Your Carrier Isn’t Protecting You

Gigabit Systems

November 26, 2025

•

20 min read

Share this post

Your Carrier Isn’t Protecting You

The FCC Just Removed One of the Only Rules Forcing Telecoms to Strengthen Security

In January 2025, after the Chinese state-backed group Salt Typhoon breached at least eight U.S. telecom providers — including AT&T, Verizon, and T-Mobile — the FCC invoked Section 105 of CALEA to push carriers into urgently hardening their networks. The rule created accountability, penalties, and regulatory pressure for long-neglected security gaps.

Now the FCC has rescinded that ruling.

The agency says the original order was flawed, overly broad, and outside its authority. But removing it leaves millions of Americans exposed to the same weaknesses Salt Typhoon exploited — weaknesses the telecom industry has repeatedly failed to address voluntarily.

And for SMBs, healthcare organizations, law firms, and schools, this decision has real, immediate cybersecurity consequences.

What the FCC’s Reversal Actually Means

FCC Chair Brendan Carr announced that carriers had already agreed to strengthen their networks and accelerate patching — but acknowledged the January order was fundamentally “unlawful and ineffective.”

Repealing it means:

No enforceable requirement for carriers to improve cybersecurity
No penalties if they ignore vulnerabilities
No regulatory mandate for threat hunting, segmentation, access control, or outbound connection restrictions
No accountability for failures affecting hundreds of millions of Americans

This is especially concerning given carriers’ history:

T-Mobile ignored SIM-swap threats for years
AT&T, Verizon, and T-Mobile were fined for illegally sharing customer location data
Multiple carriers have experienced supply-chain breaches, metadata theft, and insider abuse

The track record is not reassuring.

Why Customers Should Be Worried

Salt Typhoon didn’t just hack a few accounts.

They compromised core wireless infrastructure.

From inside the networks, attackers quietly collected:

Account credentials
Sensitive customer records
Wireless metadata
Location traces
Over-the-air information most people assume is protected

They operated for months before detection — inside the systems the entire country relies on for communication.

And experts warn that Salt Typhoon’s campaigns are still active today.

The FCC’s rollback removes the only rule directly aimed at preventing this from happening again.

Why This Matters for SMBs, Healthcare, Law Firms, and Schools

Your organization relies on carrier networks for:

MFA codes
Email access
Remote work
VoIP calls
Patient or client communication
Critical alerts
Cloud-service connectivity

If carriers fail to secure their infrastructure, your organization is exposed — even if your internal cybersecurity posture is strong.

When the network itself is compromised:

SMS-based MFA can be intercepted
Voicemail can be hijacked
Metadata can be harvested
Traffic analysis can map your operations
Account recovery workflows can be manipulated

This is the kind of systemic risk that bypasses traditional defenses.

What You Should Do Right Now

1. Stop using SMS for MFA

Use:

Authenticator apps
Passkeys
Hardware security keys

Telecom carriers cannot protect your authentication.

2. Encrypt everything

Use encrypted apps for sensitive communication — organizations must assume carrier networks are not trustworthy.

3. Enforce strong password management

A password manager greatly reduces the impact of metadata leaks and credential exposure.

4. Deploy VPN usage policies

A VPN won’t block a telecom breach, but it reduces metadata visibility and hardens traffic against passive collection.

5. Conduct incident-impact assessments

If Salt Typhoon had access to your carrier during the breach windows, assume exposure.

6. Reevaluate business continuity plans

Carrier outages, metadata leaks, and SIM-swap escalation must now be considered part of your organizational threat model.

Telecom security failures are not abstract.

When infrastructure falls, everyone falls with it.

70% of all cyber attacks target small businesses, I can help protect yours.

#cybersecurity #managedIT #MSP #dataprotection #SMBsecurity

Share this post

See some more of our most recent posts...

Cybersecurity

Technology

Smart glasses are watching your every move and they aren’t the product.

•

20 min read

The Device Watching You Is Selling Faster Than Ever

Smart glasses were supposed to feel futuristic.

Instead, they may become one of the largest privacy experiments ever quietly normalized.

According to reports, Meta’s Ray-Ban smart glasses sold over 7 million units last year alone, roughly tripling from the previous year.

At the same time, serious allegations emerged involving the handling of user footage captured by those devices.

And this is where the conversation stops being about technology.

It becomes about ethics.

The Privacy Problem Most People Never Realized Existed

Investigations alleged that contractors working for outsourcing firm Sama reviewed footage captured by Meta smart glasses users as part of AI training and moderation workflows.

According to reporting, that footage allegedly included:

private conversations
bedrooms
bathrooms
intimate moments
bank card information
highly sensitive personal environments

Moments users never realistically imagined would be viewed by another human being.

Much less categorized and labeled for machine learning systems.

That distinction matters enormously.

Because modern AI systems do not simply “learn automatically.”

Humans frequently sit behind the scenes reviewing, labeling, sorting, validating, and training the models.

And most consumers never fully understand how much human exposure may exist inside “AI-powered” ecosystems.

“Built With Privacy In Mind”

Meta publicly marketed the glasses as being “built with your privacy in mind.”

That phrase sounds reassuring.

But modern privacy language increasingly depends on something dangerous:

Consumers assuming they fully understand the data lifecycle behind the product.

Most do not.

The average user thinks:

“My data stays on my device.”
“AI handles everything automatically.”
“No one actually watches this footage.”

The operational reality inside many AI systems is far more complicated.

The Ethical Questions Become Much Darker

According to reports, when journalists exposed the story, Meta reportedly terminated its relationship with Sama.

More than 1,000 workers allegedly lost their jobs with extremely short notice.

The glasses continued selling.

Production reportedly continued scaling.

And the broader ethical conversation largely disappeared from public attention within days.

That may be the most important part of the story.

Not simply the alleged privacy exposure.

But how quickly society normalized it.

AI Is Quietly Reshaping Both Privacy And Labor

This story exposes two major realities happening simultaneously across the technology industry.

First:

Modern AI systems increasingly depend on enormous quantities of human-labeled data.

That data often includes:

voices
images
conversations
behaviors
locations
biometric information
environmental recordings

Consumers rarely understand the full chain of custody behind that information.

Second:

AI investment is increasingly restructuring the workforce itself.

Meta has publicly committed enormous resources toward:

AI infrastructure
model training
custom chips
hyperscale data centers
AI platform expansion

At the same time, large-scale layoffs continue across the technology sector.

Whether companies explicitly attribute reductions to AI or not, the economic transition is becoming increasingly difficult to ignore.

SMBs, Healthcare, Law Firms, And Schools Should Pay Attention

Many organizations still treat AI primarily as:

productivity software
automation tools
convenience features

But AI systems increasingly introduce:

privacy risks
data governance challenges
legal exposure
vendor trust concerns
compliance questions
workforce disruption issues

Especially for:

healthcare environments
law firms
schools
SMBs handling sensitive customer data

The core issue is no longer simply:
“Is AI useful?”

The real question is:
“What hidden tradeoffs are organizations accepting without realizing it?”

The Most Important Takeaway

Technology companies increasingly operate on one foundational assumption:

Users will prioritize convenience faster than they will question data ethics.

So far, that assumption appears correct.

The devices keep selling.

The ecosystems keep growing.

The data keeps flowing.

And society keeps adapting to levels of surveillance and data exposure that would have seemed deeply disturbing only a few years ago.

The uncomfortable reality is this:

The product is not always the glasses.

Sometimes the product is the behavioral data, the environmental footage, the biometric patterns, and the human interactions captured along the way.

And most people still do not fully understand how valuable that information has become.

70% of all cyber attacks target small businesses, I can help protect yours.

#CyberSecurity #ArtificialIntelligence #DataPrivacy #MSP #DataProtection

Mobile-Arena

Cybersecurity

Technology

Your Phone Carrier Knows Where You Sleep

May 28, 2026

•

20 min read

Your Phone Carrier Knows Where You Sleep

Most people think of mobile carriers as utility companies.

But modern telecom providers quietly hold some of the most sensitive personal information imaginable:

home addresses
phone numbers
email addresses
device identifiers
billing data
location history
authentication systems

Which is exactly why telecom platforms have become increasingly attractive cyberattack targets.

According to reports, Trump Mobile has confirmed a data exposure involving customer information tied to preorders and account systems.

Researchers reportedly discovered a vulnerability that allowed unauthorized access to customer data stored inside the platform’s systems.

The exposed information allegedly included:

names
phone numbers
email addresses
mailing addresses

Credit card data was reportedly not exposed.

But that does not make this harmless.

Why This Type Of Breach Matters

Many people underestimate how dangerous “basic” personal information can become when aggregated together.

A phone number linked to a physical home address creates enormous opportunity for:

phishing attacks
SIM swapping
identity theft
impersonation scams
social engineering
account recovery attacks
targeted fraud campaigns

Cybercriminals increasingly operate like intelligence analysts.

The goal is rarely just stealing one database.

The goal is building highly detailed identity profiles over time.

The Telecom Industry Has Become A Prime Target

Telecommunications providers now sit at the center of digital identity itself.

Your phone number is often tied directly to:

MFA authentication
password resets
banking alerts
email recovery
cryptocurrency accounts
cloud access
Microsoft 365
business systems

That makes telecom infrastructure extraordinarily valuable to attackers.

A compromised phone number can sometimes become the first domino in a much larger account takeover chain.

The Real Problem Is Often Not The Breach

It is the architecture behind it.

Early reporting suggests the exposure may have stemmed from weaknesses in how preorder systems stored or protected customer information.

That pattern appears constantly across modern cybersecurity incidents.

Organizations frequently secure:

payment systems
production infrastructure
authentication environments

But overlook:

marketing tools
temporary databases
third-party integrations
development environments
preorder systems
customer support platforms

Attackers look for the weakest connected system, not necessarily the primary one.

SMBs, Healthcare, Law Firms, And Schools Should Pay Attention

Many smaller organizations assume:
“We are not large enough to be targeted.”

But breaches increasingly occur because:

systems grow rapidly
platforms launch quickly
integrations expand
temporary workflows become permanent
visibility disappears across environments

This affects:

SMBs
healthcare providers
law firms
schools
nonprofits
startups

Especially organizations scaling quickly without mature cybersecurity oversight.

The New Reality Of Data Exposure

Modern businesses should assume:

breaches will happen
vendors may fail
third-party systems may become compromised
customer information will remain a major target

The companies that survive these incidents best are usually the ones that:

minimize stored data
segment systems properly
monitor exposures continuously
implement layered cybersecurity controls
plan for compromise before compromise occurs

Cybersecurity is no longer just about protecting servers.

It is about protecting identity itself.

Because in today’s digital economy, your phone number may be more valuable to attackers than your password.

70% of all cyber attacks target small businesses, I can help protect yours.

#CyberSecurity #DataProtection #MSP #TelecomSecurity #ManagedIT

Cybersecurity

Technology

The Strongest Networks Expect Failure

May 25, 2026

•

20 min read

The Strongest Networks Expect Failure

Most businesses build technology systems assuming everything will work normally tomorrow.

That assumption is becoming increasingly dangerous.

Outages, ransomware, hardware failures, cloud disruptions, accidental deletions, and human mistakes are no longer rare edge cases.

They are inevitable operational realities.

The companies that survive major disruptions are usually not the ones with “perfect” systems.

They are the ones designed to keep operating after something breaks.

The Brilliant Design Behind SONET

SONET stands for Synchronous Optical Network.

One of the smartest aspects of SONET architecture is its ring-based design.

Instead of relying on a single linear connection, SONET networks are built as loops.

If one fiber line gets cut, traffic automatically reroutes the opposite direction around the ring.

The network continues functioning because the system was engineered expecting failure from the beginning.

That philosophy is incredibly important far beyond telecommunications.

It may actually describe the future of business resilience itself.

The Black Swan Problem

The concept strongly mirrors the “Black Swan” theory popularized by Nassim Nicholas Taleb in his 2007 bestselling book The Black Swan.

A black swan event is:

rare
unexpected
massively disruptive
operationally devastating

Modern businesses face black swan risks constantly:

ransomware attacks
Microsoft 365 compromise
cloud outages
lost email
hardware failure
vendor compromise
insider mistakes
natural disasters
accidental deletions

Most organizations psychologically respond the same way:

“That would never happen to us.”

History repeatedly proves otherwise.

The Better Question Businesses Should Ask

One of the first questions I ask companies before they become clients is not:

“How secure are you?”

It’s this:

“If something catastrophic happened tomorrow, could you still operate?”

That question changes everything.

If:

your emails disappeared tonight
your server failed tomorrow morning
Microsoft 365 became inaccessible
ransomware encrypted your systems
your primary vendor went offline

What happens next?

Could your business function?

Or would operations stop completely?

Most companies discover they are far more fragile than they realized.

Cybersecurity Is No Longer Just Protection

For years, businesses viewed cybersecurity primarily as prevention:

firewalls
antivirus
spam filtering
endpoint protection

Those tools still matter enormously.

But modern resilience requires something deeper:

Operational survivability.

Because eventually, something will fail.

The organizations that recover fastest are usually the ones that already assumed failure was possible.

Building Your Own “SONET Ring”

At Gigabit Systems, we help businesses build layered resilience systems designed around continuity instead of perfection.

That includes:

secondary backups
redundant infrastructure
disaster recovery planning
layered cybersecurity protections
cloud redundancy
offline recovery systems
operational continuity planning

The goal is not predicting every possible disaster.

That is impossible.

The goal is ensuring one failure does not collapse the entire business.

Because resilience is not about avoiding black swans entirely.

It is about surviving them when they arrive.

70% of all cyber attacks target small businesses, I can help protect yours.

#CyberSecurity #MSP #BusinessContinuity #ManagedIT #DataProtection