Category: Uncategorized

Java and JavaScript still the most widely-used languages in business, outpacing C# and Python by a relatively large margin in a recent survey by Cloud Foundry. These flexible, cloud-native languages represent 57-58% of businesses that responded to the study, with Python only being used in about 25% of businesses. Java and JavaScript, along with C++, continued to show market growth through the end of 2018, unlike some other languages whose share continues to decline. With the strong user base and growth for Java, it’s not surprising that Oracle has decided to consolidate several different models into a more streamline licensing agreement. While this has been discussed since mid-2018, as of January 2019 organizations that want to continue receiving support for Java may need to revise their licensing agreement to incorporate the paid model. See how this could impact your continued usage of a programming language that continues to gain importance in the business world.

Building Flexibility Into Business Systems

Being able to reference multiple languages helps businesses retain the flexibility and agility that they need to be relevant in today’s fast-paced business world. With startups claiming niche markets, established businesses and enterprises need access to well-known and widely used languages such as Java and C++. Even though Java has been around since “Green Team” developers at Sun Microsystems released it 1995 after a multi-year marathon of programming, it is still revolutionizing the way we interact with digital devices. As the invisible force behind many of today’s most complex solutions, Java has been building flexibility into business systems since the mid-1990s. Java is a platform independent, meaning it can run a variety of different operating systems which creates a highly extensible base language.

Creating Cloud-Native Practices

Businesses are continually looking for ways to drive innovation as a way to differentiate from their competitors, and cloud-native languages such as Java will help drive these initiatives into the future. Says Cloud Foundry Foundation CTO Chip Childers: “Cloud-native practices enable developers within large companies to pick the language that best supports their functional needs—and our research shows that the most commonly chosen languages for cloud-native application development are Java and JavaScript”. While more than 25 languages were noted by respondent companies, the majority were only used by 1-2% of businesses, unlike Java which was prevalent in close to three-fourths of the organizations. It would not be surprising for there to be consolidation within the various platforms as organizations look to bring consistency to their overall development practices.

Java’s New Licensing Model

While Oracle’s July 2018 announcement caused many organizations to rethink their Java usage, it’s clear that the platform is still required for development. The particular version that was impacted is Java SE (Standard Edition), Java SE Advanced, Java SE Advanced Desktop and Java SE Suite. These licensing options will be consolidated down to two paid models starting in January 2019: Java SE Subscription and Java SE Desktop Subscription. Each version is a monthly subscription that includes public updates for Java SE 8 or later, with terms available from one to three years. This shift will impact all users of commercial-grade Java, although customers of older Java SE models will not be forced to make the switch. While moving to the new model is not mandatory for non-commercial use, business users will require a license according to Oracle’s new licensing policies.

Business users do have a few decisions to make as their model shifts:

• Server-based deployments will use a processor-based metric such as CPUs to calculate license requirements, starting with an Oracle-licensed server and the number of cores and the processor core factor into the calculations
• Desktop deployments use a Named User Plus-based metric to make the calculation of ongoing licensing costs

Businesses who opt out of the paid model, should not expect to receive additional Java SE critical updates after January 1, 2019, a situation which can easily place business operations at increased risk of breach or failure.

Review Use of Java in Your Business

If you have significant usage of Java SE in your business, it’s time to launch a full review to determine whether you need to upgrade or renew licensing agreements with Oracle. Determine whether your business is fully compliant with new Java SE requirements based on your current and estimated future usage on servers or desktops. You could find that it is more cost-effective to make a switch to the new Java SE licensing models based on your current business requirements and maintenance agreement. Reviewing future development needs is also an important part of your analysis. If you plan to reduce overall Java use in the next few years, that could dictate the term of the negotiated agreement. You could also look for ways to incorporate a sliding scale based on estimated future usage.

Even though the language is now more than two decades old, there is no indication that the usage of Java is declining in the near future. As long as this flexible platform provides the link between computers and other digital devices, developers will continue to use and value this agile platform for business development.

Do you still surf the Web with Internet Explorer?  If so, you’re not alone. Even after Microsoft came out with their new Edge browser in 2015, some people are still using Internet Explorer.

The Problem?

Security experts have found serious security flaws in Internet Explorer’s code. This means that if you use it, you’re opening yourself and your business up to hacking and computer viruses.

Another Problem?

Microsoft won’t be fixing this for the foreseeable future.

What Are These Flaws?

The most recent of these was found by an independent researcher named John Page. He published a proof of concept that demonstrates a flaw in the way that Internet Explorer handles MHT files. MHT is a Web page archive file format.

How Do These Flaws In Internet Explorer Create Security Issues?

If you use Windows 7, Windows 10, or Windows Server 2012 and it comes across an MHT file, it will try to open the file using Internet Explorer. This presents an easy opportunity for savvy hackers.  All they have to do is to use an MHT file containing a malicious virus and present it to you via a phishing email or other form of social engineering. Once you take the bait, the malicious virus gets into your computer/server.

Are We Safe If We Use Another Type Of Browser?

Not really. Any Windows-based system is still very much at risk from infected MHT files. This is because Internet Explorer 11 still ships with all Windows-based PCs. This includes computers that use Windows 10.

What Can We Do To Prevent Being Hacked Due To Internet Explorer Flaws?

One good thing is that Internet Explorer isn’t enabled on Windows 10 computers. For it to be enabled, you need to set it up yourself.

For now, this is the simple solution — Just don’t enable Internet Explorer. And to be completely sure, it’s best if you uninstall Internet Explorer from your Control Panel altogether.

John Page reported the issue to Microsoft on March 27, 2019, and received the following reply from them:

“We determined that a fix for this issue will be considered in a future version of this product or service. At this time, we will not be providing ongoing updates of the status of the fix for this issue, and we have closed the case.”

Unfortunately, it looks like, for the foreseeable future, that Microsoft won’t be providing a fix regarding the flaws with Internet Explorer. As we said above, the answer, for now, is for you and your staff to uninstall Internet Explorer from your computers.

For as long as the roles of CMO and CIO have existed, their work has rarely overlapped. CMOs focused on the company’s marketing efforts while CIOs stuck to the technology side of the business. But in today’s digital world, the hard lines that once separated marketing and tech have dissolved. Now, any business that wants to remain competitive must engage in digital transformation—which requires strategic use of information technology incorporating both marketing and IT. That transformation can only be effective if CMOs and CIOs work together.

The Importance of Digital Transformation

According to the Altimeter Group, digital transformation is “The realignment of, or new investment in, technology and business models to more effectively engage digital customers at every touchpoint in the customer experience lifecycle.” The goal of digital transformation should be to better provide value for the client or customer and to improve competitiveness. To achieve these ends, a strategic approach to information technology must be utilized. And for that to happen, CMOs and CIOs must communicate and strive together in seeking the same goal.

The vast majority of businesses were not founded with digital technologies in mind, and even less were created from day one to take advantage of the digital platforms that have emerged in the past decade, much less those that continue to spring up on a seemingly daily basis.

Chances are, as a CMO you have probably already been thinking long and hard about how your marketing efforts can incorporate the vast array of digital technologies available. Just some of the areas where digital transformation could deliver notable improvements include:

• Mobile computing
• Social media
• Big data
• Cloud features
• Data privacy compliance
• BYOD
• Data security
• And more…

Of course, to achieve the kind of transformation that you want and need, certain obstacles must be overcome. You have to determine where you are, where you want to go and how you are going to get there—all of which is best facilitated through the partnership of the CMO and CIO.

Partnership Between Marketing and IT Facilitates Competency

The terrain of digital platforms is difficult to navigate for even the most experienced professionals. To conquer this terrain and make it work for your business, it only makes sense to utilize all the resources at your disposal. Between building, running and managing the digital tools necessary to reach and retain customers, and ensuring that marketing efforts are as well integrated with new technologies as possible, there is simply too much required for one department—marketing or IT—to do alone.

Both CMOs and CIOs face unique challenges from the digital technology field. Some of these include:

Challenges for CMOs

For CMOs, the number of existing and upcoming digital technologies can be overwhelming. There are so many areas that must be considered to achieve competitiveness, including:

• Buying appropriate technology solutions
• Managing the technology stack
• Creating infrastructure for technologies
• Integrating new technologies with existing enterprise solutions

You could be the most effective CMO in the world when it comes to marketing, yet feel completely in the dark when it comes to how to manage the nuts and bolts of new technologies. That is why different departments exist in organizations—because true competency and skill take years to develop, and no one is capable of being an expert in everything.

Challenges for CIOs

The technology your business needs to operate and serve your customer base is the focus of the CIO. However, the marketing end of the equation is rarely an area where the CIO will have much expertise. Some of the things that the CIO may struggle with include:

• Continued awareness of company efforts to reach and retain customers
• Understanding the value proposition presented by the company to the client or customer
• Needed adaptations in marketing messages as new information comes in
• Which technologies are most effective for marketing based on company needs

CIOs have their own challenges to contend with as they strive to keep the ship running and determine what the best technology solutions are among an increasingly vast array of options. If they are not brought into the marketing conversation, there is a real risk that the left hand can become detached from the right—possibly even to the point where the CMO and CIO are working at cross purposes.

The benefits of CMOs and CIOs partnering quickly becomes apparent as your company embraces technology. Marketing has never had so much reach as it has today with digital platforms and real-time data. But utilizing that technology requires expertise that is found in the CIO and the IT team.

CMO and CIO—In it Together for the Long Haul

CMOs and CIOs share the same ultimate goal—the success of the organization for which they work. Success in today’s digital environment means utilizing appropriate technologies to keep the business strong, competitive and attractive to the customer. To obtain success requires a partnership between the CMO and CIO to identify areas for improvement, move forward with effective action that will achieve improvements, and to continue to adapt to the rapid changes that are inherent in today’s business world.

There are certain functions that every business requires — word processing, analysis, presentations and calendaring — and Microsoft Office used to be the default option for businesses of all sizes. Over the past few years, Google’s G Suite has become an increasingly attractive option for small businesses due to the reasonable price point and the cloud-based software that allows you to access your information from nearly any location with internet access. Does Google G Suite have everything that you need for your business, or is there some missing functionality in Microsoft’s productivity suite that you still need?

More Than Just Email

Google’s G Suite email provides you with some extremely helpful: an ad-free version of the user-friendly Gmail interface that can be customized for your business with your domain name and more. When you consider that the email accounts are fully integrated with Google Calendar for scheduling meetings and events, Google Drive for storage and more — it’s easy to see why small to mid-size business owners and even enterprises are adopting Google’s G Suite. The intuitive interface and friendly commands allow employees of all ages and skill levels to quickly become productive, too.

Is Google G Suite Right for My Business?

Microsoft’s suite of office productivity software is top-notch, but many businesses find that it can be overly complex for their needs. G Suite includes the most often-used functions without the convoluted approach that you may find in Microsoft’s flagship cloud-based apps. One thing that continually confounds Microsoft Office users is their email storage within Outlook — it’s simply not clear where your emails are being stored and there is a solid possibility that your storage file can become corrupted. With Gmail, you have virtually unlimited storage space for your emails and no functional limits to rapidly searching years worth of information. However, if you’re using advanced mathematical or analytical capabilities, you may still need to invest in Microsoft Office 365 for your business.

Why Should I Pay for G Suite?

Sure, the base apps in Google’s office productivity suite are free on their own. Does it truly make sense to spring for the paid versions? It depends on the needs of your business, but there are some compelling reasons to obtain the paid version of the apps which are collectively known as G Suite.

• Advanced administrative functions across multiple users, similar to Microsoft’s account-based features
• Private and secure collaboration keeps your digital conversations safe
• Add legitimacy to your business with a customized domain name for your emails
• Converge your cloud-based data and document storage on Google Drive
• Take advantage of the exceptional (and human!) customer support options with G Suite

Is Google G Suite right for your business? If you are looking for a reasonably-priced, robust suite of office productivity software the answer may be “Yes”. If you need to take advantage of advanced mathematical analysis or more complex use-cases, you may want to consider the more traditional option: Microsoft Office 365 for Business.

On Thursday, April 25, 2019, notable news broke that Canada is taking Facebook to court. Daniel Therrien, Canada’s federal privacy commissioner, gave a joint news conference with Michael McEvoy, the information and privacy commissioner for British Columbia. In this announcement, Therrien asserted that the existing accountability requirement enshrined in Canadian law, while meaningful, “is not sufficient to protect Canadians from companies that do not behave responsibly”.

Therrian went on to explain that as Canada continues working to refine its privacy laws, his office is taking Facebook to court based on the company’s response. He’s seeking a court order “to force Facebook to correct its privacy practices”.

How It Got to This Point

If you’re thinking that sounds like an aggressive move, you’re not alone. How did it get to this point? Tensions had been brewing for some time. Therrian’s office came to the conclusion some time back that Facebook failed to protect privacy at the corporate level. The commissioner’s office then launched a thorough investigation into Facebook’s privacy practices. The investigation lasted over a year, and its conclusions included that Facebook had violated Canada’s privacy laws in numerous ways. Much of this relates to a massive user data leak, one where the data was used for political gain through a firm named Cambridge Analytica.

The Data in Question

The privacy commissioner determined that at least 276 Canadians installed an app back in 2013 that violated privacy law, as David Akin reports. The app harvested the users’ data, but it didn’t stop there. It went two steps further, harvesting those users’ friends’ data as well as the data of their friends’ friends. In total, concluded the commissioner, around 650,000 Canadians had their data compromised. This information was stored and eventually shared with UK firm Cambridge Analytica.

Cambridge Analytica has made the news before. It’s the firm that assisted the Donald Trump campaign in targeting voters. There’s nothing wrong with using research to target voters, of course: all serious US presidential candidates follow similar tactics. The problem was with how the data that fed the research was collected. 650,000 Canadians and many more Americans had their data misused.

Facebook Rebuffs the Privacy Commissioner

Under current Canadian law, the privacy commissioner’s only recourse is to recommend that Facebook change its ways. The office made this recommendation, and Facebook said “no”. The company rebuffed the government’s recommendations and made no changes as a result of them.

The problem here is straightforward. Facebook (and other private companies) essentially becomes a self-policing organization. If Facebook determines it has not violated the law, then it can continue to operate no matter what the privacy commissioner concludes.

A Problem with Existing Law

Therrian said that he doesn’t think Canada’s privacy law makes sense. In his view it’s problematic that “a private company, with its private interests, can say to a regulator, ‘Thank you very much for your conclusions on matters of law, but we actually disagree, and we will actually continue as we were.’ It is completely unacceptable”.

Therrian is pushing for the legislature to amend its policies so that the privacy commissioner’s office has order-making power so that its conclusions are binding for private companies. He points to other countries that are rumored to be levying fines against Facebook for its privacy violations. It’s widely reported that the USA may fine Facebook up to $5 billion. Canada has no such ability under current law.

No Real Accountability in Current Law

Companies are accountable for the information they hold on behalf of users, which is an important safeguard. Therrian’s complaint is that current law states that companies are accountable for this without giving the government any mechanism for enforcement. An accountability law that no one can enforce accomplishes nothing.

It’s Up to the New Legislature

Therrian concluded his comments by encouraging the new legislature to undertake updated and enforceable legislation in their new session. He hopes this legislation will continue to hold companies accountable for their handling of data while giving regulators real power to enforce that this is done.

A Response from Facebook

Facebook, for its part, claims to understand that it has an obligation to protect users’ private data. Erin Taylor, communications manager at Facebook, stated that the company was cooperating with the commissioner. In a prepared statement she remarked, “We are disappointed that the [privacy commissioner] considers the issues raised in this report unresolved”.

What Happens Next?

The path forward is not completely clear at this time. Facebook will, for the time being, continue operating unaffected in Canada. The company is not compelled at this point by Canadian law to make any changes, though it has already made numerous changes to its privacy policy as part of the blowback from this scandal.

The results of the coming court case are anyone’s guess at this point. The federal commissioner’s footing is weakened, of course, by his own admission that the law grants him no authority to enforce action against Facebook. Even if no other positive outcome results from the lawsuit, the two privacy commissioners have at least gotten the issue into the public eye.

Then there’s the legislature, which is being pushed to fix this privacy enforcement loophole through new legislation. It’s too early to say how likely this action is, but the publicity of the commissioners’ actions last week may spur legislators to action.

Monitoring employee behavior is nothing new, as supervisors have been stalking their staff for generations. What has changed is the degree to which employee behavior is transparent in the workplace, with sophisticated monitoring solutions in play one could argue that nothing is truly sacred when it comes to being monitored by your business. It is standard practice for all phone conversations to be recorded in a customer service setting, but this is expanding dramatically into detailed tracking of websites that are visited and even emails that are being sent and received. Employees may not often think about the fact that personal emails that are being checked on business-issued phones or laptops are fair game for tracking — but they are. Whether this tracking is meant to identify underperformers or to protect the IP and sensitive data of the organization, there are laws in place to protect both the employer and the employee.

What Are You Trying to Accomplish With Monitoring?

When you are considering monitoring your staff members or contractors, the most important question to ask yourself if what you’re trying to accomplish. Do you have some underperformers, and are trying to gather information about their work habits? Do you suspect corporate espionage? Do you simply want to protect your organization from the productivity drains that occur when staff members spend an inordinate amount of time on social media? Understanding the business driver will help you more fully define the legal reason for gathering this type of information from your employees. You might even have someone who seems to be absent — even though they are technically “at work” every day. Monitoring of their access badge would fall under these same rules for electronic monitoring. As you’re defining your monitoring program, also look at the success metrics. Are you attempting to reduce the time spent on social media? If so, you also need to have in place a way to communicate that employee behavior is outside the expected norms.

Employee Notification of Online Activity Tracking is Crucial

The majority of employees are simply going about their daily work, unconcerned that their employer could be potentially tapping into conversations on email or their phones. These individuals probably have nothing to hide, because they are being good stewards of time and resources and only doing a little light shopping at lunch, for instance. Others might be extremely concerned and secretive about their online behavior, going so far as to surf in incognito mode or clear out browser activities when they close down for the day — never realizing that these steps probably don’t make a bit of difference in whether their employer can still see their activities. If your organization plans to do any kind of monitoring at all, it should be detailed for employees as they are onboarded. A safer practice would include asking employees to sign the most recent version of the policy on an annual basis to indicate that they understand and agree with the monitoring that is being done.

Handling Second-Party Notifications of Recorded Activities

In many states, there are legal standards that require that both parties to a conversation must be notified and agree that the tracking may take place before the activity is deemed legal. There are some workarounds such as a conspicuous posting on your website or an email signature that warns all parties that continuing the conversation with a staff member is considered their agreement to recording the messages. However, this remains a legal challenge in many states. As the government begins to look more deeply at personally identifiable information (PII) and exactly who has access to that data, you might run into additional legal challenges due to the various data breach notification statutes that are currently in place in 48 states.

IoT in the Workforce

Perhaps on of the most controversial conversation around employee monitoring is around connected devices, such as wearables. These items can be capturing data that is extremely personal to the employee, much of which would be considered protected health information (PHI), including things such as heart rate, miles walked, calories consumed and more. Mobile phones that are provided by the company could easily contain apps that would record the information. If you’ve installed keystroke logging on these phones, are you capturing more personal information than you intended?

While you may feel as though you can list the key legal concerns with employee monitoring, the best course of action is to engage an attorney to ensure that you are staying clear of any legal implications of your actions. This is especially true before you take action based on your monitoring findings, such as a formal employee write-up or termination. While triggers can be written to turn monitoring into an effective tool to ward off data loss, there are still plenty of pitfalls to consider before creating a widespread online activity monitoring program.

The red tape that normally surrounds the administration of patients in the healthcare industry is a leading cause of physician burnout, as many data experts have noted. Healthcare providers are responsible for a growing volume of paperwork and other off-patient work, and the trend towards greater bureaucracy seems to be inevitable. By some estimates, one hour of bedside patient care results in two hours of paperwork post-visit for the average physician.

Fortunately, AI-driven resources are finding new avenues for physicians to spend less time in front of mounds of paper. With new technology in tow, there are now new ways to administrate patient encounters. Physicians are able to stay in compliance with watchdogs, take smarter notes on patients and provide better overall care.

AI in the Medical Marketplace

One such technology, Suki, is a voice-enabled digital assistant that is made specifically for professionals in the medical industry. Suki is designed to help doctors with patient documentation, giving them more time to focus on the bedside. The technology has the ability to respond to complex voice commands, using those commands to create notes that are clinically accurate. The program also has the ability to enter those notes directly into an electronic health record (EHR) system.

No voice technology is able to completely replace direct input, but it does reduce the need for it immensely. AI also reduces the instance of human error in the data input stage during medical transcription and dictation. The result is a significant time savings when creating and organizing medical documents.

Where the technology succeeds most is in leveraging AI to “teach” the program the idiosyncrasies of the physician that is using it. Eventually, the Suki that is used by an individual physician will become a digital scribe that is unique to that person, fully capable of note taking with very low input from the physician himself. Suki is based on successful commercial digital assistants like Alexa, but the nod to the medical industry is an essential one. Currently, commercial digital assistants do not have the ability to learn from esoteric medical terms or organize records in a way that is specific to medical watchdog standards.

Other speech recognition systems that are focused on medicine include Sopris Health, Deepgram, Saykara, Dragon Medical Practice Edition and Nuance.

The Link Between AI and EHR

Digital assistants for the medical industry must be specific to the industry for another reason – the mandatory use of the EHR in the industry. HIPAA standards now require EHRs to form a significant part of each provider’s data infrastructure. Any note-taking or administration program that claims to help the medical industry must follow the protocols set forth in HIPAA standards.

The fact that Suki and other AI driven technologies kept these standards in mind allowed them to more easily implement new features that are relevant to physicians. These features include customer-facing options such as imaging and X-ray integration and supply-side improvements like improved end-user response times.

EHR technology gives the physician room to dictate data on a patient while in the room seamlessly, but only with the right process in place. Having a digital assistant that is geared to dictate medical records saves huge amounts of time. Many doctors in the orthopedic and sports medicine industries report that they are saving up to an hour of administration time per patient.

With AI and EHR in tow, doctors have the choice to document the patient during the visit or after. This saves a huge amount of time during the initial visit, a time that is usually spent gathering the entire patient history. Experts believe that doctors will save even more time when patients begin to become aware of these technologies. As patients become more open to their use, more doctors will implement them with greater levels of comfort.

Patients can also take command of the notetaking process when AI and EHR are used correctly. As notes are being taken, some doctors actually encourage patients to chime in if there is a point of clarification or some information that has not been considered.

Patient and Clinician Satisfaction

It is well known that doctors are judged by their bedside manner just as much as their technical skill or knowledge of medicine. One of the major benefits of AI is the ability to reduce physician burnout, a phenomenon that reduces the ability of physicians to present a warm, empathetic bedside manner.

Initial studies on Suki show an average note completion time of 1.5 minutes, down from 4.8 minutes per note without Suki or any other voice assistant tech. This adds up to approximately one hour of time saved per day. More importantly, it increases the time that doctors can spend truly connecting with patients during the encounter.

Future Success

Although the advantages of AI are well documented, its success depends on a number of factors. Experts have stated that vendor support is essential for more widespread adaptation of the technology. There must also be more attention paid to the unique needs of the physician practice.

Whether you are a cybersecurity expert or not, there are some security risks that every business leader needs to be aware of—and UEFI rootkits definitely fall into that category. These nasty computer viruses are uniquely dangerous to your computer systems because they do not get wiped out when you reformat your hard drive or reinstall your operating system. Instead, they stick around in your computer’s flash memory and pop right back up again when you try to start using the machine. It is important that everyone be aware of UEFI rootkits to minimize their spread and limit the damage they can do to your systems.

UEFI Basics

To understand what makes UEFI rootkits so difficult to deal with, you first need to understand the basics of how modern computers are set up. You have probably heard the term BIOS before. The basic input/output system was the firmware used for decades to start your computer up, among other functions. But in recent years BIOS was replaced by Unified Extensible Firmware Interface or UEFI. UEFI is also used to boot up your operating system, among other tasks. Because it needs to be able to start up everything else, UEFI resides in your flash memory—the same place that the UEFI rootkit resides once it infects your computer.

What UEFI Rootkits Do

The genius of the UEFI rootkit is that it is placed in the one area where you are unlikely to get rid of it using normal security measures. It infiltrates your UEFI on your flash memory. The specific location of the virus is ideal to keep it coming back again and again. The antivirus does not find it. Even wiping the hard drive does not touch it. Only a very targeted effort to remove it from your UEFI will eliminate the problem from your machine.

The Challenge of Getting Rid of a UEFI Rootkit

For most computer users, the basics of security begin with running antivirus and antimalware products. But the majority of these products will not even look at your UEFI, which means they are not going to find a UEFI rootkit. The next step, which is typically considered quite drastic, is to wipe your hard drive and reinstall your operating system. Almost every computer virus can be eliminated by taking this step. Once you wipe the hard drive, you wipe out the virus. Yes, you have to go through the inconvenience of reinstalling everything—which can be very inconvenient, depending on what your business computers have installed and the kind of work you are doing. But it is usually a surefire way to eliminate a virus.

What can be so frustrating for businesses is that even taking the drastic measure of wiping and reinstalling does not solve the problem. You can even swap out the hard drive and install a brand new hard drive. When you consider that applying all of these fixes could take days for companies with tens or even hundreds of computers, you can appreciate how maddening it would be to have the problem persist.

What Can Businesses Do to Prevent UEFI Rootkits?

There are a few things that businesses can do to prevent these nasty viruses from showing their ugly heads:

1. Educate those that need to know.

Whatever IT staff you have, even if it is just a computer-savvy employee that keeps things going smoothly, should be educated on UEFI rootkits. When people know about them, it becomes much easier to address the problem. If you have taken the normal steps to eliminate the virus and it keeps popping up, you could have a UEFI rootkit problem on your hands.

2. Consider getting new hardware if you do not have Secure Boot capabilities or something similar.

Secure Boot is a solution used on modern computer systems to prevent unauthorized access to the firmware. It requires that anything attempting to make a change to the computer’s firmware have a security code to make changes. If it does not have the security credentials, no changes can be made. Older machines do not have Secure Boot capabilities.

3. Verify that your Secure Boot configuration is properly set up.

Secure Boot is not a fix all. It does need to be properly configured to work as intended. Make sure that all of your Secure Boot systems are properly configured to prevent anyone from accessing your firmware when they should not.

Evaluating information technology can be a challenging aspect of the CFO role. Your organization is likely inundated with requests for new IT features, and understanding the true value of many of them requires technical knowledge you may not have. The spending possibilities are nearly endless, and many CFOs have reason to be cautious. Perhaps you’ve been burned in the past, too, convinced by your CIO to sign off an expensive software package that failed to deliver.

In this arena, there are competing fears. You want to avoid spending money on IT solutions that don’t ultimately deliver the promised benefit or that cause unneeded disruption. You also can’t afford to reject an IT request that would have given you a competitive advantage (or worse, one that allows your competitor to gain the upper hand).

Evaluating IT is a tricky business. Here’s our CFO’s guide to evaluating information technology.

Communication Is Key

Communication from the CIO or the tech team is one of the big pain points CFOs face. There are a few reasons for this.

Apples and Oranges

The first communication difficulty is one of dialect. It feels like the IT folks are speaking a completely different language than the finance folks. To a certain degree, they probably are. Your IT group is focused on enabling the company to do more through technology and on increasing your business’s capabilities. Your group spends its time considering the financial aspects of the business. There can be inherent tension there.

Unhealthy Shortsightedness

In some businesses, it’s even worse. In unhealthy businesses, the CIO and IT team pursue technology innovations that don’t truly align with the company’s needs. They lobby to purchase software that adds capability you don’t need and solves problems you don’t have. Similarly, the CFO and the finance team in an unhealthy organization can fail to see the value of a spend or defer a purchase long enough that a competitor gains an advantage.

Either side of the equation—IT or finance—can become too narrowly focused on its own objectives. When this happens, the company loses out.

Finding Common Ground

CFOs and CIOs need to find common ground, a shared language that focuses both on the ultimate goal: making the company succeed. Ask bigger questions. Which of the company’s (not the department’s) goals will this IT spend help achieve? Is there a less expensive alternative that will still meet the company’s goals? What metrics will we gain by implementing this solution, and how will those benefit the company? Are there any metrics that can show how the proposed investment will improve a process? If those metrics show that an investment is failing to deliver, can we get out of the contract?

Questions like these are all rooted in a “what’s best for the company” mentality. Find a common language using questions like these, and avoid conversations that only benefit finance or IT.

Establish a Clear Approval Structure

The likelihood of conflict between the CFO and CIO increases greatly in organizations without a clear approval structure. To determine whether that’s your organization, mentally answer the following questions.

• Do you (or your reports) approve every IT spend?
• If not, who else can approve?
• What criteria determine which requests require CFO approval? Dollar amount? Subscription/lease entanglements? What else?
• Is there an established, documented appeal process when you deny an IT spend?

Depending on the size of your organization it may not be sensible for the CFO to approve every spend. Individual projects may have their own needs and budgets. If that’s the case, a clear approval structure is still crucial. Who on the team can make purchasing decisions? What criteria kick the decision up to a higher level?

In the end, to have a clear approval structure your business needs both a clear vision and strong, clear communication between the finance and tech teams and their leaders.

Visualize your Strengths and Vulnerabilities

Another central problem with evaluating information technologies is prioritization. Everyone wants a piece of the budgetary pie, and it’s your job to allocate it. You need a way to determine where your priorities ought to lie. This is challenging in complex organizations due to the number of requests and the varied nature of those requests.

Creating a visualization of your IT strengths and weaknesses can help you plan and prioritize. What can IT presently do for you? What are the known vulnerabilities? What systems or programs are on their way toward obsolescence? What functions or abilities does the organization view as needful but doesn’t have currently? Are there information technology solutions for those functions or abilities?

Mapping out your strengths and weaknesses gives you a clearer picture of which moves are strategic.

Conclusion

That’s it for our quick CFO’s guide on how to evaluate IT spends. If you want to learn more on this topic, or for assistance with a wide range of IT-related questions, contact us today.

For several years now, sporadic attacks that interrupt major networks’ daily programming have been occurring around the world as hackers try to break in and succeed at their digital violence.

In April 2019, the victim was The Weather Channel. The network found itself having to broadcast pre-recorded material while an internal plan to regain channel access was quickly developed and put into place. Because this happened during some peak air morning air time—between 6 A.M. and 7:40 A.M. EDT—a significant number of viewers were affected. Aside from money the network needed to spend on emergency tech measures to get their channel back and rebuild it to a more secure form for the future, this event must have cost them reputation points as it likely didn’t sit well with advertisers.

While the network publicly announced that malware was at play in the attack, there has been speculation about whether this was the result of ransomware. With ransomware, the disruptive effects of malicious software persist until a specified amount of money has been paid. And although the malware attack itself may seem senseless, this stands as a good opportunity for your business to take some precautions to protect itself.

1. Back-up your machines and networks. Having multiple layers of back-ups in place—both locally as well as in the cloud—can help easily restore your systems should a ransomware attack strike. Part of this also includes making sure you set back-ups to happen regularly; this ensures that you have fixed and reasonably recent recovery points to draw upon in the event of an emergency.
2. Break up network access by different machines and user groups. Odds are that very few users if any need to have access to everything in the business; why leave full access open to anyone? They’d be a source of major vulnerability since, should a hacker gain access to their account, everything would be up-for-grabs. Leveraging the limited access of specific user groups or permissions helps contain an attack should one arise, and prevent damage from spreading business-wide. You and anyone on your team might be the exception to this in that you all need total access to be possible somehow. Fortunately, you can always construct a solution, such as several different administrative users with limited permissions, to give you the tools you need for your job while still maintaining high security.
3. Train employees and enforce best practices. Make sure that everyone working at your business understands what steps they can take to protect their computers from hackers as well as how some of the most common types of threats work. Empower your people to set up strong passwords and to know when to trust an attachment or link. Make sure they follow through on some of these precautions by requiring them to take measures such as setting up multi-factor authentication on their accounts. Don’t let weak security be a possibility!
4. Install software to secure your machines and scan for attacks—and make sure you keep it up-to-date. First off, you want to try to make sure your machines and networks are fortified against attacks. Use a well-constructed firewall as a central part of your protection plan. But don’t rely entirely on a strong structure to protect your business, particularly given how rapidly tech evolves. Make sure you have systems in place that anticipate vulnerabilities and keep an eye out for attacks. Some businesses even opt for honeypots, which are like dummy vulnerabilities to bait potential attackers and keep a digital weathervane in place to tell if hackers are likely to try something. Regularly update these scanning tools to ensure they are up-to-speed with the latest hacker trends and potential aggressors.

Malware attacks cost businesses large amounts of money, accounting for as much as about one-third of global cyber attack costs in recent years. In fact, cybercrime in the United States is estimated to cost enterprise companies an average of $27.4 million per year, a number that is only continuing to climb over time. If you’ve been fortunate enough to not experience any recent spikes in malware attack attempts, don’t let that lull your business into a false sense of security. After all, 85% of companies polled had experienced a social engineering or phishing attack in the past year, while 75% had at least one web-based attack. Regardless of your company’s size, remaining vigilant for possible threats and attacks is important to ensure that daily business operations can continue to flow as usual, uninterrupted and uncompromised.