2020 GLPS - Group LP Selfies
Your Team - Your Pride - Our Industry
Building Industry Pride - One Team Selfie at a Time

NY Times Article Blasts Amazon Ring

Industry Disrupter Under Fire by U.S. Congress

Led to 0 Arrests Nationwide

Your Amazon Ring Camera Spied on You - Now What?

Congress Demanding Answers About Data & Law Enforcement

'Gaping Security Holes' - Hijacked Cameras' - 'Hidden Code Sharing Data'

The internet-connected doorbell gadget, has gained a reputation as the webcam that spies on you and that has failed to protect your data.

The company fired four employees over the last four years for watching customers' videos. Last month, researchers found that Ring's apps contained hidden code, which had shared customer data with third-party marketers. And in December, hackers hijacked the Ring cameras of multiple families, using the devices' speakers to verbally assault some of them.

This week, Ring announced new protocols to strengthen the security of its products, such as mandating two-factor verification, which requires you to punch in a temporary code before logging into your account to see your footage.

Yet security experts said that Ring had been slow to react and that its solutions were weak.  Read more


Amazon lets police ask for Ring videos that are more than a month old

U.S. Senator: 'Lack of Privacy & Civil Rights Protections is Chilling' Read more


Senator Markey Investigation into Amazon Ring Doorbell Reveals Egregiously Lax Privacy Policies and Civil Rights Protections
Lawmaker found Ring has no evidentiary standards for law enforcement to request video footage, no compliance mechanisms to ensure footage of children isn't collected. Read more
 

Cute videos, but little evidence: Police say Amazon Ring isn't much of a crime fighter

Deafening Lack of Evidence it Makes City's Safer

Winter Park Police Department hasn't made a single arrest facilitated by footage obtained from Ring cameras since it partnered with the company in April 2018.

Ring promises to "make neighborhoods safer" by deterring and helping to solve crimes, citing its own research that says an installation of its doorbell cameras reduces burglaries by more than 50 percent. But an NBC News Investigation has found - after interviews with 40 law enforcement agencies in eight states that have partnered with Ring for at least three months - that there is little concrete evidence to support the claim.  Read more


Click here to see our complete coverage of the Amazon Ring controversy
 

California's Security Bag Check Compensation Law Suit Finally Resolved

Here's the Supreme Courts Reasoning

California Supreme Court Rules Apple to Pay for Employee Bag Checks

Employees Can't "Freely Avoid" Inspections

This legal case has been going on for over eight years and has been ruled on in a number of states. With California having more class action cases then any other. In the final ruling it used one of Apple's marketing theme's, "you wouldn't think about leaving home without it," against Apple. As there was no plausible way to avoid the process.

This decision is notable because by rejecting a bright-line distinction between "avoidable" and "unavoidable" tasks, the Court calls into question a defense employers have raised in many similar security check cases.

Key Points: Apple employees spent waiting for and undergoing mandatory security inspections is compensable.

Editor's Note: In one of the Courts opinions, they actually used Apple's own marketing as rational proof against it.

Read Key Points & Courts reasons here

What HR Is Reading
What California's Latest Bag Check Case Means for You

Decision is Retroactive

Employers should also note that this case extends well beyond just bag checks. It provides a key for evaluation of compensable time under California law generally. Although many activities may remain unpaid under the guidance of this decision, employers in California should nonetheless identify and evaluate any and all unpaid activities of their employees that could have any arguable relationship to their work-whether it is on-site or not. shrm.org
 

Open-Hiring: Is There a Place for it in Retail?

'Inclusive Hiring - Fair-Chance Hiring'

The Body Shop's "Open Hiring': Just answer 3 yes-or-no questions

No Interviews, No Background Checks & No Drug Tests

The Body Shop hiring employees on a first-come, first-serve basis if they answer "yes" to three basic questions.

Three yes-or-no questions. If answers yes to all three, the job is theirs. The three questions used were: Are you authorized to work in the U.S.? Can you stand for up to eight hours? Can you lift more than 50 pounds? nj.com

What Is Open Hiring?
Some employers are embracing this as a way to open the doors to a whole group of often-overlooked individuals. For a lot of roles, experience actually isn't critical, so an employer can opt to not worry about experience and instead train on the tasks at hand. This model has been championed by the Greyston Bakery in New York-the company that makes brownie treats for companies like Ben & Jerry's. They're still a leader in this hiring model and have launched an Open Hiring Center to help other organizations implement their own version of the practice. This overall model is sometimes called inclusive hiring or fair-chance hiring.

Some of the aspects of open hiring are a bit tougher for some employers to embrace-such as not doing criminal background screening-but that doesn't mean the practice is without merit or that it can't be modified a bit, if needed, while still embracing the concept.

For employers interested in the idea, it's important to note that open hiring doesn't necessarily mean that no screening is done at all. Applicants are considered based on their ability to do the job. This means employers can still have the final say in exactly how the process might look at their organization, while still embracing the concept. This might mean less emphasis on work history and more emphasis on the applicant's abilities. It might mean more training for new hires. It might mean a probationary period.

Proponents of an open hiring model cite multiple other benefits. For example:

Improved retention - Improved diversity - The recruiting process is fast - The organization is seen as helping the community. What Is Open Hiring? - HR Daily Advisor
 

Associations Cancel Events, Shake Up Schedules in Response to Coronavirus
Numerous events big and small have had to change their schedules or even cancel in response to lingering concerns about the Wuhan coronavirus. The disease led to the recent cancellation of Mobile World Congress, among others. Events, including many run by associations, have faced major disruptions, delays, and even cancellations. And some of those affected aren't even taking place in Asia-showing how concerns about the disease stretch beyond Chinese borders. associationsnow.com

Report: Trucks remain prime target of cargo thieves worldwide
Cargo in transit by road remains the dominant risk; theft from trucks parked in unsecured lots average 8 per day globally.

International transport and logistics insurer TT Club and supply chain intelligence firm BSI released data for 2019 showing that 87% of cargo thefts targeted trucks in 2019, up from 84% in 2018, dwarfing theft from all other modalities, including warehouses and trains. What's more, 60% of truck incidents occurred while the vehicles were in transit, in rest areas, or at an unsecured parking location.

Regionally, South America ranks highest in the median value of cargo per incident from unsecured truck parking, at $100,000, followed closely by North America, at $80,000.

The top three commodities stolen in 2019 were food and beverages, electronics, and alcohol and tobacco. dcvelocity.com

NJ's Toys R Us Bill Signed into Law to Protect Workers From "Getting Screwed"
Legislation sponsored by LD20 Senator Joe Cryan and Senator Nellie Pou (LD35) to protect workers from "getting screwed" when their employers go into bankruptcy or close their doors was signed into law Thursday by Governor Phil Murphy. The law, S-3170, makes New Jersey the first state in the country to guarantee severance pay in the wake of mass layoffs.

The law increases the minimum number of days of notice from 60 to 90 that employers of 100 or more full time employees when there is a mass layoff, plant closing or transfer resulting in 50 or more employees losing their jobs. It will also require severance pay equal to one week for each year of service. The severance would be "earned in full" upon the termination of employment. tapinto.com

Is NJ's American Dream Mall Getting Ready for Huge Retail Launch?

Houston We May Have a Problem

About 17,000 people have been hired to-man the 450 restaurants, stores, and services in the 3 million-square-foot area. Problem is, the Retail Apocalypse is happening.

The massive project officially opened on Oct. 25 of last year. Thus far, according to NJ.com, just the three-story candy department store It'Sugar has joined the Nickelodeon Universe theme park, the indoor ice skating rink and Big Snow, an indoor ski and snowboard park, as the mall's tenants.

American Dream's top brass have said in the past that a majority of the retail outlets and dining places are set to debut in March. That said, however, a lot of the schedules start dates have been pushed back. Officials told the public recently that additional details are yet to come.

Macy's Chief Executive Officer Jeff Gennette, for example, said his company "certainly did consider it," but the department-store chain held off, given the property is "unproven."

Companies like Japanese fashion brand Uniqlo and retail chain Primark and Gap Inc.'s Old Navy and Banana Republic are opening. Victoria's Secret, Pink and Bath & Body Works, all owned by L Brands Inc., will have locations as will Kate Hudson's athleisure line Fabletics and Charlotte Russe Inc. which filed for bankruptcy about a year ago.

The latest group of retailers who are said to be part of the program includes:

• Charlotte Russe
• Ginger Sushi
• Jarana Restaurant
• Likkle More Jerk
• Manchu Wok
• Morphe
• SJP by Sarah Jessica Parker
• Sunglass Hut
• Thai Express
unionleader.com


800 Store Lidl to Reach 1,000 Stores in UK By 2023

Belks Department Stores Cuts 80 Corporate Jobs

Macy's Dropped To Junk-Bond Status

HyVee Announces Reorg. - Possible Layoffs & No More Operating 24 Hours a Day

Forever 21 acquired by Authentic Brands, Simon and Brookfield

Quarterly Results
Domino's Q4 U.S. comp's up 3.4%, International comp's up 1.7%, net sales up 6.3%
Jack in the Box Q1 system comp's up 1.7%, company comp's up 2.9%
SpartanNash Q4 Retail comps up 0.5%, Food Dist. net sales up 1.5%, Military Dist. net sales up 0.5%, Q4 total net sales up 5.3%, Full Yr. total net sales up 5.8%

Become RFID-Certified at RFID Journal LIVE!
The 2020 event will include the Fast-Track RFID Professional Institute Certified Associate training. During this advanced, one-day fast-track course attendees were given an overview on how to design, install, configure, monitor and troubleshoot an RFID system in the field. The training prepares participants for the RFID Professional Institute Certified Associate exam. Don't miss this opportunity!

The 2020 event will also have keynote speakers and other conference sessions that provide unique insights into some of the world's largest, most sophisticated and most innovative RFID deployments to date, and show how the technology is being used across major industries.

Click here to learn more about the conferences 9 industry focused-tracks and 8 technical
and how-to tracks.
 

New Guidance: PCI DSS for Large Organizations
PCI Security Standards Council has published a new Information Supplement: PCI DSS for Large Organizations. This document was produced by the 2019 Special Interest Group (SIG), whose members provided their expertise and shared experience of managing PCI DSS assessments in large organizations.

Often the larger an organization becomes, the more interconnected and complex its relationships with internal business units and third parties become. As a result of this complexity, large organizations may need to evolve their approaches for implementing and maintaining PCI DSS controls across the entire organization. The document provides guidance and suggestions that cover a range of business considerations, including:

• Roles, responsibilities, and ownership of PCI DSS functions
• Sustaining compliance
• Mergers and acquisitions
• Managing acquirers and payment channels
• Education and awareness
• Systems management to maintain PCI DSS compliance
• Multiple audits and assessment
• Laws, regulations, and standards

Read the information supplement here. pcisecuritystandards.org

44% of Security Threats Start in the Cloud

Amazon Web Services responsible for 94% of all Web attacks
originating from the public cloud

Cloud-enabled cyberattacks are ramping up, as indicated in a new Netskope study that found 44% of security threats use cloud services in various stages of the kill chain. Attackers are targeting popular cloud apps and services to exploit the growing trust in commonly used enterprise platforms.

Microsoft Office 365 for Business, Box, Google Drive, Microsoft Azure, and GitHub are the most-targeted cloud apps, researchers discovered in the February 2020 Netskope Cloud and Threat Report. Most (89%) enterprise users operate in the cloud, and 33% of them work remotely.

Amazon Web Services (AWS) is a hot target for cloud storage apps, Imperva researchers found in their Cyber Threat Index, also released today. Web attacks originating from the public cloud saw a 16% spike from November to December 2019. AWS was a top source for these attacks, responsible for 94% of all Web attacks starting in the public cloud. "This suggests that public cloud companies should be auditing malicious behavior on their platforms," researchers said. darkreading.com

2020 State of Password and Authentication Security Behaviors Report by Yubico & Ponemon Institute
According to the report,IT security practitioners and individuals are both engaging in risky password and authentication practices, yet expectation and reality are often misaligned when it comes to the implementation of usable and desirable security solutions. The tools and processes that organizations put in place are not widely adopted by employees or customers, making it abundantly clear that new technologies are needed for enterprises and individuals to reach a safer future together.

"For years, achieving a balance between high security and ease of use was near impossible, but new authentication technologies are finally bridging the gap. With the availability of passwordless login and security keys, it's time for businesses to step up their security options. Organizations can do far better than passwords; in fact, users are demanding it."

Other findings from the research include:

• Individuals report better security practices in some instances compared to IT professionals.

• Fifty-one percent of IT security respondents say their organizations have experienced a phishing attack, with another 12% of respondents stating that their organizations experienced credential theft, and 8% say it was a man-in-the-middle attack. Yet, only 53% of IT security respondents say their organizations have changed how passwords or protected corporate accounts were managed. Interestingly enough, individuals reuse passwords across an average of 16 workplace accounts and IT security respondents say they reuse passwords across an average of 12 workplace accounts.

Click here for the full infographic securitymagazine.com  yubico.com

The Ecosystem of Phishing: From Minnows to Marlins
The Digital Shadows' Photon Research Team analysis entitled From Minnows to Marlins, the Ecosystem of Phishing analyzed many of the popular marketplaces and forums frequented by cybercriminals. It found that phishing page templates and clones impersonating some of the biggest brands in the world, are being priced and sold from just $1.88. These templates aim to masquerade as legitimate companies and trick recipients into handing over sensitive information, like credentials, password resets or notifications of suspicious activity, says the report.

The analysis details from start to finish how criminals create, distribute, steal data, and monetize phishing emails and pages. Many criminals begin by using phishing email templates, often indistinguishable from the real thing which use the same exact assets (e.g. images, fonts, and wording). Criminals can then combine these with 'clone' websites, the cost of which start under $2.00. After purchasing a cheap domain and email contact lists (with 10m email contacts being advertised for just $12.99) spammers can launch a campaign for under $20 with little technical knowledge required, notes the study.


Phishing emails are the most exploited "vulnerabilities" in the modern age of cyber criminality. Phishes have evolved over time, taking on new forms and adding advanced functionality at every stage of their development and delivery scheme. Simple social engineering emails with misspellings and grammatical errors have evolved into nearly undetectable impersonations of the brands that people see coming through their email inboxes every day. securitymagazine.com

Read the full report:
The Ecosystem of Phishing: From Minnows to Marlins
Phishing key findings and statistics

Register for NRF Dinner @ RSA 2020
Waterbar San Francisco California
February 26, 2020 6:00pm to 9:00pm Pacific
The NRF Dinner at RSA 2020 will take place during the RSA Conference on February 26, 2020, at the highly rated, Waterbar Restaurant in San Francisco, California.

This dinner offers an intimate roundtable setting, in which retail cybersecurity experts can discuss industry trends and engage in insightful dialogue on cyber risks and business challenges.

Please join us for an evening of dinner, networking, and inspiration in a quaint environment.

For any additional questions, please email programs@nrf.com.

At the Waterbar at 399 The Embarcadero in San Francisco: 6:00 PM nrf.com

'Top secret' security measures at pot dispensaries
The costly side of Illinois' new marijuana trade that can't be revealed
There is a high stakes reality for Illinois' new marijuana entrepreneurs. It's costing each of them a small fortune but it is something they can't talk about it. How a dispensary secures its facility is so top secret, marijuana execs told the I-Team state regulators restrict companies from sharing the details.

The reason is a mix of marijuana and money. A lot of both, in the recreational use facilities that opened just last month under a new state law. Nearly $40 million worth of weed was sold during the first month it was legal. That is a lot of cash to keep track of.

"The cannabis industry is dealing with a lot of cash. A duffle bag full of product could be $60,000, $70,000," said Dan O'Sullivan, senior security consultant with Clear Loss Prevention. "It creates a target."

"It's something we don't provide because we don't want anyone to have that access because, you know, it's proprietary to how we operate our business," said Brendan Blume, vice president of store development for Green Thumb Industries which owns and operates nearly 100 dispensaries nationwide, including Rise in Joliet. abc7chicago.com

Oregon Police Investigating Cannabis-Focused Burglary Ring
Police in Oregon are investigating a burglary ring that targeted cannabis businesses, the Oregonian reports. As part of the investigation, Portland and Salem police seized $33,000 in cash, 30 pounds of cannabis, six pounds of hash oil, 16 firearms, and burglary tools, along with clothing and other evidence from the victimized businesses, the report says.

Portland Police Assistant Chief Andrew Sherer said on Twitter that one arrest had been made in the case and there were "more to follow." Officials have not released any other information, citing the ongoing investigation. ganjapreneur.com

9 Pot Shop Robbery Suspects Sought in 2 Yakima Store Hits