Monday, March 6, 2017


What happened last month
Since President Trump’s inauguration on January 20th, the Senate has focused a large part of its floor time to confirming the President’s nominees.  As of the end of February, the Senate with the support of Senator Lee has confirmed General Mattis as Secretary of Defense, General Kelly as Secretary of Homeland Security, Congressman Pompeo as Director of the Central Intelligence Agency, Governor Haley as the U.S. Representative to the United Nations, Mrs. Linda McMahon as Administrator of the Small Business Administration, and Wilbur Ross as Secretary of Commerce.  

Additionally, the Senate has disapproved of three regulations finalized during Obama’s presidency, which effectively repeals these burdensome rules.  The repealed regulations include the Department of Interior’s stream protection rule; the Securities Exchange Commission’s requirements on resource extraction disclosures; and the Social Security Administration’s requirements for NICS background checks.  Senator Lee was happy to support the rollback of these regulations to save American mining jobs, level the playing field for American companies, and protect second amendment rights.  


What to expect this month
Throughout the month of March, the Senate will continue to focus on confirming President Trump’s nominees and repealing burdensome Obama regulations through the Congressional Review Act process.  The next nominees to receive Senate consideration will be Congressman Zinke to be Secretary of Interior, Mr. Carson to be Secretary of Housing and Urban Development, and Governor Perry to be Secretary of Energy.  Additionally, the Senate may consider repealing regulations that apply duplicative methane emission standards, that inappropriately expand the federal government’s role into local classrooms with one-size-fits-all standards for teacher preparation and school accountability, that “blacklist” American employers bidding on federal contracts and who are trying to navigate the federal labor law bureaucracy, and that shift land policy management from local governments with specific expertise to the Bureau of Land Management.


Additionally, the House may send the Senate a bill known as reconcilaition that can be considered under special procedures.  This bill would be used for the repeal of Obamacare and potentially for aspects of a Republican healthcare replace plan.


Finally, the Senate Judiciary Committee will also begin its consideration of Mr. Gorsuch to be a U.S. Supreme Court Justice, but consideration of this nominee will not likely reach the Senate floor until April. 


Bills we are introducing
This upcoming month Senator Lee hopes to introduce a number of pieces of legislation that would 
  • protect Americans from being detained indefinitely, without charge or trial
  • remove federal restrictions on how the private sector utilizes compensatory time
  • standardize the rules for merger reviews at the Department of Justice and the Federal Trade Commission
  • protect Americans’ email from warrantless searches 
  • promote less restrictive, unnecessary licensing requirements
D.C. Update from Senator Lee's Office
8:39 AM

D.C. Update from Senator Lee's Office



Thursday March 9, the 2017 General Legislative Session will come to a close. The major issues will all come to a head by Thursdaynight. As such, we've decided to give you a brief summary of the outstanding issues of the session.

Budget: Legislators finalized aspects of the budget last week, including various funding requests from the appropriations committees. It is expected that education will again receive significant new funds, with a large commitment of funding above growth. Bills funding remaining fiscal notes will also be finalized on the last couple days of the session.

Alcohol: The long-awaited alcohol reform bill, H.B. 442, was released and has passed its first committee. The business community recognizes the complexity of this issue and greatly appreciates the efforts of Rep. Wilson and Sen. Stevenson along with other stakeholders to develop good alcohol policy that strikes a needed balance for our state. We also appreciate the sponsors' willingness to listen to concerns and work with stakeholders, and know this collaboration will continue in the future as the bill is implemented.

As this is a complicated issue, we urge business owners to review the bill and reach out in a timely fashion as there are many moving parts, often not covered in the media.

Bonding: In addition to tax policy, it is expected that a $1 billion bond for state transportation facilities ($250 million/year for four years) will move forward in the final days. We have played a constructive role on this issue, seeking to protect the existing prioritization process set by the Utah Transportation Commission and Utah's Unified Long-Range Transportation Plan, which determines the projects that advance.

Non-Compete Agreements: It was announced in conjunction with our comprehensive research on non-compete agreements that no legislative action would be undertaken this session. We want to share our deep appreciation to all of our partners and business leaders who have worked tirelessly on this issue. In the months following the session, we will be working with stakeholders to further find common ground on this important issue.

Tax Reform: The elephant in the room at this point is the long-awaited overarching tax reform package. The Sandy Area Chamber supports tax policies that strengthen Utah’s economy and properly balance tax with simplicity, efficiency, fairness, revenue sufficiency and transparency. A modern economy is leaving Utah’s tax system behind and it must be modernized.
  
As the session comes to a close, your voice as business leaders are more important than ever. We urge your continued engagement in these final days and will be updating you daily on the major issues as they progress.
Legislative Update
8:34 AM

Legislative Update

Monday, February 27, 2017



There were some major developments last week regarding non-compete agreements.

Last session the Utah Legislature passed H.B. 251, statutorily limiting the effect of employer-employee, non-compete agreements to a one-year period following separation, and changing provisions related to legal remedies. It was also determined that a balanced and fair research study was necessary to better understand the issue.

The study, conducted by Cicero, sought to identify what the key issues concerning non-compete agreements are to better inform policymakers and business leaders. Here are the key developments from the study:

  1. Good information should drive good policy decisions. All stakeholders have been very committed to the research first process. They have supported this unprecedented effort at collecting Utah specific information that will then drive their policy decisions.

  1. The results of the study demonstrate that last year's bill is working, addresses concerns from both sides of the issue, and creates a balance between protecting the interests of both employees and employers. 

  1. Due to this and our collaborative process, there has been agreement for no further legislation regarding non-compete agreements during this legislative session.

Representative Schultz issued a full statement to his colleagues in the House and Senate late last week regarding the survey results and to share this decision to not proceed with further legislation this session. To view the statement: CLICK HERE.

We are pleased with the outcome and thank all parties involved in this collaborative process. We will continue to monitor any additional outcomes from the study and any additional discussions around non-compete agreements.
Utah Legislative Update: Non-compete Agreements
12:11 PM

Utah Legislative Update: Non-compete Agreements

Thursday, February 23, 2017



by Becky Guertler
Director of the Young Entrepreneurs Academy and Women in Business Program



The Junior Women in Business is a program that the Sandy Chamber runs, in partnership with Canyons School District.   Each year, Canyons School District and Juan Diego High School nominate a female student for this program.  Scholarships are provided by WCF Insurance to each of the students once they finish the program.  During the program, the students attend the monthly Sandy Chamber Women in Business luncheons where they put into practice the things they learn about networking.  They also have required events they must attend such as attending a legislative session, community service hours, learning from business leaders about aspects of being a woman in business.  
Last week, three of our Junior Women in Business student had the opportunity to attend a legislative session at the Utah State Capitol.  We were greeted by Kason Kendall, Walker Institute Intern to Representative Marie Poulson (D).  Rep. Poulson spoke with the students about what her day is like on the hill.  The students were taken on to the Floor of the House of Representatives where Poulson walked them through how bills get passed in the House.  Kendall then took the Junior Women in Business on a tour of the capitol building and then into the Gallery of the House.  Being formally recognized in the House of Representatives, the Junior Women in Business stood before all the representatives present during the legislative floor time.  

With a quick stop to the Senate Gallery, the students were able to hear and see the Senate in recognizing and showing respect to those individuals who keep our roads in Utah clear.  The students had an opportunity to have their photos taken with Terry Jacobson, the driver who miraculously survived the plunge into Spanish Fork Canyon after a semi-truck clipped his snow plow.  The Junior Women in Business also had the opportunity to briefly meet Representative Lavar Christensen (R) as he passed by on his way to another meeting.

The Junior Women in Business also had the unique opportunity to have lunch with Susan Edwards and Natalie Hancock from Canyons School District and Vickey Barrett from Sandy City.  Edwards spoke with the students about the process of how bills are passed and encouraged them to get involved.  Representative Susan Pulsipher (R) also joined the students and spoke with them.  She also encouraged them to get involved in the issues they feel are important.  “Sometimes trying to make a difference leads you down paths you would not have imagined,” said Pulsipher.  

In giving advice to our students, both Edwards and Pulsipher spoke about the importance of keeping social media clean if the students wanted to pursue a career in the government or applying for scholarships.  The Junior Women in Business students enjoyed seeing first-hand what happens during the time when the legislation is in session.
Jr. Women in Business visit US Legislative Session
8:45 AM

Jr. Women in Business visit US Legislative Session

Tuesday, February 21, 2017


We are now into week five of the 2017 Utah General Legislative Session. Many important bills have begun to advance through the legislative process. This includes important education, regulation, and infrastructure bills that are all advanced out of committee last week. We have been working to protect business interests by focusing on key pieces of legislation that could have a significant impact on our economy, such as expanding FMLA to small employers and increasing the minimum wage above $15.00/hour.

This week we anticipate significant movement on many more important bills, the completion of the non-compete research project and further discussions on tax reform.

IMPORTANT UPDATES: 
H.B. 81, Post-employment Restrictive Covenant Amendments was voted down in the Full House on Friday. There was a strong consensus that the House needed to wait for the results of the non-compete study, agreed upon last year, before moving forward with any additional legislation.

BILLS TO WATCH
Addressing our state’s regulatory structure can provide immediate impact on improving Utah’s competitiveness and strengthen our economy. H.B. 272 institutes a regulatory note on future legislation to indicate whether each proposed bill will impact the regulatory burden for Utah residents or businesses, and if so: whether the impact increases or decreases the regulatory burden; and whether the change in burden is high, medium, or low. This bill would also improve the evaluation process as well as increase transparency and oversight.

This joint resolution encourages business expansion and development in rural Utah. The resolution encourages the creation of 25,000 new jobs over the next four years throughout 25 rural counties. It encourages collaboration and partnership to address economic barriers and pro-business strategies in rural Utah.

This bill addresses the circumstances under which a seller may be required to collect and remit sales and use tax to the State Tax Commission. It provides a legal process for determining the application of certain sales and use tax collection obligations.
2017 Utah General Legislative Session- Week 5
8:26 AM

2017 Utah General Legislative Session- Week 5



by Vic Berger
CEO, Opsis Technologies


My business practice focuses on helping organizations understand their risks related to security. Cyber Security is one risk every organization struggles with. Small businesses face the same types of risks as bigger companies but lack the staffing and resources to respond the same as a large organization. I am frequently asked by small business owners "What cost effective recommendations  would you make for my business to make it more secure?" Here are my top fifteen recommendations for small businesses when dealing with information security. 

  1. Have A Written Security Policy
    Every business needs a good written information security policy. This is the basis for your security plan, as well as your legal safety net when something happens. There is no single action a company can take that is more important. Yet this is often the first issue I find in audits of companies of every size, and in every sector. The plan needs to be well written; read and understood by every employee in the company; and consistently maintained. There are numerous templates and examples of security policies on the internet. Many consulting companies will tailor a stock plan to suit your organization.
  2. Encrypt Everything
    The first rule of I.T. security is "no solution is perfect 100% of the time". You cannot always trust prevention methods to keep your data safe. The only way to consistently assure the protection of your data is to encrypt it so it cannot be read. This is especially important with cloud or internet based storage accounts. Dropbox, Google Drive, OneDrive, Box, and Egnyte are all great tools, but no cloud provider will guarantee the security of your data, and all have recently been breached. My basic rule of thumb is: if it is on the internet, consider it public access unless you have encrypted it. You can encrypt your cloud storage using a simple to use (and free for personal use) encryption program from nCryptedcloud that supports Dropbox, box, Google Drive, OneDrive, and Egnyte available at https://www.encryptedcloud.com/ You can also use a portable USB format hardware encryption and key management device from BalckSquare called Enigma, at www.blacksquaretechnologies.com for personal and small business encryption on portable devices, computers, and cloud accounts.
  3. Protect Your Website
    Current information security statistics indicate that 85% of all websites have one or more significant security vulnerabilities. I apply patches to my websites almost daily to keep up with newly discovered vulnerabilities. There are three basic types of websites, with three different recommendations based on what you use:
    1. A static web page with basic company information that doesn’t change. Your biggest risk is disruption or defacing of this type of website. Your hosting provider or ISP will take care of the service disruption. For defacing, keep a good site backup and do a complete CLEAN restore as soon as possible (hackers leave behind gotchas).
    2. An interactive or dynamic web site with user content and/or e-commerce. Often these are created using a standard Content Management Software (CMS) package like WordPress, Joomla, or Drupal. These are best left to a professional company to update and manage if possible. If you must do it yourself, get a good book on securing your type of CMS. Subscribe to the vulnerability notification feed for your CMS type (all of the common solutions have this). Check your website against new vulnerabilities often. 
    3.  A site dedicated to internet e-commerce or a highly interactive site where users log in to access content. Hire this one out! Do not try to do this yourself unless information security is your core business, or you have an I.T. staff with specialized training and certifications in internet security.
  4.  Data Backups
    I see irreplaceable data lost almost every day. I have seen it in government agencies, fortune 500 companies, and in every industry vertical. It can be from a data breach, a hardware failure, a natural disaster, or from human error. Whatever the reason, there is no excuse for not having good backups. You should have at least one full data backup per week. More if your data changes frequently. Store the backups offsite, and somewhere safe. I suggest the granite vault at Perpetual Storage www.perpetualstorage.com, it is the safest storage site in the country. You should also buy a GoBox there and store everything you would need to rebuild your business after a major disaster
  5. Avoid Consumer Grade
    If you can buy an I.T. product at a local box store, electronics retailer, or office supply store it is probably consumer grade, and not designed for business. This includes firewalls, routers, wireless access points, servers, storage, networking devices, tape drives, or anything that protects, moves, or manages your data. Yes, Opsis Technologies Group www.opsistechnologies.com 855-99OPSIS ©2015 Opsis Technologies Group Reproduction or distribution is unlimited as long as the content is not altered and the author and copyright information is retained. commercial grade is more expensive, for a reason: It Is Commercial Grade! Consumer grade security equipment was designed to protect a few ports and protocols commonly used by consumers. Business applications use different ports and protocols. It either does not run behind consumer grade equipment or you have to poke holes in your security to make it work. Consumer grade security is also easy to breach. Commercial grade uses much better security methods, and is consistently tested. Call your local I.T. reseller and ask them what they recommend.
     
  6. Know Your Risks
    Knowing what you have, that would be of value to someone else, helps you determine what to focus on to protect. Do you have sensitive or privileged data? Is your data unique or valuable? Are there government regulations like HIPAA or Sarbanes-Oxley that affect your industry? Are customers or consumers ever given access to your data? How many employees do you have, and what risk areas do they create? Beyond what is already addressed elsewhere in this whitepaper, as a minimum you need: Antivirus (web search free antivirus), Anti spyware (web search free anti-spyware), and a good security shell for your organization (Try Arellia www.arellia.com). If you have customers that are EVER by your work computers, you need an anti-keystroke logging solution (StrikeForce www.strikeforcetech.com). Your mail and web should have mandatory content filters (either through your ISP or your firewall).
  7. Plan for BYOD
    BYOD stands for bring your own device. This is a huge shift in the government and corporate sector, but probably business as usual in small businesses. Small businesses often use what they have, even if it is a personal device. This is increasingly creating security issues. What your employees, knowingly or unknowingly, have on their devices, and what they do with them in their own time is now brought into your environment. This can open up security holes as well as create liability issues. Make sure that BYOD is clearly defined and covered in your security policy. There is technology that can restrict the security vulnerabilities of personal devices, so ask your local I.T. reseller for assistance. Finally, make sure your employees clearly understand your expectations and limits where BYOD is concerned.

  8. Who Is Guarding the Sheep
    This applies whether you are a fortune 500 company or a small business. I.T. administrators have great power. They can view privileged information, and have an Opsis Technologies Group www.opsistechnologies.com 855-99OPSIS ©2015 Opsis Technologies Group Reproduction or distribution is unlimited as long as the content is not altered and the author and copyright information is retained. extremely high level of system access and control, more than even the owners and senior executives of the company. This is a great responsibility, but also a huge temptation. It is very common to discover that I.T. administrators have been inside payroll files, HR files, or other personal or sensitive material. A good security shell like Arellia (see #6) creates log files to review, but that means that someone has to faithfully do this. Again, start with policy and clearly define responsibilities and expectations. Two-person integrity is always prudent where money and manpower permit. And as always, rule #2 applies: Encrypt everything!
  9. Physical Security Is Information Security
    Theft is about opportunities, and criminals use them very effectively. Data from a stolen laptop is easier to obtain than hacking. Why brute force passwords when you can easily install a keystroke logger. A screwdriver to the back door is as good as a key if there is no other security. You must have good physical security policies and practices to have good information security. Cameras are effective and have become reasonably cheap. Programs that wipe stolen devices are commonly available. Keeping sensitive information and records locked away after hours deters opportunistic thieves. Think like a criminal, and then protect yourself from what you would exploit.
  10. Free is Not Always Bad
    The information technology industry would have you believe that free, open source, public access, open license, etc. is inferior or just plain bad compared to its commercial counterparts. Prior to the Linux revolution, this was a mostly accurate statement. Now this has dramatically changed. There is open source software in virtually every category, and in many instances it is as good as its commercial counterparts. Many companies have a business model that develops a free version of their software with fewer features and functions. As you grow or need additional capabilities, paid functions, support, or enhancements are available. I personally use SuiteCRM (https://suitecrm.com), OrangeHRM (www.orangehrm.com), and Avast (www.avast.com) free versions.
  11. Maintain Your Standards
    Every industry has some type of legal or regulatory standard. Many of these standards are information technology related. As the number, severity, and impact of security breaches escalate, the government is adding new methods and means to evaluate security and punish companies that fail to exercise due care. Every company needs to be aware of the required standards in their industry. Additionally, Opsis Technologies Group www.opsistechnologies.com 855-99OPSIS ©2015 Opsis Technologies Group Reproduction or distribution is unlimited as long as the content is not altered and the author and copyright information is retained. every company should adhere to one of the blanket information security standards like the US Government’s Cybersecurity Framework (https://www.nist.gov/cyberframework); The International Standards Organization Information Security Standard series ISO/IEC 27000 (http://www.27000.org); or a standard from a nonprofit security organization like the SANS Critical Security Controls (https://www.sans.org/critical-security-controls).
  12. There Is No Substitute for Training
    The number one threat to your company is; has been; and will always be your employees. This may be a result of malicious activity, errors, ignorance, or lack of knowledge. No amount of sophisticated hardware, software, or consulting will fix the problems created by your own employees. You must train your employees using good materials; using frequent training; and measure the results of the training retention. If your technology budget for security is higher than your training budget, then you are opening the door to problems.
  13. Use Your Resources
    I often see an attitude in small business that is defeatist. People assume that since they cannot spend the same as large businesses; do not have a large I.T. staff; or are inexperienced with security so they assume defeat before trying. This is a completely wrong attitude. There are dozens of resources available to small business to assist with security. The Small Business Administration, The Utah Office of Economic and Community Development, and the Utah Small Business Development Center all have programs to assist. Most college campuses have classes and programs in security that work with small businesses as a class project. The Utah Technology Council can provide mentorship and leads for security information and advice.
  14. Passwords Are Not Your Friend
    I hate passwords! As a young system administrator I discovered the curse of passwords. Trying to maintain and remember dozens of secure passwords that change every ninety days is a major chore. Unfortunately, passwords seem to be here to stay. The best way to protect yourself is to use good passwords (longer is better than complex) and combine it with another authentication mechanism. Every should have a Google authenticator account for two factor authentication. I also like secure password storage utilities. I use LastPass (www.lastpass.com) although I cannot endorse them 100% because they have had a breach in the past. If you can find biometrics that work for your situation, then use it. (Mythbusters used a ten- Opsis Technologies Group www.opsistechnologies.com 855-99OPSIS ©2015 Opsis Technologies Group Reproduction or distribution is unlimited as long as the content is not altered and the author and copyright information is retained. year-old obsolete biometrics technology, and failed to mention they had to bypass a key step to defeat it).
  15. Know When to Call for Help
    I am a passable plumber, marginal carpenter, and just plain dislike auto mechanics. I can do all three if required but usually end up spending more time, effort, and money than what I had intended. I can tackle small jobs but I leave the major projects to the professionals. I.T. Security is a highly specialized field with significant training and experience necessary to operate at a professional level. Your whiz kid nephew, who is good with computers, does not have that level of training or the required experience. This is especially important when there is an incident. Less than 3% of all I.T. professionals have the security experience and certification necessary to handle a data breach. I leave significant plumbing, carpentry, and auto mechanics jobs to the professionals, leave your major I.T. security issues to the professionals as well.

For more information on this topic, visit www.opsistechnologies.com or call 855-99OPSIS.

Fifteen I.T. Security Tips for Small Businesses
7:50 AM

Fifteen I.T. Security Tips for Small Businesses

Monday, February 20, 2017

The 3 Best Things You Could Do for Your Company in 2017

With the start of the New Year, there is no better time to set goals for your business, bring employees together, and enhance your company culture. Here are some of the best ways to achieve this: 

  1. Bring coworkers together through outside events. This creates friendships and bonds outside of the office, which leads to better harmony in the office according to Forbes.
  2. Incorporate fitness and wellness into your company. Endorphins make you happy, right? And according to economists at the University of Warwick, happy employees are 12% more productive. Workplace wellness benefits also include reduced stress, higher job satisfaction and morale, less absenteeism, and lower healthcare costs.  
  3. Support a good cause. Find something that your staff can stand behind, get excited about, and support with excitement. Many local charities have opportunites where they will work with your company so yout both benefit. 

Whether you choose one or all theree, these activities create opportunities for better relationships, improved health, and a chance for service, all of which can improve the quality of life for your employees and those around them. The ideal would be to find one thing that can provide all three benefits simultaneously. Look around, be creative, solicit suggestions, and even check with the Utah Nonprofits Association for local charities. 


Need an example? 

Neuroworx is a nonprofit organization located in Sandy, Utah that provides aggressive, activity based rehabilitation to those experiencing paralysis from spinal chord injuries, brain injuries, and strokes. 

Neuroworx is an official charity partner of the annual Wasatch Back Ragnar Relay. Team Neuroworx Ragnar teams enjoy the full Wasatch Back Relay experience while helping to reaise funds for their mission of helping individuals facing paralysis receive the rehabilitative therapy essential for optimal recovery. 

Neuroworx is currently offering "Lunch and Learns" to companies who would be interested in making their own employee tema. To learn more, contact Sage at 801-319-3670 or sage@neuroworx.org or visit neuroworx.org/drupal/Ragnar-2017.
5:00 AM