Author: Stuart Crawford

In case you haven’t heard, IT systems for the City of Atlanta were shut down by SamSam, a virulent form of ransomware.

What’s SamSam? The SamSam malware hunts for critical files and uses AES 256-bit encryption to lock them up. The hacker then asks for a Bitcoin to be sent to a Bitcoin wallet. If the victim doesn’t pay, they erase all the data.

“SamSam is a ransomware controlled by a single threat group,” explained Keith Jarvis, a researcher with Secureworks Counter Threat Unit. “It’s unlike other ransomware that’s out there.”

What makes SamSam different is in the way the attacks develop.

SamSam scans for open ports and uses a brute force attack until it gets in. A brute force attack means that they’ll constantly hit the port with credentials until one works. Once the hacker group succeeds, they’re inside your system.

The ransom note left by hackers said that refusing to pay the $51,000 would result in deletion of all the information. This particular group of hackers has successfully collected $850,000 since last year.

1 in 4 of those who pay a ransom never recover their data. The FBI urges victims not to pay. This is why it’s essential that you back up your data to a reliable source.

This wasn’t the first time SamSam paralyzed a government.

It’s also infected offices in Colorado, North Carolina, Alabama, and Maryland.

Governments’ operations are mission-critical, and hackers know that they will ultimately pay the ransom.

Experts say that SamSam and other ransomware attacks will increase. No one is safe.

So, what should you do? Here’s what cybersecurity experts recommend.

“Backup, backup, backup!” You can restore your files from your last backup.

However, not all backups are the same. You must regularly back up your files to an enterprise-cloud solution. If you use a disaster recovery as a service (DRaaS) solution, you should be able to do this and quickly “spin up” the image of your backup on your computer. But first, make sure your most recent backup wasn’t infected as well. By spinning up the image in a self-contained virtual machine (VM), you can inspect the backup image without exposing it to your entire network.

Backup your data to a reliable source. A ransomware attack can hold your data hostage and paralyze your business just like it did for the City of Atlanta. That’s why having a reliable enterprise-cloud backup solution is crucial. Ask your Technology Solutions Provider to help you decide which one is best for your unique needs.

Work with your IT provider and answer the following questions so they can provide the best backup solution for you:

How critical is the data you store?

This will help your IT support determine when and how it should be backed up.

• For critical data that includes databases, you’ll require a backup plan that extends over a number of time periods.
• For confidential information, your backup data should be physically secure and encrypted.
• For less critical data, an extensive backup plan isn’t required. However, you should still back up data regularly and ensure it is easily recoverable.

Do you need to back up your backup?

If you use large servers, your IT provider should create an image of them so your data can be retrieved immediately. Remember, backups can fail, so it’s important to back up your backup.

Do you test your backups to ensure they are readily recoverable?  No matter how comprehensive your backup plan is, you’ll never know if it actually works unless you test it. Avoid potential backup failures by asking your tech provider to regularly test the recoverability of your data backups.

How long can your business survive if your data is unavailable?

It’s important to consider this possibility. It could be a while before your data can be retrieved if it isn’t stored properly. For some, this means weeks without their data. However, your IT support provider can make sure you’re using a proper extensive backup solution so that you can retrieve your data within minutes.

Time is an extremely important factor. Every minute of lost productivity will cost you. Not only in terms of money, but in regard to your reputation with your customers.

You should regularly back up your information to the cloud to protect against data or financial loss if you’re hit with ransomware. Just like you need this protection in the event of a power loss, accidental deletion of data, or a disaster that destroys your servers, you need it to protect your business from ransomware attacks.

Here are some other things that cybersecurity experts recommend:

• Turn off Remote Desktop Protocol (RDP). It should never be used on any public facing port, and its use should be discouraged anywhere else on a network.
• Turn on two-factor authentication. Brute force credential attacks won’t work if two-factor authentication is in place.
• Perform regular audits of your external network for open remote access ports. You can use the Shodan browser for this.
• Have robust credentials. Weak credentials make a break-in easier and faster.
• Use whitelisting. That means keep a list of the sites on the Internet where users are allowed to go and a list of what sites can have access to your network.
• Never allow Windows shares on the public network.
• Patch religiously. While you need to confirm that a patch will work, it’s critical to apply it promptly. The practice of delaying patches for months or forever is certain to cause problems.
• Finally, train your employees to recognize threats such as phishing emails.

Security Awareness Training for your employees Is the first step towards protection.

Hackers work 24/7 to obtain access to your confidential information, and using ransomware is one of the easiest ways for them to do this. It’s easier for them to trick your employees than it is to break into a well-secured IT system.

Ransomware succeeds via phishing attacks, where employees are convinced to click a malicious link. Once they do, the virus enters their computer and locks down all the data. Good employees make mistakes. If they aren’t properly trained to recognize a cyber threat, your network and business are vulnerable.

Today’s 
security solutions are no match for ransomware. This is because the criminals get into your system via your employees’ negligence. Malicious emails coupled with a lack of employee cybersecurity training 
is the leading cause of successful ransomware attacks.

Ask your IT support partner to conduct regular Security Awareness Training for you and your employees.

When conducted properly, this traininitg will reduce the risk to your organization’s IT systems and limit the chance of a data breach.

It’s essential to train your employees to recognize phishing emails and know what to do if they receive one. Make sure they know how to avoid common dangers like opening attachments from unknown senders. Every employee should participate in this training – and ensure that your IT provider holds refresher courses, as threats are constantly changing.

Don’t wait until a ransomware attack locks up your data. Take steps to protect your business now.

How Would It Cost Your Business If This Happened To You?

Have you read the news? According to Reuters, Under Armour Inc., headquartered in Baltimore, Maryland, recently suffered a breach of the private information for their 150 million MyFitnessPal app users.

This is the largest breach this year according to experts. It included account usernames, email addresses, and passwords. Lucky for them, Social Security numbers, driver license numbers, and payment card data weren’t stolen like they usually are in data breaches of this kind.

Once again we learn that keeping up to date on cybersecurity, changing passwords often, and using an IT support provider to implement a layered approach to security is essential if you want your business to stay safe in today’s digital world.

Perhaps, if Under Armour had used these services, they could have prevented this breach. Now, their reputation has been ruined.

Would you trust your private data to them?

I wouldn’t.

With so many data breaches today, they should have known better and considered the privacy of their customers. How can they salvage their creditability now?

As a business technology professional, I know that data protection costs much less than what I’d face from a breach – legal liability, fines, and lost customers.

With the rising number of cyber thefts, numerous lawsuits have been filed against businesses like Under Armour. In the last few years, data breaches have become so prevalent that it’s almost commonplace to hear that a company has been breached.

Learning that all their personal information is in the hands of thieves causes a significant change in the behavior of customers. One study found that consumers who learned of a data breach at their favorite retail store significantly cut back on their purchases.

With over 1,500 data breaches in 2017, consumers responded in this way:

• 84 percent said they might not consider doing business with a retailer who had experienced a data breach.
• 57 percent of holiday shoppers felt that identity theft and data breaches would be a significant threat during the holiday season.
• Four in 10 consumers said they believed businesses aren’t doing the best they can to protect them.
• 38 percent said they weren’t sure all companies were doing everything possible to stop data breaches.

I know that my business has the best cybersecurity and IT management that money can buy. I take full responsibility for this and all my customers’ private data.

After what I’ve learned, this is what I would tell the CEO of Under Armour, and others to do from now on:

Protecting your security isn’t only a job for your IT support provider but one for you as a CEO as well. You must understand that any interruption in your information systems can hinder your operations, negatively impact your reputation, and compromise your customers’ private data.

Many CEOs don’t fully understand this. They spend their energy developing new products and services and managing current ones. Security comes in second. Maybe they’re unaware of the risks or feel that it’s solely an IT concern. Some may not be very technical and fear to discuss what could be an intimidating topic, but this isn’t wise.

The Department of Homeland Security recommends five questions that CEOs should ask themselves to lower the risk of cyber attacks:

1) What is the current level and business impact of cyber risks to our company? What is our plan to address identified risks?

2) How is our executive leadership informed about the current level and business impact of cyber risks to our company?

3) How does our cybersecurity program apply industry standards and best practices?

4) How many and what types of cyber incidents do we detect in a normal week? What is the threshold for notifying our executive leadership?

5) How comprehensive is our cyber-incident response plan? How often is the plan tested?

We also need to train our employees on cybersecurity practices like recognizing phishing attacks and using secure passwords. The folks at OneSource handle this for us. Here are some of the topics they cover:

Lesson 1: Ignore Ransomware-Threat Popups and Don’t Fall for Phishing Attacks.

These threats look like they’re from an official entity like the IRS or FBI. If a screen pops up that says you’ll be fined if you don’t follow their instructions, beware! If you do, the criminal will encrypt all your data and prevent you and your employees from accessing it.

Watch out for messages that:

• Try to solicit your curiosity or trust.
• Contain a link that you must “check out now”.
• Contain a downloadable file like a photo, music, document or pdf file.

Don’t believe messages that contain an urgent call to action:

• With an immediate need to address a problem that requires you to verify information.
• Urgently asks for your help.
• Asks you to donate to a charitable cause.
• Indicates you are a “Winner” in a lottery or other contest, or that you’ve inherited money from a deceased relative.

Be on the lookout for messages that:

• Respond to a question you never asked.
• Create distrust.
• Try to start a conflict.

Watch for flags like:

• Misspellings
• Typos

Lesson 2: Always Use Secure Passwords.

• Never use words found in the dictionary or your family names.
• Never reuse passwords across your various accounts.
• Never write down your passwords.
• Consider using a Password Manager (e.g., LastPass or 1Password)
• Use password complexity (e.g., P@ssword1).
• Create a unique password for work.
• Change passwords at least quarterly.
• Use passwords with 9+ characters.
  • A criminal can crack a 5-character password in 16 minutes.
  • It takes 5 hours to crack a 6-character password.
  • 3 days for a 7-character one
  • 4 months for 8 characters
  • 26 years for 9 characters
  • centuries for 10+ characters
• Turn on Two-Factor Authentication if it’s available.

Lesson 3: Keep Your Passwords Secure

• Don’t email them.
• Don’t include a password in a non-encrypted stored document.
• Don’t tell anyone your password.
• Don’t speak your password over the phone.
• Don’t hint at the format of your password.
• Don’t use “Remember Password” feature of application programs such as Internet Explorer, Portfolio Center or others.
• Don’t use your corporate or network password on an account over the Internet that doesn’t have a secure login where the web browser address starts with http:// instead of https:// If the web address begins with https:// your computer is talking to the website in a secure code that no one can eavesdrop on. There should be a small lock next to the address. If not, don’t type in your password.

Lesson 4: Backup Your Data Onsite/Remotely and Securely

• Maintain at least three copies of everything.
• Store all data on at least two types of media (one offsite in a secure enterprise cloud solution).
• Keep a copy of your data in an alternate location.

If you haven’t backed up your data, and you’re attacked, it’s gone forever.

Lesson 5: Secure Open Wi-Fi with a VPN.

• Don’t go to sites that require your personal information like your username or password.
• Use VPN whenever possible. Limit your access to using sites with: https://
• Don’t connect if all the Wi-Fi networks you have ever accessed appear as “Available”.

We have our tech support professionals train our employees a few times a year because the threats keep changing. Plus, we have them conduct Vulnerability Assessments to make sure our cybersecurity “armor” stays strong and intact.

Don’t risk your data. Keep your data secure and your employees educated. I recommend that if you’re in an area they serve, that you should contact us immediately.

How Would It Cost Your Business If This Happened To You?

Have you read the news? According to Reuters, Under Armour Inc., headquartered in Baltimore, Maryland, recently suffered a breach of the private information for their 150 million MyFitnessPal app users.

This is the largest breach this year according to experts. It included account usernames, email addresses, and passwords. Lucky for them, Social Security numbers, driver license numbers, and payment card data weren’t stolen like they usually are in data breaches of this kind.

Once again we learn that keeping up to date on cybersecurity, changing passwords often, and using an IT support provider to implement a layered approach to security is essential if you want your business to stay safe in today’s digital world.

My Baltimore-based business uses One Source because they’ve been protecting organizations in Washington, DC., New Jersey, Delaware, Maryland, Northern Virginia, and Pennsylvania since 2001.

Perhaps, if Under Armour had used these services, they could have prevented this breach. Now, their reputation has been ruined.

Would you trust your private data to them?

I wouldn’t.

With so many data breaches today, they should have known better and considered the privacy of their customers. How can they salvage their creditability now?

As a business technology professional, I know that data protection costs much less than what I’d face from a breach – legal liability, fines, and lost customers.

With the rising number of cyber thefts, numerous lawsuits have been filed against businesses like Under Armour. In the last few years, data breaches have become so prevalent that it’s almost commonplace to hear that a company has been breached.

Learning that all their personal information is in the hands of thieves causes a significant change in the behavior of customers. One study found that consumers who learned of a data breach at their favorite retail store significantly cut back on their purchases.

With over 1,500 data breaches in 2017, consumers responded in this way:

• 84 percent said they might not consider doing business with a retailer who had experienced a data breach.
• 57 percent of holiday shoppers felt that identity theft and data breaches would be a significant threat during the holiday season.
• Four in 10 consumers said they believed businesses aren’t doing the best they can to protect them.
• 38 percent said they weren’t sure all companies were doing everything possible to stop data breaches.

 I know that my business has the best cybersecurity and IT management that money can buy. I take full responsibility for this and all my customers’ private data.

After what I’ve learned, this is what I would tell the CEO of Under Armour, and others to do from now on:

Protecting your security isn’t only a job for your IT support provider but one for you as a CEO as well. You must understand that any interruption in your information systems can hinder your operations, negatively impact your reputation, and compromise your customers’ private data.

Many CEOs don’t fully understand this. They spend their energy developing new products and services and managing current ones. Security comes in second. Maybe they’re unaware of the risks or feel that it’s solely an IT concern. Some may not be very technical and fear to discuss what could be an intimidating topic, but this isn’t wise.

The Department of Homeland Security recommends five questions that CEOs should ask themselves to lower the risk of cyber attacks:

1) What is the current level and business impact of cyber risks to our company? What is our plan to address identified risks?

2) How is our executive leadership informed about the current level and business impact of cyber risks to our company?

3) How does our cybersecurity program apply industry standards and best practices?

4) How many and what types of cyber incidents do we detect in a normal week? What is the threshold for notifying our executive leadership?

5) How comprehensive is our cyber-incident response plan? How often is the plan tested?

We also need to train our employees on cybersecurity practices like recognizing phishing attacks and using secure passwords. The folks at OneSource handle this for us. Here are some of the topics they cover:

Lesson 1: Ignore Ransomware-Threat Popups and Don’t Fall for Phishing Attacks.

These threats look like they’re from an official entity like the IRS or FBI. If a screen pops up that says you’ll be fined if you don’t follow their instructions, beware! If you do, the criminal will encrypt all your data and prevent you and your employees from accessing it.

Watch out for messages that:

• Try to solicit your curiosity or trust.
• Contain a link that you must “check out now”.
• Contain a downloadable file like a photo, music, document or pdf file.

Don’t believe messages that contain an urgent call to action:

• With an immediate need to address a problem that requires you to verify information.
• Urgently asks for your help.
• Asks you to donate to a charitable cause.
• Indicates you are a “Winner” in a lottery or other contest, or that you’ve inherited money from a deceased relative.

Be on the lookout for messages that:

• Respond to a question you never asked.
• Create distrust.
• Try to start a conflict.

Watch for flags like:

• Misspellings
• Typos

Lesson 2: Always Use Secure Passwords.

• Never use words found in the dictionary or your family names.
• Never reuse passwords across your various accounts.
• Never write down your passwords.
• Consider using a Password Manager (e.g., LastPass or 1Password)
• Use password complexity (e.g., P@ssword1).
• Create a unique password for work.
• Change passwords at least quarterly.
• Use passwords with 9+ characters.
  • A criminal can crack a 5-character password in 16 minutes.
  • It takes 5 hours to crack a 6-character password.
  • 3 days for a 7-character one
  • 4 months for 8 characters
  • 26 years for 9 characters
  • centuries for 10+ characters
• Turn on Two-Factor Authentication if it’s available.

Lesson 3: Keep Your Passwords Secure

• Don’t email them.
• Don’t include a password in a non-encrypted stored document.
• Don’t tell anyone your password.
• Don’t speak your password over the phone.
• Don’t hint at the format of your password.
• Don’t use “Remember Password” feature of application programs such as Internet Explorer, Portfolio Center or others.
• Don’t use your corporate or network password on an account over the Internet that doesn’t have a secure login where the web browser address starts with http:// instead of https:// If the web address begins with https:// your computer is talking to the website in a secure code that no one can eavesdrop on. There should be a small lock next to the address. If not, don’t type in your password.

Lesson 4: Backup Your Data Onsite/Remotely and Securely

• Maintain at least three copies of everything.
• Store all data on at least two types of media (one offsite in a secure enterprise cloud solution).
• Keep a copy of your data in an alternate location.

If you haven’t backed up your data, and you’re attacked, it’s gone forever.

Lesson 5: Secure Open Wi-Fi with a VPN.

• Don’t go to sites that require your personal information like your username or password.
• Use VPN whenever possible. Limit your access to using sites with: https://
• Don’t connect if all the Wi-Fi networks you have ever accessed appear as “Available”.

We have One Source train our employees a few times a year because the threats keep changing. Plus, we have them conduct Vulnerability Assessments to make sure our cybersecurity “armor” stays strong and intact.

Don’t risk your data. Keep your data secure and your employees educated. I recommend that if you’re in an area they serve, that you should contact One Source Imaging Solutions at (800) 875-8843 or ITsolutions@osisIT.com. They’ll explain how they can do this for you. It’s truly the best money I’ve ever spent.

Do you have a device or app that you enter personal information in so you can track what you eat, what you do for exercise, how much you weigh, where you live, and when you leave your home every day to go workout?  Well, if you use MyFitnessPal you may be 1 of 150 million users whose data may have been compromised.

Baltimore’s Under Armour announced Thursday evening (March 29th), that they experienced a data breach exposing usernames, email addresses, and hashed passwords of 150 million users of the popular MyFitnessPal app:

“Under Armour is working with leading data security firms to assist in its investigation, and is also coordinating with law enforcement authorities,” the company said in a statement. “The investigation indicates that the affected information included usernames, email addresses, and hashed passwords — the majority used the hashing function called bcrypt used to secure passwords.”

Under Armour will require all users to change their passwords and is “urging users to do so immediately.” They are also encouraging their users to keep an eye out for suspicious activity within their accounts.

What should you do?

If you receive an email that claims your personal MyFitnessPal information has been hacked, and that you need to click on links to change your password or open attachments to find out how to protect yourself, be very careful:

• Don’t click on links,
• Don’t open attachments, and
• If there’s a reference to a website with more information, type the web address into your browser. Don’t click the link.

Most importantly, change your password not only in your MyFitnessPal application but anywhere else you use that password or even a variation of that password. 

Don’t let your quest to live a healthier lifestyle be the opening for a hacker to ruin your life.

The Lesson You Should Learn From This

That is how hackers get by all the expensive security that banks and financial institutions have; by getting your password from a less secure source!

Read more here

Do you wish you knew more tech tricks to help you make your gadgets work smarter for you and save you time? See how to use your iPad as a second laptop screen, how to set time limits for using a Chrome browser, how to schedule an email to send at a certain time in Gmail, and more!

Technology exists to improve our lives. The fundamental purpose behind technology was man being driven to find new ways to do things to make life easier for mankind. The first form of technology recorded? What would you think – black and white television? The telegraph allowing expedited long-distance communication? Think back even further – much, much further. If the fundamental principle of technology is to make life easier for man, are the earliest examples of technology manmade weapons and fire?

Obviously, we’ve come a long way since stone weapons and fire, all the way to robotics and artificial intelligence, and then some – though we’re still waiting for the day when we all have flying cars like the Jetsons. Think about the ways you use technology every day. Do you listen to music in the car, on the bus or train, or while jogging? Do you brew coffee or tea in a Keurig? Are you reading this on a computer or mobile device? Do you use an alarm clock?!

We take tech for granted. It’s just. . . there. Think back to when the remote control became mainstream, and how that one chunky plastic box – the “clicker” – not only changed the world but revolutionized households. No longer did kids fight over whose turn it was to get up and change the channel. The first vehicle keyfob is widely considered to be introduced by the French in 1982 for the Renault Fuego just after Ford debuted the keyless entry system – by keypad – in 1980. Not only do the vast majority of passenger cars come standard with remote keyless entry devices now, but more are being equipped with push-button start capabilities – or even remote-controlled start-up, from the comfort of inside your home, office, or from a distance on a very hot or cold day.

Now that we’ve got you thinking about how you use technology each day, shift your thoughts to how you can “up your game”. You’re barely scratching the surface of what your tech can do for you.

Incredible iPad Trick

Are you in the camp that never has enough screen space? A few dozen tabs open in your web browser window, email, plus a few documents and spreadsheets for work clutter your screen space – and make your computer run slower. And if you’re on a laptop, you have even less screen real estate to start with! But what if you could use your iPad as a second screen for your laptop?

You can! Don’t believe us? Try downloading the Duet Display app and voila! Connect your iPad to your laptop using the sync/charging cable, and you’re all set.

Smartphone Scanner

Now this one is a doozy! Did you know your smartphone can work like a scanner? No, we don’t mean by taking one picture of a document. There are free apps out there, like Adobe Scan or Evernote Scannable, that allow you to turn your smartphone into a scanner to scan documents like forms, receipts, business cards, and more by using the camera on your phone.

Productivity Over Procrastination

Ah, Google. You know people too well…

And sometimes it’s downright creepy. But this handy little helper is pretty cool! There is an extension for Google’s Chrome browser, called StayFocusd, that allows you to set a time to let your mind wander and get lost in the darkest corners of the Internet – or at least surf aimlessly for a pre-set interval. The default setting is 10 minutes, but you can change this depending on your needs. Once your mental break is over, Chrome basically locks you out and disables access forcing you to resume being productive.

Scheduled Sends

You know the email message you want to type, but now isn’t the right time to send it. Email marketing platforms are great for this type of structured send, but the focus of these solutions is to send to email lists rather than from a single sender to a single recipient. There is an add-on for Gmail called Boomerang that facilitates scheduled sending for email.

Time Management

Ever wonder how you’re spending your time? Are you making the most of your day? Eternity Time Log is a time-tracking app to see how you’re spending your time, broken out by personal time, time spent devoted to professional productivity, and sees where interruptions occur – all in the name of organization.

Solar Power

The ancient Egyptian god of the sun, Ra, was believed to have created all forms of life and ruled over all parts of the created world: the sky, the earth, and the underworld. Man was believed to have been created from Ra’s sweat, and Ra represented light, growth, and warmth.

After reading this, it’s the understatement of the year to say that the sun is a good source of power…but it’s literally a great source of solar power. The SolPro Charger can soak up the sun’s rays and fully charge a smartphone with 90 minutes of exposure. Bonus: the charger can send power to your smartphone battery even as the SolPro is itself absorbing solar power.

If you had magical powers to stop time, how would you use it? Would you catch up on email correspondence? Would you read that best-seller you’ve been meaning to read for months now? Would you have a Netflix marathon? Would you catch up on a decade of sleep? Would you find the best way to organize your email inbox, filing cabinet, contact lists, or any number of other items that you’ve neglected for months?

Or would you – and here’s the genius move – use those powers to invent a device that could do all of this for you using the most advanced technology available, and make your own life easier? I think we know the answer.

Also, flying cars.

Bralin Technology Solutions invented a way to stop time! No, not really, but it sure felt like it last month. February held so much to see and do that if we ever sat still, we risked missing something important – and that’s not fair for YOU!

The team at Bralin Technology Solutions fit several fantastic events into the shortest month of the year, really ramping up 2018 in style! We participated in major events in February, and we want to share everything we learned – read on for the details.

February was a busy time for Bralin, and the excitement was palpable. The 2018 Saskatchewan Winter Games were hosted by North Battleford mid-month, and top young athletes from all over the province flocked to Saskatchewan to compete in 17 sports competitions. Since 1972, the Games have promoted community development, cultural understanding, and stewardship, as well as public awareness for amateur sports. Participants of the Games often go on to advance to higher levels of athleticism with progressive skills and athletic motivation. We were excited for the opportunity to support the Games as a sponsor this year. To read more about the Games, the athletes, the sports, or the history of the competition, more details can be found at the Saskatchewan Winter Games website. Be sure to visit the photo galleries and see pictures from past events, and don’t miss this year’s pictures.

Also in February, we were thrilled with the opportunity to participate in the Agri-Visions Conference and Trade Show at the wonderful Lloydminster Agricultural Exhibition Association facilities, a multi-day interactive event that showcases all things related to the agriculture industry, including seminars, demonstrations, special events, a full trade show, and featuring keynote speakers to discuss topics and present agricultural insights and information. This event is a must-attend for those seeking the latest information on both grain and cattle industries, presented in the same location and offering a rare opportunity to encounter seasoned experts discussing topics like Economic Drivers in Agriculture for 2018, Sustainable Trends in Livestock, Combine Innovations, Regulatory Actions and Impact on the Farmer, and much more. We gladly sponsored the opening speaker session at The Lloydminster Agri-Visions 2018, Tim Hammond from Hammond Realty who spoke on Trends in Farm Land Values. If you’re curious about the event, visit the Agri-Visions website and keep an eye out for 2019 information, coming soon.

We were offered the chance to participate in the Lloydminster Chamber of Commerce and Lloydminster Dreamforest Soup’r Lunch and Learn series, and we couldn’t wait! The Lunch and Learn series is a collection of free events at mid-day during the workweek where highly-experienced professionals talk about the sometimes-sensitive topics modern professionals face in the digital age. Jeremy Reynoldson and Paul Melrose-Wyatt talked about a very prevalent topic today, presenting ‘Navigating Through Tech Challenges’ to a group of eager professionals sharing the same concerns:

• Bandwidth issues
  • Helping people understand that, at its most basic level, bandwidth is the overall transmission capacity of a network.
• Password management
  • How many characters the most secure passwords should have at minimum, and how many uppercase letters, how many numbers, how many special symbols.
  • How often passwords should be changed – for the record, at least quarterly!
  • Maintaining unique passwords for different accounts – otherwise, you may as well just give the hackers your password!
• Phishing
  • When someone is posing as someone you trust, like a bank or financial institution, trying to get you to divulge sensitive information, like credit cards details, usernames, and passwords.
  • Phishing scams are getting much more sophisticated in response to training, awareness, and protective software.
• Ransomware
  • A newer “spin” on malware – a consolidated way to say “malicious software” – where hackers access a victim’s computer and plants ransomware that not only prevents users from accessing and using their files but demands a fee, a ransom is paid to remove the block.
  • Often, when the fee is paid, there is nothing to prevent the hacker from immediately reactivating the ransomware. Victim’s need to be prepared, or better yet, prevent ransomware from accessing a network or machine altogether.
• Trends in software applications
  • What’s old?
  • What’s new?
  • What’s good?
  • What’s bad?

• The Hippest, Hottest, Most Rad Trends Today
  • Microsoft Office has been the workplace staple, the desktop darling since the early 1990’s. Microsoft jumped on board the subscription service model, along with Adobe and Amazon, with a public launch of Office 365 in 2011. More workforces are migrating toward this subscription trend, as it is accessible from anywhere – desktop, laptop, tablet, you name it, wherever your office is at that moment is where Office 365 is. Part of the Microsoft suite of productivity packages for professionals, Office 365 also integrates seamlessly with other applications like SharePoint and OneDrive, which are fantastic features for file storage – and easy access!

February brought us some amazing opportunities at Bralin, and we can’t wait to share with you what March and the rest of 2018 have in store for us.

Stay tuned! For more information, get in touch with us right away at (306) 445-4881 or (306) 825-3881 or info@bralin.com.

The healthcare sector fell victim to more than 330 data breaches in 2017 – nearly one per day. Will you be next?

Large-scale ransomware attacks like WannaCry (which hit 112 countries) struck the industry with a scary new reality: Hackers will find a way in and – regardless of safeguards taken — hospitals will get hit.

And there’s more bad news – the fines for noncompliance with HIPAA regulations have reached new heights! HHS recently increased the penalties for HIPAA violations:

• No Knowledge (Covered Entity did not know about violation): $112 to $55,910 per violation
• Reasonable Cause (Lesser than Willful Neglect): $1,118 – $ 55,910 per violation
• Willful Neglect (Violation Corrected): $11,182 – $55,910 per violation
• Willful Neglect (Violation not Corrected): The Minimum penalty is $55,910 per violation with no maximum.

And, in addition to civil penalties for noncompliance, you could be liable for criminal penalties that include fines, imprisonment or both!

These fines are expected to continue to increase. Have you recently reviewed your HIPAA data-protection policies and procedures? If not, you should.

The really sad news is that these data breaches could have been prevented.

One of these offenders didn’t even take the time to undergo a Vulnerability Assessment to determine if there were any gaps in their IT security posture.

And they said they couldn’t show that they did everything that could have reasonably been done to protect their patients’ private data.

This is unforgivable.

Would you trust your family’s electronic Protected Health Information (ePHI) to a clinic that didn’t take precautions to protect it? — I doubt that you would.

When this happens, word gets around and patients simply move on to another medical professional.

Keep reading because we’re going to tell you about some of the worst data breaches over the past year. Plus, we’ll tell you what regulators are looking for and how to prevent non-compliance.

HHS/HIPAA #1 Offender – MedStar Health Maryland

MedStar Health is the 2^nd biggest healthcare system in Maryland. Wouldn’t you think they’d know better than to leave their patients’ protected information at risk?

Unfortunately, they weren’t well prepared. They were hit with a ransomware attack where their data was held ransom and under the control of criminals.

As a result, their 30,000 employees and 6,000 physician affiliates couldn’t access their electronic health records (EHRs) and much needed patient information. They also couldn’t use their computers. Instead, they had to resort to using paper and pencils! As a result, some patients were turned away.

Would you go to MedStar or one of their affiliates now? I wouldn’t. There are many other providers in the DC Metro Area, Maryland and Virginia that I could take my business to.

The hackers demanded a ransom payment in bitcoins at an equivalent of $1,250 per patient record, or $18,500 to unlock them all. And worse, the criminal’s demand didn’t clearly state that they also wanted a separate 45-bitcoin payment to unlock each affected MedStar network!

HHS/HIPAA #2 Offender – Banner Health Phoenix, Arizona

Banner Health is a major hospital system. Its payment processing network was penetrated by hackers in their food stations. And, because these computers were connected to the rest of Banner’s IT network, the hackers gained access to more than 4 million patient records! This included patients’ names, birthdates, addresses, claims information, medical information, and Social Security Numbers! In other words, “the works!”

What a disaster!

And guess what hackers do with this data? They sell it! A record that contains a name, address and Social Security number can sell for $1 to $3 on the black market. And, a detailed medical record (ePHI) with unique patient identifying numbers can fetch up to $100!  

Imagine the negative publicity Banner got. Not to mention the effect on their insurance rates–if they can even get insurance now!

HHS/HIPAA #3 Offender–Advocate Health Care Network

Advocate Health in Illinois, one of the nation’s biggest health-care systems, had to pay a fine to HHS for $5.55 million due to a breach that compromised the electronic data of 4 million patients.

To date, this is the single largest penalty levied against a single entity for a HIPAA violation.

According to HHS, the compromised patient records included people’s names, addresses, dates of birth, credit card numbers with expiration dates, demographic information, clinical information and health insurance information!

The HHS investigation also revealed that Advocate Health Care failed to:

1. Conduct an accurate and thorough assessment of the potential risks and vulnerabilities to all of its ePHI.
2. Implement policies and procedures and facility access controls to limit physical access to the electronic information systems housed within a large data support center.
3. Obtain satisfactory assurances in the form of a written business associate contract that its business associate would appropriately safeguard in all ePHI in its possession.
4. Reasonably safeguard an unencrypted laptop when left in an unlocked vehicle overnight.

Are you following these 4 requirements? If not, you could be fined as well.

Is Your Healthcare Organization HIPAA Compliant?

Being HIPAA compliant doesn’t necessarily mean that your data is secure. Hackers’ tactics are more sophisticated than ever before. This is a big business, and it’s easy for criminals to get into the hacking game.

Cybercriminals have new and more effective ways of stealing your data, and they try new techniques every day.

HIPAA law, although updated, just can’t keep up with all of these new attack vectors. It’s up to you to stay abreast of the cyber threat landscape and protect your health organization.

You must ensure your ePHI privacy, protect it from anticipated cyber threats, and employ security measures to protect against the latest threats.

At a minimum, you must comply with § 164.306 – Security standards: General rules.

(a) General requirements. Covered entities and business associates must do the following:

(1) Ensure the confidentiality, integrity, and availability of all electronic protected health information you or your business associate creates, receives, maintains, or transmits.

(2) Protect against any reasonably anticipated threats or hazards to the security or integrity of such information.

(3) Protect against any reasonably anticipated uses or disclosures of such information that are not permitted or required under subpart E of this part.

(4) Ensure compliance with this subpart by its workforce.

(b) Flexibility of approach.

(1) Covered entities and business associates may use any security measures that allow the covered entity or business associate to reasonably and appropriately implement the standards and implementation specifications as specified in this subpart.

(2) In deciding which security measures to use, a covered entity or business associate must take into account the following factors:

(i) The size, complexity, and capabilities of the covered entity or business associate.

(ii) The covered entity’s or the business associate’s technical infrastructure, hardware, and software security capabilities.

(iii) The costs of security measures.

(iv) The probability and criticality of potential risks to electronic protected health information.

Do you agree that these rules leave some room for interpretation? The HIPAA language is written this way for this reason, and it can be difficult to know where you stand.

That’s why it’s essential that you either have a HIPAA IT Professional on your staff, or contract with an IT Managed Service Provider (MSP) in your area who has this expertise.

To make matters worse, you also have to worry about the HITECH Act and its 4 tiers of increasing penalties.

The Health Information Technology for Economic and Clinical Health (HITECH) Act was signed into law on February 17, 2009, to promote the adoption and meaningful use of health information technology.

Subtitle D of the HITECH Act addresses the privacy and security concerns associated with the electronic transmission of health information, in part, through several provisions that strengthen the civil and criminal enforcement of the HIPAA rules.

Section 13410(d) of the HITECH Act, which became effective on February 18, 2009, revised section 1176(a) of the Social Security Act (the Act) by establishing:

Four categories of violations that reflect increasing levels of culpability;

Unknowing. The covered entity or business associated did not know and reasonably should not have known of the violation.

Reasonable Cause. The covered entity or business associate knew, or by exercising reasonable diligence would have known, that the act or omission was a violation, but the covered entity or business associate did not act with willful neglect.

Willful Neglect. (corrected)The violation was the result of conscious, intentional failure or reckless indifference to fulfill the obligation to comply with HIPAA. However, the covered entity or business associate corrected the violation within 30 days of discovery.

Willful Neglect. (uncorrected) The violation was the result of conscious, intentional failure or reckless indifference to fulfill the obligation to comply with HIPAA, and the covered entity or business associate did not correct the violation within 30 days of discovery.

• Four corresponding tiers of penalty amounts that significantly increase the minimum penalty amount for each violation; and
• A maximum penalty amount of $1.5 million for all violations of an identical provision.

It also amended section 1176(b) of the Act by:

• Striking the previous bar on the imposition of penalties if the covered entity did not know and with the exercise of reasonable diligence would not have known of the violation (such violations are now punishable under the lowest tier of penalties); and
• Providing a prohibition on the imposition of penalties for any violation that is corrected within a 30-day time period, as long as the violation was not due to willful neglect.

We need a lawyer to interpret all of this!

How are you supposed to see your patients and interpret/comply with these strictly enforced rules?

You can’t. You need the advice of an IT Expert who understands HIPAA and HITECH regulations. One who can help you not only comply but ensure your ePHI is safe and secure 24/7.

Don’t take chances with federal regulators or risk a HIPAA audit. Seek the counsel of your local HIPAA IT Expert/ IT Managed Services Provider.

Sure, yoga teaches the flexibility that is key to adapting to your surroundings. But in practicing daily self-awareness, the saying “A team is only as good as its weakest player” is rarely truer than in the world of cybersecurity. How does your team stack up?

Target knows. Sony knows. Ashley Madison definitely knows. That’s the bad thing – an organization may only realize how strong — or weak — their cybersecurity position is once there is a successful cyberattack. The nature of the attack doesn’t matter, nor does the overall effect. The damage is done, and the organization goes into clean-up mode. In the days immediately following, the phrase heard most is “How did this happen” when the real question should be “How can we prevent this from happening again”?

Subtlety isn’t the goal of a hacker, nor is it their strongest attribute. The modus operandi of any hacker is singular: find a cybersecurity vulnerability and exploit to their advantage. The rest doesn’t matter. You likely disagree, but we think you’ll realize this is exactly the case. After all, we want to help you beef up your security and prevent a vulnerability rather than shift into defensive mode upon clean-up from an attack. The latter is going to shift your focus for up to a year of reactivity, while a little extra focus now will prolong your proactive position. An ounce of prevention is worth a pound of cure, especially in this type of situation.

At the most basic level, your organization’s cybersecurity is based on your team’s awareness level – which can easily be assessed and addressed in training. Data breaches caused by hackers are one thing, but the simplest way for a hacker to gain access is by finding a weak link – a human operator – and using sneaky tricks to exploit weakness from that angle. A hacker can use pretty low-tech approaches in this way, like phishing.

Does your cybersecurity awareness training still include exercises and tips on old-fashioned tricks like phishing? It’s amazing the simple tactics some of these hackers will resort to – but the reason is that these tricks still work on us. A 2017 study by Google reported that phishing was still one of the most effective tactics used for hacking a user account.

• Phishing is the practice of sending emails pretending to be from a reputable company, like Google or Apple, to get recipients to reveal personal information like passwords to the sender.

Perhaps it’s because we don’t see ourselves as targets anymore, thinking hackers only target the “big fish” for the bigger reward – a unique tactic called “whaling” – but the reality is that everyone is a target There are no exceptions. Any computer user can be an access point for a cyberattacker because any computer can serve a greater purpose for a cybercriminal.

• Why does phishing still work? Because we let it. We start to shift our focus to the newer or more sophisticated methods hackers use, and we don’t maintain vigilance on the basic approaches in cybersecurity awareness training.

One click is sometimes all it takes to turn a user into a victim – and for a hacker to wreak havoc on a network. One click can lead to a malware installation, identity theft, or worse, ransomware. That click could cost an organization into the millions of dollars.

• Ransomware is like a virus, where a hacker accesses a computer or network and places a file or code that blocks user access, and requires the user to pay money – a ransom – to the cyberattacker to regain access to the computer or network.

Remember when we said all it takes is one click? It’s true. In 2017, hackers sent emails to staff at Chipotle and managed to trick someone into one click, compromising the point-of-sale (POS) machines at locations that enabled the hackers to gain access to the credit card data of millions of customers. The worst part is that even end users who are in the tech industry have been tricked; Google and Facebook have both been affected to the tune of $100 million each because of successful phishing attempts.

• Did you know that some companies hire former (“rehabilitated”) cybercriminals as cybersecurity specialists – true experts – to help mold technology teams in charge of cybersecurity and oversee cybersecurity awareness training programs? These are probably among the most solid and effective programs in existence!

One way organizations have used to test the awareness of their team is by executing an internal phishing campaign. This is a campaign where the company has total control of the phishing attempt but tests the staff to see where the weaknesses are. The results only help improve overall training and cybersecurity.

This approach is wildly successful in getting an accurate picture of your team’s awareness. Who fails the test? How far will some employees allow a hacker to get before realizing they are being phished? Where does your training lack focus that the attempt was successful?

A few things to keep in mind with this approach:

• While internal phishing campaigns are helpful, don’t shift your training focus to only weaknesses discovered in this process.
• Be careful not to call out any one particular team member or access point; the goal isn’t to embarrass team members but to improve your team’s awareness overall.
• Don’t aim for only those team members you consider to be the weakest when it comes to cybersecurity knowledge; you’d be surprised at where an organization may discover vulnerabilities
  • On this note, it’s helpful to provide one-on-one level training catering to these team members, but you can still do so as a company by offering exercises aimed at specific weaknesses without placing blame.
• Keep the phishing exercise as realistic as possible, so the teachable moments that result are valid and credible

When your exercises and training give you enough insight to update your training, keep the training outline simple with a few target areas that are comprehensive enough to be thorough but straightforward enough to be digestible:

• Form a baseline for where your team is currently, regarding cybersecurity awareness.
• Devise goals for where your team should be, and target dates to achieve these goals.
• Outline a plan to meet these deadlines.
• Develop a maintenance process for ongoing support.

Organizations can also take steps to protect themselves internally, too. Limit access to all computer equipment to authorized personnel only, install up-to-date antivirus software at each workstation and update all programs on a regular basis – especially security updates. Having a contingency plan in place for any vulnerabilities might seem like overkill, but it never hurts to be prepared.

Self-awareness is just the first step in achieving the ultimate level of cybersecurity protection – don’t wait until an attack happens before you start defending yourself and your organization!

It happens to all of us at some point – you’re sitting by someone who whips out this über cool gadget, and you can’t take your eyes off of it. You have to know what it does… and where you can buy one! Read on for eye candy just like this.

We’ve all been there: Gadget Envy. We want the smartest phone, the thinnest tablet, the fastest Internet speeds, the strongest network connection, the battery that never dies – the list goes on. Part of this is due to our busy lifestyles, and part of this is from our never-ending quest to get more done in less time. The best gadgets combine advanced technological features with enhanced productivity.

The options are endless, but we’ve narrowed our list down to 5 categories with the top tech that today’s savvy CEO will have – along with the envy of everyone nearby!

Sound

We know you get perturbed with the pathetic volume coming from your laptop speakers. Amplification is impossible in atmospheres where white noise is loud, like airports, and while the settings on newer laptops and tablets are growing in sophistication, they still lack in sound quality. Here are a couple of solutions to help.

• The ICE Harmony Floating Bluetooth Speaker packs powerful sound in a colossally cool package. The spinning speaker floats above the base with concealed (read, secret) magnets to maintain the floating position. The design results in a 3D sound effect and can be used separately from its base giving the user portable and potent sound, connecting to smartphones or tablets via Bluetooth.
• Simple-to-use Startech USB Stereo Audio Adapter helps your laptop with the addition of SPDIF digital output. Designed for Windows-based machines (sorry, Mac lovers), functions as though users add a 5.1 sound card, and is quite compact but also has a set of two headphone jacks.

Secure Storage

So, you need to bring files along for the ride, but live in fear of losing your thumb drive? We have a couple of cool ideas for you.

• The Aegis Secure Key 3Z is a super-tough USB storage device made from sturdy metal and uses top-of-the-line technology for encryption plus a physical keypad for which the user can set a custom PIN for secure entry.
• PIN-protected storage is a popular choice these days. DiskAshur Pro is another option to secure up to 500GB of data with a customizable PIN, between seven and 15 characters.
• Aegis makes this list with not one, but two options, with its Apricorn Secure Key USB 3.0 480GB Flash Drive. Using a 10-key alphanumeric keypad with a dust-proof and waterproof enclosure, this storage solution means business. This one is on the list has received accolades from NIST, the National Institute of Standards and Technology, a U.S.-based entity that oversees government IT security.

Power

The perennial power problem: your power capability does not match your mobile lifestyle or needs. In other words, your battery dies faster than the mother in a Disney movie and you need a backup solution.

Have you checked out the Orico SC28 Mobile Power Bank? With promises to power you all day, this one is designed for laptops instead of smartphones – for which power banks are everywhere. Recharging via USB or the old standby (wall plug-in), up to three devices at once can benefit from this baby.

• The Jackery Titan S is a stylish portable battery charger whose claim to fame is its flexibility: it is also friendly to the MacBook.
• The feature-filled Sandberg Laptop Powerbank charges quickly, supports (and automatically detects) multiple voltages, and comes with a dozen charge tips.

Mobile Hotspots

Our addiction to data is endless, and with the growing number of wireless providers offering unlimited data, we find ourselves using our smartphones as hotspots. Our ultimate battle is the need to connect versus the need to preserve smartphone battery life. Enter the mobile hotspot device!

• The KnowRoaming Global Hotspot aims to provide seamless and simplified global connection in more than 140 countries, with unlimited data in more than 90, but only to corporate accounts at this time. The daily flat fee service is especially a bonus for those who travel to countries like Japan where connectivity is just ridiculously expensive for foreign travelers. About the size of a matchbox, the device battery lasts for up to 20 hours and supports 3G although LTE is pending.

• Boasting speed and simplicity, the TP-Link M7650 Mobile Wi-Fi Hotspot claims to be the fastest Wi-Fi router ever made, capable of streaming video to a user’s laptop or tablet and can support up to 32 devices at once – enough for an entire small office.

Just Cool Stuff

Here’s where things get really awesome! These items didn’t fit into any of the categories above, but couldn’t be left off this list. Just trust us and read on.

• A notebook that you put in the microwave to erase everything you wrote (or doodled)? Yep! Well, using a Pilot FriXion pen, but still the Rocketbook Wave is a pretty incredible gadget. Not only can the microwave erase all your writing when you’re ready to start fresh, but you mark an icon to represent where you want your notes sent, and everything you write is then stored in your account on Google Drive, Dropbox, OneDrive, Slack, iMessage, email, and so much more. Using your smartphone and the Rocketbook mobile app, you scan your notes and voila! The Rocketbook Everlast erases with a dampened cloth instead and can be reused in the same way.
• Moleskine, the cult favorite notebook maker, brings you the Smart Writing Set. This set includes the smart Pen+ tool that sends your writing to the Bluetooth-connected phone or tablet to display using the Moleskine Notes app, and your notes are editable within the app (highlights, scribbles, etc.).
• Want to wow your crowd in a presentation? Logitech makes a Spotlight Presentation Remote that looks super cool when in use, including the ability to magnify and highlight selections on-screen, with Bluetooth connectivity. There is also a cool built-in timer that shows (only you) how long you’ve been talking and can give a subtle vibration at a pre-set timed interval.
• Try the Gyration Air Mouse Voice with your presentation, which can act as a standard wireless mouse but also has built-in microphones to work with voice recognition as you get through slides. Voice commands can zoom, open web browsers, etc., with the push of a button.

This is just the tip of the tech iceberg; we know – but we’re pretty sure you’ll be as fascinated with the items on this list as we are. One thing we know for certain? You can’t wait to try them out and be the envy of someone else!