[From the desk of Paul Davis – his opinions and no-one else’s, apart from the reporter’s opinions ]
* IT Pros Are Choosing Between Productivity and Security
* Data security concerns fuel IT investment decisions
* DocPoint Solutions Adds New Capabilities to GSA Schedule 70
* Harry Styles photo hack: 7 UK laws which protect you if your private pictures get into wrong hands
* RSA highlights need for Red Team Automation simulated cyber attacks
* English language used the most for cyber attacks: Report
* Lack of Security Automation Exposes Enterprises to Cyber Attacks and Outages
* What Does a Typical Fortune 100 CISO Look Like?
* DHS preps final RFP for NextGen security operations
* Companies still lack adequate data privacy tools
* Digital security puts CISO reporting structure in corporate glare
* GRC: CISOs must crawl, walk and run, says MetricStream’s Gunjan Sinha
* HSCIC’s CareCERT head wants NHS and social care to be prepared for cyber attacks
* Google boosts HTTPS, Certificate Transparency to encrypt Web
* New Risks Impacting E & O Claims
* MITRE offers temporary solution to the CVE assignment problem
* One Step Closer to Mandatory Breach Reporting Across Canada: Consultations Open
* Experts: Data, devices, employees pose biggest challenges to hospital cybersecurity
* CFPB’s First-Ever Data Security Enforcement Action
* Biometrics not a magic infosec bullet for web banking, warns GCHQ bloke
* curl, 17 years old today
IT Pros Are Choosing Between Productivity and Security
According to Barkly’s 2016 Cybersecurity Confidence Report, 41% of respondents said they are dissatisfied with their current solution because it slows down their system.
For those shops, it could mean that colleagues are taking insecure shortcuts to improve efficiency, such as using unauthorized third-party apps or connecting unsanctioned devices to the network.
For others that say their security hasn’t slowed them down, it could indicate a weakened security profile overall.
Barkly’s research draws a clear line between front-line IT pros’ and the C-suites’ opinions around security.
Respondents indicated that they believe IT teams prioritize security higher than the C-level, with nearly two-in-five respondents stating that IT teams believe it to be an essential priority, compared to only 27% of C-level executives.
Which could lead to productivity being prioritized over security.
The survey also revealed that the biggest issues IT teams have with current solutions are that they require too many updates (36%), are too expensive (33%) and provide no protection against zero-day attacks (33%).
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=0c039344f8&e=20056c7556
Data security concerns fuel IT investment decisions
According to the results of a recent survey sponsored by IT services provider Datalink and conducted by IDG Research Services, 70 percent of companies now rank data security as their top priority when it comes to investing their IT dollars.
In addition, the survey, which polled more than 100 IT executives and senior level managers from large U.S.-based organizations, also found that 75 percent of companies consider IT security more important today than just two years ago.
Nearly three-quarters of respondents said they have security projects in the works while just over 20 percent indicated that such projects were in the build or planning stage of development.
Although the threats posed by cyber intrusions are certainly not a new phenomenon to corporate America, Rader said the likely reason that more organizations consider IT security a bigger critical threat today than they did just two years ago is that many of them probably felt they had cybersecurity under control.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=27c8e16b9a&e=20056c7556
DocPoint Solutions Adds New Capabilities to GSA Schedule 70
DocPoint Solutions, Inc., a provider of implementation, customization, training, and support of SharePoint solutions and its suite of products, has added Concept Searching’s products and services to its General Services Administration (GSA) Schedule 70 contract vehicle.
Concept Searching is a provider of semantic metadata generation, auto-classification and taxonomy management software running natively in SharePoint and SharePoint Online.
By blending these technologies with DocPoint’s end-to-end enterprise content management (ECM) offerings, the companies say, government organizations will be able to maximize their SharePoint investment and obtain an integrated solution for sharing, securing, and searching for mission-critical information.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=a68a77d2c4&e=20056c7556
Harry Styles photo hack: 7 UK laws which protect you if your private pictures get into wrong hands
The Computer Misuse Act 1990
1968 Theft Law
1997 Protection from Harassment Act
The Public Order Act 1986
The Malicious Communications Act 1988
European Convention on Human Rights 1998
Obscenity laws
Men are slightly more likely to be threatened with online exposure than women – according to a 2013 McAfee study. 12% of men had been threatened with it , but only 8% of women.
However, a survey of the UK’s revenge porn sites suggest that only 20% of the hosted pictures show men.
Link: http://paulgdavis.us3.list-manage2.com/track/click?u=45bf3caf699abf9904ddc00e3&id=dce95afb7d&e=20056c7556
RSA highlights need for Red Team Automation simulated cyber attacks
At this month’s San Francisco based RSA conference, the largest global conference for cybersecurity, there were several topics which were prominent.
Red Team Automation is now being seen as a core part of any organisation’s cyber security strategy.
A ‘Red Team’ traditionally works in a covert manner testing an organisation’s weakest points using the same techniques used by organised cyber criminals.
The automation of this process deploys specialist software designed for continuous testing.
What is essential is that companies take steps to safeguard those points in their inner and outer perimeters where the cyber criminals are most likely to strike.
This means combining Red Team Automation with software designed to monitor criminal activity on their Dark Web while also keeping a constant check on known weak points such as social networking sites where the company or its staff have a presence.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=788a081a58&e=20056c7556
English language used the most for cyber attacks: Report
New Delhi: English language was the highest spam sending language in 2015 with 84.1 per cent spammers using it for cyber-attack followed by Chinese (2.6 per cent) and German (1.7 per cent) on second and third spots, a report by Trend Micro Incorporated said.
Trend Micro Incorporated released its annual security roundup report that dissected the most significant security incidents from 2015.
“The first quarter of 2016 clearly showed we need to also watch out for older threats and how no industry or system should feel exempt.
After all who would have thought that language is also something to worry about from cyber threats perspective!” the report said.
Link: http://paulgdavis.us3.list-manage2.com/track/click?u=45bf3caf699abf9904ddc00e3&id=0027cdb7fe&e=20056c7556
Lack of Security Automation Exposes Enterprises to Cyber Attacks and Outages
AlgoSec, the market leader for Security Policy Management, today announced the results of its “State of Automation in Security” survey.
The survey revealed that 83% of organisations want the use of automation to manage security processes to greatly increase over the next 3 years.
Other key findings from the survey include:
Lack of automation causes outages and breaches. 20% of organisations experienced a security breach, 48% had an application outage and 42% had a network outage as a result of a misconfiguration caused by a manual security-related process.
Not enough automation.
Only 15% of respondents reported that their security processes were highly automated.
Over 52% had some automation in place but felt that it was not enough, and 33% said they had little to no automation.
Motivations for automation abound, but so are concerns.
The growing number of cyber threats, time spent performing security changes manually, and cloud and SDN projects were the top motivations for automation.
However, concerns about accuracy, and the resources required to implement automation solutions, as well as difficulty driving organisational changes are inhibiting their proliferation.
Automation serves the business.
Over 80% of respondents believe that automation will increase the overall security posture of their organisations. 75% of respondents think it will improve application availability, as well as enable them to process security policy changes faster and reduce errors. 75% also feel that automation will reduce audit preparation time and improve compliance. 50% believe that automation will help deal with the IT skills shortage and reliance on experienced security engineers.
Link: http://paulgdavis.us3.list-manage2.com/track/click?u=45bf3caf699abf9904ddc00e3&id=5106be071b&e=20056c7556
What Does a Typical Fortune 100 CISO Look Like?
Not surprisingly, Digital Guardian found that most CISOs were overwhelmingly male at 89 percent.
In terms of education, 85 percent had at least a Bachelor’s degree, while 40 percent also had a Master’s degree.
Just and a few had a PhD or JD, they said.
The top three fields of study for these CISOs were business, information technology/information security, and computer science.
Of the Fortune 100 CISOs they looked at, 80 percent have held their current position for less than five years.
When it comes to certification, half have a CISSP certification and 22 of them have a CISM certification.
Fortune 100 security leaders hold an average of 2.86 certifications.
Digital Guardian created the infographic below which outlines “the anatomy of a CISO” to sum up their findings in a fun way.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=f6726dcc38&e=20056c7556
DHS preps final RFP for NextGen security operations
The Next Generation Security Operations Center (NextGen SOC) contract will give the DHS CISO access to cybersecurity support services, with a focus on securing the networks at the Office of the CIO, National Protection and Programs Directorate and Science and Technology Directorate, among others.
“The task orders issued hereunder will be designed to acquire a broad range of services and solutions—under various contract types—to fulfill the department’s mission” as it pertains to cybersecurity, according to the synopsis.
That mission includes a mandate to “prevent, detect, contain and eradicate cyber threats through monitoring, intrusion detection and protective security services to DHS information systems.”
The final contract will have a ceiling of $395 million over seven years, with a base of one year and six additional one-year options.
Individual task orders will range from a minimum of $1,000 to a maximum of $10 million.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=53fdbf345a&e=20056c7556
Companies still lack adequate data privacy tools
93 percent of IT professionals agree that customer data privacy concerns are a critical issue at the C-level.
Yet, only 9 percent percent believe current privacy and consent methods are adequate.
When asked about the requirements of new data privacy and consent methods, 96 percent agreed that there is an increasing need for dynamic and flexible privacy tools that are adaptable to future borderless regulatory requirements and consumer expectations.
A new ForgeRock study revealed regional differences in opinions towards data privacy between U.S.-based and EMEA-based IT professionals.
While 84 percent of U.S.
IT professionals believe that the U.S. will eventually adopt similar personal data protection regulations to Europe, responding European IT professionals were more skeptical with only 66 percent agreeing that the US would implement data privacy regulations similar to those in European.
96 percent of IT professionals believe emerging European regulations for data protection are creating a need for better tools and standards for ensuring personal data protection, privacy and consent
84 percent of U.S. respondents (and 87 percent of APJ-based respondents) believe the U.S. will eventually adopt similar personal data protection regulations as Europe
Only 66 percent of EMEA-based respondents believed that the U.S. will eventually adopt similar personal data protection regulations as Europe.
“As our survey illustrates, coping with regulation – privacy or otherwise – is no longer just a cost center for organizations.
As connected devices and technologies take on a greater role in public and private life, there are massive business benefits to building in new identity and data privacy solutions that can scale over time,” said ForgeRock’s CEO, Mike Ellis. “Organizations clinging to legacy identity management technologies – which are currently inadequate – will be at a major disadvantage.”
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=6286033009&e=20056c7556
Digital security puts CISO reporting structure in corporate glare
What there’s less agreement on, once a security executive is fixed in the corporate firmament, is the optimal CISO reporting structure.
Should he or she take orders from an IT chieftain like the CIO.
Maybe someone in operations or the legal department.
Or should it be straight from the top, the CEO?
“This is very much a religious war.
It’s been happening ever since the term CISO came about,” said Alexander, a former CISO and independent consultant.
According to a recent report by Cloud Security Alliance and Skyhigh Networks, 61% of organizations have a CISO.
Of that number, 42% report to the CIO, 32% report to the CEO and 26% report to other executives, including the general counsel and the CFO.
More than just the person in charge of managing information security, a CISO needs to be the face of a company’s information security strategy.
He or she needs to work with top executives to make them aware that cybersecurity threats are business threats — and then make sure that message makes its way down through the ranks, to midlevel managers and the business units under them.
Nemertes’ Johnson recently interviewed companies about their security practices and found that the organizations with the most mature cybersecurity strategies had a CISO reporting directly to a business executive.
The study, which surveyed 17 organizations, found that the fewer “hops” from the CISO to the business side mapped directly to how prepared an organization was for current and future security challenges.
Johnson presented the research in a March 8 webinar.
If a CISO is two or more hops away — “you’re reporting in to somebody who’s reporting in to somebody who’s reporting in to the business” — it’s on the lower end of the maturity scale.
An organization with this twice-removed CISO reporting structure has the basic technology and staff necessary to combat cyberattacks, but it can’t prevent problems from happening in the first place.
The CISO should also have regular communications with the board of directors, Johnson said, giving updates every fiscal quarter to, say, an operating committee that does risk and compliance audits.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=8110d697b2&e=20056c7556
GRC: CISOs must crawl, walk and run, says MetricStream’s Gunjan Sinha
Most CISOs are occupied more around ‘block and tackle’ solutions, vulnerability assessment and basic fixes to avoid blatant security breaches.
The companies up the maturity curve with basics in place are the ones embracing GRC.
Companies more advanced in infrastructure are using GRC to get a 360 degree perspective to know emergence of risks and then proactively and prospectively address and fix them.
In more developed economies and developed companies, GRC is now a must-have globally.
India is an emerging market as many businesses are still climbing up the maturity curve.
And as they are at right stage and correct time to embrace GRC technology, we are making sure to be at the forefront as a technology enabler.
The adoption of GRC in India is very encouraging for us.
GRC is all-encompassing and it feels complex, it feels big.
And it is big.
A decade ago, we realized one could not approach this problem as a monolithic beast as it would be as futile as trying to boil the ocean.
Channel partners need to have certain expertise and domain specialization.
If they have expertise in law and regulation in the country and you understand the domain and have built a practice around it, it is a natural partnership for us.
We don’t look at the size as the determinant.
My recommendation for companies is to map out a journey through a modular and phased approach.
I am a big proponent of crawl, walk and run.
CISOs have to understand their company’s GRC maturity level today.
Just like CMM quality model, think about GRC maturity model today and three or five years from now.
Don’t try to boil the ocean with many different things simultaneously, as it will lead to disappointment or cost issues or system failures.
GRC today stands at an interesting crossroad.
Every company in 1990s wanted to deploy ERP with SAP.
In early 2000, sales rode the wave of CRM.There is an absolute demand surging around the world for GRC.
Every company I talk to, in US, Spain, Australia and India, is seriously exploring GRC.
This will create massive demand. 2016 will be exciting and we will continue to accelerate our momentum.
Link: http://paulgdavis.us3.list-manage2.com/track/click?u=45bf3caf699abf9904ddc00e3&id=e4f3ccf75b&e=20056c7556
HSCIC’s CareCERT head wants NHS and social care to be prepared for cyber attacks
The Health and Social Care Information Centre (HSCIC) wants the health and care sector to be ahead of the game in cyber security.
It aims to help front-line staff tackle potential breaches, and make its CareCERT programme the “trusted brand” for cyber security in the NHS and social care.
The centre first launched its care computing emergency response team (CareCERT) last autumn, with the full go-live in January 2016.
The programme aims to enhance cyber resilience across health and social care by providing incident broadcasts, training and resources to health and care providers.
CareCERT was set up under the Cabinet Office’s national cyber security programme, and although still fairly new, it is already making an impact.
Its main function is to consume threat intelligence information and guidance from a range of sources, triage the information, work out if there is a threat and the likelihood of impact on the organisation facing the threat, says Taylor.
HSCIC will not manage incidents that happen ad hoc within the system, because cyber security needs to have local ownership and accountability.
If you take the accountability away from people, they may not take the right steps, says Taylor, but adds that CareCERT is there to support them.
Should there be an incident affecting multiple organisations, CareCERT has an escalation path, together with its partners and the Department of Health.
The HSCIC is working with Health Education England to develop content for the portal, which will go live next month.
HSCIC has also run a course aiming to create cyber security champions to take responsibility locally.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=713a250df9&e=20056c7556
Google boosts HTTPS, Certificate Transparency to encrypt Web
Google continued its push this week to securely encrypt all Web traffic, going all-out for HTTPS and transparency, as it announced the expansion of its Transparency Report project, along with the release of new tools and resources.
New sections to the report include a page where Google HTTPS efforts can be tracked, as well as a Certificate Transparency log viewer.
Google also now reports on HTTPS use by leading websites, listing the top sites running modern HTTPS by default and that support modern HTTPS — not by default — with a list of other top sites that have not yet updated to HTTPS.
The Certificate Transparency log viewer offers users a way to look up all of the digital certificates in public Certificate Transparency logs that have been issued for a given hostname, including expired certificates and certificates for subdomains of a hostname.
Certificate Transparency provides a way for certificate authorities to publicly declare certificates they have generated legitimately.
Using the logs, it is possible to determine whether an attacker has been issued a certificate for a domain not under the attacker’s control, as well as to determine when a CA has been subverted.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=b436005add&e=20056c7556
New Risks Impacting E & O Claims
Cyber risk is just one of the factors impacting errors and omissions claims, according to panelists at the American Bar Association’s annual Tort Trial & Insurance Practice Section’s Insurance Coverage Litigation Committee.
Because of a convergence of new risks facing professionals today, including technology and media liability, explained James Rhyner, vice president, global specialty E & O product manager, Chubb & Son in Warren N.J., insurers are taking a broader risk view.
New modular policies start off with base of E & O coverage and include other coverages tailored to a particular professional’s business.
It’s an educational process about what the risks truly are, Rhyner said.
Professional service providers that sustain a cyber loss need to be cognizant of what their E&O policy covers.
For example, he explained that first party expenses aren’t covered under E & O or commercial general liability policies.
There is limited cyber coverage under an E&O policy, said Kristine Tejano Rickard, who has experience working in claims and underwriting and is currently general counsel for Indiana-based Fuzion Analytics, Inc.
Professionals should be asking questions as to what extent cyber is covered because the coverage they have might not be suited to their business.
Because cyber is a newer exposure, professionals still need to get their arms around it and stay on top of the business risk, said Rhyner.
In addition, he explained that it isn’t when you’ll be attacked by cyber, but how prepared you are and what steps you plan to take to mitigate it.
He said he’s often met with professionals who have no incident response plan in place.
Another area of increasing risk are social engineering fraud claims, said Rickard.
An example is when an escrow agent holds funds on a home sale, waiting for final confirmation that the transaction closed, he or she then receives an email with wiring instructions, which looks legitimate but isn’t, asking that funds be transferred to a separate account.
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=d739231ae5&e=20056c7556
MITRE offers temporary solution to the CVE assignment problem
MITRE’s short-term solution to the problem of slow CVE assignment is to set up an experimental system for issuing federated CVE IDs using a new format.
“(…) the researcher and discloser communities have identified a need for rapid, early assignments of CVE IDs to enable early-stage vulnerability coordination and mitigation.
The immediacy of this use case means that the requirement for traditional references and descriptions is, at times, less important than the rapid issuance of unique identifiers,” says the press release that will accompany the launch of the pilot program scheduled for Monday, March 21, 2016.
“The new format will not have any impact on either direct or downstream uses of the current-format CVEs.
MITRE also recognizes that it is critical for the community and stakeholders to be able to easily differentiate between traditional CVE entries and those IDs that have been assigned for the rapid-response use case,” it is noted.
To that effect, “the federated ID syntax will be CVE-CCCIII-YYYY-NNNN…N, where ‘CCC’ encodes the issuing authority’s country and ‘III’ encodes the issuing authority.”
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=ec91e8722c&e=20056c7556
One Step Closer to Mandatory Breach Reporting Across Canada: Consultations Open
On March 4, 2016, Innovation, Science and Economic Development Canada (Ministry) published a consultation document soliciting input from stakeholders on the development of regulations that will support mandatory data breach reporting requirements under the Personal Information Protection and Electronic Documents Act (PIPEDA).
Parties interested in participating in this consultation must provide comments in writing by May 31, 2016.
Once these amendments come into force, organizations that experience a “breach of security safeguards” will be required to:
Determine if the breach poses a “real risk of significant harm” to any individual whose personal information was involved in the breach
Notify individuals as soon as feasible of any breach that poses a “real risk of significant harm”
Report any data breach that poses a “real risk of significant harm” to the Privacy Commissioner, as soon as feasible
Where appropriate, notify any third party that the organization experiencing the breach believes is in a position to mitigate the risk of harm
Maintain a record of the data breach and make these records available to the Privacy Commissioner upon request
The consultation document asks stakeholders to consider whether the regulations should set out specific circumstances in which a third party organization would always be required to be notified of a data breach.
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=1ccd359fda&e=20056c7556
Experts: Data, devices, employees pose biggest challenges to hospital cybersecurity
Simply keeping track of your data, how it enters your system and subsequently moves through it can be a huge challenge.
It can create vulnerabilities if it’s a challenge that isn’t adequately met, said Suzanne Widup, senior analyst of healthcare cybersecurity for Verizon.
“Take a data-centric approach to your security.
Look at all the places where data is acquired, how it’s processed and how it moves through the organization and in each step make sure that it is protected.
If you don’t know where your data is, it’s going to be difficult to have any level of confidence that you’re actually putting security measures in place to protect it.”
Johnson, Anderson and Widup all stress one thing: education and employee training.
Right now, there isn’t enough of it going on in the workplace, and bad habits still abound, they said.
Link: http://paulgdavis.us3.list-manage2.com/track/click?u=45bf3caf699abf9904ddc00e3&id=8fe8309b9d&e=20056c7556
CFPB’s First-Ever Data Security Enforcement Action
Earlier this month, the Consumer Financial Protection Bureau (CFPB) made headlines by bringing its first enforcement action in the data security space.
Dwolla, Inc., an Iowa-based online payment processor, was the CFPB’s target.
According to CFPB Director Richard Cordray, “With data breaches becoming commonplace and more consumers using these online payment systems, the risk to consumers is growing.
It is crucial that companies put systems in place to protect this information and accurately inform consumers about their data security practices.”
n order to set up an account and move money online, Dwolla customers provide Dwolla with sensitive personal information, including address, telephone number, social security number, and bank account and routing information.
According to the consent order, Dwolla made a variety of misrepresentations about the manner in which it secured such information.
For instance, Dwolla falsely claimed that it encrypts all personal information and it also misrepresented that its data security procedures exceed industry standards.
This enforcement action makes it clear that the CFPB is closely monitoring data security practices of companies that offer financial products and services.
It should also serve as a warning to any business that handles consumers’ personal and/or financial account information.
The following are some key takeaways:
Link: http://paulgdavis.us3.list-manage1.com/track/click?u=45bf3caf699abf9904ddc00e3&id=bde389c6b1&e=20056c7556
Biometrics not a magic infosec bullet for web banking, warns GCHQ bloke
Speaking at a Westminster Business Forum on Biometrics, the CESG’s Head of Identity in Government, Dr Chris Allgrove, claimed that society had reached “the tipping point” at which financial and other services have started backing the introduction of biometrics for authentication, according to Allgrove, due to the mass misuse of alternative authentication methods.
In the work conducted by GCHQ’s information assurance arm, Allgrove noted that “people basically use passwords that are not terribly helpful, people don’t use them well, people don’t follow rules – or the rules are so horribly complicated that there’s no point following them.”
He added that “there’s also huge amounts of innovation going on, and both pushing forward existing technology and developing new modalities, implementing novel ideas on these platforms.
And this is all underpinned by developments of the architectures, the processes, both in terms of power and how fast they operate, and also how secure they can operate, and how reliably we can expect them to do particular tasks and look after our sensitive data.”
According to Allgrove, different manufacturers may implement different security paradigms for uploading apps or accessing information, “but they are all vulnerable.”
Link: http://paulgdavis.us3.list-manage.com/track/click?u=45bf3caf699abf9904ddc00e3&id=6206d3e1b7&e=20056c7556
curl, 17 years old today
Today we celebrate the fact that it is exactly 17 years since the first public release of curl.
I have always been the lead developer and maintainer of the project.
There’s no glory and there’s no eternal bright light shining down on me.
I have not climbed up onto a level where I have a special status.
I’m still the same old me, hacking away on code for the project I like and that I want to be as good as possible.
Obviously I love working on curl so much I’ve been doing it for over seventeen years already and I don’t plan on stopping.
Link: http://paulgdavis.us3.list-manage2.com/track/click?u=45bf3caf699abf9904ddc00e3&id=4be1c8dccb&e=20056c7556
============================================================
Feedback, questions? Our mailing address is: dailynews@paulgdavis.com (mailto:dailynews@paulgdavis.com)
If you know someone else who would be interested in this Newsalert, please forwarded this email.
If you want to be added to the distribution list, please click this: Subscribe to this list (http://paulgdavis.us3.list-manage2.com/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a)
Unsubscribe from this list (http://paulgdavis.us3.list-manage.com/unsubscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556&c=d3d225f41e)
Update subscription preferences (http://paulgdavis.us3.list-manage.com/profile?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556)