Category: Uncategorized

Cybercriminals lock victims out of computer and network files – sometimes destroying data – and extort cash to get that data back. That’s a ransomware attack, costing businesses billions worldwide.

Ransomware can spread by the simplest of user actions. Email phishing, or Business Email Compromise (BEC) – fraudulent and deceptive emails posing as legitimate messages – is perhaps the most common propagation method. Social media clickbait, particularly using fake accounts masquerading as friends or colleagues, is common also. Simply visiting an infected website can corrupt your system, even if the user doesn’t click anything on the web page.

How common is ransomware? There’s bad news and good news. The bad news: attacks are extremely common, with thousands of organizations being probed every day. The good news: savvy IT professionals are fending off attacks, so infections are still comparatively rare. However, attacks are on the rise and cybercriminals are growing more sophisticated.

Ransomware attacks are hitting businesses of all sizes, from a few employees to enterprise corporations. Individuals get infected also, especially those without good antivirus protection. Government agencies and health care organizations have become prime targets.

Data Loss and Financial Risk

Ransomware encrypts computer files and network drives, then demands a ransom in exchange for a decryption key. Most victims end up paying the ransom. Ransomware can be difficult, if not impossible, to crack, and paying the ransom can be the only way to get data back.

Costs of recovery can be enormous. The ransom itself can run from thousands to hundreds of thousands of dollars, even approaching $1 million dollars. The real cost of recovery runs easily into the millions. FedEx reported losses of more than $300 million before operations were fully restored. The total cost to US business is estimated at $75 billion or more per year, with downtime costing around $8,500 per hour.

Cybercriminals typically demand payment in Bitcoin. Cryptocurrency affords substantial anonymity, making it nearly impossible to track perpetrators. Even if they could be identified, cybercriminals often work over international borders. Jurisdiction issues makes prosecution almost impossible.

Preventing Ransomware

Ransomware protection is a complex endeavor involving technology, education and best practices. You need the right tools – the right information – and the right business processes.

Key steps to protect your data include:

• Maintain up-to-date antivirus/malware protection, especially on email. Do your research for best programs, including buyer reviews on popular online retail sites.
• Perform regular external backups, and quarantine them from your network as soon as they’re completed. Keep archival history as much as possible.
• Train employees. Malware is most often spread by human behavior, e.g. clicking an email phishing link or social media clickbait. Proper training can minimize risk by educating staff about the risk of suspicious links.
• Maintain strong firewall protection to minimize the risk of a single infected machine spreading malware into your network.
• Keep all enterprise software updated with the latest releases and patches. Software firms are constantly improving security, and outdated software is riskier.
• Administer IT user permission security so employees have access only to the software and functionality required for their job roles.
• Disable macro scripts on files shared via email – an important component of training.

Along with preventative measures, create a contingency plan. If you are hit with ransomware, you’ll be better prepared to cope if you have plans in place to continue operations and speed up recovery.

Setting up a cryptocurrency wallet should be part of the contingency plan. If your business is hit – and you decide to pay the ransom – you’ll be able to pay much sooner if you already have this in place.

See these resources for more detail on what you can do to protect your business.

• FBI Cyber Crime Investigations
• FBI Business Email Compromise (BEC) Information

What to Do If Infected

More than half of targets don’t report ransomware attacks, according to FBI estimates. This is likely driven by concerns over bad publicity. Financial and business process recovery is bad enough without adding in a PR nightmare.

However, it’s critical to notify the FBI if your systems are infected. The FBI is the lead federal agency for cybercrime. Their investigative and technology capabilities are state-of-the-art, and no one is better equipped to help you understand your options and recover your data.

The FBI suggests that you do not pay the ransom. The decision is up to your company leadership, and it’s true that most victims do pay. In many cases, the cost of paying the ransom is far less than the potential losses from operational downtime.

Ransomware removal often involves wiping systems clean and restoring uninfected files from backups. It’s a delicate business best left to a professional cybersecurity company.

It Can Happen to Your Business

Ransomware and cybercrime are on the rise. Costs to businesses are going up.

Education and preparation are the best defenses against cybercrime. Responsible management needs to be proactive. Threats are real, cybercriminals are serious, and today’s IT professionals are armed with the tools and the knowledge to keep their companies safe.

Every business should have a comprehensive cybersecurity plan and a competent team that can execute that plan. Otherwise, cybercriminals and malicious actors can and most likely will take advantage of security vulnerabilities to access company data and cause damage. But as important as it is to have skilled IT professionals looking out for your business, it is equally important to educate yourself in the basics of cybersecurity so that you can avoid compromising your valuable information accidentally.

The following list of cybersecurity terms is one that every business owner, manager, executive and other professional should be aware of. The more you understand the basics of cybersecurity, the better equipped you will be to protect your valuable business data and personal information moving forward.

9 Cybersecurity Terms Every Business Professional Should Know

1. Malware

From the time the average family had a personal computer in the house, most people had heard of computer viruses. Today, it is still common for many people to think of all types of attacks to computer systems and networks as viruses. In truth, a virus is only one type of attack that you need to be aware of. There are many other types of attacks, which along with viruses, fall under the umbrella of malware. Anything that is made to access your network or data—or cause damage to your network or data—is referred to as malware.

2. Phishing

Like the common term it comes from, phishing can be thought of as throwing out attractive bait in hopes that someone will bite and give up their valuable information. Phishing involves making a website or application that looks just like a site or app that people trust. You might get an email from Google or the IRS that looks legitimate. It could claim that the company needs you to update your information or your password and then take that info and give it to a cybercriminal.

3. Antivirus

An antivirus program is just like it sounds—a program for fighting computer viruses. What it is not is a program that will handle all of your cybersecurity needs. It will search for common viruses and eliminate those viruses, but it will not necessarily protect against other types of malware. Your antivirus can only scan the drives it has access to, and can only identify viruses that have already been identified by the company that makes the program.

4. Social Engineering

Social engineering refers to deceiving people instead of computers. While creating malware requires focusing on technical aspects, social engineering focuses on ways to manipulate people into doing what you want them to do. The scams where people ask you to cash checks on their behalf and send them the money because they are out of the country are an example of social engineering.

5. Ransomware

A common type of malware being put out by cybercriminals is known as ransomware. Ransomware takes some of your sensitive data and encrypts it so you cannot access it. The cybercriminal then demands a ransom for you to get access to your data. All of the cybersecurity terms you see that end with ware are types of malware.

6. Zero-Day Attacks

One of the biggest weaknesses of antivirus programs or other anti-malware programs is that they can only detect and protect against malware that has already been identified. Cybersecurity experts are constantly on the lookout for new malware, but they are not able to catch every piece of malware before it compromises systems and networks. There are always holes in the protective layers offered by cybersecurity teams. When a piece of malware compromises a hole, or vulnerability, in standardized security layers, it is known as a zero-day attack.

7. Redundant Data

While cybersecurity experts and your IT team are always striving to protect your system and network from attacks, sometimes your data can still become compromised—like with a zero-day attack. The reality of cybersecurity is that there is always the possibility of compromise, which is why backing up your data is a necessity. Not only does backing up your data protect against cybersecurity threats, but it also protects against equipment failures.

A quality backup will be quarantined in a facility that is not in the same location as your business.

8. Patch

A patch is what software developers send out when they discover a gap in the security of their programs. You should download available patches regularly to ensure optimal protection.

9. Intrusion Protection System (IPS)

An IPS is placed between your firewall and your system to identify intrusions and stop them before they cause damage.

For more information about cybersecurity for your business, please contact our team.

Technology is rapidly entering all areas of commerce, banking and society due to increased digital communications both in person and online. Much of the business that Canadians do every day is assisted by technology including shopping for groceries, promoting a brand and socializing with friends and family. “Data is a resource that companies use to be more productive and to be more productive and to develop better products and services, unleashing a digital revolution around the world.” according to the Canadian Digital Charter website. Due to this expansion of data access worldwide, Canada has set up the Canadian Digital Charter (CDC) to ensure that “privacy is protected, data will not be misused, and companies operating in this space communicated in a simple and straightforward manner with their users.” The goal is to inspire trust in the government and businesses who handle private data.

Canada’s Digital Charter is Built on Ten Principles

The CDC was developed after the government conducted numerous conversations and surveys with Canadians from all walks of life. These discussions emphasized specific issues that Canadians were interested in and worried about. The result were the following ten principles that form the foundation of the CDC.

1. Universal Access:

All Canadians will have equal opportunity to participate in the digital world and the necessary tools to do so, including access, connectivity, literacy and skills.

2. Safety and Security:

Canadians will be able to rely on the integrity, authenticity and security of the services they use and should feel safe online.

3. Control and Consent:

Canadians will have control over what data they are sharing, who is using their personal data and for what purposes, and know that their privacy is protected.

4. Transparency, Portability and Interoperability:

Canadians will have clear and manageable access to their personal data and should be free to share or transfer it without undue burden.

5. Open and Modern Digital Government:

Canadians will be able to access modern digital services from the Government of Canada, which are secure and simple to use.

6. A Level Playing Field:

The Government of Canada will ensure fair competition in the online marketplace to facilitate the growth of Canadian businesses and affirm Canada’s leadership on digital and data innovation, while protecting Canadian consumers from market abuses.

7. Data and Digital for Good:

The Government of Canada will ensure the ethical use of data to create value, promote openness and improve the lives of people—at home and around the world.

8. Strong Democracy:

The Government of Canada will defend freedom of expression and protect against online threats and disinformation designed to undermine the integrity of elections and democratic institutions.

9. Free from Hate and Violent Extremism:

Canadians can expect that digital platforms will not foster or disseminate hate, violent extremism or criminal content.

10. Strong Enforcement and Real Accountability:

There will be clear, meaningful penalties for violations of the laws and regulations that support these principles.

Digital Technology’s Impact on Canada

The ten principles listed above clearly display the Canadian Government’s vision of integrating ethics and law with digital access. In the discussions with Canadians that led to the CDC, three main issues came to the forefront.

A. How Can Canada Prepare for the Technology of the Future?

Canadians are concerned whether they will be trained for skills needed in the technology of the future. Examples of these are digital skills, including knowledge of coding, data analytics, AI, and machine learning as well as future technologies that have not yet been developed. Although not all careers require a special knowledge of technology,

Canada must instill comprehensive digital literacy and exposure to STEM skills from a young age, particularly for under-represented groups including women, Indigenous people, and people with disabilities. To build digital resilience, Canada must take a multidisciplinary approach to skills development and training that encourages a life-long learning mentality.

Other key issues include retraining workers to build skills that relate to STEM fields, and opening access to training in non-traditional formats including flexible, cost-effective options for attaining new skills in short time frames.

B. How Will Canada Support Growth of Competitive Canadian Companies?

In order for Canadian companies to be competitive on a global scale, they need to “adapt their traditional approaches, and identify, adopt and implement digital and data-driven technologies.” There are several issues that are obstacles to this type of growth including most notably affordability, access for remote, rural and Indigenous communities. Canada ranks among the most expensive countries in the G7 for many telecommunication services including mobile wireless and Internet.¹ Other obstacles include awareness of how technology can improve and scale business in traditional sectors, and that technology implementation isn’t a “one-size-fits-all” solution. Recognition of the need for individual, personalized implementation is crucial to moving forward.

C. How Can Canada Be a Leader in the Digital Age Regarding Privacy and Trust?

The digital age has ushered in the usage of an explosion of data “helping to fuel innovations like AI, machine learning, and the Internet of things, however, the rapid acceleration of data being created, and its use as a commodity means Canada must re-evaluate the frameworks it has in place.” While laws such as the Personal Information Protection and Electronic Documents Act (PIPEDA) help to keep personal data private, there needs to be an ongoing effort to keep frameworks transparent and private data protected against hacking and other data breaches.

Trust and privacy of personal data is a key element in any future growth of technology in Canada.

The issue is complex with important questions around data access, ownership, use, and the consent and controls available to both citizens and providers. . . Canada has a mature regulatory environment, however with the growing complexity of vast amounts of data flows, privacy, and cross-border markets, many Canadian companies, in particular SMEs, expressed difficulty understanding how best to comply with existing data and privacy legislation and the corresponding regulations.

To continue to protect privacy, Canada needs to modernize PIPEDA and continue to offer effective and clear guidance on privacy issues, and at the same time effectively enforce any players appropriately to build trust with Canadians.

The American Medical Association recently shared its new AMA AI policy recommendations with the public. The AMA sees great potential to improve patient outcomes through this technology, but they also want to ensure that oversight and accountability for this augmented intelligence are in place so that the technology is used justly and effectively.

The Role of AI in Healthcare

The goal of artificial intelligence is to mimic human cognitive processes. Why would we want this in healthcare? It’s because healthcare, like many industries today, has endless amounts of data, more than any human could ever research, consider, or draw conclusions from. In theory, AI doesn’t possess these limits. The right AI technology could take all of the relevant information provided to it, identify the patterns, and develop best practices and true data-driven recommendations from it.

Today, in the medical community, we have studies that say if A, then B will probably occur. But often we can’t distinguish between correlation and causation. It’s hard to account for all of the related factors C through Z. But as AI technology develops, it will be able to do this, leading to:

• Earlier detection
• Better understanding of risk factors
• More personalized treatment recommendation
• Reduced waste on treatments that don’t work or unnecessary diagnostic testing
• Reduced cost associated with complications
• More quality-based care for patients versus fee-for-service and greater profitability for healthcare organizations. The two are not opposed but perfectly align when AI is involved.

Why Is a Policy Needed

The AMA supports insurance coverage for AI-enabled technologies that comply with state and federal regulations. Any AI developed must hold in highest regard the safety and privacy of patients.

The AMA does not support mandating that physicians or institutions use AI. They believe the technology’s benefits speak for themselves. And healthcare organizations and physicians will see that.

The AMA believes that their new policy clarifications help medical facilities:

• Prepare for a transition to more AI-supported healthcare decisions, which will include new ways of thinking and new care delivery models
• Facilitate more effective communication among patients, doctors and the associated care teams regarding how AI is being used in decision-making processes
• Rethink facility workflow, not just using AI but integrating it into their IT systems, ensuring consistency in patient care
• Advance more affordable access to AI technology so that all patients, regardless of income, benefit from these advancements
• Effectively incorporate end-user feedback to continually improve the technology.

Does AI Put Physicians at Odds with Technology?

Physicians and staff should never be made to feel that AI is over-ruling their professional judgment. For one, AI today has no empathy. It cannot, therefore, consider matters of empathy in the decision-making process. That’s a uniquely human trait.

AI does not replace human physicians. Just like the MRI improved our ability to diagnose and assess certain conditions, AI augments a medical service provider’s ability to deliver quality care.

Gerald E. Harmon, MD, former chair of the AMA Board of Trustees says, “Medical experts are working to determine the clinical applications of AI—work that will guide health care in the future. These experts, along with physicians, state and federal officials must find the path that ends with better outcomes for patients… We have to make sure the technology does not get ahead of our humanity and creativity as physicians.”

Why AI is Coming at the Perfect Time

As the US healthcare system shifts from a fee-for-service to a more outcome-based system, organizations will need to have cost-effective systems in place to reach those outcomes. As reimbursement rates shrink, institutions turn to innovations that can streamline patient care, cut costs and enhance quality.

How AI Is Being Used Today to Improve Patient Outcomes

AI isn’t a future technology. It has real-world applications today.

Multiple studies support AI’s ability to perform in its role as an augmentation to human physician judgment.

A cardiovascular group employed current AI technology to detect abnormalities across common diagnostic tests, leading to fewer errors in diagnosis, and improved patient outcomes.

An orthopedic group used AI to identify hard-to-spot fractures and soft tissue injuries that can lead to a lifetime of chronic pain for patients. The technology allowed them to detect injuries with greater accuracy and to spot them earlier when minimal intervention could eliminate the potential for a lifetime of reduced mobility and declining health.

A neurology clinic utilized current artificial technology to identify new biomarkers that allowed for earlier detection of neurological diseases such as amyotrophic lateral sclerosis (ALS). Manual tests for this disease are costly and time-consuming. AI was able to pinpoint which patients would benefit from the testing and when other possible causes of symptoms needed to be explored first, significantly cutting costs and hours worked per patient while improving patient outcomes.

Integrating AI Technology

Artificial intelligence is getting more affordable and accessible. Early adopters will be able to establish themselves as the innovators in the industry through this technology. Given this technology’s potential, As more organizations invest, we’ll continue to see better patient outcomes and a healthier overall system where results-based pay systems truly work in the favor of both healthcare organizations and patients.

There never seem to be enough hours in the day to get everything accomplished, and that goes double for small business owners. When you’re top dog in charge, every small problem or frustration heads your way. Technology support is one of the key complaints from staff members, especially when there are problems with slow network connections or aging computers. You need your staff members to be contributing 110% every day, and that goes for your network infrastructure as well. If you’re struggling with finding the time to respond to dozens of IT challenges while also driving your business forward, it may be time to consider outsourcing your IT operations so your internal teams can focus on the future.

Predictability in Pricing

Whether your business is running on a shoestring or you have a healthy budget, it is tough to get hit with an unexpected bill that can reach tens of thousands of dollars. If your business experiences any type of disaster event that affects your technology, the cost to get everything back up and running can be staggering. The word “disaster” makes you think of something that won’t happen to you, but the reality of technology disasters is much different. Malware and ransomware are rampant in small businesses, with approximately 60% of all data breaches occurring in a small business. When you work with an IT managed services provider, you have an added layer of support for your team that is priced consistently throughout the year. Plus, you have the peace of mind knowing that you have experts that are an extension of your business who already understand your infrastructure — a great step towards being able to rebuild it successfully.

Reducing Overhead — and Improving Quality of Service

Technology is extremely complex and hiring all of the specialists that you truly need to run a complex business would be exorbitantly expensive. With outsourced IT operations, your staff has a platform of consistent support that they can trust to always be there when they are needed. Response times are guaranteed so staff members can focus on doing their job instead of stressing about whether their technology is working properly or quickly enough for their needs. An added benefit is the access to a stable of trained professionals with a broad range of technical knowledge in fields such as cybersecurity, network engineering, customer support, data utilization and more.

Scale Your Business With Ease

Growing your business technology used to be expensive and stressful: how can you make a major purchase of hardware and software based on the scale you think your business will be for the next few years? If you’re in an active growth stage, a poor decision could be disastrous. Either you end up with inadequate hardware that won’t support your business, or you overspend and have crucial capital reserves tied up in resources that aren’t being fully utilized. With IT managed services, scaling your business couldn’t be easier. Bringing a new server online is no longer a tortuous process of weeks, but can be accomplished very quickly by your external support team. Adding software licenses and data storage capacity is also easier, allowing you to focus on growing your business and providing exceptional service to your customers.

Enterprise-Level Technology — Sized for Your Business

It would be difficult for a small business to afford to implement the same type of advanced help desk software, cloud-based software and security measures that you would receive as a client of a managed IT services company. IT support companies are able to afford enterprise-level technology as they are spreading the costs between a variety of clients. You benefit from the advanced tech at only a fraction of the price. Your help desk support requests become more predictable and your business becomes more secure — all while you’re gaining the benefits of an enhanced network infrastructure to power your business.

Outsourcing your IT operations may not be for every business, but the majority of small businesses can see a significant benefit by reducing the burden on internal technology professionals. As an added bonus, the active monitoring provided by IT support specialists can help ensure that your business is protected from cyberattack, with quick remediation and support if you do experience an attack. Accelerate your business growth and support the innovative ideas of your teams when you rely on trusted, experienced technology professionals to provide support for your business.

While technology teams are often found reporting to the CFO, that role may not be the first one that comes to mind when you’re discussing digital business transformation. There may be a perception that CFOs are the ones requiring justification for expenses instead of the leaders who are dreaming the big dreams required to fundamentally remake the business. Today’s CFOs are stretching in new directions as their role evolves to be a more visible part of process growth, technology and visioning for the future. With the massive investments that are required to implement new technology solutions, a critical success factor for these projects is to have the full buy-in of finance — and the layer of accountability for results that comes as part and parcel of a CFOs tight involvement in these initiatives.

Businesses Are Spending $6 Trillion on Digital Transformation

That’s right — trillions of dollars are being leveraged to drive digital initiatives from artificial intelligence to IoT (Internet of Things) and augmented reality. The costs of hardware and storage may be negligible, but the never-ending changes to software platforms drive a significant portion of the costs associated with major change. This puts technology leaders in a tenuous position in terms of justifying the spend because these are sunk costs from the perspective of the CFO. Deriving ongoing value from an asset can be challenging when it’s likely to be deprecated in only a few years and has negligible resale value.

Data is a Vital Strategic Asset — and a Risk

The capture and storage of customer data is no longer the realm of marketing folk, as technology leaders and finance professionals alike are scratching their heads in an attempt to keep up with morphing regulations and cybersecurity challenges. Consolidation information into centralized databases is more crucial than ever before due to the shifting climate around privacy regulations in the U.S. and abroad. Leveraging this data to drive advanced personalization can become the competitive advantage that businesses need, but it doesn’t come cheap — or quickly. CFOs are a needed point person between financial activities, the data flowing throughout the organization and are also able to keep their fingers on the pulse of the operational needs of the organization.

Providing Operational Support for Key Digital Initiatives

CFOs can help step in on projects that are floundering and push teams to define core deliverables and stick to the solutions that have the greatest promise for the future. As the head of finance, it’s imperative that CFOs have a handle on where and how data is stored or the organization risks excessive fines and public exposure in the event of a cyber attack or even loss of data access due to a disaster event. In this new and expanding role, CFOs are best able to align the strategic initiatives of the organization with the funding required to drive them forward.

CFOs Taking the Lead in Digital Business

According to McKinsey, CFOs are increasingly pushed to the forefront of digital finance initiatives but are often still struggling to find how they can effectively work with other executives to drive transformative activities. Digitization in finance is a growing trend and one that is being actively embraced by leadership and staff members alike due to the added efficiencies that can be realized with solid technology implementations. Unfortunately, it’s just as easy to have a miss as a home run when it comes to digital finance operations — requiring a strong partnership between technology leaders and financial executives to determine where the priorities should lie for business transformation.

Whether or not they are leading digital transformation within the business, CFOs are feeling the disruption that is rippling throughout the organization with the introduction of new technologies and business requirements. “Digital technology is disrupting the role of the CFO. It is fundamentally changing the way organizations approach finances and how they interact with customers,” explained David Axson, managing director at Accenture Strategy. With all of the focus on digital transformation of the business, CFOs will have more than their share of challenges over the next decade.

How Can You and Your Employees Avoid It?

The Cybersecurity and Infrastructure Security Agency (CISA) is warning about an email phishing scam that tricks users into clicking on malicious attachments that look like legitimate Department of Homeland Security (DHS) notifications.

The email campaign uses a spoofed email address to appear like a National Cyber Awareness System (NCAS) alert and lure targeted recipients into downloading malware through a malicious attachment.

CISA says that users should take the following actions to avoid becoming a victim of social engineering and phishing attacks:

• Be wary of unsolicited emails, even if the sender appears to be known; attempt to verify web addresses independently (e.g., contact our helpdesk or search the internet for the main website of the organization or topic mentioned in the email).
• Use caution with email links and attachments without authenticating the sender. CISA will never send NCAS notifications that contain email attachments.
• Immediately report any suspicious emails to our helpdesk.

What Is A Phishing Attack?

Phishing attacks use email or malicious websites to solicit personal information by posing as a trustworthy organization. For example, an attacker may send email seemingly from a reputable credit card company or financial institution that requests account information, often suggesting that there is a problem.

When users respond with the requested information, attackers can use it to gain access to the accounts. Phishing attacks may also appear to come from other types of organizations, such as charities. Attackers often take advantage of current events and certain times of the year, such as:

• Natural disasters (e.g., hurricanes, earthquakes)
• Epidemics and health scares (e.g., H1N1)
• Economic concerns (e.g., IRS scams)
• Major political elections
• Holidays

Why Can Email Attachments Be Dangerous?

Some of the characteristics that make email attachments convenient and popular are also the ones that make them a common tool for attackers:

• Email is easily circulated. Forwarding email is so simple that viruses can quickly infect many machines. Most viruses don’t even require users to forward the email—they scan a users’ computer for email addresses and automatically send the infected message to all of the addresses they find. Attackers take advantage of the reality that most users will automatically trust and open any message that comes from someone they know.
• Email programs try to address all users’ needs. Almost any type of file can be attached to an email message, so attackers have more freedom with the types of viruses they can send.
• Email programs offer many “user-friendly” features. Some email programs have the option to automatically download email attachments, which immediately exposes your computer to any viruses within the attachments.

How Do You and Your Employees Avoid Being a Victim?

• Be suspicious of unsolicited phone calls, visits, or email messages from individuals asking about employees or other internal information. If an unknown individual claims to be from a legitimate organization, try to verify his or her identity directly with the company.
• Don’t provide personal information or information about your organization, including its structure or networks, unless you are certain of a person’s authority to have the information.
• Don’t reveal personal or business financial information in an email, and don’t respond to email solicitations for this information. This includes following links sent in an email.
• Don’t send sensitive information over the internet before checking a website’s security.
• Pay attention to the Uniform Resource Locator (URL) of a website. Malicious websites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain (e.g., .com vs. .net).
• If you are unsure whether an email request is legitimate, try to verify it by contacting the company directly. Don’t use the contact information provided on a website connected to the request; instead, check previous statements for contact information.
• Ask us to install and maintain anti-virus software, firewalls, and email filters to reduce some of this traffic.
• Take advantage of any anti-phishing features offered by your email client and web browser.

Get New School Security Awareness Training

You must train your employees to be constantly vigilant to identify attackers’ attempts to deceive them. New-School Security Awareness Training will provide the knowledge they need to defend against these attacks.

What Is New-School Security Awareness Training?

More than ever, your users are the weak link in your IT security. You need highly effective and frequent cybersecurity training, along with random Phishing Security Tests that provide several remedial options in case an employee falls for a simulated phishing attack.

With world-class, user-friendly New-School Security Awareness Training, you’ll have training with self-service enrollment, completion logs, and both pre-and post-training phishing security tests that show you who is or isn’t completing prescribed training. You’ll also know the percentage of your employees who are phish-prone.

And with the end-user training interface, your users get a fresh new learner experience that makes learning fun and engaging. It has optional customization features to enable “gamification” of training, so your employees can compete against their peers on leaderboards and earn badges while learning how to keep your organization safe from cyber attacks.

With New-School Security Awareness Training You’ll…

Have Baseline Testing to assess the phish-prone percentage of your users through a free simulated phishing attack.

Train your users with the world’s largest library of security awareness training content; including interactive modules, videos, games, posters and newsletters, and automated training campaigns with scheduled reminder emails.

Phish your users with best-in-class, fully automated simulated phishing attacks, and thousands of templates with unlimited usage, and community phishing templates.

See the results with enterprise-strength reporting that show stats and graphs for both training and phishing, all ready for your management.

New-School Training…

• Sends Phishing Security Tests to your users and you get your phish-prone percentage.
• Rolls out Training Campaigns for all users with automated follow-up emails to “nudge” incomplete users, as well as point-of-failure training auto-enrollment.
• Uses Advanced Reporting to monitor your users’ training progress, and to watch your phish-prone percentage drop.
• Provides a New Exploit Functionality that allows an internal, fully automated human penetration testing.
• Includes a New USB Drive Test that allows you to test your users’ reactions to unknown USBs they find.

Plus, you can access Training Access Levels: I, II, and III giving you access to an “always-fresh” content library based on your subscription level. You’ll get web-based, on-demand, engaging training that addresses the needs of your organization whether you have 50, 500 or 5,000 users.

Keep your business from being victimized by phishing attacks.

We can tell you more about New School Security Awareness training for your employees.

When a company functions at a high level, productivity and profitability appear seamless. But it’s also incumbent on decision-makers to understand the potential ramifications for business disruption. Without a working knowledge of how a breakdown in one area of an operation impacts the other moving parts, viable solutions remain out of reach. Determined industry leaders take proactive measures to conduct a business impact analysis (BIA), so they are prepared for adversity.

Importance of a BIA

One of the primary reasons that some organizations fail to conduct the initial and subsequent BIAs is that it seems abstract. It’s common for CEOs and other decision-makers to have earned their position through experience and expertise. That offers a sense of confidence they can captain the ship during a crisis. A decade or two ago, that may have been sound thinking. However, today’s technology-driven companies are far removed from nuts and bolts fixes.

Data loss, hackers, malware infiltration, or just lost connectivity between departments can down an outfit’s productivity. Such realities create a burden to have multi-level solutions available that often are outside a CEOs area of expertise. Business leaders are wise to tap department heads to review likely and even unlikely vulnerabilities and develop a contingency plan for as many critical interruptions as imaginable. Consider this pair of foundation ideas in terms of your operation.

• Idea 1: Your company functions like a living organism with each system relying on the others for its health and vitality.
• Idea 2: Certain parts of the whole are more crucial to survival and long-term success. These areas require heightened resources.

With this anatomy analogy in mind, consider your operation with the perspective that specific departments and systems are vital. If the heart, brain, or lungs of your operation shut down, so does the entire company. Stubbing your toe, on the other hand, may only slow things. The point is that certain aspects of any business are critical, while others are support.

Once department heads are tapped to conduct a BIA due diligence and submit a report, leadership is tasked with understanding how all the moving parts work. With this in mind, first-run BIAs generally require interdepartmental meetings or communication to ensure key stakeholders are on the same page.

Motivation for Conducting BIA Due Diligence

Having the support and blessing of the leadership team remains critical to a thorough BIA. When such stakeholders view this as just an additional duty impeding their daily, profit-driving work, potential challenges are unlikely to get the due diligence necessary for improved success when a crisis occurs. Before moving forward, direct communication and articulation of why thoroughness is a priority must be established. Clarifying the following benefits of a BIA early in the process may improve team motivation.

• BIA delivers management with vital data to make real-time decisions to ensure business continuity
• BIA delivers insight about interdepartmental reliance
• BIA provides a playbook for employee roles in critical situations
• Identifies company-wide priorities for sustaining operations during crisis
• Provides a tangible road map to restore full operations

At the end of the day, the BIA removes the fear of the unknown and puts guidance in its place. That offers otherwise panicking employees the confidence their jobs are secure and empowers them to work through adversity.

Working through the Tedious BIA Process

Getting leadership and rank-and-file employees on board to undertake a BIA is not a difficult sell. The bottom line for everyday workers is that it provides a rare level of job security. Infusing that positive attitude will likely go a long way toward working through the sometimes tedious information collection process. For each department or aspect of the company, data collection is necessary.

• Lead function of a process or department
• Detailed analysis of department function and processes
• Disruption analysis and timetable regarding increased impact
• Identify interdepartmental disruption
• Analysis of the financial, legal and regulatory impact of disruption

With a detailed report, departmental leaders garner an enhanced understanding of impacts across the organization. Each department head can identify likely and unlikely disruptions and craft realistic solutions or ways to bridge crisis. This information can be compiled and shared with the goal of building a final report.

Value of a Comprehensive BIA Report

The final report moves beyond the data collection and single department solutions. The concept is to deliver a company-wide plan of action. It generally proves beneficial to make a hardcopy or online report that articulates reasoning, goals, strategies and empowers employees during duress. These are headings often found in a comprehensive BIA report.

• Executive Summary
• Analytic Methods Used
• Potential Department or Function Disruption
• Impact of Disruption
• Protocols to Mitigate Disruption
• Guidance for Organization Restoration

CEOs and other decision-makers generally enjoy enhanced confidence in their leadership abilities following a comprehensive BIA. It’s also imperative to set a schedule for BIA updates and create a policy that requires emerging technologies, business developments, and other evolutions to be included in the report. In many ways, a BIA gives everyone in your organization security.

Today’s digital-savvy educators do more than simply lecture their class. They’re creating interactive quizzes and gathering real-time feedback via an app. They’re assigning projects to students, while students complete and submit their homework digitally. They’re instantly sharing feedback with parents and students — and they’re finding new ways to engage with the world around them through the tool that students are most attuned to: their phones. Here are a few of the top apps for educators that will help keep peace in the classroom, finally memorize the periodic table or safely and securely communicate in groups.

Top Classroom Management Apps for Teachers

Is your classroom out of control, or are you just looking for a simpler way to slog through your daily tasks and assignments? Going digital may be exactly what you need to reduce your frustration — and your work levels — on a daily basis, while giving you more time for meaningful interaction with students.

• TooNoisy is the perfect app for teachers who prefer their classroom a little on the quieter side! This straightforward noise level meter helps determine when the noise level is getting out of control and provides a fun visual interface that children will love. If things really get out of hand, the app also offers an audio feedback option — also known as an alarm — to cut through the racket and get the room back on track.
• ClassDojo is billed as a classroom community that allows teachers to provide real-time feedback to both students and parents through a friendly, interactive interface. Ideal for elementary-aged children and younger, ClassDojo helps reinforce positive classroom behavior in students while providing a secure and private notification and communication platform between parents and educators.
• Google Classroom is the product of collaboration between Google and teachers to create a streamlined, easy-to-use, multi-device tool that allowed educators to manage coursework digitally. The workflow is completely paperless, from the teacher creating the classes and assignments to students completing their courses and submitting final work for a grade.
• Skyward is a grade and contact management app that is utilized by many public school districts to allow students, teachers and parents to have a holistic view of the student’s activities. This includes everything from grades on individual assignments to the ability to update parent contact information or push messages to parents. On the backend, Skyward also includes finance and HR suites that help power schools and municipalities.

Top Apps for Teacher (and Coach!) Communication

Communication between parents, teachers and students is a topic that is challenging on all fronts. Teachers need to limit the access of parents and students, or they will be overwhelmed with communication requests on a variety of different channels. Parents need to be able to relay questions or last-minute information to teachers in a way that can be acknowledged. In a world where after-school tutoring is still present but definitely shrinking, students need to ask questions of teachers in a way that’s secure and doesn’t release the personal contact information of either party. These apps are meant to keep everyone’s communication on track while protecting children and tracking communication.

• The Remind app does exactly that: “reminds” users that there’s a way to stay in touch, engaged and share resources between parents, teachers and young learners. You can quickly create a classroom and assign a unique code, which can then be provided to parents and children so they can download the app and get started. You can schedule messages for later delivery, send visual messages and receive direct feedback and messages securely.
• GroupMe is a great option for any sport or social activity where you need to share information with a group of individuals at once. You can create groups on the fly, sharing images, high-resolution video and provides a free and convenient option for group messaging. What’s better is that users aren’t required to have a chat option installed on their phones to use the app.
• TeamSnap is for all the coaches who would love to get rid of their clipboards, spreadsheets and marked-up calendars. This sports team management and communication app allow you to follow over 100 different sports. With an install base of 15 million users, you can bet that the tool is useful. It also allows a way to communicate with groups and individuals in real time via chat or push messaging.

Top Educational Apps

There are so many opportunities for education in the digital sector. From AI to flashcards, real-time digital quizzes and more — there’s never been a better time to be an educational technologist than today.

• Socrative is a quizzing app that allows you to customize questions to determine if your students are understanding the information that you’re teaching. Teachers can design and release a quiz to her students while getting real-time feedback. Quizzes are even sharable between teachers, allowing you to integrate this type of learning easily into the classroom.
• StudyBlue allows teachers or students to create mobile flashcards, quizzes or study guides — and you can even select a setup that another student or teacher has already created. Flashcards have been an exceptional learning model for many years, but StudyBlue introduces this concept to the digital generation.
• Khan Academy is an always-free model that provides instructional videos, a personalized learning dashboard and practice exercises to individuals wishing to learn hundreds of different topics from art history to computer programming, science and economics.
• Duolingo provides learners of all ages with one-on-one, interactive training in languages that they crave. Based on real-life learning techniques, Duolingo offers students the ability to correct their pronunciation and memorization in many popular languages including Spanish, Japanese, French, German, Dutch and Portuguese. You can even learn Klingon!

Learning doesn’t have to be expensive, and most if not all of these apps are completely free. Teachers will appreciate having world-class tools at their fingertips that will help them speak in the digital language of their student population.

Cyber security is more important than ever before. The news is full of stories of leaks and breaches large and small. Some of these result from sophisticated, targeted hacks, and others occur thanks to enterprising hackers taking advantage of security holes in insecure or out-of-date software.

At the end of the day, though, just about every organization has the same weak link: its employees. The finest security tools are no match for bad (or just naïve) behavior from your employees. With that in mind, today we’ll review 6 strategies and tips crucial to improving your employees’ cyber security behavior.

1. Use Long, Complex Passwords

People tend to be lazy. It’s a part of human nature. If your IT policies allow people to set their passwords to “password” or “12345”, you can be assured some of your employees will do just that. Short, simple, easy-to-guess passwords are a security threat to your business. Not only can passwords like these be easily guessed by a human, they take next to no time to be brute forced by hacking tools.

Encourage (or, better, require) your employees to use long, complex passwords. A phrase that’s memorable to the employee is a good start. Add in some complex characters (symbols, mix of capital and lowercase) to increase the complexity further.

2. Understand That Everyone Can Be Targeted

Don’t think of cyber crimes in the same way people used to think about military conflict: as something that occurs between large entities with high-powered offensive and defensive capabilities. Yes, it’s the Targets and Experians of the world that make the national news when they are breached, but those high-profile cases are the exception, not the rule.

Smaller hackers aren’t going after hard targets, like governments or Wall Street. They’re going after soft targets: small and medium businesses that think they “can’t afford” good cyber security. In other words, they’re going after you.

3. Don’t Go Swimming and You Won’t Get Phished

One of the best tools hackers use is phishing. Phishing starts with your employees receiving a fake email. It could look like a legit business message or like a message from a vendor or service that you’re already using (like Microsoft Office 365). In other cases it looks interesting, tantalizing, or even salacious. These emails will contain a link or an attachment and will encourage users to click the link and log in or to open the attachment.

But the links and attachments aren’t what they appear to be. Once users do those actions, their credentials or devices are compromised.

Our best advice here is don’t go swimming so you won’t get phished. Don’t click on suspicious links, no matter how interesting they look. Don’t open attachments from unfamiliar accounts. If the email looks to be from a legit service (like Office 365), navigate to that service manually instead of by clicking the link. Lastly, if you’re not sure about an email, check with your IT group before continuing.

4. Consider the Security of the Network You’re Using

One of the advantages of cloud services is the ability to access many work systems from anywhere. As more and more firms move to cloud software and cloud services, those firms’ users need to stay up to date on security best practices. Employees dealing with sensitive company information or accessing customer data should only do so on secure networks. Public computers, free Wi-Fi at the corner café, and your cousin’s open Wi-Fi network are all examples of insecure network environments. Save the sensitive stuff for a more secure environment like the office.

5. Be Physically Aware

Many cyber attacks are perpetrated through actual, physical access to systems. Employees can be shockingly careless with company tech. If you walk away from your computer, phone, or tablet — even just for a second — lock the device. This is true even in your own cubicle or office. You never know when a disgruntled coworker might attempt to compromise something while posing as you.

Also, make sure employees understand that devices can be compromised by anything that’s plugged into them. Computers can be compromised by plugging in a flash drive or SD card that’s infected with malware. Be sure you trust the source of any external device that’s coming into your company.

6. Beware Social Engineering

Employees also need to watch out for social engineering schemes. These are similar to phishing schemes, but instead of stealing credentials using a fake form or website, thieves convince employees to hand credentials over outright. Don’t be afraid to hang up on (or stop emailing with) someone claiming to be from an important vendor (we’ll use Microsoft again). If anyone is asking an employee to supply credentials or to take actions on your computer or network, that’s a huge red flag. Legitimate vendor contacts likely wouldn’t need the employee to do this for them. Employees can call back directly using a number they know is legitimate. If the concern is real, the real support team will know about it.

Conclusion

These 6 strategies will help your employees resist cyber intrusions, but there is so much more for your team to know. For more comprehensive help with your cyber security strategy, contact us today.