Ushering in the Modern Workplace with Microsoft 365

Do you think your team has the liberty to do their best work? Are they engaged and satisfied on a day-to-day basis? Are you providing your team with the tools that enable them to have a digital, adjustable workplace in today’s modern age?

Every business leader wants to be able to provide a work environment in which their team can enjoy secure and reliable platforms. This type of collaboration encourages the exchange of ideas, creative thought, and better workflows. The bottom line is that when you give your teams the tools and resources they need to do their jobs correctly, the whole business just runs better.

That’s the thought process behind Microsoft’s innovative new program.  The tech giant is now making it possible for businesses to provide their employees with the ability to have fluid communication while utilising several different devices at the same time.

When Microsoft Core Services Engineering (CSE) planned a redesign, this is what they envisioned to provide each company that used Microsoft 365:

• Inspiring employees
• Engaging customers
• Optimising operations
• Changing the nature of the company’s products, services, and business models

They knew that if they incorporated Microsoft technology and products fluidly together, they could provide a valuable and familiar resource for both employees and customers. Microsoft wanted to present the possibility to businesses that Microsoft 365 could be the vehicle that could deliver their products and services to consumers in the modern world.

What is a Modern Workplace?

Employee expectations are always changing and evolving at a rapid pace. Business leaders sense the demand to keep up with a widening skills gap, diversity in their employees, and a need to think globally when assembling their teams. These pressures require a business to provide a reactive, modern workplace to meet the evolving needs of its consumer base. The modern workplace requires continuous communication while using multiple devices and platforms. All this must be accomplished while simultaneously being able to incorporate top-notch security that keeps your data safe.

A Modern Workplace Provides Seamless Collaboration

The modern workplace requires businesses to train their employees to be less static, and more dynamic. They need to assemble groups of people who come together to solve a problem, which shifts the focus from “me-centric” jobs to “we-centric” jobs. When a team can unite quickly, solve a problem, and collaborate with other teams, a business succeeds, and the employees feel empowered.

A Modern Workplace Provides a Multi-Device Experience

Enabling employees to utilise the devices they love is a way of letting personnel know that the company’s bottom line is for the employees and the consumers to come out winning. Microsoft mobile application management and mobile device management solutions decrease complexity and make for a happier environment.  For example, an employee can start a meeting on an iPhone at a coffee shop and seamlessly end the meeting back at the office on a desktop computer. The user experience is no longer bound to a device—it travels with you.

A Modern Workplace Provides Intelligent Security That Protects the Company and the Customer

Having IT that is focused on protecting corporate data is crucial in today’s business. With the turn toward an intelligent cloud, a company can no longer just concern themselves with securing the perimeter. Their security stance must evolve or die.

Microsoft 365 protects both a company’s and consumer’s identity on your apps, data, and devices with comprehensive enterprise security. Also, the emerging cloud causes companies to ensure security for their customers. Microsoft 365 security stack works to proactively defend against malware, phishing, and zero-day attacks. Microsoft 365 security addresses business challenges that deal with intelligent security, such as:

• Identity, app, data, and device protection using Azure Active Directory, Microsoft Intune, and Windows Information Protection.
• Innovative protection with Office 365 Advanced Threat Protection and Windows Defender Advanced Threat Protection.
• Data archiving, control, and detection with Advanced eDiscovery.

Instead of protecting companies by looking at dealing with an asset or device, they incorporate their intelligence systems to counter threats at a fundamental level.

A Modern Workplace Changes the Culture

A company’s culture begins with their values and vision and then translates to their practices, teamwork, and relationship building. Facilitating employees so they can be flexible and not afraid to make mistakes, but learn from them, is what a dynamic and successful company should strive to do.

Wrap Up

The modern workplace empowers your personnel to embrace change and be a part of shaping the culture of the company. A culture shift takes place when a team is empowered. Microsoft 365 gives you the tools to make it easier for you to build experiences like this. This makes it possible for teams to be more productive and successful in their jobs. It’s a win-win for both the employer and the employee.

Digital transformation is just as much about people as it is about technology. You will succeed when you show employees that they are vital to your company’s success. With the familiarity and ease of Microsoft 365, your team can place an emphasis on providing excellent goods and services to your customers.  The complexity and challenges brought on by the advancement of rapidly evolving technology shouldn’t be an obstacle to employees. It should be an opportunity for them to display their creativity while adding value to your organisation.

The increasingly digitalized world we live in has a lot of benefits in business and in relationships, but with it also comes a whole new host of problems, including a rise in API data breaches.

A number of high-profile companies have been affected by API data breaches in recent years, allowing other businesses to learn from their mistakes in regard to cyber attack prevention. It can be difficult to regain public trust once a breach has occurred, not to mention the legal ramifications of not carefully storing your users’ information properly. Performing a vulnerability test on your system can help identify areas of weakness.

Given the vast variety and differences between potential attacks today, there is no easy solution to data breaches, and the right approach to prevention can depend on numerous factors. API security, in itself, is complex, and before you can come up with a good game plan, you must understand what you’re up against. While today’s cyber attackers are finding new ways to infiltrate networks all over the globe, there are a few common attacks you’ll need to keep an eye out for. Familiarizing yourself with these will help you form an effective plan for prevention.

What Are Some Different Types Of Data Breaches?

Data breaches can be the result of a variety of different attacks. Three of the most common include man-in-the-middle attacks, session cookie tampering, and distributed denial of service attacks. Each of these is unique in the way it is conducted, and which type of information may be at stake. Here, we’ll break down what these are and how you can shield against them.

Man-In-The-Middle Attacks

Man-in-the-middle attacks are common in today’s cyber world. In this scenario, there is the victim, the system they are interacting with, and the “man in the middle”, which refers to a person attempting to intercept a victim’s data. In order for this cyber breach to be successful, the victim must not know about the man in the middle. Some tactics man-in-the-middle attacks utilize include IP spoofing, DNS spoofing, Email hijacking, HTTPS spoofing, Wi-Fi eavesdropping, and stealing browser cookies.

The typical MITM attack requires that the attackers gain access to a poorly secured Wi-Fi router, which is commonplace in public areas that offer free Wi-Fi hotspots for guests. This may also be the case in a person’s home, where a Wi-Fi network may not require a password. Once attackers detect vulnerability in a network, they can intercept a victim’s data using different tools, then insert these tools accordingly to gain access to the different sites a user visits. Once the data is intercepted, the attacker will unencrypt the data to gain access to protected information.

Session Cookie Tampering

Cooking poisoning and cookie tampering are used to describe an attack where cookies, or pieces of data stored in a particular user’s browser to track information from websites, are modified to bypass security in hopes of infiltrating a network. A cyber attacker, who is using cookie tampering, might gain access to a user’s account via false information, such as tricking a particular server into accepting the new version of the intercepted cookie once it’s been modified.

It can be fairly easy to carry out cookie tampering if a web developer of the application didn’t carefully store information prior to the attempted attack. This is especially true when key parameters have been labeled and are therefore simple to identify. A strong web application firewall can help prevent cookie tampering by detecting a cookie’s “set” commands and only accepting them if the information held within is verified.

Distributed Denial Of Service Attacks

DDos, or distributed denial-of-service attacks, are also common in today’s digital realm. This is a type of attack in which more than one compromised system attacks a target, causing the denial of service for other users. This type of attack has been utilized by a variety of groups, including individual hackers, government agencies, and even organized crime rings.

Post-Assessment Tips

Once an assessment of your network and potential vulnerabilities have been conducted, you should take the appropriate steps to alleviate the issues found therein.

To begin, start with the basics. Maintaining a solid inventory of your APIs is the first step you should take to ensure you’re protected against attacks in the future. Once you’ve done this, you can begin to develop and implement an effective set of security policies, which can include authentication and authorization, traffic management, and training on how to detect content threats.

You might even consider an API management gateway to up the ante on protection. It is also a wise idea to evaluate your existing platform vendors. Often, third-party vendors represent a weak security link. Remove sensitive data in your API URL path as well.

As you can see, network security requires a layered approach. There are certain techniques that work better for some businesses. A great IT specialist can help you find the best combination to provide your business with a good line of defense against the wide range of cyber threats.

A recent breach left the protected health information (PHI) of more than 19,000 patients in Orlando, Florida completely exposed online for two months before it was detected. What is more concerning, however, is why it took the group of clinics involved five months to report the breach to the Department of Health and Human Services, and six months to alert the affected patients.

How the Breach Happened

The Orlando Orthopaedic Center in Florida hired a 3rd party vendor to handle their transcriptions, as do many clinics and health centers. When the vendor was updating their software during December 2017, they made a serious mistake that misconfigured access to one of their databases. That configuration issue left their server open to the public and accessible over the internet. Anyone who desired could access the patient data stored on that server, and they could do so without any authorization needed. It was two months before the mistake was discovered.

Impact of the Breach

This breach left 19,101 patient records seriously exposed, which was not only a major HIPAA violation, but a situation that could easily result in identity theft. Once the breach was recognized, investigators discovered that a great deal of information had inadvertently been made publicly available. This included names, insurance details, dates of birth, medical treatments, employers, and, in a limited number of cases, social security numbers. Fortunately, no financial information (debit card numbers, credit card numbers, bank account numbers, or other financial records) were exposed during the breach.

All patients that received treatment from any Orlando Orthopaedic clinic prior to January 2018 would have been affected by the breach. Investigators were not able to determine if anyone had gained access to what should have been PHI, and none of the affected individuals have, as of yet, reported identity theft or misuse of their PHI. However, the investigators were still unable to rule out the possibility of information theft or unauthorized access to patient information.

Aftermath of the Breach

Orlando Orthopaedic did not find out about the breach until February 2018, two months after it occurred. However, it would be almost six months before the affected patients were notified by mail. The clinics involved have yet to provide a reason for the delay in notification.

As a result of the security breach, Orlando Orthopaedic Center employees are receiving cybersecurity training even though they were not directly responsible for the problem. In addition, the affected clinics are taking additional security measures to ensure that PHI stored both on their own servers, as well as accessible through endpoints, are all secured.

The transcription vendor responsible for the breach has offered all the affected patients one year of free credit monitoring and identity theft protection and restoration services. The vendor has also made changes to their security to ensure that information on their servers remains protected from prying eyes.

In addition, all patients involved have been advised to closely monitor their insurance Explanation of Benefits statements, as well as their other accounts for any signs that their PHI is being used fraudulently. In the event that a patient sees unusual activity, they should notify their insurance provider immediately.

Who Is Responsible?

Even if a 3^rd party vendor or business partner is responsible for causing the breach, the healthcare provider is still held legally responsible. In this case, Orlando Orthopaedic is the responsible party even though it was the security of the vendor that was lax, a situation over which they had no direct control. This reinforces the fact that healthcare providers must be thorough in vetting potential vendors.

Concerns about Delays

As already mentioned, it took Orlando Orthopaedic six months to notify their patients of the PHI breach and five months to notify the Department of Health and Human Services Office of Civil Rights (OCR). The OCR should have been notified 60 days after discovery of the breach, according to HIPAA guidelines, not five months. The same deadline applies to notifying patients.

No doubt a fine is to be expected. Presence Health delayed reporting a breach to the affected patients and OCR 40 days past the 60-day deadline. Their fine amounted to $475,000, and was the first case of a HIPAA breach fine for the untimely reporting of a breach of unsecured PHI.

Conclusion

Even if the breach of PHI is caused by the carelessness of a business partner (including 3rd party vendors), the healthcare clinic is still the entity held legally responsible. There is a 60-day deadline for notifying OCR and the affected patients, and failure to meet this deadline will most likely result in a punitive fine. Failure to notify the patients right away can damage the reputation of the healthcare provider. Even offers of credit monitoring and identity theft restoration cannot undo the negative effects of the breach.

Girl Scouts of the USA recently announced the addition of 30 new badges now available for Girl Scouts aged 5-18. The new badges were created to address a number of today’s most important social issues, including environmental advocacy, cybersecurity, robotics, computer science, and space exploration, among others.

Girl Scouts of the USA has long served as a means for young girls to acquire life experience and develop a number of important soft skills, which include perseverance and confidence. The benefits of participating in Girl Scouts are proven. According to one study, Girl Scouts are over twice as likely to demonstrate community problem-solving skills compared to those who do not participate.

The Cybersecurity badge, funded by Palo Alto Networks, will introduce the girls to a variety of age-appropriate internet safety and privacy principles. They will first learn how the internet works, then learn techniques to spot, report, and further investigate cybercrime.

Cybercrime is on the rise, and the Girl Scouts are in a unique position to influence young girls all over the nation. According to the FBI’s 2017 Internet Crime Report, cybercrime resulted in more than 300,000 complaints last year with losses reaching upwards of $1.4 billion. Raising awareness about cybercrime is just one step toward combatting the problem, and with the help of their sponsors, the Girl Scouts are on their way toward arming a new generation of young people with the tools they’ll need to make a difference in internet security.

New Leadership Journeys

In addition to the cybersecurity badge, the new badges include two additional Girl Scout Leadership Journeys to help girls on their path to growth. Girl Scout Leadership Journeys involve hands-on activities to help girls utilize their new skills to tackle problems within their respective communities. These programs prepare girls to achieve success in fields like computer science, robotics, and cybersecurity.

Funded by Raytheon, “Think Like a Programmer” offers girls a valuable foundation in computational thinking, which will serve as the basis for next year’s Cyber Challenge, a first for the organization. The Think Like an Engineer Journey will help girls further understand how engineers approach and solve problems.

Phase one of the national computer science program for middle school and high school-aged girls has been run as a pilot in a small group of geographies since earlier this year. The program is expected to expand nationwide in the fall of this year, with select groups of Girl Scout councils piloting the upcoming Cyber Challenge next year in 2019.

Raytheon & The Girl Scouts: A Partnership

Raytheon Company, headquartered in Waltham, Massachusetts, is a leader in technology and innovation in civil government, defense, and cybersecurity solutions. With a history spanning nearly a century, Raytheon operates in more than 80 countries. The company has a long history of partnership with several Girl Scout Councils. It is the inaugural sponsor of the Girl Scouts’ computational thinking program, which will expose the girls to age-appropriate content across areas such as science, engineering, technology, and math.

Although women made up half of the current college-educated workforce, only 29% work in occupations dealing with science and engineering. The new partnership with Raytheon seeks to increase the number of female STEM leaders by encouraging girls to explore an interest in these fields early on. In fact, the Girl Scout Research Institute, GSRI, compiled a report, the Generation STEM report, which determined that 74% of teen girls demonstrate an interest in STEM fields; however, this interest fades as they get older and move on through middle school and high school. The decreased interest is thought to be the result of a lack of exposure to STEM fields in ways that pique their further interest and inspire ambition.

In 2017, the Millennial Cyber Security Survey, conducted by the National Cyber Security Alliance, NSCA, found that the majority of female Millennials said that more exposure to STEM information, training, and classes during their middle school and high school years would have had an impact on their interest in cybersecurity careers. These new badges will strive to empower young girls to achieve their goals across all industries, particularly those currently dominated by males.

History Of Girl Scouts

The Girl Scouts of the US have been making a difference across the nation for nearly a century. The first Girl Scout troop was established in 1912 in Savannah, Georgia by Juliette Gordon “Daisy” Low. Since then, the organization has grown exponentially, culminating into a membership of more than 2.6 million. Today, they continue to operate under the principles of courage, character, and confidence in hopes of making the world a better place.

 

How Can I Keep My Business Safe From an Email Scam?

Recently, small business owner, Phoebe Bell of Sage and Clare, a popular homeware designer business in Australia, opened up about her company falling prey to email scammers. Sage and Clare lost $10,000 from the hi-tech thieves who Bell says were most likely tracking the company’s emails for months.

As they have done countless times before, Sage and Clare placed a routine stock order with an unnamed supplier. In fact, Bell handled the order herself, emailing back and forth with the supplier about the order for several weeks.

In the midst of negotiating the order, the supplier informed Bell they had a new bank account to pay the money into for the order. Again, this was nothing out of the ordinary, Bell says because suppliers often change bank accounts.

After paying the $10,000 into the supplier’s “new account,” Sage and Clare discovered that their business was the victim of a scam, where a third party posed as the initial supplier. The scammers most likely hacked emails and read through the correspondence between Sage and Clare and the supplier, intercepted the specifics, and then redirected the payment funds.

Fortunately for Sage and Clare, they have the capital to recover from this loss. For some small businesses, losing $10,000 would cripple them.

Ms. Bell said that she was both embarrassed and distressed that this sort of thing could happen to her. She thought that she was smart enough to spot a dirty trick like this. When she opened up about the incident online, she found that many others had gone through a similar experience. She says that if someone had broken into her shop and stolen $10,000, the local police would come out and do a full investigation. But since the incident happened online, there’s nothing the police can do. She did report the theft to her bank, the Australian Federal Police, and the Australian Cybercrime Reporting Network (ACORN).

How Can I Train My Team to Spot Hackers?

How can you keep your business safe from these types of email scams? What kind of safeguards can you put in place to ensure that your business does not fall prey to thieves prowling for businesses who practice naive online transactions?

5 Effective Tools to Keep Your Australian Business Safe from Hackers in 2018

Routinely Train Your Employees

Almost 90% of Cyber Attacks are Caused by an employee’s human error or an honest mistake, according to a cyber consultant, Willis Towers Watson. These circumstances are commonly a result of employees giving sensitive information to hackers who pretend to be clients in need of information.

Routinely scheduling an online security awareness training for all your team will keep your company updated and vigilant to fend off hackers.

 Improve Your Technology

Having anti-virus software in place to protect your company’s site from viruses and malware is the first step in good cybersecurity.

It is essential to have the software updated on a regular basis. We all get the update software notices, and it’s easy to ignore or delay the update to the next day, week or month. Make sure your IT department stays on top of all updates and patches. This will ensure that each computer is up-to-date.

Here are some questions to ask yourself and your team to ensure you are protected from viruses and malware:

• Do we have firewall protection?
• Are our passwords strong?
• Do we use two-factor authentication?

Being able to confidently answer these questions will give you peace of mind that you are doing your best to keep your business safe from cyber-attacks.

Keep a Tight Rein on Internet Access

This key step is often overlooked by employers but is so important. Your IT department can set up your computers so that they cannot access risky sites. Make sure that important company information can only be accessed by a chosen few.

Another good tip is to make it a practice to stay informed about current online data breach scams. Routinely making a habit of following a blog that reports the latest hacking news will help you stay vigilant.

 Don’t Keep Unnecessary Data

It isn’t necessary to store old data or customer information that is outdated or no longer useful for the company. Too often, though, companies don’t take the time to purge old records. Instead, they end up keeping information such as credit card numbers and other sensitive information in their system for customers who are long gone.

When the information is of no further use to your company, have a system in place where it is deleted. This will ensure that you avoid the risk of revealing unnecessary customer information if you are breached.

Adhere to a Phishing Awareness Checklist

Sticking to a protocol of routinely checking off safety practices will keep you aware of potential phishing attacks.

Here are some suggestions of important checklist questions you may want to include:

• Do you recognise who’s sending the email?

If not, hover your mouse over the “From:” field to check for the right domain (i.e., an email from Yum Dog Treats should have a domain name of yumdogtreats.com).

• Can you identify the sender’s email address?

Don’t open anything when their name is not matched up with the email address. If “Katie Jones” from “Yum Dog Treats” sends you an email, her email address should most likely say something like kjones@yumdogtreats.com, not kjones1989@gmail.com.

• Is there an attachment the sender wants you to open?

Be suspicious of all attachments, but especially ones that have two extensions (i.e., file.doc.scr) or small files that are zipped.

• Is there a link from the sender?

If so, does the URL convey the message of the email? You can simply hover your mouse over the link to check the URL to read it.

Conclusion

With the current situation, cyber-attacks are increasing dramatically in Australia and around the world. No one is safe. It’s every person’s duty to remain informed and aware of these scams. Ms. Bell learned her lesson the hard way and it cost her $10,000 to do so. You may not be financially able to learn such an expensive lesson.