Do you remember when the news was hacking wireless networks with a Pringles tube?

Back in the mid 2000’s empty cans of Pringles crisps could be helping malicious hackers spot wireless networks that are open to attack. A security company, i-sec, demonstrated that a directional antenna made with a Pringles can significantly improves the chances of finding the wireless computer networks being used in London’s financial district, at the time the informal survey carried out by i-sec using the homemade antenna found that over two-thirds of networks were doing nothing to protect themselves.

Jump on 10 years and what do we have today?

Drones! We have a drone being used in hacking, WIRED has a great story on how it works. The ability to compromise a ‘air-gapped’ computer, the safeguard of separating highly sensitive computer systems from the internet to quarantine them from hackers.

A group of researchers at Ben-Gurion University in Beersheba, Israel cybersecurity lab has devised a method to defeat “air gap” computers.

This video shows the drone taking off from a car park.

In ten years or so we have moved from a hacking with Pringles Tube to a Drone – this shows amazing progress!!

We are told that we should secure our data against data breaches and make sure we don’t tell people and companies un-necessary information about ourselves. Just 15 years ago we were told to shred our old post and envelops for fear of thieves going through our bins.

Yet on the other hand, today people will tell you that there’s no point as all our data is out there, its been breached and hacked already, sold multiple times, and anyway we post the craziest details all over Facebook, so why secure your data against a data breach now? Why stop sharing everything?

This last point of view comes from the fact that many large corporations don’t seem to care about your data as much as you may have hoped.

The well-known password security company Dashlane has compiled a list of the top 20 data breaches of 2018. If you thought that the British Airways case was bad take a look at the list, it only just made the list at number 20.

The list shows that just under 3 billion data records were stolen. And this was ONLY 2018. The chances that your data is not on this list is quite small – somewhere some part of your data is already compromised. Especially if you add the many smaller hacks of 2018 and those of previous years.

We are heading into 2019 and I am wondering is securing my data worth it today, since its already out there?

I take the view that it is. Hackers don’t know what my new passwords are, things that I have added today, things I have updated etc. My profile changes all the time. I am working to actively make my historical data out of date and not useful. Change passwords, stop adding sensitive data to social media, only give data that companies need to interact with them. For example, why give a correct Date of Birth unless is essential? Your main email – why give that? Your mobile number – why give that? Your correct zip code – why give that? Unsubscribe as soon as it’s not useful, why not?

Each bit of data given should be questioned and if you think its not important to the actual transaction then don’t give the data. That hotel site, why does it need your Date of birth or your main email address? We have responsibilities too.

Companies take more data than they need and then don’t secure it as we have seen. I understand that new platforms are trying to automate ‘trust’ by vetting guests or workers before they use the platform so that providers and users can trust the site. But the platform must then be responsible for the data. Again the hotel is a good example – You can pay cash at a hotel and they don’t know anything much about you…. AirBnB on the other hand needs to know your complete verified identity just to sign up and book. The duty of care here for data is completely different.

Looking forward to December 2019, I wonder what the list will look like, one thing for sure it won’t be an empty list! Ask any security expert today what the biggest risk in December 2019 will be and they wont know – hacking threats change and update all the time. Is it finally time to look at information insurance? To buy that data recovery policy? To ask your broker about your business insurance?

Why would a cyberattack on 15-person company raise any alarm bells? Why is it the a concern to anyone let alone the Department of Homeland Security?

There are millions of small businesses in the USA and globally, in fact over 100 million of them and this number is growing each year, and faster as the world changes employment strategies.

So, why are any of them a concern to a government agency like the DHS? Surely the DHS is focused on banks and larger companies, this is where the threat is? Keep them safe.

No, this is not so true. In a recent example, a small business working with utilities and government agencies, suffered a cyberattack that was an early thrust in the worst known hack by a foreign government into the USA’s national electric grid.

The Wall Street Journal have reconstructed the events around the hack that revealed huge vulnerabilities at the heart of the electric power system.

Rather than strike the utilities head on, the hackers went after the system’s soft and unprotected contractors and subcontractors. There are hundreds of them, all vulnerable and some more than others.

This should be sounding an alarm bell to every large corporate if not every company.

Small and medium sized businesses generally have no reason to be on high alert against foreign agents 24 hours a day. Why would they be? They also don’t have the people, systems or solutions in place to do this.

Yet through these small companies the hackers, in this case, found the footholds necessary to work their way up the supply chain. Enabling the final target to be reached, hacked and exposed. Some experts believe 20 or more utilities ultimately were breached.

The hackers have the time and resources to do this and they are aware that small and medium sized businesses are a very soft target.

The WSJ article is a must read, I am not going summarize it here to save you time- just read it!

Have you read it yet?

On a similar note and to underline the issue the FBI is investigating the alleged theft of 18,000 insurance and legal documents relating to the September 11 attacks on the World Trade Center by a hacker with a long record of holding companies to ransom. This ransom attack, if it did happen, highlights the vulnerability of a business not just from within but across a huge web of suppliers and partners.

This type of breach can lay your clients details bare, data lost and cause untold issues, at the very least a PR nightmare.

Where does this leave you?

What can you do about the growing threat of hackers? First, put in place the best tech barriers you can afford, get some advice too – know where you are weak. Buy cyber liability insurance to cover the recovery costs too. vulnerabilities change all the time, insurance is there to bring you back to life when all else fails.

Then patch your biggest vulnerability: your people. They need training and awareness of these issues, especially if you work for large corporates or government bodies.

It’s not just about employees having smarter passwords and spotting sketchy emails but also to think about their online actions. This is not about a list of rules, it’s about awareness and responsibility. Remember rules create a path for hackers to follow….

It’s that time of year…. nights are dark, its cold, Christmas, bargains galore, children are excited, returns are simple, you name it there is every reason you can think of to shop online. The bargains are there. 2018 will be another record for on-line sales.

So too will internet crime. Will it be another record-breaking year? What are the top threats and data breaches. Non-payment/Non-delivery, Phishing, Cyber attacks, data breach are all on the up. Check out the FBI’s Internet Crime Complaint Center (IC3).

Every day you can trawl the net and find hacking attack reports and every security firm or press office does its own hacking survey showing alarming results. Should you stop, pop-up the umbrella, add a scaf and walk to the shops with a bundle of cash, staying off grid? No, of course not. However, some not so common sense should be applied to your shopping online processes. As they say a dog is not just for Christmas (important to note this!) and it is the same with online shopping and usage. Best practice is a year-round thing and not just for Christmas!

A. Do you know the Site? Used the site before? Recommended from a friend? Researched well? Search results can be rigged to lead you astray, check spellings of sites, don’t click sites from ‘friends’ email recommendation – check email addresses, beware of misspellings or sites using a different top-level domain. Or use the App via your mobile device, signing into the retailers app creates another level of trust and security

B. Check the certificate. Look for the lock. Today more and more sites are adding a SSL (secure sockets layer) certificate even to what are informational sites. BUT, never ever buy anything online using your credit card from a site that doesn’t have SSL encryption installed — at the very least please check for this. You’ll know if the site has a SSL cert because the URL for the site will start with HTTPS. What is SSL. Got it? Never shop online with out checking for SSL.

C. Love to share? Don’t. For shopping, ONLY give the site the data that you think they need, not what they ask for, when possible. You should, as a default, give as little personal data as you can. Don’t overshare. Some of the top headlines for hacking and security failure in 2018 were major sites – British Airways, Facebook etc to name just two. Its your data, keep it to yourself.

D. Do your admin! Check your online bank & credit card accounts often and regularly during the holiday season. ANY out of place or surprising amounts or payments could be fraudulent. Don’t be fooled by it coming from the likes of PayPal. Its better to highlight payments than to lose the money. If you see something wrong, deal with it quickly.

A good thing to consider is to ONLY buy online with a credit card, this not linked to your bank account like your debit car. Also having ONE card you only use online can help too with low limits.

E. Add protection, don’t want to pick up a nasty disease. Add antivirus and malware protection to your computer and devices. Also its not good enough to load and forget. Make sure your anti-malware tools are always up to date. New threats are always being developed and protections needs to be updated regularly.

F. Go private. If you feel the need to use a public hotspot, like those found in hotels, libraries, coffee shops and bookstores you should use a virtual private network (VPN) to be safer.

Most people don’t when they are out and about. It’s a simple thing to use and set up. It will make you more secure and less vulnerable to attack.

G. Be aware…. When you are in a café or bookshop browsing and casually shopping using your VPN etc remember those around you, people snoop!
If you have to shop online in public then beware, be aware. Back to the wall, nice corner seat, check people if they are watching.

H. Get a manager. Today smart people use a manage to deal with their important stuff and passwords are no different. Use a password manager to create hard to crack passwords for you. It’ll also keep track of them and enter them, so you don’t have to think about it. Good eh?

I. Know your seller. Put websites and companies through the wringer before you buy. Check reviews, ring them up, check with people who have purchased before, spend the time checking. Non-delivery/non-payment is one of the most common cybercrime complaint these days- more and more people are reporting the issue – no goods showed up!

J. All for one and one for all…. Complain! Tell the world if you get scammed. Think of others and don’t let it happen again. Complain, Report, Publish. Complain to the seller, report to the police and federal authorities, publish the scam and the site far and wide, give poor reviews. Don’t be embarrassed and let others get ripped off too.

Insureon, a small business insurance broker based in Chicago, recently carried out a survey of 2,500 small businesses and the results show a staggering level of complacency.

When asked if they feel at risk of a cyber data breach, 82 percent of respondents said no.

Why the lack of concern? Maybe its because 58% of the respondents said, when asked who looks after IT security said “I DO”; OR perhaps its that 85% have not suffered a cyber attack; OR maybe it’s because 82% simply don’t feel threatened from a Cyber Attack.

Should we as insurance professionals be worried? Maybe not – only 26% have cyber insurance!

Most professional security professionals agree that 100% of companies are at risk and, when pushed, would also agree that 100% of these same companies are vulnerable in some way to cyber attacks. Just look at the big name companies who spend millions on security yet still become the subject of headline news. Saying “It’s Me” who looks after cyber security suddenly may not be such a good answer when you have to answer to your customers.

The survey by Insureon of some 2,500 small businesses – the results:

Q1. Do you feel you are at risk of experiencing a cyber attack or breach?

• Yes: 18%
• No: 82%

Q2.Do you have controls in place to protect yourself from a data breach?

• Yes: 77%
• No: 23%

Q2a. If so, what?

• Anti-malware software: 80%
• Anti-virus software: 89%
• Automated data backups: 66%
• Firewalls: 81%
• Employee IT training: 54%
• Spam filters: 76%
• Automated software updates: 70%
• Regular vulnerability scans: 71%

Q3. Have you experienced a data breach in the past?

• Yes: 15%
• No: 85%

Q4. Do you have cyber liability insurance?

• Yes: 26%
• No: 74%

Q5. Do you have customer data that would be susceptible to an attack on your business network?

• Yes: 24%
• No: 76%

Q6. Who manages your company’s IT needs?

• A contracted IT worker: 13%
• A third-party IT firm: 12%
• I have a full-time IT employee: 17%
• I do: 58%

At MIC Global we are focused on changing the way insurance is developed and processed. We are insurance with an API.We care about security and making sure people are able to look after their own data and assets.

We are in the forefront of that change; developing policies by the season, job, by the hour, by the day and by the Km, thus fitting our model to that of the platforms and the way small and micro businesses see risk. We are unbundling policies so that the cover offered fits with the actual job or process being undertaken.

Going on holiday? Here are few things to do (or not do) before you go and while you are there!

Before you Go….

Lock Down Your Computer and Clear Your Desk

Everyone needs to think about computer security these days and the day you go on holiday do this. In your office, before leaving shut down and remove all devices, and put away any sensitive papers. At your home office, shut down and disconnect any computers and remote storage devices to prevent hackers from gaining access. Think about changing the homes modem Pre Set Password!

Update and Secure All Devices

While you have ‘unlimited bandwidth’ at home, run the security patches on all your devices and update all the apps. Now is the time to get that promised off line back up done – back up all your devices and data. Check that you have the data and documents that you’re reasonably sure you’ll need while away. Unless really needed best to leave it behind. Think before you pack – do you really need all those devices? Pack only what you’ll need.

Extra cautious? Add two-factor authentication on all your devices, and have a remote wipe mobile device management feature on your smartphone. Change the passwords on sensitive accounts when you get home. Virus scan your devices for any malware or security vulnerability when you get back.

Make Use of a VPN

When on holiday or away its easy to use public networks at the airport, hotel lobby or Starbucks. This can be risky. So before you go it’s a good idea to add a virtual private network (VPN) connection to your laptop. This is an extension of a private network that includes links across shared or public networks, such as the Internet.

Basically, only access a public network with a VPN. When you are not using the network, turn off Wi-Fi, Bluetooth, and any auto-connect. Make sure you check all devices.

Don’t Use Thumb Drives

Don’t be tempted to just take a thumb drive – better to add to DropBox. Before you leave, decide what documents and data you’ll need for your trip and add to computer or add to Drop Box or similar.

When You Are On The Beach…

Think About Physical Security

Many users forget about simple physical security, there is a need to become more aware of appearance. For starters, don’t use the ‘laptop bag’ to transport your device – put in a more discreet bag or carrier. When leaving your room or bar or restaurant or taxi have an awareness of where your devices are located. Hotels have room safes – this is better than nothing! It better left in the safe than in the desk draw or on by the pool.

Be Smart, Be Discreet

Never flaunt expensive tech – it’s easy to steal and easy to sell. It make more sense not to take devices on holiday. Use your phone or iPad for browsing the web for directions and keeping tabs on the news. You don’t need all your devices to do that! Resist the temptation to take it.

If you do take it then use it discreetly and carefully. People are looking out for nice phones, iPads and computers to steal. Its not all espionage and data theft, mostly its about getting $50 for your iPhoneX.

Social Media and Telling Everyone Where You Are

Posting photos while away to social media platforms, such as Instagram and Facebook, is just telling everyone you are not in. The world knows that it’s the perfect time to launch attacks on your digital assets or break into your house.

Try and take a break from Social Media too – post your photos and tell people what a great time you had when you’re back home.

Using Wifi and Internet Café

Be careful using local WiFi, public computers and printers at a hotel’s business centre and or local internet cafes. These should be used only in emergency or to print out local directions or restaurant details. Never access your bank account or a sensitive financial or medical site on a public computer or network.

Scammers don’t just target big companies, it’s small business too! In the press you hear all the big numbers from big events – WannaCry – 250,000 computers globally and parts of the UK’s NHS, HBO’s Game of Hacks – HBO lost data and new releases, NotPetya – Maersk was one of the biggest headlines, Facebook and Google fall for Targeted $100 million Phishing attack, THE Equifax Breach, 3,000,000,000 Yahoo’s and this is just a few from 2017.

Behind these large headline grabbing events are the many micro and small businesses that are also being attacked. Its not true that hackers only go after large businesses. Scammers and Hackers throw a wide net and small businesses are falling into their traps.

For small business security is often not a high priority and many companies don’t have the skills to avoid scammers. For this reason they are often caught up in the scams and attacks and are vulnerable to loosing data, suffering financial loss or worse reputation damage.

Most cyber-attacks start with phishing, this is a technique where a hacker will try to trick you into giving away sensitive information that will allow them to break into your accounts.

Phishing attacks usually come via email, often disguised as something legitimate – the use of the Tax office is a common attack or, recently, mass attack where hackers sent out fake Uber receipts, with a link at the bottom to a bogus complaints website. These emails looked genuine, the hacker is trying to get you to click on something and when you do….. you give the hackers access to your system.

So how can you tell the fake emails from the real ones? The first thing is to be aware, know that it can happen to you and your company. It can be tricky to see, but these are the top tips.

1. Don’t click links blindly – think before you click. Use your mouse to hover over the link, this will show you the URL. If that doesn’t match up to the URL you’re expecting, then delete the email.
2. Treat emails with attachments with suspicion. Attachments are used to down load packets on to your machine. If you receive an attachment that you’re not expecting and you don’t recognise the sender, it could well be a phishing attempt. Delete.
3. Again on attachments – sometimes you can be asked to “enable macros” when you open it. Don’t, unless you know the person and it is from their business email.
4. If you’re in any doubt about the legitimacy of an email, don’t open any attachments from it or click any links. Always check with the person – using a NEW clean email or phone – replying to dodgy emails might be playing right into the phisher’s hands.

Recently, well for the past 3 years or so, there has been an increasing focus on the insurance industry to change and for users to have simplified processes. This focus is even more apparent to enable shared economy insurance and Gig worker or freelancer insurance to work. The pressure has been put on the existing players in the industry to shake up and start to work out how to build tailored insurance policies that are fit for purpose in this new shared and gig world of work. Progress? Right now, it’s just hard!

This difficulty is starting to allow new companies to come in and threaten the existing players. This is a good thing and we are seeing the industry embracing these new companies and accepting them.

This was all looking like an interesting play for the likes of Google and Facebook. That is until you hear that Facebook now have said that most of its 2 billion users could have had their data accessed improperly, giving fresh evidence of the ways the social-media giant failed to protect people’s privacy while generating billions of dollars in revenue from the information.

These companies want to do everything (books, to travel; insurance to home cleaning) and use their power over the data to exploit their users. But now we see the cost.

“What we didn’t do until recently and what we are doing now is just take a broader view looking to be more restrictive in ways data could be misused. We also didn’t build our operations fast enough — and that’s on me.”

Sheryl Sandberg, COO Facebook

Their focus is on ‘customer experience’ and sucking every business income stream into their machine. Google and Facebook use AI and machine learning to read data and monitor your usage of their technology to serve you up what they think you need and what’s profitable for them. This data usage has been abused to drive revenue to match their huge future focused valuations.

The new InsurTech / FinTech start-ups are focused on ‘customer experience’ too. This is defined by cutting down questions to a minimum, using ‘social’ data to fill in the blanks to give you a quote for insurance or a loan. These companies use customers social media, third party apps and other accounts to gain information to provide quotes and service with minimum input from the user. But what data is being used and who checks this? And do we ever read the small print?

Is this acceptable? Is complying with new data protection rules enough? Or is it time to take back your data?

When I ask data professionals about taking back your data they shrug and say it’s out there already, so what’s the point. I disagree with this and think now is the time to take a stand and we should stop accepting that companies have a free flow use to your data and just scrape and access data for on the back of providing customer experience.

For example, Facebook’s search tool to find other people, now disabled, has been used to scrape public profile information, and now Facebook have said “Given the scale and sophistication of the activity we’ve seen, we believe most people on Facebook could have had their public profile scraped in this way.” They just noticed this? This was a feature built into Facebook for customer experience.

It’s interesting that Facebooks main defence from Mark Zuckerburg is:

“We didn’t take a broad enough view of what our responsibility was and that was a huge mistake.”

These new young, keen, naïve, start-up companies who want to take over the world live in their own created bubbles – thinking everyone is like them, that they know what an ‘experience’ is and that everyone wants to know who joined, who could be a friend, who’s got a new job, who your friend is dating, etc and allowing this free use of data to create value, not for the user, but the company. This practice is in DNA of these companies, exploiting date is a core theme. It’s the route to their value.

Having worked in the very often slow and frustratingly compliant world of insurance I can say exploiting data is not at its core, risk management is. Hence the customer experience is very very poor for most insurance interaction. It is no wonder that the Insurtech focus has been on ‘experience’ as their main ‘disruption tool’. But at what cost, and shouldn’t the user want to know what data is being consumed to give their quote?

There needs to be a balance between using ‘social’ data and re-modelling the insurance. Real work needs to be done on the very fabric of the way insurance works for the shared economy and gig economy insurance to make the whole experience work. Not just the buying of insurance but the whole process – end to end. Even where the policy lasts only one night or one hour. It’s not about scraping data and using social accounts its about real work dismantling the policies and the process to give insurance focused processes and to show the customer what data is used and how this impacts risk management in the event of a claim.

2018 has kicked off not so well with the outing of basic flaws in the worlds core technology. Spectre and Meltdown show new threats to companies building complex machines and systems to run our lives and upon which we are encouraged to become more and more dependent.

The issues allowing Spectre and Meltdown are built into the basic design of the systems, meaning that these vulnerabilities bypass our software security measures. It is not just desktops or your laptop or only at work, it’s the whole system – mobile, cloud, IoT, servers, tablets…all technology.

Why were these now seemingly basic flaws not noticed years ago?

Our computer systems are growing in complexity and with more and more layers and interaction, the complexity is outstripping our ability to fully understand how it all works. The systems are built to rules and standards that have not been security tested as a whole. Add this to that, put in one of those, add some software, connect to a router, voice enabled and with none of these devices and systems being tested for security from the ground up in design. They are all built to the same standards and using standard components

As we use this complex technology and leave it online, connected into new and old systems, they are providing a tempting target for hackers. This target will be further complicated and expanded with the growth of the Internet of Things (IoT), as we build capabilities into all our devices, tools, home appliances, cloths and garden furniture, all in the name of making our lives easier. With this ‘ease’ comes ever more complexity and as it turns out higher risks.

Market researcher IHS Technology estimates the number of devices using IoT technology will reach 53 billion by 2020, and this is early days – just like the spread of electric power in the 1800’s, the spread of IoT and AI is only just starting.

With this growth so goes the exponential growth in cyber-attacks. Not only attacks of a more traditional nature but now we are to contend with attacks that cannot not be fully detected as the ‘security hole’ being exploited was built into the base design of the computers and systems.

This is the basis of the Meltdown and Spectre attacks which come from combining unrelated design features that were thought to be well understood. Computer science 101 if you like. The attack was not via one individual system or but through the interaction between them, the complexity that humans think they know, but don’t. Its outside our capabilities or understanding.

It’s a bit like Move 39……

The move occurred in a Go match between AlphaGo and Lee Sedol, one of the world’s top players, in 2016. As he approached the match series he was confident. He lost the first match, but he thought he knew why. In the second match we got to move 39 played by AlphaGo. The move perplexed not only Lee but all the commentators saying they would not have played the move, many thought it was a mistake. This was outside the collective expert’s knowledge. It was highly unlikely that any human would have played the move.

However, it was this move that caused the loss of the game. In review afterwards Lee Sedol said that he now has a new understanding of the game of Go through these matches with AlphaGo and respect of the machine. After playing, and losing to Alpha Go, he went on to win more and more games with this new understanding.

Go, a game played by millions, and for centuries, has been given new insights by a machine. This same reasoning should be applied to our security world, developing new mathematical models that will understand the complexity and show us Move 39 before it hits us hard.

Machines see the world differently to us. A machine, like AlphaGo, can see many more moves than any human. New machines need to look at our complex world and model our security in partnership with humans.

When the founders of MIC Global first met in 1999 they were focused on understanding the emerging cyber threats that were starting to swirl around the internet and internet based businesses. They became busy building insurance products to help businesses manage these risks.

Since then they have seen the sophistication and number of attacks grow massively with numbers of affected accounts per attack grow to staggering levels. Back in 2000 it would have been almost unbelievable that a single attack could affect over 3 Billion accounts as the 2013 Yahoo case has now finally highlighted. It is also still hard to understand why it took Yahoo so long actually discover the attack. They are meant to have employed the best brains after all.

However, if we look at how our homes and businesses have changed over the past 20 years perhaps we can start to understand this. These changes have drifted into our lives through small incremental steps that have almost gone un-noticed and yet have managed to deliver mind boggling change. How can we or anyone keep up?

Is this the underlying issue that we don’t deal with, keeping up with these small changes and never adding up the true impact?

The sum total of these changes today has completely turned upside down and inside out the way many people run their lives and how small businesses communicate and do business.

We Google everything; Facebook our lives; Uber ourselves home; Stay on airbeds in stranger’s homes; You Tube anything; WhatsApp instead of phoning; Open Online accounts for everything from banking to accountancy to TV to car hire, Have Virtual Assistance for all things useful that we have hired a person for in 1999; Booking a cleaner online and being worried about every review; As for cars, Self-driving cars and trucks are here. The list is endless, and people say its only just started.

Today, as in 1999, we are being asked to ‘Trust’ these new companies as they build the new economies around us. However, the levels of security the companies offer us don’t seem to have changed much.

When we read the scary reports about cyber-attacks nothing much changes in terms of the advice we are given about what we are meant to do to secure our online world; Strong Passwords; Back up everything; Anti-virus software; Firewalls. And finally, Don’t Clink on a Link Unless You Know Where its From – TRUST Nothing, yet trust the new company?

This was the advice 20 years ago and it’s not changed despite everything about the internet getting more complicated and its penetration into our lives going exponential.

Why has nothing seemed to have changed?

A recent survey by Netwrix pointed to the most common reason people and businesses are not so sure about their ability to combat information security threats, these being 1. Lack of budget 2. Lack of time 3. Insufficient training. Or, in other words, we are only human, and we are the weakest link, we are the ones who do nothing.

But if businesses do nothing then, as we hear every day, the consequences can be catastrophic, not just for your business but also for the people you do business for and with.