Category: Uncategorized

The red tape that normally surrounds the administration of patients in the healthcare industry is a leading cause of physician burnout, as many data experts have noted. Healthcare providers are responsible for a growing volume of paperwork and other off-patient work, and the trend towards greater bureaucracy seems to be inevitable. By some estimates, one hour of bedside patient care results in two hours of paperwork post-visit for the average physician.

Fortunately, AI-driven resources are finding new avenues for physicians to spend less time in front of mounds of paper. With new technology in tow, there are now new ways to administrate patient encounters. Physicians are able to stay in compliance with watchdogs, take smarter notes on patients and provide better overall care.

AI in the Medical Marketplace

One such technology, Suki, is a voice-enabled digital assistant that is made specifically for professionals in the medical industry. Suki is designed to help doctors with patient documentation, giving them more time to focus on the bedside. The technology has the ability to respond to complex voice commands, using those commands to create notes that are clinically accurate. The program also has the ability to enter those notes directly into an electronic health record (EHR) system.

No voice technology is able to completely replace direct input, but it does reduce the need for it immensely. AI also reduces the instance of human error in the data input stage during medical transcription and dictation. The result is a significant time savings when creating and organizing medical documents.

Where the technology succeeds most is in leveraging AI to “teach” the program the idiosyncrasies of the physician that is using it. Eventually, the Suki that is used by an individual physician will become a digital scribe that is unique to that person, fully capable of note taking with very low input from the physician himself. Suki is based on successful commercial digital assistants like Alexa, but the nod to the medical industry is an essential one. Currently, commercial digital assistants do not have the ability to learn from esoteric medical terms or organize records in a way that is specific to medical watchdog standards.

Other speech recognition systems that are focused on medicine include Sopris Health, Deepgram, Saykara, Dragon Medical Practice Edition and Nuance.

The Link Between AI and EHR

Digital assistants for the medical industry must be specific to the industry for another reason – the mandatory use of the EHR in the industry. HIPAA standards now require EHRs to form a significant part of each provider’s data infrastructure. Any note-taking or administration program that claims to help the medical industry must follow the protocols set forth in HIPAA standards.

The fact that Suki and other AI driven technologies kept these standards in mind allowed them to more easily implement new features that are relevant to physicians. These features include customer-facing options such as imaging and X-ray integration and supply-side improvements like improved end-user response times.

EHR technology gives the physician room to dictate data on a patient while in the room seamlessly, but only with the right process in place. Having a digital assistant that is geared to dictate medical records saves huge amounts of time. Many doctors in the orthopedic and sports medicine industries report that they are saving up to an hour of administration time per patient.

With AI and EHR in tow, doctors have the choice to document the patient during the visit or after. This saves a huge amount of time during the initial visit, a time that is usually spent gathering the entire patient history. Experts believe that doctors will save even more time when patients begin to become aware of these technologies. As patients become more open to their use, more doctors will implement them with greater levels of comfort.

Patients can also take command of the notetaking process when AI and EHR are used correctly. As notes are being taken, some doctors actually encourage patients to chime in if there is a point of clarification or some information that has not been considered.

Patient and Clinician Satisfaction

It is well known that doctors are judged by their bedside manner just as much as their technical skill or knowledge of medicine. One of the major benefits of AI is the ability to reduce physician burnout, a phenomenon that reduces the ability of physicians to present a warm, empathetic bedside manner.

Initial studies on Suki show an average note completion time of 1.5 minutes, down from 4.8 minutes per note without Suki or any other voice assistant tech. This adds up to approximately one hour of time saved per day. More importantly, it increases the time that doctors can spend truly connecting with patients during the encounter.

Future Success

Although the advantages of AI are well documented, its success depends on a number of factors. Experts have stated that vendor support is essential for more widespread adaptation of the technology. There must also be more attention paid to the unique needs of the physician practice.

Whether you are a cybersecurity expert or not, there are some security risks that every business leader needs to be aware of—and UEFI rootkits definitely fall into that category. These nasty computer viruses are uniquely dangerous to your computer systems because they do not get wiped out when you reformat your hard drive or reinstall your operating system. Instead, they stick around in your computer’s flash memory and pop right back up again when you try to start using the machine. It is important that everyone be aware of UEFI rootkits to minimize their spread and limit the damage they can do to your systems.

UEFI Basics

To understand what makes UEFI rootkits so difficult to deal with, you first need to understand the basics of how modern computers are set up. You have probably heard the term BIOS before. The basic input/output system was the firmware used for decades to start your computer up, among other functions. But in recent years BIOS was replaced by Unified Extensible Firmware Interface or UEFI. UEFI is also used to boot up your operating system, among other tasks. Because it needs to be able to start up everything else, UEFI resides in your flash memory—the same place that the UEFI rootkit resides once it infects your computer.

What UEFI Rootkits Do

The genius of the UEFI rootkit is that it is placed in the one area where you are unlikely to get rid of it using normal security measures. It infiltrates your UEFI on your flash memory. The specific location of the virus is ideal to keep it coming back again and again. The antivirus does not find it. Even wiping the hard drive does not touch it. Only a very targeted effort to remove it from your UEFI will eliminate the problem from your machine.

The Challenge of Getting Rid of a UEFI Rootkit

For most computer users, the basics of security begin with running antivirus and antimalware products. But the majority of these products will not even look at your UEFI, which means they are not going to find a UEFI rootkit. The next step, which is typically considered quite drastic, is to wipe your hard drive and reinstall your operating system. Almost every computer virus can be eliminated by taking this step. Once you wipe the hard drive, you wipe out the virus. Yes, you have to go through the inconvenience of reinstalling everything—which can be very inconvenient, depending on what your business computers have installed and the kind of work you are doing. But it is usually a surefire way to eliminate a virus.

What can be so frustrating for businesses is that even taking the drastic measure of wiping and reinstalling does not solve the problem. You can even swap out the hard drive and install a brand new hard drive. When you consider that applying all of these fixes could take days for companies with tens or even hundreds of computers, you can appreciate how maddening it would be to have the problem persist.

What Can Businesses Do to Prevent UEFI Rootkits?

There are a few things that businesses can do to prevent these nasty viruses from showing their ugly heads:

1. Educate those that need to know.

Whatever IT staff you have, even if it is just a computer-savvy employee that keeps things going smoothly, should be educated on UEFI rootkits. When people know about them, it becomes much easier to address the problem. If you have taken the normal steps to eliminate the virus and it keeps popping up, you could have a UEFI rootkit problem on your hands.

2. Consider getting new hardware if you do not have Secure Boot capabilities or something similar.

Secure Boot is a solution used on modern computer systems to prevent unauthorized access to the firmware. It requires that anything attempting to make a change to the computer’s firmware have a security code to make changes. If it does not have the security credentials, no changes can be made. Older machines do not have Secure Boot capabilities.

3. Verify that your Secure Boot configuration is properly set up.

Secure Boot is not a fix all. It does need to be properly configured to work as intended. Make sure that all of your Secure Boot systems are properly configured to prevent anyone from accessing your firmware when they should not.

Evaluating information technology can be a challenging aspect of the CFO role. Your organization is likely inundated with requests for new IT features, and understanding the true value of many of them requires technical knowledge you may not have. The spending possibilities are nearly endless, and many CFOs have reason to be cautious. Perhaps you’ve been burned in the past, too, convinced by your CIO to sign off an expensive software package that failed to deliver.

In this arena, there are competing fears. You want to avoid spending money on IT solutions that don’t ultimately deliver the promised benefit or that cause unneeded disruption. You also can’t afford to reject an IT request that would have given you a competitive advantage (or worse, one that allows your competitor to gain the upper hand).

Evaluating IT is a tricky business. Here’s our CFO’s guide to evaluating information technology.

Communication Is Key

Communication from the CIO or the tech team is one of the big pain points CFOs face. There are a few reasons for this.

Apples and Oranges

The first communication difficulty is one of dialect. It feels like the IT folks are speaking a completely different language than the finance folks. To a certain degree, they probably are. Your IT group is focused on enabling the company to do more through technology and on increasing your business’s capabilities. Your group spends its time considering the financial aspects of the business. There can be inherent tension there.

Unhealthy Shortsightedness

In some businesses, it’s even worse. In unhealthy businesses, the CIO and IT team pursue technology innovations that don’t truly align with the company’s needs. They lobby to purchase software that adds capability you don’t need and solves problems you don’t have. Similarly, the CFO and the finance team in an unhealthy organization can fail to see the value of a spend or defer a purchase long enough that a competitor gains an advantage.

Either side of the equation—IT or finance—can become too narrowly focused on its own objectives. When this happens, the company loses out.

Finding Common Ground

CFOs and CIOs need to find common ground, a shared language that focuses both on the ultimate goal: making the company succeed. Ask bigger questions. Which of the company’s (not the department’s) goals will this IT spend help achieve? Is there a less expensive alternative that will still meet the company’s goals? What metrics will we gain by implementing this solution, and how will those benefit the company? Are there any metrics that can show how the proposed investment will improve a process? If those metrics show that an investment is failing to deliver, can we get out of the contract?

Questions like these are all rooted in a “what’s best for the company” mentality. Find a common language using questions like these, and avoid conversations that only benefit finance or IT.

Establish a Clear Approval Structure

The likelihood of conflict between the CFO and CIO increases greatly in organizations without a clear approval structure. To determine whether that’s your organization, mentally answer the following questions.

• Do you (or your reports) approve every IT spend?
• If not, who else can approve?
• What criteria determine which requests require CFO approval? Dollar amount? Subscription/lease entanglements? What else?
• Is there an established, documented appeal process when you deny an IT spend?

Depending on the size of your organization it may not be sensible for the CFO to approve every spend. Individual projects may have their own needs and budgets. If that’s the case, a clear approval structure is still crucial. Who on the team can make purchasing decisions? What criteria kick the decision up to a higher level?

In the end, to have a clear approval structure your business needs both a clear vision and strong, clear communication between the finance and tech teams and their leaders.

Visualize your Strengths and Vulnerabilities

Another central problem with evaluating information technologies is prioritization. Everyone wants a piece of the budgetary pie, and it’s your job to allocate it. You need a way to determine where your priorities ought to lie. This is challenging in complex organizations due to the number of requests and the varied nature of those requests.

Creating a visualization of your IT strengths and weaknesses can help you plan and prioritize. What can IT presently do for you? What are the known vulnerabilities? What systems or programs are on their way toward obsolescence? What functions or abilities does the organization view as needful but doesn’t have currently? Are there information technology solutions for those functions or abilities?

Mapping out your strengths and weaknesses gives you a clearer picture of which moves are strategic.

Conclusion

That’s it for our quick CFO’s guide on how to evaluate IT spends. If you want to learn more on this topic, or for assistance with a wide range of IT-related questions, contact us today.

For several years now, sporadic attacks that interrupt major networks’ daily programming have been occurring around the world as hackers try to break in and succeed at their digital violence.

In April 2019, the victim was The Weather Channel. The network found itself having to broadcast pre-recorded material while an internal plan to regain channel access was quickly developed and put into place. Because this happened during some peak air morning air time—between 6 A.M. and 7:40 A.M. EDT—a significant number of viewers were affected. Aside from money the network needed to spend on emergency tech measures to get their channel back and rebuild it to a more secure form for the future, this event must have cost them reputation points as it likely didn’t sit well with advertisers.

While the network publicly announced that malware was at play in the attack, there has been speculation about whether this was the result of ransomware. With ransomware, the disruptive effects of malicious software persist until a specified amount of money has been paid. And although the malware attack itself may seem senseless, this stands as a good opportunity for your business to take some precautions to protect itself.

1. Back-up your machines and networks. Having multiple layers of back-ups in place—both locally as well as in the cloud—can help easily restore your systems should a ransomware attack strike. Part of this also includes making sure you set back-ups to happen regularly; this ensures that you have fixed and reasonably recent recovery points to draw upon in the event of an emergency.
2. Break up network access by different machines and user groups. Odds are that very few users if any need to have access to everything in the business; why leave full access open to anyone? They’d be a source of major vulnerability since, should a hacker gain access to their account, everything would be up-for-grabs. Leveraging the limited access of specific user groups or permissions helps contain an attack should one arise, and prevent damage from spreading business-wide. You and anyone on your team might be the exception to this in that you all need total access to be possible somehow. Fortunately, you can always construct a solution, such as several different administrative users with limited permissions, to give you the tools you need for your job while still maintaining high security.
3. Train employees and enforce best practices. Make sure that everyone working at your business understands what steps they can take to protect their computers from hackers as well as how some of the most common types of threats work. Empower your people to set up strong passwords and to know when to trust an attachment or link. Make sure they follow through on some of these precautions by requiring them to take measures such as setting up multi-factor authentication on their accounts. Don’t let weak security be a possibility!
4. Install software to secure your machines and scan for attacks—and make sure you keep it up-to-date. First off, you want to try to make sure your machines and networks are fortified against attacks. Use a well-constructed firewall as a central part of your protection plan. But don’t rely entirely on a strong structure to protect your business, particularly given how rapidly tech evolves. Make sure you have systems in place that anticipate vulnerabilities and keep an eye out for attacks. Some businesses even opt for honeypots, which are like dummy vulnerabilities to bait potential attackers and keep a digital weathervane in place to tell if hackers are likely to try something. Regularly update these scanning tools to ensure they are up-to-speed with the latest hacker trends and potential aggressors.

Malware attacks cost businesses large amounts of money, accounting for as much as about one-third of global cyber attack costs in recent years. In fact, cybercrime in the United States is estimated to cost enterprise companies an average of $27.4 million per year, a number that is only continuing to climb over time. If you’ve been fortunate enough to not experience any recent spikes in malware attack attempts, don’t let that lull your business into a false sense of security. After all, 85% of companies polled had experienced a social engineering or phishing attack in the past year, while 75% had at least one web-based attack. Regardless of your company’s size, remaining vigilant for possible threats and attacks is important to ensure that daily business operations can continue to flow as usual, uninterrupted and uncompromised.

As your business operations evolve and expand, you’ll likely reach a critical point in your company’s growth where the tasks required will outnumber the staff you have available. Deciding to outsource work might be a difficult decision, partly because of budgeting and partly because onboarding new parties to your business’ processes is daunting—especially if you’re already stretched too thin. But as CEOs recently interviewed by McKinsey pointed out, “If you don’t [prioritize], you’ll sit in your office all day, read lots of reports, and end up being completely confused.”

In such situations, many CEOs choose to work with a managed service provider (MSP). Particularly for IT services, a managed provider can be a highly sensible solution.

What is a managed service provider?

A managed service provider, or MSP, is a company that remotely handles a specific set of processes for another company. At the center of this working relationship is the contract set between the two companies, which tends to be very strictly enforced to map out exactly what services the MSP will provide.

Why should my business hire a managed service provider?

Hiring an MSP translates into having a specialized agency handling your networks and users, in a way that not only aligns with your company’s processes but also optimizes security, efficiency, and industry best practices. As part of this, there are four key benefits to hiring an MSP as opposed to hiring employees to manage these tasks:

• A managed service provider can do a better quality job. An MSP is dedicated to handling the processes it offers. It carries out its specialized offerings repeatedly and consistently for its clients. Its people are well-trained, highly skilled, and experienced at delivering the specific services outlined in its contracts because those tasks are at the core of its operation. An MSP has to invest in the best tools and processes in order to remain competitive, and so it is intrinsically driven to streamline its efforts in order to protect its bottom line. With such a strong focus and so many reasons to push for excellence, an MSP can sustainably deliver its services, stay on top of industry trends, and build sharp solutions that anticipate any potential issues and get ahead of them, all as part of its ongoing services—without requiring any additional input or cost from you.
• A managed service provider guarantees their work. If an employee’s work is inadequate—so, for example, if your IT person fails to deliver a secure solution and your network is compromised—your main form of recourse is to fire them. That doesn’t bring you closer to completing the work you need, and it doesn’t account for any of the resources you lost as a result; any next steps you take will involve spending more in order to address the problem, and then to prevent it from reoccurring in the future. Given IT’s security implications, it’s also critical that whoever is handling it for you minimizes risks and addresses vulnerabilities long before anything can go wrong. As CEO of McAfee Chris Young reminds us: “… From the earliest stages of product design, to selecting vendor partners to writing job descriptions — security needs to be top of mind for every critical decision, every new process, every rule.”In some industries such as health, legal, and finance, there are additional considerations such as confidentiality and government regulations for which your business is ultimately liable. Not only are managed service providers up-to-date on emerging threats and the latest regulation, but they guarantee their services. This delivers higher quality results to you and also protects your investment—and your business—when purchasing their services.
• A managed service provide can save your business money. The typical MSP pricing structure involves an upfront fee and then an ongoing monthly retainer for recurring tasks. Here’s what you don’t have to pay for: recruiting and onboarding costs to hire dedicated personnel; technology and tools for these new employees; training and continuing education to make sure they stay up-to-date on industry developments; overtime costs that result from these employees having to juggle their regular duties with troubleshooting; and more. It’s not just money that you’re saving. Your team already doesn’t have the time to address the concerns for which you’re trying to hire or outsource; don’t replace one problem (managing IT) with another (managing those who manage your IT).
• A managed service provider is always there. What happens if the employee you hired calls in sick, or if your internal IT team finds itself short-staffed for any measure of time? Something will have to get dropped as your people scramble to fill the gaps and keep critical processes going. Contrast this situation with having an MSP, which is built to accommodate fluctuations of internal team availability. The staffing at MSPs is built to overlap capabilities, and both internal documentation and communications protocols are constructed for maximum flexibility and accountability. This keeps your IT processes flowing, uninterrupted.

This is a high-level survey of ways in which MSPs commonly help businesses. Your specific industry, niche, and offering will likely benefit in additional ways that are not addressed here, and that are also affected by the specific options you choose from your MSP.

The Power to Conference & Collaborate Better Can Be Yours

Microsoft has just announced the June 2019 release of its Surface Hub 2, a tool for conferencing and collaboration among teams. This is the Surface Hub’s successor, and it boasts improvements to the responsiveness of its active touch screens, snazzy 4K displays for crystal clear display capabilities, a battery pack option for smoother conference mobility, and streamlined integration with both Teams and Office.

Do you need to spring for this device? What considerations do you need to keep in mind as you build out your business’ conferencing capabilities? What tools do your employees need to do their jobs well, and what features are your clients going to respond to the most favorably?

1. What sorts of collaborative needs do your teams have? Depending on the type of work being performed, this can range. Perhaps you need to have streaming media transmitted smoothly, or the ability for multiple parties to directly mark-up input on a particular object. Maybe you need this primarily for sales, and so crisp screenshares and crystal-clear camera video and audio are vital for customer conversion. Gaining clarity on these values upfront will allow you to make the right decision regarding which tool to purchase.
2. How well does the conferencing tool integrate with your existing computer and security infrastructure? One key aspect of this is to make sure that both your firewall as well as your primary operating system are compatible with your conferencing solution. Failure to research this in advance most commonly results in being unable to use many of the advanced features of the purchased solution.
3. How much support do you anticipate needing for your team? Errors and glitches will always arise in software and hardware alike. Your employees need to be well-supported in resolving any issues that come up. Do you have a dedicated internal IT team that can assist with this, or do you need to have support on-hand from the solution’s manufacturer? If you have global teams using this platform, consider factoring in the availability of support for them—in their languages and/or time zones—as well.
4. Do you need to purchase additional hardware, or can a software solution suffice? Particularly if your employees are using laptops to get their work done, they likely already have cameras built-in to what they use. Combined with network connectivity, they have the raw potential to conference already. All that is needed is to select a video conferencing platform. Larger teams utilizing conference rooms and more elaborate computing set-ups may benefit from outfitting their spaces with new conferencing hardware.
5. What specific features do you need from your conferencing platform? Consider the size of the meetings your business usually holds and how many seats you need to have available when people convene. Do you need to be able to record these meetings? What sort of invite and even follow-up capabilities do you want? What integrations do you need—for example, do you need to be able to use Salesforce to account for contacts, or integrate with Office?

Although Microsoft is a leader in computing solutions, they are not the only players available on the market offering up collaborative conferencing tools. Careful consideration of your business’ needs combined with research into the different hardware and software options that are available are critical steps toward making sure you get the most out of whatever platform you choose.

Cybercriminals have started 2019 off by stealing more than 1.7 billion records. They look for data that is profitable in some way, whether they sell it directly or use it as part of another attack. A successful intrusion attempt comes from various factors, such as an employee downloading a malicious file or the business failing to follow IT security best practices. Here are 10 ways that hackers find a way to get into business networks

Tricking Employees into Opening Malicious Files

Phishing accounts for 91 percent of successful network intrusions. Employees see an email that looks authentic. The hacker makes it appear like it comes from someone in leadership, an external partner or another significant entity in the organization. The email has a file attached or a link included in the body of the email. If the employee opens the file, it loads malware onto that system or directly to the network. The phishing emails with links work by taking the user to a fake login page or another screen that requests username and password information. The hacker uses this to get into sensitive systems. The URL could also lead directly to malware.

Visiting Unsafe Websites

You can block suspicious websites and downloads for equipment that connects through your business network, but if someone uses a personal device, they don’t have the same level of protection. The next time they get on the network with the compromised device, the malware has a way to get on your systems and spread throughout your organization.

Lack of Control Over Personal Devices

If your company doesn’t have “Bring Your Own Device” policies in place, then you could end up with unapproved personal devices using your resources. IT doesn’t have any oversight on these unauthorized devices, so they represent a significant threat.

Lack of Cyber Security Awareness

IT security measures can only accomplish so much. Cybercriminals know that organizations have people of varying technical proficiencies. When an end user doesn’t have sufficient cybersecurity awareness, they fall victim to phishing and other attacks. Employees need to understand the steps they can take to protect against hackers, and get the training to learn about IT security best practices.

Poor Password Management

Employees may have weak passwords for their work accounts. In some cases, they may opt for no passwords. Data breaches at other companies could expose common username and password combinations that end up being in place at your business. Password cracking software makes figuring out this information trivial.

Insufficient Backups

Data backups are critical to helping your business recover from a cyber attack or another disaster. If the backup solution doesn’t work correctly or it fails at creating a complete backup, you could face losing months or years of work. The financial loss would be enormous and puts you in a situation that’s difficult to recover from.

Failure to Proactively Monitor and Maintain Infrastructure

Hackers look for vulnerabilities in your network that would allow them to launch a successful attack. If you don’t have IT security professionals monitoring your infrastructure and keeping hardware and software up to date, then you’re creating an environment that’s ripe for a data breach.

Lack of Cyber Security Measures

A failure to follow IT security best practices can lead to a workplace that doesn’t have enough cybersecurity measures in place. Some companies may be misinformed that all they need is perimeter defense to keep hackers out. You may be vulnerable to an intentional or unintentional breach by an internal actor, or be unable to defend against a sophisticated attack.

Unprotected Wireless Networks

Public wireless networks may be convenient for employees, but anyone within range can connect to them. A hacker can intercept the data traveling on the public Wi-Fi and use that information to get into company resources.

Sophisticated Social Engineering Efforts

Some hackers have attacks that involve a lot of social engineering. They may be trying to get into the financial accounts of upper management or accounting, or they could want to access trade secrets and insider information. They act like they’re an authorized person with a legitimate need to have the data or access that they’re requesting. Cybercriminals can be very convincing, especially when they have well-funded operations. If your company has a lot of turnover, or departments that don’t interact with each other, it’s difficult for employees to keep track of who actually works there.

Lack of Physical Access Control

One area that gets overlooked in a cybersecurity strategy is physical access control to data centers and other rooms that contain servers with sensitive data. A hacker could download that data directly from your systems or take the opportunity to load malware onto your infrastructure. If employees write down their account information and post it on their workstations, the hacker could save this information for later use.

Hackers have many ways to break into your business infrastructure and compromise your systems. Intrusions can lead to long-term consequences, such as major financial losses and damage to your reputation. Protecting against these common attack methods puts your company in a better position to limit your cybersecurity risk.

Microsoft began notifying Outlook.com users of a 2019 security breach that occurred between January 1st and March 28th. Hackers were unintentionally given unauthorized access to some accounts, where they were then able to view subject lines, email addresses, and folder names. While no login details—including passwords—were directly accessed as part of this breach, Microsoft did warn users to reset their passwords.

Although the hackers could not view the actual content in the bodies of emails nor download attachments, this incident still represents a major—and disturbing—security incident. This breach serves as a reminder to every business to tighten up its security measures and protect its assets.

Use multi-factor authentication.

Do not leave this as an optional measure for your employees; require it. Multi-factor authentication uses more than one form of identity confirmation—this is the “multi-factor”—to prove the identity of the person attempting to access a particular platform—this is the “authentication.”

Depending on where in the product the Microsoft breach happened, multi-factor authentication could even have possibly prevented or limited the breach. In general, this authentication process adds a strong layer of security. Hackers don’t usually have both the password and the PIN, secret questions, or other ability to verify their identity.

When vetting which type of authentication to implement—if you have this option—consider using the one that is easiest for employees to have on hand, but hardest for others to get a hold of. Trying to make this relatively convenient for your employees will make it easier for them to comply, which will keep your business more secure. Multi-factor authentication is a measure that should go hand-in-hand with training your employees to use strong passwords.

Account for all devices—including mobile—in your security processes.

Very few companies still limit employee access to business assets strictly to desktops at work. There is a growing trend of employees being able to work remotely, even if it is not full-time. A recent study showed that as many as 70% of employees work remotely at least once a week. Whether working from home, a rented office space, or on-the-road, they are using their devices to log in from a distance, well beyond the secured confines of your office. This figure was accounting for full-time employees; contractors only increase the number of remote workers further.

The security processes implemented at your company needs to account for how all of your employees are accessing company resources. Email access on mobile devices is one of the most common ways in which employees take their work on-the-go, and so it’s a strong starting point for building out these protocols. Because confidential company information is being accessed on these devices via networks over which companies have no control, it is critical that both the email servers as well as the devices being used have robust security systems in place.

While new improvements continue to roll out to tackle these issues, solutions that work across all devices are the norm. Security software, as well as encryption tools, can help protect data regardless of the device, particularly when combined with encouraging employees to log-in via secure VPN networks. Cloud options for data storage are offered by providers with a menu of security options; it’s worth walking through your needs and investing in top-quality solutions.

Document your security processes.

With all of the work that goes into developing security processes, even more needs to be carried out to maintain their implementation and ensure that they remain up-to-date with new tech trends and emerging risks.

This is a vast and complex undertaking. All existing assets must be brought onto any updated infrastructure. Employees must be set-up for and onboarded to the security procedures, and checkpoints must be established so that their compliance may be monitored. Systems must be monitored for any breaches, as well as smoothly updated across all users and data to accommodate any new vulnerabilities that arose since the previous update. Different components, whether hardware (including different devices, such as mobile) or software, may experience issues with any updates. New members of the internal information technology must be introduced to the systems while existing members must stay abreast of any new developments; even team members working simultaneously on the same project must address potential communications issues.

Thorough documentation of processes helps achieve this by providing an objective record of the systems in place. This can be used for onboarding; for internal audits; for evaluating alternatives or potential improvements; and even for reviewing the source of vulnerabilities and providing accountability should an issue arise. This sort of record-keeping is an essential component of transparency in company policy and helps enforce quality control on internal processes. Of course, it must also be protected with the highest measure of security since it arguably contains “the keys to the castle.” Decentralizing its storage and scattering protected, encrypted components of it across multiple storage solutions can help protect company assets from the sort of large-scale breach that could otherwise bring your data assets to their knees.

And so, the large-scale Microsoft breach serves as a reminder that active vigilance must always be maintained over internet security, without relying entirely on one single individual, provider, or service. No single entity can be trusted to be entirely safe when major players like Microsoft are clearly vulnerable, despite the teams of brilliant engineers hired to implement safeguards and the millions of dollars invested in diverse preventive measures. Every business needs to be proactive in protecting itself through rigorous internal standards, ranging from staff training through the implementation of mandatory security precautions, to minimize the risk of vulnerabilities being exposed and exploited. Factoring in every employees’ data paths and employing multiple layers of overlapping security efforts at every step of the way—and documenting these processes for easy internal accountability and refinement—are critical for business informational security in this highly connected digital age.

As the digital community continues to expand to include more individuals and more devices, enforcing cybersecurity becomes more complicated. The number of opportunities and vulnerabilities for hackers to leverage is continuously growing; it is imperative for businesses to take proactive measures to protect themselves. With new terms and acronyms constantly emerging to refer to these issues, it’s helpful to make sure you and your team are on the same page with the vocabulary you use.

We’ve compiled a list of some of the most common words and phrases surrounding cybersecurity issues.

• Access control – This is the sequence of steps by which requests to retrieve information are approved or denied. The phrase actually originates from the terminology used to refer to gaining entry to physical facilities.
• Active content – This is the dynamic media — including JavaScript, polls, and animations — that runs on a site. In users with low-security settings enabled, this media automatically runs, opening the door for scripts and software to carry out other functions behind-the-scenes and unbeknownst to the user.
• Adware – You see this pop up when you get unwanted advertisements appearing on your screen when you visit certain sites. Adware is highly problematic because it can not only disguise itself as a legitimate site and trick you into clicking buttons that actually trigger the download of software that can track you to collect data on your activities, but it can also add harmful software to your device.
• Authentication – This refers to the sequence of steps by which the identity of a user or device is verified. Single passwords are the simplest form of authentication. Current best practices are for multi-factor authentication, where multiple different checks are used to verify identity since hackers are less likely to be able to provide various forms of verification.
• Blacklist – Any collection of users, devices, or other entities that are not permitted access privileges.
• Bot – An individual device that has been fed programming to act maliciously under the remote control of another administrator.
• Bug – A functional glitch or imperfection present in a device or piece of code.
• Certificate – This is virtual confirmation of the identity of a specific entity. This is usually issued by a Certificate Authority (CA) and is something that can be verified. When you visit a secure site, for example, your computer checks the site’s security certificates and in this way determines that the site is secure.
• Data breach – Any event where information is shared with an untrustworthy party or opened up to an unsecured environment.
• Data mining – The analysis of large data sets to identify previously unknown patterns or relationships. Often used towards positive ends, such as in medicine to discover health trends in populations or in academia to characterize social patterns, data mining can also be employed for malicious purposes by hackers.
• Distributed Denial of Service (DDOS) – This is a form of attack that targets a specific server or network of servers, causing a massive, sudden surge in traffic with the intent of shutting down the servers. One of the most common ways for this to take place is for a hacker to use malware to gain access to several machines connected on the same network; these can then be controlled by the hacker or directs them to flood the network servers.
• Encryption – This is a process of data conversion that transforms it using a secret code into a sequence that requires deciphering to be able to use; only authorized entities have the means to decode this sequence and access the data contained within.
• Firewall – This can be constructed using software and/or hardware, but at its core, it sets a specific set of access permissions in place that control who can access a particular network. Secure firewalls offer several layers of protection from hackers and their malware.
• Honeypot – This is a fake vulnerability that masquerades as a weakened part of your system or network, in an effort to bait a potential hijacker or other threat. It can be used as part of a security plan as a way to monitor whether the system or network is currently a moving target for any threats.
• Keylogging – This is generally a malicious practice where keyboard input is secretly monitored as a way to keep tabs on a user’s activity. Aside from the violation of personal privacy inherent to this, this is particularly dangerous as it gives hackers access to input personal details such as credit card information and passwords.
• Malware – This is a broad term that refers to any software that intrudes upon a computer system’s process in an unauthorized manner.
• Phishing – This refers to the practice of using false communications to deceive people in a way that elicits their sharing of personal information and sensitive details. One typical example of phishing is when scammers send emails pretending to be the Internal Revenue Service or a bank, and scaring recipients into believing they are in trouble and need to resolve a conflict. This resolution always requires the user to share details so that they may be identified.
• Ransomware – This is a form of malware that cannot be removed until payment of a ransom is received by the malicious instigator. The most common avenues for spreading ransomware include infected websites as well as phishing.
• Spoofing – This refers to any method by which a user is conned. Successful spoofing is what leads users into sharing their details with the malicious party. For example, the impersonation involved with many phishing scams is an example of spoofing.
• Spyware – This is malware that is secretly placed onto a system and monitors the user’s activities.
• Threat – This is an imminent risk to exploit known or unknown opportunities for malicious individuals or organizations to infiltrate a system or network.
• Virus – A piece of programming code that can secretly enter a computer, replicate, and then be transmitted to other computers.
• Vulnerability – This is any potential opportunity for malicious individuals or organizations to infiltrate a system or network. Threats exploit vulnerabilities; and so, it might be a flaw in design or a gap in security protocols.
• Whitelist – The opposite of a blacklist, this is a list of exclusions to a particular security rule, generated because the members of the list are known to be trustworthy.

Strong internet security teams are continually assessing the risks of their systems to prevent emerging vulnerabilities and consistently triage the highest risks associated with their systems and networks. The field of cybersecurity is continuously evolving as hackers riff off of existing malware and continually discover new vulnerabilities to exploit.

As technology continues to evolve and become capable of achieving new things, each advance also opens the door for new malicious acts and further sophistication in security breaches. It is the job of cybersecurity teams to always remain one step ahead and build their information systems in a way that prevents hackers from successfully infiltrating in any way.

The Tallahassee Democrat reported on April 5^th that a large sum of money had been stolen from the city of Tallahassee’s employee payroll. The perpetrator is suspected to be a foreign hacker.

What was stolen in the hack?

The breech diverted approximately $498,000 from the city payroll account. Still, all city employees have received their earned paychecks. This hack was the second time in less than a month that a breach of city security had occurred.

How did the attack occur?

The city of Tallahassee employs an out-of-state third-party vendor to host their payroll services. Their employees should be paid regularly through direct deposit. However, a foreign hacker apparently targeted this third-party vendor, effectively redirecting the direct deposits to their own accounts.

The city of Tallahassee found out about the breach when their bank alerted them. Of course, employees found out simultaneously when they awoke to realize they had not been paid on payday.

Is there any way to get the money back?

In the majority of large scale hacks, stolen funds or data is difficult or impossible to retrieve. Still, with help from their bank, the city of Tallahassee has managed to recoup approximately a quarter of the stolen money.

They continue to pursue criminal charges against the hackers with the aid of law enforcement and their insurance provider as well.

How do cyber attacks like these occur?

Successful cyberattacks usually start with some form of an email hack. This is usually achieved through phishing.

In fact, before the most recent hack of the city of Tallahassee, an email had been sent out that appeared to be from the City Manager. It was actually from an outside hacker who had included a virus disguised as a Dropbox link in the email.

While it is not suspected that this email was related to the stolen payroll funds hack, this does happen. “Phishing” emails can help hackers procure useful information about accessing in-network files and accounts.

How can you prevent hackers from attacking your business?

Large municipalities such as Tallahassee City are increasingly being targeted in cyber attack thefts. But the truth is, any business — or individual, for that matter — can fall prey to a cyber attack.

Unfortunately, the retrieval rate on hacking thefts is not high, meaning that prevention is key. The best way to prevent a hack is to prevent phishing, as this is how most hackers access your systems and accounts.

Make sure that everyone on your staff is keenly aware of what to look for in terms of phishing emails. When in doubt, suspicious emails should be left unopened. Or, at the very least, links should not be clicked, and personal or account information should never be handed over unless it’s sure the request is legitimate.

It’s also important for businesses to employ the services of a reputable and experienced IT services provider. Look for one who specializes in cybersecurity and has experience dealing with hacking prevention.