Author: Stuart Crawford

The City of Burlington is out $503,000 because a staff member fell for a phishing scam. After receiving an email request to change banking information, the staff member was tricked into making a transaction to a false bank account.

The email requested that the employee change banking information for someone the City was already doing business with. The staffer transferred $503,000 to the fake bank account on May 16, 2019. The City didn’t learn about this until a week later. At that point, they notified the police.

After realizing this on May 23, the City says it immediately notified their bank and Halton Regional Police. A full investigation has been launched into how this happened and their current processes.

Since then, the City has put “additional internal controls” in effect to prevent this from happening again. They reported in their press release:

“These types of targeted attacks are all too common and can take many forms…Governments are just as prone to scams as are individuals,” they said.

Could Your Government Agency Or Business Be A Target?

Since January 2019, nearly 100 phishing campaigns have been tailored specifically for Canadian targets, according to researchers.

Criminals are spoofing well-known Canadian companies and organizations. They are using French-language phishing lures to increase their chances of tricking Canadian employees.

The most common forms of malware used in these Canadian phishing campaigns are banking Trojans called Emotet and Ursnif. They steal information and deliver other types of malware such as IcedID, Trickbot, Dridex, and GandCrab ransomware, and a keylogger called Formbook.

Canadians need to be on the lookout for more than just generic phishing spam.

What Should You Do?

Get New School Security Awareness Training

You must train your employees to be constantly vigilant to identify attackers’ attempts to deceive them. New-school security awareness training will provide the knowledge they need to defend against these attacks.

What’s Wrong With Every-Day Security Awareness Training?

Old-School Security Awareness Training doesn’t hack it anymore (no pun intended). Today, your employees are frequently exposed to sophisticated and ever-changing phishing and ransomware attack methods.

Old-School Security Awareness Training is static. It’s a one-time event without follow-up. You need cybersecurity training that’s backed up with phishing tests performed on a regular basis to create a real change in behaviour.

What Is New-School Security Awareness Training?

More than ever, your users are the weak link in your IT security. You need highly effective and frequent cybersecurity training, along with random Phishing Security Tests that provide several remedial options in case an employee falls for a simulated phishing attack.

With world-class, user-friendly New-School Security Awareness Training, you’ll have training with self-service enrollment, completion logs, and both pre-and post-training phishing security tests that show you who is or isn’t completing prescribed training. You’ll also know the percentage of your employees who are phish-prone.

And with the end-user training interface, your users get a fresh new learner experience that makes learning fun and engaging. It has optional customization features to enable “gamification” of training, so your users can compete against their peers on leaderboards and earn badges while learning how to keep your organization safe from cyber attacks.

With New-School Security Awareness Training You’ll…

• Have Baseline Testing to assess the phish-prone percentage of your users through a free simulated phishing attack.
• Train your users with the world’s largest library of security awareness training content; including interactive modules, videos, games, posters and newsletters, and automated training campaigns with scheduled reminder emails.
• Phish your users with best-in-class, fully automated simulated phishing attacks, and thousands of templates with unlimited usage, and community phishing templates.
• See the results with enterprise-strength reporting that show stats and graphs for both training and phishing, all ready for your management.

New-School Training…

• Sends Phishing Security Tests to your users and you get your phish-prone percentage.
• Rolls out Training Campaigns for all users with automated follow-up emails to “nudge” incomplete users, as well as point-of-failure training auto-enrollment.
• Uses Advanced Reporting to monitor your users’ training progress, and to watch your phish-prone percentage drop.
• Provides a New Exploit Functionality that allows an internal, fully automated human penetration testing.
• Includes a New USB Drive Test that allows you to test your users’ reactions to unknown USBs they find.

Plus, you can access Training Access Levels: I, II, and III giving you access to an “always-fresh” content library based on your subscription level. You’ll get web-based, on-demand, engaging training that addresses the needs of your organization whether you have 50, 500 or 5,000 users.

Can We Use New-School Security Awareness Training Along With Our Other Training?

This is what many organizations and municipalities are doing. They are supplementing their current training content with New-School Security Awareness Training. Upload your own compliant-training and video content, and manage it alongside your other training all in one place. Now you have your very own Learning Management System.

Don’t wait until your employees get tricked into giving away your money. Educate them with New-School Security Awareness Training.

The introduction of electronic health records (EHR) has caused a transformational change in medicine, but there is an even larger movement in the future that caregivers across the world are glimpsing — robots and the Internet of Things (IoT). It took more than 50 years for EHRs to progress from their early beginnings in the 1960s to their extensive use today. While the next full wave of the robot revolution may take decades, the technology challenges of early introduction of cloud computing and IoT are already emerging. From cybersecurity to data consolidation and connectivity, see how IoT and the adoption of cloud computing are already changing the healthcare landscape.

Providing Secure Connections for Disparate Data Sources

Electronic health records may be stored in various systems within a single organization, making it a challenge to ensure that each separate system has the full complement of security necessary to protect the important information being stored within. Managing communication between the platforms, ensuring that the endpoints are all secure and keeping access limited to “need to know” individuals can keep legions of technology teams busy for years — but is it enough? Recent attacks on major hospitals and other healthcare organizations have proved that cyberattackers are specifically targeting these organizations due to the richness of the data that is stored within their platforms. Without help from Orange County IT services personnel who are able to focus on data security and connections, it can be challenging for your organization to ensure that your sensitive patient and financial data is fully protected. It is increasingly important that you are able to view all data and security needs through a single pane of glass: aggregation software that allows you to tightly manage your disparate data sources and applications.

Safeguarding Patient Data . . . and Revenue

Your healthcare organization’s revenue is tightly tied to your patients, and you stand to face significant losses in productivity and patient trust in the event of a highly-publicized data breach. A recent IBM study shows that it takes an average of 191 days for organizations to identify a data breach, much less begin remediation. It is easy to imagine the amount of devastation that an unsavory actor could bring upon your sensitive business systems and data within that amount of time. Remediation would need to be triggered as soon as possible, and can take weeks or even months before your systems are back to a high level of security and stability. Each day that you’re losing productivity can cost thousands of dollars for small businesses and many times that amount for major hospitals. When you add in the cost of lost patients, notifications and any additional services that may need to be provided for those affected by a breach or data loss — the losses can run into the millions of dollars. Unfortunately, many healthcare organizations are not budgeting the necessary dollars for cybersecurity and data consolidation to protect against this type and scale of loss.

Security Challenges with IoT and Cloud Adoption

As robots and other IoT are introduced into the healthcare world, there are added layers of security that must be considered. Data that is stored in the cloud can be accessed by healthcare assistants, such as the relatively new TUG4 by Aethon. This “tugboat” of an assistant is strictly meant to move items from one location to another such as trays of food and laundry. However, in order to be successful, these robots need to be programmed with the layout of the hospital or clinic — meaning they will have access to where other items are stored within the building. This information is not only stored locally but can be accessed by mobile devices and other remote locations, which means it could potentially be attacked. This doesn’t mean that healthcare organizations should stop adopting these future technology solutions, simply that endpoint and cloud security should be included in the same conversation.

How Orange County IT Services Can Protect Healthcare Data

Creating a comprehensive data and endpoint security strategy allows your organization to be confident that your business is protected from the potential losses that can occur as the result of a cyberattack. Your Orange County IT services professionals at The Orange Crew have extensive experience working with healthcare organizations and can help navigate the various regulatory issues while providing secure solutions that can help protect your business. Active monitoring can help reduce the impact of any threats that work their way through the security net with immediate remediation activities.

Protecting your data and endpoints starts with a firm understanding of your technology strategies and rollout plan, The technical professionals at The Orange Crew will work closely with your technology and business teams to understand what you are trying to accomplish and the timeframe, as well as creating a strategy that will work within your budgeting plan. Contact us today at 888-670-5066 or fill out our quick online contact form to claim your complimentary initial consultation.

The role of CMOs has been changing rapidly in recent years with the introduction of numerous technologies. Social media platforms, CRM software and diverse multimedia channels all offer businesses remarkably effective tools for creating and maintaining a brand while connecting with customers in ways that were never before possible. While the increased pace of tech adoption among businesses has been startling enough on its own, for CMOs the need for taking on new roles and responsibilities has been equally surprising. CMOs are being forced to bridge marketing and tech to facilitate the success of their companies, leading to a greater range of obligations and opportunities for professionals who once focused solely on the standard roles of the chief marketing officer.

Fortunately, the increased need for CMOs to have a major role in technology decisions brings rewards and well as challenges. CMOs are able to accomplish more than ever and play a bigger part in how their companies operate. They also get the opportunity to form powerful relationships with CIOs to increase their ability to achieve the goals of their department and the goals of the company as a whole.

The Role of the CMO is Evolving

Until recently, being a good CMO meant creating effective advertisements and cultivating relationships with various individuals and groups like media partners and advertising agencies. While these tasks still pertain to the role of CMO, the responsibilities of the CMO have greatly expanded due to the incorporation of various technology tools. Market research, advertising and brand management are still major responsibilities, but they have become only part of the duties faced by today’s CMO.

Now, CMOs are challenged by social media, immense amounts of data, changing demographics among consumers and a seemingly endless number of channels and devices available for marketing purposes. Navigating through the proliferation of data and tech tools while still ensuring that the original responsibilities of the position are seen to is no easy task. Yet CMOs are doing just that. They are rising to the challenge presented by the shift in their roles and excelling.

One of the key ways that CMOs are adapting is by forming a closer relationship with CIOs.

The CMO and CIO Partnership

The marketing team today has more technology at its fingertips than ever before, and the availability of innovative technology tools is only expanding. While CMOs tend to learn how to use the tech tools they need to use relatively quickly, they are still marketing professionals—not tech professionals. They understand the importance of having an expert available to help unravel the complexities of the options they are faced with. That is why many CMOs are seeking to open up lines of communication with CIOs and ultimately to develop relationships with CIOs so they can work together on answering questions of technology, marketing and how the two connect in their particular business.

There are a lot of tech options available to CMOs now, which can make it difficult to determine which tool is the right fit. Marketers might be experts in advertising, but that does not mean that they are immune to the effects of it. CMOs take advantage of the knowledge of CIOs to clear away the promotional message and get to the heart of what a tool can or cannot accomplish, and whether it even makes sense to adopt the tool based on the business and its goals.

CIOs tend to have strong discipline when it comes to technology. They are used to being told that the latest technology tool will transform the way they do business. They know how to conduct the necessary research to uncover the reality of what is on offer. The insight they offer CMOs is invaluable when it comes to making technology decisions.

The Role of CMOs in Tech Decisions

Every company today can benefit from including CMOs in technology decisions. CMOs should not be forced to make the decisions on their own, however. The real winning strategy for businesses is to combine the expertise of the CMO and the CIO to make joint decisions on what is the best choice to help the business achieve its objectives. CMOs know how to seek those objectives from a marketing standpoint. CIOs know how to achieve the objectives from a technology standpoint. Working together, they can create something that is greater than the sum of its parts.

As CMOs and CIOs learn to work together, they can begin to anticipate the perspectives and needs of each other’s departments. The CMO will gradually grasp issues like compatibility with existing technologies, while the CIO will come to understand how the CMO works towards objectives through marketing strategies.

Moving forward, CMOs will serve as experts in Martech, or marketing technology. They will use what they learn through their own work and through their relationships with CIOs to gain a better grasp of what marketing technology has to offer and how to utilize the power of the tools at their disposal. They can play a major role in the technology decisions of their company and the company will benefit significantly from their input.

CFOs have long been challenged by the value proposition of capital technology investments, often requiring in-depth analysis and reviews before making the plunge. While the lower monthly costs of cloud-based computing may overcome this inertia in some instances, CFOs are understandably nervous about committing to “rentals” of software or services that don’t have an extended life beyond the end of the subscription. While the CFO may not be reviewing each purchase for IT fit, they are likely intensely interested in whether they are getting the expected value from any technology purchases that are made. The CFOs leaning may help influence purchases for quite some time, making it vital to ensure that your CFO fully understands the benefits of moving to the cloud so you can break through their paralysis of analysis. Here are 4 of the sticking points that are pushing CFOs away from adoption of a more agile, extensible model for technology.

1. Communicate Key Risk Factors for Adoption

Like any technology, cloud platforms are only truly valuable if you gain widespread adoption throughout your user base. CFOs may have been burned in the past with projects that had an extensive upfront cost, yet didn’t deliver the expected business value after an extended implementation period. CIOs and other IT leaders can help mitigate this risk by addressing the root causes behind the poor adoption rates. Cloud solutions can be particularly challenging to sell, simply because they are predicated on the concept of continual change — something that is a struggle for many organizations.

2. Reassure CFOs That Technology Will Be Analyzed and “Rightsized” for Cloud

Financial business leaders are rarely happy with having assets on the books that aren’t being utilized, but legacy technology has a way of hanging around long after its useful life has been expended. When you reassure CFOs that you won’t simply be transferring efficiency problems to a new type of infrastructure — that you’re first resolving and appropriately sizing the solutions for your future business needs — they are more likely to be open to the conversation about a move. Gaining efficiencies and improving operations are always topics near and dear to the heart of CFOs. This could manifest in a variety of ways such as analyzing server and peak memory usage, looking for system vulnerabilities that can be addressed and reducing overall software licensing requirements.

3. Yes, There Are Ongoing Variable Costs — But They Are Balanced by Added Value

Traditional software models include an upfront purchase cost and an associated ongoing maintenance fee to obtain upgrades. Over the life of a contract, maintenance fees can increase and there may be charges over time for significant upgrades that aren’t covered in your service model. Newer options are introduced to the market on a regular basis, but a high sunk cost in a particular platform serves to discourage new investments in other platforms. With cloud-based platforms you may still have a multi-year contract, but once that time is over it may be significantly easier to shift to a new platform. Granted, there are likely integration costs and training and general disruption to your business to consider, but you may be able to recognize compelling benefits by changing to a new cloud-based service. Plus, most cloud software has the benefit of regular releases that will provide enhanced usability, resolve bugs and create a more secure computing environment. The financial equation becomes slightly more difficult to sell to your CFO if your usage is expected to vary considerably from month-to-month, as it can make cash flow more difficult to project.

4. Cloud Performance Has Improved Dramatically in This Decade

Sure, there are still some platforms that are not fully optimized and don’t run as quickly as they would on a local server — but we are no longer in a world where “cloud” equates to poor performance, latency and a lack of security. Ultra-fast connections throughout the country and the world and high-performance data centers offer a new level of service deliverability. While it’s still important to carefully review contracts to ensure that SLAs and reliability levels are up to your expectations, these should no longer be used to deliver a no-go decision on moving to the cloud.

Having an honest internal conversation with top leadership helps determine which — or all — of these concerns are holding back your CFO from approving cloud-based projects. While financial considerations are often top of mind, there are other risk factors that need to be openly addressed in a way that communicates the overall value to the organization.

Currently, 30% of email addresses change every year. The majority of these changes are business related. No one wants to deal with the problems that come with changing personal contact information. Quite often, personal emails are attached to personal bills and subscriptions as well.

When the big change happens and it is time to make a move, is usually away from a smaller email platform into one of the two behemoths – Microsoft Outlook and Google Gmail. These two email providers have become the blue chip operators in what is now an essential part of everyone’s life.

What is so good about Outlook in Gmail? Are there aspects of one that makes it better than the other? We are here to look at the subtle differences between the two so that you can make an informed decision about which is better for you.

The Basics

The Outlook and Gmail user interfaces couldn’t be more different from each other. Outlook seems more business oriented on the surface, while Gmail’s UI maintains a feel that you might get from last year’s tech startup. In short, Outlook is Baby Boomer; Gmail is Generation Z.

Outlook is all about add on features while Gmail brings a “what you see is what you get” mentality to the forefront. Both services come as part of a larger suite that make a lot of money for their respective companies. If you go Pro with Outlook or Gmail, you will actually be purchasing Microsoft Office 365 or Google G suite. The first requires an annual commitment, and the second is based on a monthly subscription plan.

The Tools

So the cat out of the bag – Outlook and Gmail are actually loss leaders for the business suites that Microsoft and Google hope to sell to you eventually. Microsoft Office 365 has all of the industry standard programs that we are used to – Word, Excel, PowerPoint and all of the newer injuries that have become business staples such as OneDrive, OneNote and Microsoft Teams.

Believe it or not, Google is actually the challenger brand in this arena. Its Calendar and Hangouts tools are definitely name brands, but other aspects of its business suites such as Keep, Sites, Forms, Drive and Currents have not quite hit mainstream acceptance.

The result is the difference between a set of features that you know and love (Outlook) or a possibly wider and more robust feature set with a learning curve (Google).

Organization

If you are actually doing good business, your email is going to be a place of constantly changing activity. This is your mission-critical location, and some of the emails that you receive are essential in making mission-critical decisions. Keeping your emails organized is one of the most important things that you can do for your business. Outlook and Gmail have two entirely different philosophies for this.

Outlook works on a method of organization that predates the Internet. Its traditional system of folders looks and feels like a file cabinet. Anyone who makes use of Gmail can tell you this is definitely not the way that Google organizes things. Gmail uses labels and tags and allows you to customize your experience much more. If you know what you’re doing, you can quickly tier your email system and get to your most important emails more quickly. If not, then your email will probably look like a jumbled mess every time you open it.

The Company

With such powerful companies underwriting the programs, it is difficult to look past the influence of the brand. When you use Outlook, you have the advantages of Microsoft behind you. One of the most important features that Microsoft offers is the ability to completely delete unread emails from existence. This is simply not possible with Google, although Gmail offers many other advantages that are difficult to overlook. Gmail offers extended power of Google search and all of the associated features that Alphabet has now monopolized, meaning that you have an extremely powerful suite of tools behind you every time you open your Gmail.

So who wins the battle of emails between Outlook and Gmail? This is actually a question of your business philosophy. If you like more traditional, old-school methods of thinking and organizing yourself, the outlook is probably the brand for you. If you are a New Age thinker who wants a personalized digital experience, then Gmail will probably suit you better. There is no right and wrong; only good and bad for you.

If you’re a small business owner, you have plenty of things to worry about. IT shouldn’t be one of them. We think it makes complete sense for most small businesses to outsource their IT needs to a managed service provider (MSP). Here are 7 reasons.

1. Focus on What Makes You Unique

This first reason is a big one. Small businesses have limits on how many people they can hire. If you try to keep all your IT in house, you’ll devote a decent number of your hires to IT once you reach a certain size.

Here’s the problem: your business isn’t IT. (If it is, you probably don’t need this guide!) Outsourcing your IT frees up capital and office space that you can instead devote to your core business. Outsource your IT so you can better focus your staff on whatever it is that makes you unique.

2. Access More Skill

With an in-house IT team, you’re limited to whatever number of specialties you can afford to hire. Your IT team will work hard, and its members will stretch their skills and find a way to accomplish things outside their skill set. Their work won’t always be done in the best way, though. By outsourcing your IT, you gain access to a broader range of skills and certifications. You can rest easy knowing that it was done right from the get-go.

3. Do More, Faster

Related to the previous point, your IT needs will be met faster by a dedicated team of experts than by a small but well-intentioned in-house team. All that time the in-house team spends poking around looking for answers to problems that lie outside their specialties is the time you’re paying for. With an MSP you’ll usually get the right answer, right away.

4. Reduce Personnel Costs

When you hire in-house IT staff, you’re on the hook for all the associated personnel costs, like insurance, FICA, and so forth. These costs are often hidden and can be burdensome for small businesses. With an MSP, you pay a fixed monthly rate, and you don’t have to worry about administrative personnel costs. The MSP takes care of those for its employees.

5. Reduce Infrastructure Costs

Outsourcing IT to an MSP isn’t solely about reducing IT headcount and the costs associated with personnel. You can also save IT infrastructure costs by using an MSP. Service agreements vary, but some will include some or all hardware in the monthly fee. You can avoid large spikes in expenses for new equipment by choosing this kind of service agreement.

Your MSP can also move much of your IT infrastructure to the cloud, eliminating the need to house costly servers at your business. The less IT infrastructure you have on site, the less you pay to power and maintain that equipment.

6. Free Your Existing IT Team to Focus

For larger small businesses, outsourcing IT usually isn’t done with the intent of drastically reducing or eliminating IT headcount. It’s more about allowing your existing IT team to focus in and specialize.

If your IT staff has grown beyond just one or two generalists, you likely have some highly capable, highly qualified individuals on your team. Here’s a scary proposition: go ask those people how many hours a week are eaten up doing low-level IT errands like helping John in Accounting with basic computer questions or reminding Sarah from Accounts not to reply-all to emails?

Outsourcing your basic IT functions to an MSP allows your existing IT team to focus on their areas of specialization. You’re also free to assign in-house assets to IT functions that are core to your business or are proprietary.

7. Gain After Hours Support (Without Paying Overtime)

Outsourcing your IT needs to an MSP with a 24/7 service agreement means instant access to support anytime. With an in-house IT staff, you’ll end up paying overtime if a system goes down after hours. You may also have to wait for that IT staffer to physically arrive to fix the problem.

When you outsource, you get near immediate remote support, without the overtime. This is a great benefit to small businesses of all varieties and sizes. You’ll benefit even more from after-hours service if you have virtual team members or even satellite offices in far-flung time zones.

Conclusion

We’ve covered just 7 of the many reasons that outsourcing IT to a managed service provider is the right choice for small businesses. Do you have questions about specific aspects of working with an MSP? Let’s chat. We’re ready to answer.

It is questionable whether there is any industry today that has not been forced to adopt new technology to remain competitive. But for small law firms, the need to utilize technology appropriately is necessary for more than just competitiveness—it is actually being increasingly pushed by jurisdiction. In just the past few years, the ABA Model Rule 1.1 went through revisions so that the rule now states that attorneys need to maintain a certain level of competence with technology, and 36 states have adopted the revised comment to Rule 1.1.

With technology competency becoming a standard for practicing attorneys, it is clear that every law firm needs to do what it can to incorporate technology into their practice. What this adoption will mean may vary somewhat from firm to firm, but the general push should be to meet the standards of the industry in all possible areas. For many firms, that will mean making some changes.

Technology for Small Law Firms—What You Need to Know

Where you and your firm sit on the technology spectrum may be far different from another attorney or another firm. You may have already taken significant steps to incorporate technology tools into your operation. You may have been doing things the same way for decades and only be interested in making the minimal changes to comply with changing professional expectations. Or, you may be somewhere in the middle. The following tips are meant to serve as a starting point on how to identify where changes need to be made and to make those changes as efficiently as possible.

Set aside time for research and the adoption of new technology.

For most lawyers, time is at a premium. Between courting new clients, keeping up with legal changes, researching cases, preparing and filing documents, traveling and doing all the other things required for you to run your firm, you are probably quite pressed for free time. However, you are also adept at measuring the workload of new projects and making time for those projects—which means you have the ability and aptitude to make technical changes to your firm. You just need to remain aware of what you are getting into and set a pace that fits with your circumstances.

If you do not want to do all of the work yourself, you can also delegate or outsource it. Whether you assign duties to employees, hire an IT services company familiar known for servicing law firms, or both, you can accomplish a lot when you share the workload.

Learn what it means to be technically proficient as a law firm.

You may already have clear ideas about the changes you need to make. But if you aren’t, consider doing some research on legal tech today. There are books available that discuss legal tech for small firms and there are plenty of websites that do the same. Educate yourself on what a technologically savvy firm looks like today so you can see where your firm is lacking and where you should aim to be moving forward.

Areas to research include:

• Document management
• Time and billing software
• Legal practice management software
• Collaboration tools
• Security technology
• Mobile technology
• Potential technology certifications available

Conduct an assessment of the technology your firm uses.

Once you have an idea of what the expectations for legal technology use are in today’s environment, you can conduct an assessment of your firm to see where you are and what changes you need to make. Identify what technology you currently use for various tasks, determine what changes need to be made, if any, and then make a plan to facilitate those changes.

Prioritize technology adoption.

Ideally, you could make all the changes you need to make simultaneously. But if you do not have the time, resources, or assistance to make all those changes possible right now, you will need to prioritize which are most important. Your priorities will be based on the specific goals of your firm. For example, e-filing is becoming an industry standard for law firms. If you are still using mostly paper, moving into an e-filing system will probably be a big priority. That may mean purchasing a scanner to digitize your existing documents, as well as implementing an e-filing system for your firm to use moving forward.

Consider Partnering With A Managed IT Services Company.

Most small firms do not have the resources to employ a dedicated IT department. Managed IT services offer a way to take advantage of technical proficiency and skill sets as you need them—like when you need to do a technology overhaul on your firm. You can get the assistance you need from professionals so you can focus on running your firm.

If you would like more information about managed IT services for your solo practice or small law firm, please contact us.