program typically work hands- on with hardware, networks, Web pages, multimedia, e-mail systems, systems analysts, and help desk technicians. A new scope for MBA in IT students is Data base administrator job. Databases require a high level of expertise, not only in the use of database software, but in the conception and design of database structures. Many computer professionals have sought certification in database systems, such as Oracle, Access, Sybase and DB2.

Id Theft – Things To Do Right Now, Habits To Establish And Keep

The bear in your campground analogy:

Perfect protection is unreachable but you can be better protected than most people with reasonable efforts. The “Bear in Your Campground” story applies here. When a bear comes into your campground, you can’t outrun the bear but you can outrun the other campers. The fact is that there is no way you can be sure to outrun the thieves either, but you can outrun the other potential victims – and that may be enough. I will try to help you make the trade-offs that work for you.

There are lots of people out there making it easy to steal their identities. You don’t want to be one of them. There is a lot you can do without major expenditures and major changes in your lifestyle. The point of this book is to teach you what you can do and let you make intelligent trade-offs yourself of security versus cost and inconvenience.

Things to do right away:

The point of this is to get you off to a fast start, positioned to better protect yourself. Some of the things you should do right away include:

Review your last bank and card statements.

Be sure all listed transactions were authorized by a family member, don’t assume. Also check to see that you are not missing the most recent statement, as that might be a sign of account takeover. List each account and card on the Account and Card Inventory Form provided in the back of this book. Include on your list your divers license and ID cards from your employer, insurers, that would have to be replaced if your wallet was lost or stolen. This form will be an important tool for detection as well as recovery.

Order a credit report.

One report from each agency per year is now free. Some people get one each four months, on a revolving basis, so that they never have to pay for a report. Some request all three or each more often. This is one of those trade-offs of protection versus expense and effort.

Calendar the date when you want to order the next credit report. And note which agencies are next in rotation, if you are ordering one at a time.

When I first did this I found a debt listed that had been run up by my former wife. I called the bank and got them to take it off of my credit report. As reviewing your credit report is an ongoing habit, we will discuss what to do when the report arrives in the next section.

Install a locking mailbox or get a Post Office Box.

Incoming mail can provide a thief with credit cards, applications, checks, and various identifying information. I put up the first locking mailbox in my neighborhood. It cost $60 and a little time. But when one neighbor had a box of checks stolen and another lost incoming pay and dividend checks, I wasn’t the only one for long.

When my wife went out to run in the mornings, at least once a week she noticed all the unlocked mailboxes were hanging open. One day in the park I found all of a certain neighbor’s junk mail. But not those credit card offers and nothing that resembled account statements, or other financial or government mail – those were too valuable for the thieves to toss. What was going on was that groups of teens were cruising the streets making quick grabs into unlocked boxes. They sell “interesting” items to a broker. The broker sorts out the items by type and sells groups of like items to transaction specialists. Certain thieves pass bad checks, others use deposit slips, still others specialize in cards-related frauds.

P.O. boxes may be safer, if less convenient and more expensive, another trade-off. The bear might tear into your locked mailbox, but if the other campers have open jars of honey out front, then why would he bother you?

Get gel ballpoint pens for writing checks.

A thief can take a check from your outgoing mail, remove regular ballpoint pen ink with nail polish remover (protecting the signature, of course), and have a signed blank check – on your account.

The cheapest investment you can make is to buy a gel ballpoint pen and keep it clipped to your checkbook. Gel is a newer kind of ink which cannot be removed by washing. The point is to look for the word “GEL” on the pen, buy it, and use it for all your checks.

Get a shredder.

A crosscut or confetti style is best, as strips can be reconstructed. Anything with your social security number on it or containing personal data is fair game to the thieves when it hits your garbage bag or can. “Dumpster diving” is a profitable profession.

Things you don’t want fished from your trash include bank and card statements, old taxes, voided or old checks, deposit slips, credit applications you don’t want to complete, credit offers, and those checks the credit card companies send you to initiate low interest rate loans and balance transfers.

Change poor PINs and passwords.

They should be at least six numbers and/or characters. They should not be easy to guess or based on information which might be in your wallet. The first numbers a purse or wallet thief would try are parts of your birth date, phone number, SSN, and any other key number they find in you wallet. Realize that your SSN can be accessed by a large number of people. A thief might obtain it and try different parts of it in guessing your PIN even if they don’t find it in your wallet.

There are trade-offs here too.

* Multiples – If you always use the same password it is easy to remember but people at each site have access to it. So you also might want to use a unique password on banking sites. If you use the same ID and password on many sites you are exposing them to key employees of multiple companies.

* Complexity – Complex passwords may be hard to recall and tempt you to write them down in a handy spot.

* Real or made-up – To be extra careful, you might create and use an imaginary “mother’s maiden name”, as the real one could be researched. It is on your birth certificate, for example.

Set up a password on each bank and card account.

Use your Account and Card Inventory Form as a guide to contact each bank. Once set up, the password can be used by the bank to determine it is really calling them with a transaction such as an address change or funds transfer. If the only way they can identify you is by asking for personal data, your account is exposed to any thief who has obtained your data.

Remove any PINs or passwords written in your wallet / purse.

They could be a goldmine for a thief.

Secure any PIN and password list within your home.

Don’t leave them out, in a well labelled file in an unlocked file cabinet, on your computer in an easy to find file, or on a notebook PC that could be stolen.

Protect Social Security Numbers (SSN).

Remove them from your checks, driver’s license, resume, or other documents where it is not required. My employer forced their insurance companies to take our SSNs off of our group insurance cards.

Remove unneeded IDs from your wallet, purse, and car.

This will reduce the potential damage from theft and reduce the work you will have to do if theft does occur.

Protect your PC’s

Get and run anti-spyware and anti-virus programs and firewalls. Be sure to use the encryption option on wireless networks.

Protect Yourself – Avoidance Habits to Develop and Keep

Even as you complete the initial protection steps described in the prior chapter, you also need to start practicing on-going protective habits.

Review this list from time to time.

The first habit is to learn and repeat each of the others. Put “review the good habits list” on your calendar, as a reminder, until you regularly practice each of these good habits.

Protect your outgoing mail.

Taking outgoing mail can be lucrative for the thief in many ways.

* Applications – Applications for cards or loans can be “edited” by thieves so that they get the payoff and you get the collection calls.

* Checks – A check in the outgoing mail can be as good as gold to them. Even if you used a gel pen to prevent alteration of that check, the data on your check can be used to produce (or even order) perfectly valid looking checks that can be written by the thief that will clear and post against your checking account.

* Deposits – An outgoing deposit-by-mail is a double gift to the thief. Not only can they “edit” the checks to their specifications but they can use the deposit slip too. That scam goes like this: They go into your bank (probably a remotely located branch so they aren’t recognized) and hand the teller the deposit slip along with some bogus checks they printed up on their PC or have from a nearly zero balance account out of state. Then they ask for some cash back from the deposited funds. They are usually handed the cash, since it is less that the funds already available on your account. When the deposited checks bounce back against your account, the thief has been gone for two or three days.

* Data sources – Various other sorts of mail (like car registrations, tax forms) can help the thief build a file on you which will later be used to open accounts in your name. You can count on him running up overdrafts and bad debts in your good name.

For all of these reasons, place outgoing mail only in secure mail boxes, not the office OUT box and not your personal mailbox. The big blue USPS boxes are pretty well bear-proof.

Be wary at ATMs and points of purchase

The ideal situation for a thief is to have both your card and your PIN. They will go to quite a bit of trouble to get them. If they can copy the data from the magnetic stripe on the back of the card they can create an exact copy of your card. Even with only plain white card stock they can use the magnetic stripe data to create a “white card” that will work perfectly well on an ATM, gas pump or other unmanned locations.

* Getting your PIN – Watch out for “shoulder surfing”. Be aware of anyone watching you enter your PIN at an ATM or point of purchase terminal. Some thieves even use a video camera to record your entry from a short distance or hide a camera to record and transmit your finger movements on the keypad.

* Getting your data – Your card’s magnetic stripe data can be read by one of three types of small skimmer devices.

* One is a portable device that can be taped to a waiter’s arm. They go to a private space, roll up their sleeve, swipe the card, then go about their normal business.

* Another kind is mounted under the counter. You won’t see the card swiped but it will disappear from view momentarily.

* Some thieves go so far as to install a skimmer on a bank’s ATM. These look like part of the machine but they are unauthorized “add-ons” that read the magnetic stripe on the card before passing it on to the real ATM card reader.

* Getting your card – Some thieves us a device known as a “Lebanese loop” to steal your card at the ATM. The loop is a strip of plastic they stick into the cred reader slot. Your card is caught by it and jams. After you leave in frustration the thief uses a tool to pull out the loop and your card with it.

Use safer ways to make payments.

It is safer to use credit over debit cards, as they provide better protection against fraudulent charges and their spending limit is most likely below the amount than can be taken from your deposit (checking or savings) account. Once money has been taken from your deposit account, it may take some time to resolve the issue with the bank. In the mean time you may not have access to all of your funds. A credit card balance, on the other hand, you can simply not pay if you have lodged a legitimate complaint in the right manner.

Checks are relatively easy to manipulate. Even if gel ink is used the check can be scanned, the image manipulated, then printed (including the signature). It is remarkably easy for people to order checks on your account and have them sent to an address supplied by the thief. They just say they are you and have recently moved. Many check printers do nothing to verify the identity of the person placing the order, On-line bill paying is available from most banks and is far safer. Once you get used to it you will probably find it more convenient as well. Just be careful with your on-line ID and password.

Now obviously there are other kinds of risks in the world that need to be considered. Over use of credit cards, without regular full payments of the balance, can be a problem. To address this, some families use one card for debt and another for routine purchases. They look for a low-interest card for the first purpose and pay off the other each month, without exception.

The Worker Identity Theft Crisis (And How You Will Save The Day)

The Price of Admission to the Digital Age

Identity theft is everywhere. It’s the crime of the millennium; it’s the scourge of the digital age. If it hasn’t happened to you, it’s happened to someone you know. Using Federal Trade Commission (FTC) data, Javelin Research estimates that about 9 million identity thefts occurred last year, which means that about 1 in 22 American adults was victimized in just one year. So far – knock wood – I’ve personally been spared, but in the course of running an enterprise identity theft solutions company, I’ve run across some amazing stories, including from close friends that I had not previously known were victims. One friend had her credit card repeatedly used to pay for tens of laptops, thousands of dollars of groceries, and rent on several apartments – in New York City, just prior to the 9/11 attacks. The FBI finally got involved, and discovered an insider at the credit card firm, and links to organizations suspected of supporting terrorists.

So what is this big scary threat, is it for real, and is there anything one can do other than install anti-virus software, check credit card statements, put your social security card in a safe deposit box, and cross one’s fingers? And perhaps even more important for the
corporate audience – what’s the threat to corporations (oh, yes, there’s a major threat) and what can be done to keep the company and its employees safe?

First, the basics. Identity theft is – as the name implies – any use of another person’s identity to commit fraud. The obvious example is using a stolen credit card to purchase items, but it also includes such activities as hacking corporate networks to steal enterprise information, being employed using a fraudulent SSN, paying for medical care using another person’s insurance coverage, taking out loans and lines of equity on assets owned by someone else, using someone else’s ID when getting arrested (so that explains my impressive rap sheet!) and much more. In the late 90s and early 2000s, identity theft numbers skyrocketed, but they have plateaued in the last 3 years at around 9-10 million victims per year – still an enormous problem: the most common consumer crime in America. And the cost to businesses continues to increase, as thieves become increasingly sophisticated – business losses from identity fraud in 2005 alone were a staggering $60 billion dollars. Individual victims lost over $1500 each, on average, in out of pocket costs, and required tens or even hundreds of hours per victim to recover. In about 16% of cases, losses were over $6000 and in many cases, the victims are unable to ever fully recover, with ruined credit, large sums owed, and recurring problems with even the simplest of daily activities.

The underlying cause of the identity theft crime wave is the very nature of our digital economy, making it an extremely difficult problem to solve. Observe yourself as you go through the day, and see how many times your identity is required to facilitate some everyday activity. Turn on the TV – the cable channels you receive are billed monthly to your account, which is stored in the cable company’s database. Check your home page – your Google or Yahoo or AOL account has a password that you probably use for other accounts as well, maybe your financial accounts or your secure corporate login. Check your stocks – and realize that anyone with that account info could siphon off your money in seconds. Get into the car – you’ve got your drivers license, car registration, and insurance, all linked to a drivers license number which is a surrogate national ID, and could be used to impersonate you for almost any transaction. Stop for coffee, or to pick up some groceries, and use one of your many credit cards, or a debit card linked to one of your several bank accounts – if any of those are compromised, you could be cleaned out in a hurry.

And in the office – a veritable playground of databases with your most sensitive data! The HR database, the applicant tracking system, the Payroll system, the Benefits enrollment system, and various corporate data warehouses – each one stores your SSN and many other sensitive pieces of identifying data. Also the facilities system, the security system, the bonus and commission and merit increase and performance management systems, your network login and email accounts, and all of your job-specific system accounts. Not to mention all of the various one-time and periodic reports and database extracts that are done all day long, every day, by Compensation, by Finance, by audit firms, by IT and many others. And what about all the backups and replicated databases, and all the outsourced systems, all the various Pension and 401(k) and other retirement account systems? The little easily forgotten systems that track mentor assignments and birthdays and vacation accruals. The online paycheck image systems? The corporate travel provider’s systems? And let’s not forget how every outsourced system multiplies the risk – each one has backups and copies and extracts and audits; each one is accessible by numerous internal users as well as their own service providers. How many databases and laptops and paper reports throughout this web of providers and systems have your data, and how many thousands of people have access to it at any moment? The list rapidly goes from surprising to daunting to frightening, the longer one follows the trail of data.

It’s a brave new digital world, where every step requires instant authentication of your identity – not based on your pretty face and a lifelong personal relationship, but on a few digits stored somewhere. Much more efficient, right? So your various digital IDs – your drivers license number, your SSN, your userids and passwords, your card numbers – have to be stored everywhere, and as such, are accessible by all kinds of people. This explains the huge and growing phenomenon of corporate data breaches. Amazingly, over 90 million identities have been lost or stolen in these breaches in just the last 18 months, and the pace is actually accelerating. It’s simple arithmetic combined with a financial incentive – a growing volume of identity data, accessible by many people, that has significant value.

And once any of these digital IDs are compromised, they can be used to impersonate you in any or all of these same thousands of systems, and to steal your other digital IDs as well, to commit further fraud. This is the scale of the problem. Much worse than a cutesy stolen Citibank credit card – identity theft can easily disrupt everything you do, and require a massive effort to identify and plug every potential hole. Once your identity is stolen, your life can become an eternal whack-a-mole – fix one exposure, and another pops up, across the enormous breadth of all the accounts and systems that use your identity for any purpose at all. And make no mistake – once compromised, your identity can be sold again and again, across a vast shadowy international ID data marketplace, outside the reach of US law enforcement, and extremely agile in adapting to any attempts to shut it down.

A Disaster Waiting to Happen?

Over the last two years, three major legal changes have occurred that substantially increased the cost of corporate data theft. First, new provisions of the Fair and Accurate Credit Transactions Act (FACTA) went into effect that imposed significant penalties on any employer whose failure to protect employee information – either by action or inaction – resulted in the loss of employee identity data. Employers may be civilly liable up to $1000 per employee, and additional federal fines may be imposed up to the same level. Various states have enacted laws imposing even higher penalties. Second, several widely publicized court cases held that employers and other organizations that maintain databases containing employee information have a special duty to provide safeguards over data that could be used to commit identity fraud. And the courts have awarded punitive damages for stolen data, over and above the actual damages and statutory fines. Third, several states, beginning with California and spreading rapidly from there, have passed laws requiring companies to notify affected consumers if they lose data that could be used for identity theft, no matter whether the data was lost or stolen, or whether the company bears any legal liability. This has resulted in vastly increased awareness of breaches of corporate data, including some massive incidents such as the infamous ChoicePoint breach in early 2005, and the even larger loss of a laptop containing over 26 million veteran’s IDs a couple of months ago.

At the same time, the problem of employee data security is getting exponentially harder. The ongoing proliferation of outsourced workforce services – from background checks, recruiting, testing, payroll, and various benefit programs, up to full HR Outsourcing – makes it ever harder to track, let alone manage all of the potential exposures. Same thing for IT Outsourcing – how do you control systems and data that you don’t manage? How do you know where your data is, who has access, but shouldn’t, and what criminal and legal system governs any exposures occurring outside the country? The ongoing trend toward more remote offices and virtual networks also makes it much harder to control the flow of data, or to standardize system configurations – how do you stop someone who logs in from home from burning a CD full of data extracted from the HR system or data warehouse, or copying it to a USB drive, or transferring it over an infrared port to another local computer? And recent legislative minefields, from HIPAA to Sarbanes Oxley, not to mention European and Canadian data privacy regulations, and the patchwork of fast-evolving US federal and state data privacy legislation, have ratcheted up the complexity
of control, perhaps past the point of reasonability. Who among us can say that they understand all of it, let alone fully comply?

The result: a perfect storm – more identity data losses and thefts, much greater difficulty at managing and plugging the holes, much greater visibility to missteps, and much greater liability, all boiling in the cauldron of a litigious society, where loyalty to one’s employer is a bygone concept, and all too many employees look at their employer as a set of deep pockets to be picked whenever possible.

And it’s all about “people data” – the simple two-word phrase right at the heart of the mission of Human Resources and IT. The enterprise has a problem – its people data is suddenly high value, under attack, and at escalating risk – and they’re looking at you, kid.

The good news is that at least it’s a well-known problem. Indeed, although I hope I’ve done a good job of scaring you into recognizing that identity theft is not all hype – that it’s a genuine, long-term, big-deal problem – the reality has a hard time keeping up with the hype. Identity theft is big news, and lots of folks, from solution vendors to media infotainment hucksters of every stripe have been trumpeting the alarm for years now. Everyone from the boardroom on down is aware in a general way of all the big data thefts, and the problems with computer security, and the hazards of dumpster divers and so on. Even the Citibank ads have done their part to raise awareness. So you have permission to propose a reasonable way to address the problem – a serious, programmatic approach that will easily pay for itself in reduced corporate liability, as well as avoidance of bad publicity, employee dissatisfaction, and lost productivity.

The Journey of a Thousand Miles

In general, what I recommend is simply that you do, indeed, approach identity theft prevention and management as a program – a permanent initiative that is structured and managed just like any other serious corporate program. That means an iterative activity cycle, an accountable manager, and real executive visibility and sponsorship. That means going through cycles of baselining, identification of key pain points and priorities, visioning a next generation state and scope, planning and designing the modules of work, executing, measuring, assessing, tuning – and then repeating. Not rocket science. The most important step is to recognize and train a focus on the problem – put a name and a magnifying glass to it. Do as thorough a baseline review as you can, examine the company from the perspective of this substantial risk, engage your executive leadership, and manage an ongoing improvement program. After a couple of cycles, you’ll be surprised how much better a handle you have on it.

Within the scope of your identity theft program, you will want to target the following primary objectives. We’ll examine each one briefly, and outline the critical areas to address and some key success factors.

1) Prevent actual identity thefts to the extent possible

2) Minimize your corporate liability in advance for any identity thefts (not the same thing as #1 at all)

3) Respond effectively to any incidents, to minimize both employee damage and corporate liability

From an enterprise perspective, you can’t achieve identity theft prevention without addressing processes, systems, people, and policy, in that order.

o First, follow the processes and their data flows. Where does personal identity data go, and why? Eliminate it wherever possible. (Why does SSN have to be in the birthday tracking system? Or even in the HR system? One can tightly limit what systems retain this kind of data, while still preserving required audit and regulatory reporting capability for those few who perform this specific function). And by the way, assigning or hiring someone to try to “social engineer” (trick) their way into your systems, and also asking for employees to help identify all the little “under the covers” quick-and-dirty exposure points in your processes and systems can be very effective ways to get a lot of scary information quickly.

o For those systems that do retain this data, implement access controls and usage restrictions to the extent possible. Remember, you are not tightening down data that drives business functions; you are merely limiting the access to and ability to extract your employee’s personal, private information. The only ones who should have access to this are the employee themselves and those with specific regulatory job functions. Treat this data as you would treat your own personal and private assets – your family heirlooms. Strictly limit access. And remember – it’s not only those who are supposed to have access that are the problem, it’s also those who are hacking – who have stolen one employee’s ID in order to steal more. So part of your mission is to make sure that your network and system passwords and access controls are really robust. Multiple, redundant strategies are usually required – strong passwords, multi-factor authentication, access audits, employee training, and employee security agreements, for example.

o Train your people – simply and bluntly – that this data is personal, and not to be copied or used anywhere except where necessary. It’s not the theft of laptops that’s the big issue; it’s that the laptops inappropriately contain employee’s personal data. Give your people – including any contractors and outsourced providers that serve you – the guidance not to place this data at risk, and where necessary, the tools to use it safely: standardized computer system monitoring, encryption, strong password management on systems that contain this data, etc.

o Develop policies for handling employee’s private data safely and securely, and that hold your employees and your service providers accountable and liable if they do not. Clearly, simply, and forcefully communicate this policy and then reinforce it with messages and examples from senior executives. Make this especially clear to every one of your external service providers, and require them to have policies and procedures that duplicate your own safeguards, and to be liable for any failures. This may seem a daunting task, but you will find that you are not alone – these service providers are hearing this from many customers, and will work with you to establish a timetable to get there. If they don’t get it, maybe that’s a good signal to start looking for alternatives.

Minimizing corporate liability is all about having “reasonable safeguards” in place. What does that mean in practice? – no one knows. But you’d better be able to pass the reasonability “smell test”. Just like obscentity, judges will know “reasonable safeguards” when they see them – or don’t. You can’t prevent everything and you’re not required to, but if you have no passwords on your systems and no physical access control over your employee files, you’re going to get nailed when there’s a theft. So you need to do precisely the kind of review and controls that I’ve outlined above, and you also need to do it in a well documented, measured, and publicized way. In short, you need to do the right thing, and you need to very publicly show that you’re doing it. It’s called CYA. That’s the way legal liability works, kids. And in this case, there’s very good reason for this rigor. It ensures the kind of comprehensive and thorough results that you want, and it will assist you greatly as you iterate the cycles of improvement.

This is why you want to make the effort to establish a formal program, and benchmark what some other companies do, and define a comprehensive plan and metrics after you complete your baselining and scoping steps, and report results to your executives, and iterate for continuous improvement. Because you need to both know and show that you’re doing all that could reasonably be expected to secure employee’s personal data which is in your care.

And yet, despite all your safeguards, the day will come when something goes wrong from an enterprise perspective. You absolutely can substantially reduce the probability, and the size of any exposure, but when over 90 million records were lost or stolen from thousands of organizations in just the last 18 months, sooner or later almost everyone’s data will be compromised. When that happens, you need to shift on a dime into recovery mode, and be ready to roll into action fast.

Saga of the Diver By: Holden Gerrig – Book Review

Paul Schultz, who is disenchanted with both his job and teetering marriage, meets the overly confident Jim Costas while working out at a gym. Although contrasting personalities, Paul and Jim have one thing in common: their love for diving. Paul, an expert diving instructor, trains Jim. In turn, Jim mentors Paul on entrepreneurial skills that go beyond the ordinary since he uses Salsa as a way to hit on the ladies. Paul is captivated by Jim’s salacious prowess. Yet he finds Jim’s impish interactions with women a bit disconcerting, especially since he is married to a hot wife, Teagan. Lynn Teal, Teagan’s best friend, enters the scene, and with her comes a flurry of interpersonal attractions between Jim and Teagan. While Paul desperately works on getting his life together amid all the weird sexual environs, he is unaware of the role that he plays in a devious plot to destroy Jim.

Award winning and rising author Holden Gerrig pens a dizzying one-of-a-kind psychological thriller. Unique to Gerrig’s debut novel is a tight list of literary elements. High on that record is Gerrig’s attractive yet convoluted cast. Gerrig’s attention to detail has produced four well-developed characters that leave readers with mixed emotions. Although his characters lead a variety of questionable lifestyles, Gerrig manages to evoke compassion among his readers when he reveals the troubled human aspects of their past (via omniscient viewpoints) to validate their actions. Pitted in the middle, of course, is the underachieving Paul who is unwittingly caught in the throes of a vicious game of domination. There is more, however, to Gerrig’s creative character design. Pulling out another literary trick out of his sleeve, Gerrig uses his principal cast as foils to draw out their contrasting features. Needless to say, Gerrig’s cast will keep readers in a tizzy.

Gerrig opens his third person narrative with a scene leading up to the story’s apex, followed by a quick shift to an entangled web of backstories. Each chapter is replete with a barrage of alternating character scenes that slowly but deliberately build up to an un-hackneyed cliffhanger – one that catches readers totally off guard. Amid the backstories, Gerrig numbers his alternating scenes, which not only breaks up monotony, but also keeps his plot seamlessly flowing. In addition, Gerrig aptly aligns his complex cast to his storyline by incorporating strong and often lewd language and lust filled scenes as the plot thickens from one deception to another.

A page turner from beginning to end, there is no doubt that “Saga of the Diver – Volume One: Skeletons”- the first book in Gerrig’s series Saga of the Diver – is one captivating roller-coaster read.