Category: Uncategorized

Upgrading software can be a real pain — literally. Users are likely to be reluctant to learn something new, causing additional requests to help desk personnel as users get acquainted with a new operating system. The time required to install upgrades and get up to speed with any changes is rarely trivial, and there’s always a risk that legacy software and hardware will balk when new functionality is introduced. With all these negatives, it’s a wonder that we ever upgrade software! Fortunately, the Windows 10 upgrade has many more pros than cons and will help your teams be more productive while providing additional security for your organization’s digital assets.

Recognize Productivity Gains for Business Users

Previous Windows OS upgrades have come with some dramatic changes to the interface, but Windows 10 feels very familiar to users. Sure, there are a few little tweaks such as an expanded Start button functionality, but the platform overall is quite consistent with prior versions. Transitioning from tablet to laptop isn’t jarring, and the interface is pleasant to view and convenient to use. Users are likely to find that their most-used applications are easier to find than ever, and saving a few clicks here and there can add up to significant productivity gains. Plus, Windows 10 offers a reduction in boot time of 75% versus previous Windows platforms, reducing user frustration and allowing them to get moving quickly. Messaging tools such as Skype are included in the platform, making it simple for users to connect at the speed of business.

Your IT Department Will Appreciate Easy Upgrades and Maintenance

From self-service options within the operating system to lighter maintenance requirements than previous versions, Windows 10 has been shown to reduce IT management time by 15%, as measured by Forrester Consulting. Boot times are improved, deployments are more rapid, security and application access control is easier. These gains not only reduce the overall IT cost for the organization but allow businesses to innovate more rapidly because there is less time spent on administration — and more focus on strategy and new technology. You may even be able to reduce your reliance on third-party applications, saving subscription fees and reducing overhead.

Windows 10 Has an Improved Security Posture

Cybersecurity is a hot topic for business leaders, and there are definite advantages to reducing your security concerns. Windows 10 includes the latest functionality to support your robust cybersecurity posture, including Credential Guard and Device Guard, BitLocker and more. Forrester estimates that businesses could save nearly three-quarters of a million dollars simply by activating the security features that are already inherent in Windows 10. The updated operating system separates data at both the file level and the application level, making it more difficult for employees to accidentally or purposefully share information with the wrong people.

Prepping your business for an upgrade has never been easier — and Windows 10 provides a wealth of benefits without the frustrations that you might be dreading. Improved security, reduced boot times, a familiar interface and more, your Windows 10 upgrade will help your team provide exceptional support for users now and in the future.

First, there was the GDPR, with organizations around the world scrambling to create cookie and privacy policies to ensure that their data storage and use would meet the restrictive standards imposed by the EU. For smaller organizations in the U.S., the GDPR didn’t cause quite the fuss as it did for multinational corporations. The California Consumer Privacy Act (CCPA) has the potential to upset marketers and technology experts in businesses of all sizes — especially since it’s expected to unleash the floodgates for other states to declare their data privacy standards. The CCPA goes into effect January 1, 2020, but what exactly does that mean for your business?

The CCPA Provides Ownership, Control and Security Over Personal Information

At the heart of GDPR as well as CCPA are the rights that individuals have over the ownership, control and security of their personal information. When businesses are allowed to share data, precisely which data points can be shared, who they can be shared with and how individuals are able to request complete deletion of their information from an organization’s database. There are some high-level rules that help determine the businesses that must comply with the regulations, including:

• Any business or for-profit entity that does business in California
• Organizations with $25 million or more in gross annual revenue
• Maintaining personal or household data for more than 50,000 organizations
• Whose annual revenue is composed 50% or more of selling the personal information of consumers

Unfortunately, GDPR compliance does not guarantee that your business will be compliant with California’s new regulations around consumer data.

What Are the Challenges with CCPA Compliance?

California’s new consumer data policies mirror the GDPR policies in many important ways, meaning organizations who have already invested in GDPR compliance may be far ahead of their competitors who are just embarking on this journey. Compliance with these prohibitive policies may require consolidation of a massive amount of information from multiple disparate databases, something that cannot be accomplished quickly or without cost. Organizations are expecting to spend upwards of six figures to become compliant, with businesses with reliance on selling consumer data projecting a significant reduction in revenue opportunities. Simply identifying all the personal data that is stored within your various applications can be difficult, but under CCPA you must also be able to identify where and how the data is being used, who owns the data, who creates it and more. Plus, individuals must have an easy way to access their data storage preferences and effectively erase themselves from your corporate databases.

How Can You Get Ready for CCPA Compliance by January 2020?

Data consolidation is one of the key initiatives for businesses, and many organizations will need to retain an attorney to work through the various requirements and ensure that the business is fully compliant. There are also privacy notices that must be posted on digital channels such as websites and mobile apps, letting consumers know how their data is being stored and used by the business. Data breach reporting is another crucial part of CCPA compliance, as you’re required to maintain roles and responsibilities for data sets as well. Although California was the first state out of the gate with a new compliance ordinance, it’s unlikely that they will be the last. This will introduce the additional complexity of determining where your users are located and tracking their behavior over time to ensure that you’re delivering the correct privacy policies based on their geographic location.

Data governance is not a new concept, but the level to which organizations are now being required to track minute shifts in information is often costly and time-consuming. It’s crucial that you work with a technology services partner who truly understands the requirements of CCPA and GDPR, and stays up-to-date with new legislation as it is introduced to ensure that your compliance is in order. With penalties of $7,500 per intentional violation and $2,500 per unintentional violation, businesses are going to be extremely motivated to become compliant.

You don’t have to look long or hard through the news to find the latest cybersecurity incident — or the terrible press and loss of business that the organization suffers due to their inability to quickly respond to the threat. Chief Information Security Officers (CISOs) are actively looking for ways to protect their organization from the devastating effects of ransomware or other malware and trying to find ways to get the business back up and running quickly in the event of an attack. These three incident response tips can help keep your operations from buckling during an extensive incident that involves your data, hardware or software.

Make Sure You Have a Kill Switch

Today’s systems are dynamically interconnected, which can make it exceedingly difficult to segregate out one particular section that has been infected before it can infest the rest of the organization’s digital assets. With forethought and planning, you can create a kill switch that puts a walled garden around IoT devices, different operating systems in your back office, servers and more that will help you protect the remainder of your organization in the event of an incident. Think about what you can break off from your infrastructure that still allows you to marginally function as a business, and create kill switches accordingly. Data loss is one of the most expensive components of a cyber attack, making it crucial to save as much of your data and information structure as possible when a breach occurs.

Segment It to Save It

Segmentation and segregation is a good thing when it comes to networks and applications, but this same concept can also apply to user groups and even vendor management. The concept of “Segment it to save it” is generally constructed around data and networks, but it can easily be expanded to include user access controls and authorizations, vendor management and more. If a particular user group has been compromised, it’s much easier to rebuild a segment than it would be to rebuild your entire organization’s infrastructure. Think beyond the logical and physical implementations of segmentation, and think about everything you could possibly cordon off within your business — including vendors, partners and customer segments.

Invest in Regular Updates to Your Incident Response Playbook

Is your team confident that they know the required steps to protect your organization in the event of a cybersecurity incident? What happens if your cybersecurity expert just happens to be on vacation the week that a massive attack is launched? There are few substitutes for a written incident response playbook that provides you with step-by-step instructions that will help your business regain its footing in the digital world. Simply creating this playbook isn’t enough, you will still need to update it on a regular basis to ensure that you’re taking recent attack types and vectors into consideration as a part of your response and recovery planning. Your incident response playbook should be as dynamic as possible, reflecting today’s realities and offering achievable solutions to salvaging your business operations.

With luck, your business will be in the minority — those organizations that are never hit by a cyber attack. The unfortunate reality is that when a cyber attack hits your organization, it will cost you an average of 50 days to regain full operations of your business. Understanding these various components of incident response and forming your plan before you need it are crucial to ensuring that your organization is protected in the event of an attack.

If your company is still using the Windows 7 operating on your business computers, it’s time to look for a change. That’s because Microsoft is ending support for this popular and reliable operating system that has been popular with companies for years.

On January 14, 2020, Microsoft will stop offering security patches and dates for Windows 7. In the next few months, choosing a new operating system is a time-sensitive issue that should not be left until the last minute.

What Does Microsoft Mean When It Says Windows 7 Is Ending?

That’s not exactly what Microsoft is saying. After January 14, 2020, Windows 7 will continue to operate. However, doing so comes at a considerable risk to your business and employees. The “end of life” description of what’s happening to Windows 7 means that Microsoft will stop all paid and unpaid support.

Microsoft will stop creating and making available important security updates. It will also stop offering new features or design improvements of any type.

More critically is the stoppage of any kind of support for customers having problems with Windows 7. Free support that had been included in licensing agreements has already ended. As of January 2020, any “extended support,” which is Microsoft’s term for paid support and which is currently available, will stop as well.

Why Not Keep Using Windows 7 After the Support and Upgrades End?

Your Windows 7 operating system will continue to operate after support ends. However, your business will be highly susceptible to cyberattacks by those looking to exploit new vulnerabilities using viruses, phishing attempts and other attack vectors. Those vulnerabilities will multiply as your computers will not be protected by the regular patches that Microsoft offers to its customers for operating systems and software.

In addition, you may find that software applications you use on Windows 7 will also not work as well. Many software companies will stop offering upgrades or support for their programs for customers using Windows 7. While some may provide some updates and support after January 2020, those services are unlikely to last very long.

Hardware and peripheral companies are also unlikely to continue to provide updates or compatibility features with an eye on Windows 7. Newer technologies of all types will likely take advantage of newer features and capabilities that were not available in the Windows 7 operating system.

Older versions of operating systems like Windows 7 come with the browser Internet Explorer embedded. Support for these older versions of Internet Explorer will also cease in January 2020. Microsoft urges customers using Internet Explorer to upgrade to IE 11.

Hackers are well aware of the January 14, 2020, deadline and are apt to look to businesses still using Windows 7 as prime targets for their attacks.

What If We Use a Windows Embedded 7 Product?

Support for certain versions of Windows Embedded 7 end in October 2020, April 2021 and October 2021. More information about these cutoffs can be found here.

Can I Activate Windows 7 After the Cutoff Date?

If you still want to activate a purchased version of Windows 7, you may do so up to and after the January 2020 date. Just remember that a newly activated version will still be vulnerable to malware and virus and will not receive Microsoft support or upgrades.

What Are My Options for Replacing Windows 7?

Microsoft is understandably encouraging current Windows 7 customers to upgrade to Windows 10, its flagship operating system product. It is also encouraging customers to buy new computers with Windows 10 installed, as older computers may not have the minimum requirements to support Windows 10 and optimize its performance.

If you purchase Microsoft 365 Business, a cloud-based version of the popular suite of Microsoft Office Apps such as Word, Excel, PowerPoint, Outlook and OneNote. Microsoft 365 Business buyers get a free upgrade if they are currently using a Windows 7, 8 or 8.1 Pro license. Microsoft 365 Business owners can also upgrade all old Windows Pro licensed device at no additional cost.

What If I Need More Time to Upgrade from Windows 7?

If you use Windows 7 Professional or Windows 7 Enterprise, you can buy Extended Security Updates through January 2023. Those upgrades became available for purchase on April 1, 2019. For more information on this option, please contact Microsoft directly as there are specific technical and product guidelines regarding eligibility.

Understanding the options and risks when it comes to Microsoft’s cessation of Windows 7 support and updates helps your company make an informed decision.

Passwords are a problem. In one sense they are exactly the opposite of what they should be. They’re hard for users to remember but easy for intruders to guess or steal. The user frustrations with the current system make it ripe for abuse, and that’s exactly what’s taking place every day.

The best solution for lawyers and law firms alike is to implement a password management utility. We’ll take a look at that solution after exploring the nature of the problem in greater depth.

The Problems with Passwords

Can you even count how many digital sites and services you’re required to log in to with a username and password? Most people have upwards of one hundred. It’s challenging, if not impossible, to keep them all straight without some kind of assistance. People usually resort to one of several very insecure methods to solve this. One of the most common is reusing the same username and password on multiple sites.

Password Reuse Is Easy but Dangerous

Security professionals will tell you that reusing passwords is dangerous. This is because when (not if) your credentials are captured or stolen on one site, you become vulnerable on every other site that uses those same credentials. The problem here is that it’s just so easy to reuse passwords, especially on accounts we don’t consider to be sensitive in nature. Nearly half of security professionals themselves admit to reusing passwords, even though they know firsthand the dangers of doing so.

Strong, Unique Passwords Are Too Hard to Remember

If you’re not supposed to reuse passwords, then what should you do? Ideally, you should create a strong, unique password for every site. Each one should be lengthy (the longer the better) and should contain a mix of lower and uppercase letters, numbers, and symbols. The longer and more complex the password, the harder it is for a computer to crack it. People won’t be able to guess Gbje23+3zp?$T0n very well at all.

The problem with a password like Gbje23+3zp?$T0n, though, is obvious. You’ll have a tough time remembering even one of those, let alone a hundred.

Experts will suggest other tactics, like turning a familiar phrase into a password. “Four score and seven years ago our fathers brought forth a new nation” could become “4s&7yaoFbfaNN”. This method uses the first letters of each word (along with numbers and symbols where appropriate) to create a passcode that’s nearly inscrutable but that’s easier to remember.

This method helps, but it doesn’t scale well. It’s true you’ll have an easier time reproducing that than the previous example, but you’ll still have a tough time replicating that a hundred times over.

The Solution: Password Management

The best solution to the password conundrum is using a password management utility. Setting up a password management utility isn’t difficult, and putting one in place greatly increases your digital security. Once you’ve set up a password manager, you don’t even need to remember all those passwords. You just have to remember one.

How Password Management Tools Work

Password managers are programs or apps that function as a digital safe, or a digitally encrypted locker. All your passwords are stored inside the safe. Password management tools will also help you create long, complex, unique passwords for all your accounts. Some can even do this automatically once you supply your existing credentials.

With a password manager, it’s easy to maintain a different complex password for every account, because you no longer need to remember those passwords yourself. You just need to create and memorize one very strong password for the password manager itself.

Once you’ve set up a password manager, it will autocomplete the login fields on most websites. For the few that don’t auto-populate, you can access a database of your account credentials and copy and paste the proper credentials into the corresponding fields. All the major password managers also offer some degree of integration with both iOS and Android. Your passwords remain accessible, yet secure, on your mobile devices.

The Security of Password Management Tools

Password management tools stake their reputation on their security. They aren’t perfectly secure—nothing is. The Washington Post notes some of their flaws. They are, however, a vast improvement over most people’s current password practices. No one gets access to your vault without your master password, and hackers won’t get that password from the utility makers since they don’t store your master password anywhere. There’s no database to be hacked.

On that note, make sure your master password is itself long and complex. Consider using the “familiar phrase” tactic described earlier.

Conclusion

Lawyers have an obligation to keep their digital accounts secure. Doing so manually is difficult if not impossible. Implementing a strong password management solution is the answer. If you have more questions about implementing a quality password management system for your law firm, we’re here to help. Contact us today to discuss the options available.

Running a business requires a great deal of focused attention. Unfortunately, when your technology team is spending a great deal of time dealing with login problems, software licensing, cybersecurity and more, it doesn’t leave a lot of time for growth activities and strategic thinking. As businesses grow, many organizations find that it makes sense to work with an IT managed services company to maintain a high level of security and staff productivity that would be nearly impossible using only internal assets. These technology partners provide best-in-class tools and support that can scale with your business as you expand. Here’s an overview of the type of services that many of these technology partners provide.

Day-to-Day Operations

Technology teams often refer to “death by a thousand cuts” — which is what happens when you have dozens of people relying on you to provide technical support for your organization. Everything from computers that refuse to reboot to conference rooms where the projection isn’t working all come into your help desk. This can overwhelm the individuals in IT and also cause a productivity loss for the staff members who are waiting on a response or support. IT managed services providers are able to step into this gap and solve a variety of simple challenges, including:

• Retrieving lost files or folders
• Resetting passwords
• Issuing software licenses (based on pre-set business parameters)
• Troubleshooting network connectivity
• Rebooting servers

These are only a few of the “Help me now!” requests that technology professionals receive on a daily basis, and all of these options can be resolved remotely by a friendly technician from your IT managed services provider.

Creating or Refining Cybersecurity

Ensuring that your business information stays safe is a primary directive for today’s organizations. With many companies storing personal financial and health information for clients or staff, cybercriminals are enjoying access to data from organizations of all sizes — especially those businesses without a robust security posture. Staying current with the latest threats takes time and attention, and can be challenging for technology staff members to juggle with other priorities. When you work with a managed services provider, you have easy and immediate access to cybersecurity professionals who are able to review your current processes, make recommendations for improvement and then even help with the implementation of those suggestions.

Long-Term Technology Strategies and Budgeting

Even things that you might think of as integral to your business can be supported through a trusted IT managed services provider. A good technology partner may have access to dozens of business models and be able to make recommendations for your business based on a broader scope of understanding. Your external IT team can help with research on new vendor partners, negotiating better pricing on software due to shared buying power and even help create budgets based on the unique needs of your business.

Advanced Backup and Disaster Recovery

Should the unthinkable happen, it definitely pays to be prepared. There are any number of reasons you might have to restore operations from a backup, but without a proactive backup and disaster recovery process in place this can be a big challenge for businesses. Massive fires, flooding or other natural disasters claim thousands of businesses every year, as those businesses are unable to restart operations after a disaster. Cyberthreats or data loss could also spell doom for your business, especially if the loss leads to an extended period of time without access to your business data. With an IT managed services partner, you’re gaining access to advanced backup and disaster recovery software and protocols that will help protect your business in the event of an emergency — and help you restart operations quickly. More than 96% of businesses with a disaster recovery solution in place continue operations, but the same cannot be said of those without the forethought to create a comprehensive plan.

There are hundreds of scenarios where an IT managed services provider can help support your business. The bottom line is that you are gaining access to a deep bench of qualified professionals who are solely focused on helping make your business successful. Whether you need immediate assistance with help desk support or longer-term strategic advice, IT managed services providers serve a vital role in today’s business world.

You don’t think about a small business in middle America being targeted by hardened Russian cybercriminals, but that’s exactly what happened in the case of Smile Zone. This Missouri dental office caters to children, looking for ways to provide them with a higher comfort level with dental procedures. Smile Zone had not yet invested in any aggressive cybersecurity measures, because they didn’t expect to become the target of malicious attack from overseas. Unfortunately, they were wrong, and their lack of planning for cybersecurity cost them over $200,000 due to a simple phishing scam — money that Smile Zone has never been able to recover.

Determining the Attack Vector

It didn’t take long for investigators to determine the attack vector, as it was a simple phishing email that was launched on the computer that Smile Zone used to conduct their banking business. With the information stored on that computer, the Russian cybercriminal and his associates were able to tap into the bank account of Smile Zone and create a transaction for $205,000 that looked perfectly legitimate to the bank. Unfortunately, that also meant that the bank would not accept liability for the transaction — something that they would have done if the account were a consumer account instead of a business account. What’s worse, the cybercriminals left the back door of the business open so they could help themselves to more funds in the future if the vulnerability was not addressed in time.

Why Russian Hackers Target Small Businesses

It’s hard to imagine, but why would a well-known Russian hacker who was on the FBI’s Most Wanted List waste their time attacking a small business for “only” a few hundred thousand dollars? The answer is simple: small businesses are less likely to have invested in cybersecurity. Not only are the businesses perceived to be less secure, but cybercriminals are looking for an ongoing payday — not a one-time bankroll. Small to mid-size businesses may not even notice relatively small amounts being shifted around until the dollars add up to a significant amount of money. This allows these nation-state actors to slowly siphon away funds that could otherwise be used to fund payroll or grow the business. Even if small businesses do have passive cybersecurity, they may not be actively monitoring their transactions and systems in a way that would allow them to see the fraud happening in near-real time. Symantec defines the time between the injection of malware or a data breach to the discovery time as “dwell times“, and they average 191 days before many businesses discover that their systems have been compromised.

Are There Legal Avenues for Recourse?

The unfortunate reality is that it’s difficult for the government, local police or anyone else to help regain access to your funds once they’ve been exfiltrated to a remote location. Hackers are extremely savvy, in taking just enough money that they can easily move it around without a lot of notice from others. It’s difficult for law enforcement to prove that there has been a crime, much less track down a slippery individual thousands of miles away from the crime. When your business suffers this type of loss, it’s unlikely that the money will ever be recovered — a devastating blow for a small business.

Are There Ways to Protect Your Business?

Fortunately, you don’t have to simply wait for your business to be hacked, and you don’t have to invest in over-the-top security solutions that are meant for enterprises instead of small to mid-size businesses. Your trusted technology services partner can help you understand the various options that are available to help protect your organization. This could include a variety of solutions:

• Endpoint protection and monitoring of WiFi hotspots that are available to customers and employees
• Rigorous password policies
• Ongoing employee and contractor security training and testing
• Active monitoring of your network by knowledgeable security professionals
• Proactive notification systems so your technology partner can immediately begin remediation in the event of a breach
• Email and website security software that helps filter out malware and spam before it reaches your staff
• Robust backup and recovery procedures, to ensure your business can continue functioning even if you’re under attack
• Systematic review of all potential fail points within your infrastructure on a regular basis
• Rigorous management of user accounts and logins, to ensure that accounts are inactivated quickly when they’re no longer needed

Each business is unique, and working with your trusted IT managed services provider will offer more direct and detailed recommendations that will fit the unique needs of your business.

No one is expecting to be the target of a Russian hacker, and small businesses may be even less prepared than larger ones. No business is truly safe from cybercriminals unless your business is fully protected by a suite of cybersecurity measures that include active management of your infrastructure. It pays to invest a small amount upfront to protect your business from what could be a disastrous cyberattack in the future.

Researching IT support companies can lead to confusion — and quite a headache! You may have started down the path of finding a technology partner due to internal frustrations or a lack of time to support basic technology needs, but your search can quickly expand due to the number of potential partners in the marketplace. Trying to determine exactly the level of support that you need and the associated costs may feel like an exercise in futility, but there are some basic tenets that will help you find the best IT support company for your needs. From reviewing the pricing models to service levels, here are the key considerations that will help you determine which partner is right for your business.

1. Does Your IT Support Company Offer Flexible, Scalable Contracts?

Technology solutions are rarely one-size-fits-all, and your IT services partner should recognize this and be able to provide you with customized recommendations that will meet your unique business needs. This could mean shorter contracts so you can evaluate the working relationship to support packages that provide you with scalable options that are designed to grow with your business. Your IT services partner should feel like they are on your side, making recommendations that will save you money while providing you with the support that your business desperately needs to grow.

2. Does Your IT Support Company Focus on Ongoing Education?

Technicians with industry certifications in various platforms should indicate to you as a client that your technology partner is placing an emphasis on ongoing education. The technology landscape changes dramatically in the course of several years. If your IT professionals are not maintaining their certifications or growing their body of knowledge, it can be challenging for them to provide your business with the support that you deserve. Key certifications to look for include Microsoft Silver or Gold Partner Certifications and CompTIA Certifications, to name a few. Your partner should be able to demonstrate that they value ongoing education by setting aside time for team members to attend training or continue their education.

3. Does Your IT Support Company Value Proactive Security and Account Management?

Proactive account management is crucial to your business success, as your IT services partner should be continually looking for ways to save you money and improve the efficiency of your operations. This should include a bi-annual or quarterly review of your business, that truly digs into the details and provides you with actionable recommendations. The right partner will be able to peek into the future and call out items that could become a problem in the future, so you can resolve them before they negatively impact your business operations. Active security measures are another valuable aspect of your partnership, as your IT services technicians are continually reviewing network activity to discover discrepancies so remediation of any problems can begin immediately.

4. What Are the Stated Response Times for Your IT Support Company?

There is no slick or easy answer that you should be looking for in terms of response times, as that can vary based on the needs of your business. Some businesses may find that getting a response within several hours is perfectly acceptable, while others need to get help desk support in a matter of minutes. What you are looking for is the best match for your business: an IT support company that is able to provide you with workable response times at an acceptable cost.

5. Is Your IT Support Company Aggressive About Cybersecurity?

Protecting your business assets is a mission-critical task for your IT support company, and they should treat it as such. You need to know that you will have access to cybersecurity professionals who are actively reviewing your account on a regular basis to ensure that all appropriate precautions are being taken to protect your digital assets. This includes everything from user training to backup and data recovery processes, all of which must be in line with your business needs.

Sometimes, it’s not a matter of finding the best IT support company — it’s a matter of finding the best fit for your business. You’ll want to consider everything from the support you want to receive from your account team to the quality of the training that technicians receive on an ongoing basis to find the best IT support company to meet your unique business needs.

The attack dubbed “PhishPoint” is a recent cyber-attack scheme being used by foreign hackers. It demonstrates the craftiness and the extent that cybercriminals will go to in order to harvest your Microsoft Office 365 credentials. It uses several familiar aspects of Office 365 to lull potential victims into an assumption that everything is above board. But it’s not. Here’s what you need to know about PhishPoint and how to protect your organization.

How Did The PhishPoint Attack Get Into Office 365?

The PhishPoint hackers use Microsoft SharePoint files to host their phishing links. Typically hackers use emails to host malicious links. Now, these crafty hackers have figured out how to bypass Office 365’s built-in security to leverage their attacks. This shows that there’s a critical flaw in Office 365 in this respect.

How Does The PhishPoint Attack Work?

You can recognize a PhishPoint malicious email by its use of “URGENT” or “ACTION REQUIRED” to urge you to respond. But beware, this email contains a link to a SharePoint Online-based document that you don’t want to click.

Here’s how it works:

The link will direct you to SharePoint. It will look legitimate and could trick you or your users unless you know what to watch for it.

At this point, you’ll be shown a OneDrive prompt –The SharePoint file will impersonate a request to access a OneDrive file with an “Access Document” hyperlink. This is actually a malicious URL, as shown below.

Then you’ll see a Microsoft Office 365 logon screen – Don’t enter your information even though it’s very authentic-looking login page. if you do, the hackers can access your user credentials!

What Else Should We Watch For?

Several things stand out here, and you should watch for them:

1. The email is unsolicited and has a generic subject of “<person> has sent you a OneDrive for Business file.”

2. Opening the document requires you to take a number of steps.

3. The URL for the logon page isn’t on the office365.com domain.

Why Didn’t Microsoft Stop This Scam?

Unfortunately, Microsoft didn’t see this coming. They continually scan emails for suspicious links and attachments, but even they were fooled. They didn’t think that a link to their own SharePoint Online would be malicious.

Another problem is that Microsoft link-scanning only goes one level down. It scans links in the email body but doesn’t scan files that are hosted on their services like SharePoint. If they did, they would have to scan for malicious links within shared documents.

And there’s another problem…they couldn’t blacklist the malicious URL unless they did this for the full URL for the SharePoint file. In this case, the hackers could just make a new URL in an uploaded file that contained content similar to SharePoint.

Since Microsoft isn’t scanning files hosted on SharePoint, hackers can easily use the platform to con their users and steal their credentials.

This scam exemplifies the risk associated with cloud-based applications. Using context and services that users are familiar with, cybercriminals can take advantage of a lowered level of alertness, and gain access to corporate resources online – all without the user or organization ever knowing it.

What Is Microsoft Doing To Prevent Scams Like PhishPoint?

Microsoft has been working behind the scenes to stop foreign attackers. Court documents that were unsealed on March 27, 2019 show that they’ve been waging a secret battle against a group of Iranian government-sponsored hackers.

Microsoft said it received substantial support from the domain registrars, which transferred the domains over to Microsoft as soon as the company obtained a court order.

What Can We Do To Prevent Being Affected By PhishPoint?

It’s important that you share this message with all of your users:

Be on alert! The bad guys have a new way of stealing your login credentials. They target you by sending an invite via email to open a SharePoint document.

The link takes you to an actual SharePoint page where you will see a OneDrive prompt. The prompt will have an “Access Document” link in it- don’t click this link!  

This link is malicious and will take you to a fake Office 365 login screen. Any credentials you enter here will be sent to the bad guys. Don’t be tricked!  

Whenever you’re submitting login credentials to any site, make sure to check the URL of the page for accuracy. Also, remember to always hover over links to see where they are taking you. Remember, Think Before You Click.

Here are some other things that you and your users should do:

• Be wary of any email subject line that contains an imminent threat like “URGENT” or “ACTION REQUIRED.”
• Always suspect URLs in the body of an email. It’s best not to click them. Most legitimate businesses no longer send links in emails.
• Carefully review any logon page. Check to make sure that the URL is actually hosted by the service that you want to use.
• If an odd-looking email shows up in your inbox from someone in your organization and you question its authenticity, contact the person by phone to see if they sent the email.
• Use Multi-Factor Authentication for all of your software platforms and online accounts.
• You should also sign up your users for Security Awareness Training. When you do, they’ll have a better chance of spotting the telltale signs of a cyber threat.

With nearly a million patients affected, the recent ransomware attack on a Michigan healthcare billing services provider continues to cause waves in the industry.  

Close to a million Michiganders are finding that their healthcare information may not be as secure as they thought it was, according to Michigan’s Attorney General Dana Nessel. Unfortunately, the personal health and financial information of these individuals were part of a massive ransomware attack on a third-party subcontractor who prints and mails bills for healthcare organizations in the area. While the attack happened back in September 2018, the far-reaching repercussions are still being identified over six months after the breach occurred. These unlucky individuals are discovering that a vast array of information was impacted, including social security numbers, dates of birth, personal addresses, names, medical information, phone numbers and even information about their insurance contracts. It took nearly three weeks for the contractor, Wolverine Solutions Group, to regain access to their data after the ransomware attack.

Healthcare Organizations Are Often Targeted by Hackers

Due to the high volume of personal, financial and health information available, healthcare practices and associated organizations such as Wolverine Solutions Group are often the target of cyberterrorists. The information that is stored within the vaults of these companies is extremely attractive, both for the data points and the perception that healthcare organizations will pay handsomely to regain access to their crucial healthcare data in the event of a ransomware attack. Ransomware costs American small businesses more than $75 billion per year according to Datto, a staggering sum when you consider that this downtime can result in costs upwards of $8,500 per hour. Ransomware is increasingly becoming a part of the technology landscape, as cybercriminals perceive it to be a relatively easy and untraceable payday due to the rise of anonymous digital currency such as bitcoin.

Was the Record Encryption Strong Enough?

One of the questions that cybersecurity professionals are attempting to answer is whether or not the encryption that was applied to the records was enough to protect the records from the cybercriminals. In the case of ransomware, the Wolverine Solutions lost access to their data for a period of approximately three weeks. During that period, it’s still unclear whether the cybercriminals attempted to break the data encryption — and if they were ultimately successful, where that data might have been shared with others or sold on the dark web. While a security firm brought into investigate initially felt that the attack was strictly focused on gaining ransom money, that has yet to be independently corroborated.

Patient Notification and Next Steps

Patients who were potentially affected are being notified by Wolverine Solutions Group, an expensive and time-consuming process as it requires multiple contact methods and a great deal of support. The organization is also providing complimentary credit monitoring and identity protection services for the affected patients, an additional cost that must be considered a part of the loss. These services will all be provided for the period of a year, while patients worry and wait — wondering if their personal health and financial information is in the hands of cybercriminals somewhere in the world. While Wolverine Solutions Group technology leaders note that they are taking steps to ensure that this type of attack doesn’t happen again, this negative publicity has likely affected their business in ways that will continue to be seen for years to come.

While it’s nearly impossible to create a system that cannot be breached, this instance illustrates the importance of having proactive, advanced backup and data protection processes in place. Cybercrime is rampant throughout the world, and there are no businesses that are truly immune from the effects of a major attack. Wolverine Solutions Group is merely the latest in a string of healthcare organizations that suffered from this type of aggressive ransomware attack and join Hollywood Presbyterian Medical Center and other large healthcare organizations in the growing list of targets.