Weidenhammer joins with robotic software firm UiPath  

Weidenhammer, a Berks County-based digital transformation consulting firm, announced it will partner with UiPath, a global software company for robotic process automation (RPA). RPA is a software technology that enables users to build, use and manage software robots that can emulate human actions.

Deb Longacre, vice president of Hammer Dev, a division of Weidenhammer, said the partnership will benefit clients by increasing productivity and efficiency while reducing cost and risk.

“We are thrilled to be a partner with UiPath, a leader in RPA,” she said. “Through our partnership with UiPath, we can offer clients an RPA solution on a platform that is open and extensible, transforming business, streamlining processes and accelerating digital transformation.”

UiPath, which was founded in Romania and is headquartered in New York City, offers an end-to-end platform for automation, combining leading RPA solutions with a full suite of capabilities that enable organizations to scale digital business operations.

Weidenhammer breaking out division brands to better tell its story

Weidenhammer purchased Yeti tumblers with the name and logo of each of its new brands to give out to employees and clients. PHOTO SUBMITTED.


Today’s business world is increasingly digital, and those that don’t adapt will find themselves left behind, said John Weidenhammer, president of Weidenhammer in Reading.

“It’s rooted in the fundamental way businesses need to change their business model to evolve,” he said.

So now, to help the company help its customers adapt, the company is making its own changes.

The company has divided its service divisions into different brand identities, each with its own website, but still under the Weidenhammer corporate umbrella.

Weidenhammer has launched the first of its new brands with its digital marketing agency, which will now be known as Hammer Marketing.

Based out of Weidenhammer’s Lehigh Valley office, Hammer Marketing offers marketing strategy and design services to the company’s national clientele.

The company will also be creating Hammer Tech, to offer its digital platform; Hammer Commerce, to handle e-commerce business; Hammer Dev, to offer software and app development, and Hammer Education, which delivers software and aps to K-12 educators.

The plan is to have each brand separately marketed and branded so it’s clear to the company’s clients what each of them do.

Charles Zwicker, Weidenhammer’s COO, said it has a lot to do with how customers approach them.

“Human nature is that you tend to compartmentalize. If you ask a customer who Weidenhammer is they’ll give you different answers,” Zwicker said.

He said the problem would arise in perception when competing with companies with a single focus.

“We didn’t want to give people the impression that we were an inch deep and a mile wide,” Zwicker said. “We were built for a business model that just doesn’t exist anymore.”

While Weidenhammer is a big company with multiple focus areas, he said, each is deeply experienced in its own specialties, just like the single-focused agencies. He said the advantage of Weidenhammer is that it has the resources to bring in additional experts to handle a client’s needs beyond what they originally sought help with.

He gave the example of a company coming to Hammer Commerce to get help with bolstering its e-commerce systems.

Once the immediate need is met, and the company has built a relationship and trust with the client, it can offer the services of divisions such as Hammer Marketing to get the word out on the new e-commerce offerings and Hammer Tech to help build out digital infrastructure changes.

“We can help you with all of this,” Weidenhammer said. “It makes it easier to tell our story.”

The rollout of the new brands will continue over the next couple of months, with all brands expected to be up and running with their own website by mid-June.

A Conversation With: Anthony Cartolaro, Jr. of Weidenhammmer

Anthony Cartolaro


Weidenhammer of Wyomissing is a digital strategies and technology solutions company. Anthony Cartolaro, Jr., is vice president of Weidenhammer’s Digital Platforms Division and has more than 25 years of technology leadership experience.

LVB: Has the volume of cyber-attacks grown since the start of the COVID-19 pandemic?

Cartolaro: The COVID-19 pandemic has indeed turned a number of things upside-down in the world today. Students being educated from their homes, contactless delivery of food and other items right to your door, and a larger-than-ever remote workforce. So, with all of that technology being used to help us change our pre-pandemic behaviors in this COVID world that we now find ourselves living in, the answer is a resounding yes. The more technology in use, the higher the risk for attack.

LVB: What are the biggest concerns in cyber security right now with so many people telecommuting and shopping from home?

Cartolaro: Effective cyber security can be complex, but in its simplest form, we associate cyber security risk with the amount of “attack vectors”. Generally, attack vectors are the number of pathways in which potential threats or bad actors can gain unauthorized access to computers and data. Now that the world has gone remote, both in our work, but also shopping from home, the use of technology has increased exponentially. This increase also equates to an increase in the number of paths or attack vectors available to would-be bad actors.

Another risk that we continue to face in 2021 is the after-effects of our pivot to a remote workforce in 2020. While some organizations were already leveraging technologies that allowed them to work from anywhere and at any time by using the cloud – the cloud for email, collaboration, phone systems, etc., some organizations were not so ready. So, in their rush to keep their business running in 2020, some IT departments permitted staff to install applications on their work device that would allow them to keep working – this is in contrast to standard IT security and governance best-practices.

LVB: What can companies do to protect their employees, customers and data?

Cartolaro: I understand, in the heat of the moment, IT leaders had to do what was needed. Now, IT leaders need to recognize that not only the increased use of technology, but also some of the tactics used to keep our employees connected have opened ourselves up to vulnerabilities. That said, although the world has changed, I’m not sure my advice would be much different today than it may have been a year or two ago. I would encourage our IT leaders to start with an assessment. Vulnerability or security assessments give organizations a “heatmap” of the attack vectors or vulnerabilities that exist today. These assessments will scan their network, their devices, and their servers to report on known issues that may exist. Things like unauthorized applications, missing anti-virus and anti-malware software, or devices that are not running the latest updates or patches. I consider this the “low-hanging fruit.”

Part of an assessment should be a review of their IT security processes, policies and governance. This includes reviews of their standard procedures for security incidents, updating their employee acceptable use policies and ensuring that their IT security policies are in line with today’s standards and compliance requirements. Add in their own industry-specific regulations, things like HIPAA (Healthcare), FERPA (Education), and PCI (Payment Card Industry), and this step can be daunting, but necessary.

Lastly, organizations need to focus on the most vulnerable part of their technology infrastructure, the users. User awareness is a must-have and often overlooked component of a mature cyber security posture. There are many online services that organizations can use to help train staff on cyber security threats like what to look for when they get suspicious emails. The end users are your most vulnerable, but if you can make them aware, they can also be your best defense.

LVB: What do you see on the horizon for the cyber security industry?

Cartolaro: In 2021, I believe we need to ask organizations to focus on one primary word, resiliency. Often organizations use the excuse that they are moving too quickly to take the time to plan. “We don’t have time to do that.” Well, resiliency will come in several forms. First, organizations should consider building a business continuity plan. BCP’s are not necessarily focused on technology, but one more logistical and operational. Consider it a “what if” plan. Granted, not many BCPs had a “What if there is a global pandemic chapter” but, for those who had a BCP in place, I’m certain it made their changes in 2020 more efficient.

BCPs get organizations thinking. As a plan is built, often trends emerge. A common theme may be the ability to work from anywhere based on a wide variety of “what if” scenarios. Like, what if the internet goes down? What if there is a storm, hurricane or tornado? What if the water main down the street breaks and we can’t come to work? While we say BCPs don’t get too involved in technology, oftentimes technology plays the role of hero to help overcome challenges. Cloud technologies could help organizations overcome many of the challenges I outlined.

Lastly, organizations need to take another and much-more serious look at their cyber security posture. Things have changed, so their security needs have likely changed as well. Assessments can help create a roadmap to improve their security skills to ensure their business remain protected in this “new normal.”


Berks Alliance launches website promoting its initiatives with help from Weidenhammer

A website launched by Berks Alliance, a collaboration of businesses and organizations within Greater Reading, features the organization’s goals, initiatives and accomplishments while also giving users access to historic photos and information about Berks County.

The website, www.berksalliance.org, was developed at no cost to the Alliance by Weidenhammer, an Alliance investor. John P. Weidenhammer, chair of the Alliance and president of Weidenhammer, said the site was designed to appeal to a broad segment of people.

“We are very excited about this new website,” he said in a written statement. “It’s attractive, easy to navigate and is filled with some great information about Berks County. I think people will really enjoy some of the vintage photos included are on the site. We encourage people to peruse it and learn about the many initiatives that Berks Alliance is pursuing in our community.”

Founded in 2015, Berks Alliance is composed of 17 businesses, colleges and universities and health care institutions working to assure an adequate supply of living wage jobs and a workforce capable of filling them. Its mission is to “provide a clean, safe and green environment while improving the health, wealth and education attainment of county’s citizens.”

Thou shall not pass! Cyber security experts advise businesses to rethink password protocol

For companies managing computer and other telecommunications systems, ransomware, malware that threatens to block or release a system’s data unless a ransom is paid, is a real concern.

“It’s a very large and growing problem,” said Mike Hawkins, president and CEO of Netizen Corp in South Whitehall Township. “It’s more pervasive than it’s ever been. Companies and local governments are getting hit every day.”

Hawkins –

He noted that even the City of Allentown was the victim of a ransomware hack last year. But all companies, governmental bodies and organizations that have accessible systems should be worried.

Ransomware cost businesses an estimated $11.5 billion globally in 2019, according to Cybersecurity Ventures, a California-based cybersecurity researcher, with ransomware researcher, Coveware, saying the average ransom was nearly $42,000.

While the number one way hackers get ransomware into a system remains phishing, using emails that appear to be from a known party that illicitly collect data to aid in a hack, there is another easy way those hackers are getting in – weak passwords.

According to PreciseSecurity.com research, weak passwords are becoming one of the most common cybersecurity vulnerabilities, causing 30 percent of ransomware infections last year. Because of that threat, Don Douglas, senior cloud solutions architect at Weidenhammer in Wyomissing, said companies are beginning to take password protections more seriously.

“It’s an issue that has boiled back to the top,” Douglas said. “The attitude is different towards passwords from even two years ago.”

But, getting the right password balance can be tricky. Make a password too hard and a person can forget it and get locked out of their own computer. Make the password too simple so that it’s easy to remember can make it easy to hack.

The UK’s National Cyber Security Center issued a study last year that showed 23.2 million victims of ransomware, globally, had “123456” as their password. “Password1” is also a common default password that hackers will try, Douglas said. He also discourages using simple keyboard passwords like “querty” or “adsf.”

Children’s names, pet names, anniversary dates or birthdays also should be avoided, he said, because hackers can tap social media to get personal information that helps them guess at passwords.

Likewise, Hawkins cautions against shared passwords, whether you’re letting other people use your own personal password, or an entire department shares a password to get into a certain program. It gives hackers more points of entry.

He also said it’s bad for an individual to use the same password for multiple programs or devices, especially when going between work and personal use, a common problem in our bring-your-own-device culture.

“If you have a device that you use for work and personal use, hackers could potentially use that device to get into your work system,” he said.

Similarly, a company shouldn’t use the same password for different systems, such as, camera surveillance, HVAC and computers. “Then anything can be a gateway to other servers,” Hawkins said. “If someone gets in they have the keys to the kingdom.”

A better way

Douglas –

To make password protections more secure, Douglas said the simplest thing to do is to not rely on them entirely. Multi-factor authentication is the most popular way IT professionals are helping companies and individuals protect their computer and other systems.

“Ninety-nine percent of leaks can be avoided if multi-factor authentication is used,” Douglas said.

Using the system is relatively simple. A user memorizes a password, but when that is entered it triggers the system to send a code to the user through text or another device. That secondary bit of information is then needed to access the system.

“You enter the code just like a one-time password,” Douglas said. “It’s like having a new password every day, but you don’t have to remember it.”

It also adds a physical dimension to security. “They can have your password, but if they don’t have your phone they can’t use it,” he said.

For those who don’t have access to multi-factor authentication, both experts said the next best tip is to use pass phrases instead of passwords. A phrase, is easier to remember than a random word and can have more complex combinations that can’t be as easily cracked as a password.

For example “I_love_2_eat_tacos” has more characters is much more complex than “TacoGuy1” and should be just as easy to remember.

And if “TacoGuy1” is your password and you have to change it, DON’T make your new password “TacoGuy2,” it’s the first thing hackers would try if they had your old password, Douglas said.

“Oddly enough, however, the number one recommendation I have is ‘stop changing your passwords,’” Douglas said.

He said changing passwords too often can lead to people choosing poor passwords that are easier to crack, because they’re easier to remember.

People also tend to write them down then, which leaves them vulnerable to copying.

The first step to securing a company’s systems from a ransomware or other attack is to have a password policy to begin with, said Hawkins.

Make sure all staffers know what is expected from them with regard to keeping passwords secure, and more importantly enforce the policy.

Employees can be told what best practices are, but if everyone leaves their devices on a default Password1, a hack is likely on the horizon.