Author: Stuart Crawford

In previous years, the first clue that your corporate email has been compromised would be a poorly-spelled and grammatically incorrect email message asking you to send thousands of dollars overseas. While annoying, it was pretty easy to train staff members to see these as fraud and report the emails. Today’s cybercriminals are much more tech-savvy and sophisticated in their messaging, sending emails that purport to be from top executives in your organization, making a seemingly-reasonable request for you to transfer funds to them as they travel. It’s much more likely that well-meaning financial managers will bite at this phishing scheme, making CEO and CFO fraud one of the fastest-growing ways for cybercriminals to defraud organizations of thousands of dollars at a time. Here’s how to spot these so-called whaling schemes that target the “big fish” at an organization using social engineering and other advanced targeting mechanisms.

What Are Whaling Attacks?

Phishing emails are often a bit more basic, in that they may be targeted to any individual in the organization and ask for a limited amount of funds. Whaling emails, on the other hand, are definitely going for the big haul, as they attempt to spoof the email address of the sender and aim pointed attacks based on information gathered from LinkedIn, corporate websites and social media. This more sophisticated type of attack is more likely to trick people into wiring funds or passing along PII (Personally Identifiable Information) that can then be sold on the black market. Few industries are safe from this type of cyberattack, while larger and geographically dispersed organizations are more likely to become easy targets.

The Dangers of Whaling Emails

What is particularly troubling about this type of email is that they show an intimate knowledge of your organization and your operating principles. This could include everything from targeting exactly the individual who is most likely to respond to a financial request from their CEO to compromising the legitimate email accounts of your organization. You may think that a reasonably alert finance or accounting manager would be able to see through this type of request, but the level of sophistication involved in these emails continues to grow. Scammers include insider information to make the emails look even more realistic, especially for globe-trotting CEOs who regularly need an infusion of cash from the home office. According to Kaspersky, no one is really safe from these attacks — even the famed toy maker Mattel fell to the tactics of a fraudster to the tune of $3 million. The Snapchat human resources department also fell prey to scammers, only they were after personal information on current and past employees.

How Do You Protect Your Organization From Advanced Phishing Attacks?

The primary method of protection is ongoing education of staff at all levels of the organization. Some phishing or whaling attacks are easier to interpret than others and could include simple cues that something isn’t quite right. Here are some ways that you can potentially avoid phishing attacks:

• Train staff to be on the lookout for fake (spoofed) email addresses or names. Show individuals how to hover over the email address and look closely to ensure that the domain name is spelled correctly.
• Encourage individuals in a position of leadership to limit their social media presence and avoid sharing personal information online such as anniversaries, birthdays, promotions and relationships — all information that can be leveraged to add sophistication to an attack.
• Deploy anti-phishing software that includes options such as link validation and URL screening.
• Create internal best practices that include a secondary level of validation when large sums of money or sensitive information is requested. This can be as simple as a phone call to a company-owned phone to validate that the request is legitimate.
• Request that your technology department or managed services provider add a flag to all emails that come from outside your corporate domain. That way, users can be trained to be wary of anything that appears to be internal to the organization, yet has that “external” flag.

There are no hard and fast rules that guarantee your organization will not be the victim of a phishing attack. However, ongoing education and strict security processes and procedures are two of the best ways to help keep your company’s finances — and personal information — safe from cyberattack.

The information that no business owner or technology director wants to hear: there’s been a data breach. These chilling words can put your brain into overdrive, trying to triage the problem before you even know the full extent of the problem. What will be the impact on customers? On staff? On vendors? Is this simply a temporary bump in the road, or will your business never truly recover? How you’re able to react and your level of preparedness will be the deciding factors in the level of devastation that a data breach can wreak on your business. A recent report from TechBeacon shows that it takes an average of 191 days — over six months — for companies to even identify a breach, much less begin remediation on the road to recovery. Even more frightening, with as many as 7 in 10 of all organizations in the U.S. suffered some sort of data breach over the past several years, with the average breach costing upwards of $3.6 million.

What Are the Immediate Impacts of a Data Breach?

Once you find that your organization has been the target of a cyber attack, your technology team and external vendor partners immediately create a plan of attack. This could include everything from launching an effort to stop the vulnerability that allowed the breach to ensure that your data is restored from external backups as needed. Each of these steps can take time away from your daily operations, while also negatively impacting your overall customer service, manufacturing, eCommerce and staff productivity in general. Plus, there are the additional costs associated with external consultants who are working quickly (and expensively!) to restore your operations and data access. There are also expansive regulatory issues to handle such as technical investigations and regulatory filings about the breach and impact on the public. You can quantify these costs with a little work, but there are some hidden costs that lurk behind the scenes in an extensive data breach. Organizations are reporting thousands of hours required by forensic analysts who are attempting to put together the true nature of the breach.

Loss of Data = Loss of Reputation and Loss of Business

Your customers trust you to be a secure citadel for their sensitive personal, health and financial information. How can you explain to the public that data breaches happen every day? Customers are much less likely to be understanding of your business challenges when they’re personally affected by a data breach. You need to have a plan in place to respond to data breaches urgently, transparently and with empathy, or you could lose a significant amount of business due to lack of consumer confidence in your organization. Finally, you’ll need to put a communication plan in place that includes informing all of your stakeholders about the data breach and how it could affect them. These costs and the time required to get your business back to full operations may make it sound appealing to consider cyber insurance.

Should I Invest in Cyber Insurance?

Just as with other business risks, it makes sense to protect against known threats such as fire, flooding — and cyberattacks. Unfortunately, cyber insurance can be incredibly confusing and there are no guarantees that the expensive investment you make in insurance will cover the specific incidents that could occur at your organization. Even comparing different benefits and offerings can be extremely complex and off-putting for business owners. Instead of buying this questionable insurance, many small to mid-size businesses are instead investing in cybersecurity solutions and comprehensive backup and data recovery strategies.

How Can I Protect My Business From a Cyberattack?

If you don’t have a plan in place to handle data breaches or other cyberattacks, it is never too late to get started! With an average cost per record of $148, according to the 2018 Cost of Data Breach Study, a little prevention against a cyberattack can pay major dividends in the future. Are you confident that your organization has all the safeguards and protective mechanisms in place to maintain adequate security or quickly discover a breach in the event of a cyberattack? A comprehensive cybersecurity solution provides you with a high level of protection that includes:

• Active monitoring and reporting
• Vulnerability assessments and remediation
• Intrusion detection
• Behavioral monitoring
• Compliance reporting
• Agile integration with internal platforms
• Asset discovery
• IT and business user training
• Best practices and process recommendations
• Extensive backup and disaster recovery planning

When you fail to plan for a cyberattack, you’re essentially planning to fail! In today’s world, it’s rarely a question of “if“ your business will be targeted and more a question of “when“.

What Are the Benefits of Active Monitoring?

Working with a partner who offers active monitoring of your systems means you have a cybersecurity professional on your side at all times. Someone who is familiar with the footprint left behind by intrusions, and intimately knows the steps required to heal the breach and regain secure control of your systems. Your technology services partner should invest in ongoing education and recommend an aggressive security posture to protect your business. With active monitoring, you may still experience a cyberattack, but you may be able to limit the intrusion to certain systems or records — effectively saving as much of your data as possible through quick action in executing a pre-defined strategy.

As you can see, the effects of a data breach can be far-reaching and extremely expensive. It’s crucial that your business is fully prepared for any eventuality, and that includes an extensive data breach. The faster you’re able to identify the breach and heal it, the better your chances are for long-term business viability. Your technology services partner can provide you with customized recommendations to help protect your business from this pervasive problem.

Back in 2018, Apple once again upgraded the iMessage app to include new messaging effects. Apple added these effects to enhance the messaging experience for iOS users. There are 13 different effects that you can use to add an attractive feature to your messages when using iOS 12 or later on an iPhone or an iPad. The bubble effects will also show up on iMessage for Mac.

Let’s look at the special effects that you can apply in the Apple Messages App.

How to Access the iMessage Effects

First, with messages open, enter some text. Type an easy message such as “Hello”. Then, force-press the blue arrow to the right. The effects screen appears. The effects screen is divided into categories that are posted at the top of the screen:

1. Bubble effects
2. Screen effects

Bubble Effects

There are four bubble effects:

1. Slam: Stamps the bubble down and makes the entire screen ripple
2. Loud: A giant bubble that shakes then settles
3. Gentle: A tiny bubble that subtly slips into place
4. Invisible ink: Covers the bubble in an animated blur – the blur disappears once you swipe the message.

Screen Effects

There are nine screen effects:

1. Echo: The Echo duplicates text that floods the screen of the recipient.
2. Spotlight: The incoming message is highlighted by a spotlight.
3. Balloons: Ascending balloons burst onto the recipient’s screen.
4. Confetti: Multi-color confetti sprays down from the top of the screen.
5. Love: An expanding heart pops out of the message.
6. Lasers: Lasers with sound effects shoot from one of the screen to the next.
7. Fireworks: Multi-color fireworks explode from the center of the screen.
8. Shooting stars: A starburst shoots from the left on the screen, blowing up as it reaches the right side of the screen.
9. Celebration: Fireworks and other celebratory effects spread out across the screen.

Once you’ve decided which effect you want to apply, touch the blue upward arrow to send your message with the effect. You can also press the ‘X’ to return to the message screen.

By adding these effects, you can enhance your iMessage experience.

After literally changing the world through technology, what does a retired billionaire Microsoft co-founder do for an encore? If his name is Bill Gates, he changes the world yet again. This time, Gates is exploring advanced cutting-edge technology to find healthcare solutions for the world’s most pressing issues. Serving as guest curator for the annual “10 Breakthrough Technologies” list published by MIT Technology Review, Gates revealed his top picks for 2019 – five of which happen to be healthcare technologies.

In introducing the list, Gates explains his choices and expresses optimism for how we can invent the future. “We’re still far from a world where everyone everywhere lives to old age in perfect health, and it’s going to take a lot of innovation to get us there,” he writes. “For now, though, the innovations driving change are a mix of things that extend life and things that make it better. My picks reflect both. Each one gives me a different reason to be optimistic for the future, and I hope they inspire you, too.”

Here are the top five healthcare technologies for 2019, as curated by philanthropist Bill Gates on his quest to change the world through innovative solutions.

1. Customized Cancer Vaccines

Things are getting personal in the world of cancer care and treatment. In a collaboration between German startup BioNTech and the biotech behemoth Genentech, researchers are conducting clinical trials with technology that customizes cancer vaccines for each individual. The approach attacks only cancerous cells rather than healthy ones using mRNA-based therapies, taking into account the patient’s genetic profile and specifics of the personal diagnosis.

2. Predicting and Preventing Premature Birth

Considering the millions of mothers giving birth to premature babies every year, Stanford University bioengineer Stephen Quake decided to do something about it. He has developed a genetic blood test that can identify which women are likely to deliver a premature baby, thereby increasing the likelihood of effective care and prevention. The test works by detecting fluctuations in specific genes related to premature births. Quake states that quick and easy test costs only about $10.

3. Ingestible Gut Probe for Easy Disease Screening

Harvard Medical School professor Guillermo Tearney, MD, PhD, who is also a pathologist at Massachusetts General Hospital, has created a swallowable gut probe that can capture images and screen for diseases such as environmental enteric dysfunction. The condition inhibits the absorption of nutrients, which adversely affects children in developing countries who are susceptible to malnourishment. According to the MIT Technology Review, the device has the potential to replace endoscopes and anesthesia, which can be cost-prohibitive for many people.

4. Wearable ECG Device for Everyday Use

Wearable devices such as the Series 4 Apple Watch are receiving advanced ECG technology that aims to equal heart monitoring done in a traditional physician’s office. The goal is to detect arrhythmia sooner and thereby reduce the potential for a heart attack.

5. Voice-enabled AI Assistants in Health Care

Artificial intelligence systems with voice-enabled technology, such as Alexa from Amazon and Siri by Apple, are being configured for HIPAA-compliant use in clinical patient care. Hospitals and clinics will be able to utilize the devices for things such as post-surgery care, checking blood pressure and increasing efficiency.

With today’s businesses moving a large portion of their information technology operations to the cloud, having holistic IT services management is more important than ever before. Making this shift provides organizations with an unprecedented level of flexibility, and cloud solutions are generally more affordable. However, you may find that you’re introducing a greater level of complexity as you bring on additional integrations and cloud-based solutions. Having a trusted IT services management partner allows you to focus on the core growth of your business while shifting the bulk of responsibility for IT operations to your services management team. See how making this move helps local businesses thrive.

What is ITSM?

Information Technology Services Management (ITSM) goes by a variety of different titles. You may hear this referred to as managed services, IT outsourcing, IT consulting and more — but it all boils down to finding a partner with the technical expertise to support your organization’s IT operations. Internal IT teams often retain responsibility for setting strategy and oversight, while the more tedious daily processes and larger integrations are moved offsite to your partner’s teams. This allows you access to a broader team of professionals with expertise in a variety of different platforms, infrastructure setups and methodologies.

How Does ITSM Help My Local Business?

As businesses grow, their technical challenges become increasingly complex and are often more than one or two IT professionals can handle internally. Working with an IT services management organization allows you to reduce inefficiencies in your business and reduce the workload on key technical staff. You’ll find enhanced operational efficiency and reduced operating costs, along with a vastly improved customer experience for your internal users and customers. With an external review of your software implementations, you are likely to enjoy enhanced access control and governance of your crucial business systems. Your IT services management professionals are also able to help bring consistency to your process and automate them whenever possible. You’ll find that your teams are able to collaborate more fluidly — both internally and with your customers or vendors.

What Types of Services Does an ITSM Offer?

The wide scope of the landscape — where there are thousands of solutions for each IT project — simply requires knowledge that is too broad for a single, small team. ITSM helps your local business by helping weed through some less-than-ideal solutions to find exactly the options that are right for your business.

This could include providing a range of platforms and services:

• Cloud-based storage
• Backup and disaster recovery procedures
• Antivirus and anti-malware solutions
• Office 365 and productivity software licensing and implementation
• Active monitoring of your network for data breaches
• Remediation and resolution management
• Help Desk support
• Software Integrations
• Universal control dashboards
• Threat assessments and staff training
• WiFi and endpoint management

These are only a few of the solutions that a full-service ITSM partner can provide for your organization.

Will an ITSM Team Understand My Business?

Sure, it might take your technology professionals a bit to get up to speed on your specific core competencies and the challenges that your organization offers, but these individuals are accustomed to working with a variety of organizations and will quickly learn what makes your business unique. Plus, they’re able to leverage all of their knowledge of past engagements to help see what works, what doesn’t — and how to make the most out of the teams that are available. Your IT services management team will look across the organization at people, processes and technology in order to help visualize your work and understand where changes can be made to wasteful processes.

If your organization is embarking on a digital transformation project — or even if you’re simply trying to get your technology team out of the weeds with daily help desk requests — ITSM offers some true benefits for your business. You can increase the agility and responsiveness of your business while ensuring that daily business processes are interrupted as little as possible. See how ITSM concepts can help provide the cement that you need between your business and technology teams to lead your organization into the future.

Attorneys have unique needs for the storage of information while needing to access data on clients and cases from remote locations. That’s why cloud computing has become such a popular option for lawyers. However, the value of cloud computing needs to be tempered with concerns about security and privacy.

Below is your 2019 introductory guide to cloud computing for lawyers.

What Is Cloud Computing?

Cloud computing is web-based, off-site storage of software and data, and is often referred to as software as a service (SaaS). It allows for access to files and software applications from most mobile devices if there’s an available internet connection.

Among some of the most popular commercial cloud-based storage solutions are Dropbox, Google Drive, OneDrive and iCloud. Some of these services are provided for free and others charge a nominal monthly or annual fee, usually based on the amount of storage required. Housing applications in the cloud usually is best done via a managed IT services provider that can configure and monitor the solution on your behalf.

What Are the Advantages to Cloud Computing?

Cloud computing helps busy attorneys stay connected to information critical to their work. Here’s a closer look at some of the core benefits of cloud computing for lawyers:

• Access. Attorneys are often working out of the office meeting with clients or appearing in court. When they need access to information, it’s usually an urgent situation. With cloud-based access, attorneys can access necessary information in the moment of need. Wherever there’s an internet connection, lawyers can immediately connect, without needing to email files to one’s self or using hard-to-use remote software to log in.
• Cost. Cloud computing is predictable and inexpensive, with a flat monthly or annual fee that allows for better collaboration, networking and storage.
• Backup. Cloud computing provides you with a reliable and protected digital backup of your files and applications, ensuring they are recoverable and usable in the event of software corruption, server failure, human error, natural disaster or cyber attack.
• Multi-Device Functionality. Cloud computing allows you to access information from any device (smartphones, laptops, desktops or tablets) or operating system. If you use a PC at the office and a Mac at home, there’s no issue.
• Less Internal IT Costs. When you use cloud solutions, you won’t have to buy, install and maintain servers and other equipment if you were hosting these applications and information yourself. Software licensing is often included in monthly managed IT services, which can monitor your software warranty and renewal terms and timing. Also, cloud solutions provide for automated updating and patching, meaning you’ll have access to new features and updated security measures. The cloud option means less burden on internal IT staffers or the need for expensive one-time service requests by third parties.
• E-Filing. When your firm needs to file materials with courts or government agencies, digital files — and remote access to them — makes e-filing simpler. There’s no need to convert paper to PDFs or hand-deliver information when required documents can be sent digitally.
• Scalability. Cloud computing allows for flexible expansion or contraction as your firm’s needs evolve. You quickly can add more storage or reduce your capacity. With the cloud, you will not have to scramble to buy, install and configure a new server or overbuy server space you do not need.
• Intuitive Use. Setting up a workstation for a new employee takes a lot of time, especially to install software and train them on applications. A cloud-based infrastructure means new users can be added or removed quickly. You can also reduce your PC purchase costs by using simpler devices that cost hundreds less.

How Is Information Secured in Cloud Computing?

Keeping information protected is a moral and legal obligation for attorneys. With cloud computing, you have added security functions and peace of mind.

Lawyers are obligated to provide “reasonable care” to prevent unauthorized disclosures or access to information. However, states have different definitions of “reasonable care” but generally include the following:

• Data encryption
• Use of current, best-practice technology
• Review of service providers’ requirements regarding data ownership and access

Cloud security features can ensure that data is encrypted while in transit or at rest, access is limited and suspicious activity is detected, quarantined and addressed before any serious damage occurs. Some law firms need to meet mandated guidelines for work with government agencies like the Department of Defense or the Central Intelligence Agency. In such cases, cloud security solutions are available that address those mandates through threat detection, machine learning and automated monitoring of data and applications.

What Are the Ethical Concerns Regarding Cloud Computing for Lawyers?

U.S. state ethics commissions have ruled that cloud computing is ethical, as long as the “reasonable steps” and conditions are met. According to a recent article by the American Bar Association, the Iowa Committee on Practice Ethics and Guidelines issued suggested questions attorneys should ask themselves and service providers:

• Will I have unrestricted access to the stored data?
• Have I stored the data elsewhere so that if access to my data is denied I can acquire the data via another source?
• Have I performed due diligence regarding the company that will be storing my data?
• Is it a solid company with an excellent operating record, and is its service recommended by others in the field?
• In which country and state is it located, and where does it do business?
• Does its end user’s licensing agreement (EULA) contain legal restrictions regarding its responsibility or liability, choice of law or forum, or limitation on damages?
• Likewise, does its EULA grant it proprietary or user rights over my data?
• What is the cost of the service, how is it paid, and what happens in the event of nonpayment?
• In the event of a financial default, will I lose access to the data, does it become the property of the SaaS company, or is the data destroyed?
• How do I terminate the relationship with the SaaS company?
• What type of notice does the EULA require?
• How do I retrieve my data, and does the SaaS company retain copies?
• Are passwords required to access the program that contains my data?
• Who has access to the passwords?
• Will the public have access to my data?
• If I allow nonclients access to a portion of the data, will they have access to other data that I want to be protected?
• Recognizing that some data will require a higher degree of protection than other data, will I have the ability to encrypt certain data using higher-level encryption tools of my choosing?

Attorneys can gain considerable benefits with a cloud computing solution. Knowing the benefits, security provisions and due diligence to be done will help attorneys make an informed decision that keeps information accessible and safe.