Category: Uncategorized

At the beginning of October 2018, Tabs3 Software announced that it had acquired CosmoLex. This makes it the most complete offering of its kind.

“We are thrilled to welcome CosmoLex to the Tabs3 family as we continue to build the leading platform for practice and financial management software for solo to midsized law firms,” President and CEO of Tabs3, Dan Berlin stated. “CosmoLex plays a significant role in our vision to be the software partner of choice for every solo to midsized law firm in the United States and Canada, whether they desire cloud, desktop, or hosted desktop software.”

Legal professionals unfamiliar with either the award-winning Tabs3 or the innovative CosmoLex may wonder the following: “What are they?” and “How can I use them to improve upon my existing legal business practices?”

Understanding what they are independently will help clarify what they can accomplish combined.

What Is Tabs3 Software?

Tabs3 is Windows-only software designed specifically for law offices. Among other things, it performs timekeeping and billing on desktops. It can be paired with certain add-ons to work with the Legal Electronic Data Exchange Standard (LEDES). This specifies the file formats used to facilitate the safe transmission of electronic data in the legal industry. These help keep a firm compliant.

Although Tabs3 is fully-customizable, it is not portable, and it is a bit complicated. Generally, it works well for partnerships or firms that have onsite IT assistance. It is user-friendly, but can be a bit difficult to set up.

Some of its key functions are as follows:

• Billing options that include standard hourly, contingency, flat fee, retainer, split fee, and task-based methods
• Conversion tool to transfer information from Timeslips and other software to Tabs3
• Extensive report capabilities
• Security options that are tiered for user preference, and may include encryption for ultimate protection

Additionally, Tabs3 Billing provides seamless integration with other Tabs3 products like the accounting, financial, and report-writing software. It integrates with Quickbooks, Tabs3 Cost Recovery, Tabs3 General Ledger, Tabs3 Trust Accounting, and Practice Master, which is the law practice manager software.

It does not have an Android or iOS application at this time. An easy upgrade to Tabs3 Premium and the mobile interface Tabs3 Connect, however, allows users to access the programs on their smartphones or tablets.

What Is CosmoLex Software?

CosmoLex is one of the fastest-growing cloud-based platforms. It is very popular with solo practitioners and in small offices. As of 2018, it is used by thousands of law firms. Over 20 State Bar Associations endorse it, as well.

CosmoLex provides a comprehensive law practice management system. It offers the convenience and security of legal time and online retainer and invoice payments. The built-in accounting feature (LawPay^TM) takes care of the bookkeeping for every credit card transaction. CosmoLex also ensures that law office accounting is fully compliant.

There is no contract required for CosmoLex. For a small pay-as-you-go monthly fee, firms receive access to all of its features. For no additional charge, they also receive all of the newest features as soon as they are added. Plus, customer onboarding, training, and support are provided by CosmoLex’s in-house team free of charge.

Since it is cloud-based, it can be used with an app on iOS and Android. This allows attorneys to handle the business end of their practice anytime, anywhere.

How Will the Acquisition of CosmoLex by Tabs3 Benefit Law Offices?

Now that Tabs3 Software has acquired CosmoLex, what does that mean for the legal field and individual firms? With the existing customer-base of each, together they will be serving over 100,000 lawyers with locations in Canada, as well as the United States.

Combined, this becomes one of the most versatile legal practice management options available. It offers both cloud and desktop software solutions. This makes it ideal for solitary legal professionals, as well as small and mid-sized offices.

It offers the advanced features, control, and security of an established desktop product, and adds to that the lower-priced billing of a cloud-based product. Accounting, billing, practice management, and seamless integration are the key aspects that CosmoLex and Tabs3 together supply. In fact, that is what will make this a total solution for many law firms.

In Conclusion

With so much at stake in the legal sector, attorneys can expect more procurements, such as Tabs3 acquiring CosmoLex, to take place. Not only do these actions benefit both of the companies, but they make things easier for their customers as well.

“The combination of Tabs3 and CosmoLex brings together the market-leading desktop platform with the fastest-growing cloud platform in the legal billing, financial and practice management markets;” founder and CEO of CosmoLex, Rick Kabra stated. “We are now much better positioned to serve existing and new clients as law firms continue to embrace cloud technology.”

Trying to track your mileage for reimbursement and tax purposes can be a hassle for people who are naturally organized, and is even for worse for those of us who aren’t. If you have a smartphone, it has built-in GPS technology that can make the tracking process easier and automatic – but only if you have the right kind of app.

There are a host of apps out there that promise to help you with the process. However, if you are an Office 365 premium business subscriber, MileIQ can help you log, classify, and report on unlimited trips through their free app.

What Is MileIQ?

If you haven’t heard of it yet, MileIQ is a popular app for automatically tracking mileage. This app is available on both Android and iPhones – and, as mentioned, is included with Office 365 Business Premium subscriptions. It runs in the background of your mobile device and provides you with accurate, easy to classify mileage records. It automatically logs all your miles into individual trips which it refers to as Drives. You will be notified after a Drive to classify it as business or private. The app then creates an accurate record for reimbursable mileage and tax deductions and can generate customized reports for you.

Setting Up MileIQ

To set up MileIQ, begin by downloading and installing it on your device. Once the app is installed, open it. You will be prompted to log in or create an account.

Assuming you have not created an account, you would need to provide the email address you would like to use and password to secure your account. You do not have to use a business email address; in fact, the app suggests you use a more permanent personal address.

When that is complete, click on Sign Up. The email address you provide in this step will be the one where all reports and updates will be sent. As with most apps, you will need to verify your email address. After you have received and reviewed the verification email, the installation will be finished.

Device Permissions

In order to run properly, MileIQ will need certain device permissions, including access to your location. Without being able to access your location, the app will not work. When prompted for that permission, select Always Allow if you have an iOS device or Always if you have an Android device. Some people may be concerned that if they provide a business email address to the app that their employer will be able to track them. The app will not provide information to your employer unless you share your login information with them or mail them copies of your reports.

You will also be prompted concerning permission for reminders/notifications. The purpose of reminders is to help you classify a trip as business or personal while that information is fresh in your mind. It is recommended that you allow reminders on your device. It will make the process of classifying your trips much easier.

Accessing Premium Features through Office 365

After creating or signing in to your MileIQ account, you will be prompted for a work email to verify your company’s Office 365 subscription. Note that you do not have to use your work email as your MileIQ email. Once you have been approved as an eligible Office 365 subscriber, you will have access to a premium account that allows you to log unlimited Drives.

Classifying Drives

To classify a Drive as business, you swipe right. To classify it as personal, swipe left. You can also add any details that you need, such as toll or parking charges. Note that after classifying trips for a while, the system will be able to automatically classify your most frequent routes (e.g., to and from the main office or a workspace).

Drive and Mileage Reports

You can receive a report on your Drives at your convenience. The default is a weekly report, but reports can be generated at any time. In addition, the reports are highly customizable through the MileIQ dashboard. The dashboard for MileIQ can be accessed from just about any device you own – tablets, smartphones, laptops, and even in the cloud.

Conclusion

There are many people out there who are struggling with trying to track mileage, filling out stacks of reimbursement forms, hoping their mileage information is backed up, and working hard to classify business and personal travel separately. There are so many apps to choose from to help with tracking mileage than trying to select one can be a major challenge in itself. However, the only mileage tracking app that offers a premium subscription to Office 365 business subscribers is MileIQ. Fortunately, MileIQ is easy to set up and use, and it provides a great deal of supporting information on the MileIQ website which can be found here.

 

Microsoft just made your mobile life and computer life a whole lot easier and fun. If you love your phone, well so does your computer. Finally, you no longer need to dig around for your phone to send a text message while sitting at your Windows desktop. Plus, that extra step of emailing photos from your phone to your computer has ended. Thanks to Microsoft’s new “Your Phone” app for Android phones, 7.0 or later, you can now send text messages right from your PC.

What Should You Know To Get The New Your Phone App?

To get the Your Phone app, you must sign into your Microsoft account. Also, under your account, you can install the app on a maximum of ten Windows 10 devices. And as for installation, the Your Phone app must be installed on your internal hard drive. The size of the app is approximately 13.74 MB.

The Your Phone app does support Android 7.0 phones or later and Google’s newer versions of their mobile operating system. The Your Phone feature became available to every Windows user in October. By early to mid-November, Microsoft will extend support for the function to Apple/Mac devices that use Microsoft’s Edge browser.

Once the software gets installed, you’ll need to accept a connection request from your PC on your phone. That needs repeating for every Windows 10 computer you want to connect to your Android phone. Once you’re connected, there will be a grid of photos on your PC. One thing to note: what you will view will be a square image. To see the whole image, open your choice of photo viewer app or drag the picture onto your PC.

What Can You Do With The Your Phone App?

Microsoft’s new Your Phone app shows you the most recent texts and photos, which came from your Android phone, onto your desktop. From your desktop, you can drag, drop, copy or paste those items to your computer or other compatible applications.

Here’s how it works: with the Your Phone app, go ahead and snap a picture from your Android phone. Then check out your desktop. You’ll see that photo, you just took, right on your computer. The app gives you instant access to your Android phone’s photos, right on your computer. Now that daunting task of emailing yourself pictures can finally stop.

Does your presentation need a photo? What about sprucing up that embarrassing selfie you’ve been hiding from your friends? Then drag and drop it. Texting from your computer is not only possible, but it’s gotten a whole lot easier. The Your Phone app allows you to view and send Android text messages from your computer. You can use your computer’s keyboard to text friends and any group messaging. Now you can save your texting thumbs for online gaming battles.

Just remember you have to link your Android phone to your computer. You can do this by going into your Windows Settings or through Your Phone app. Once that is complete you will receive an app from Microsoft. You are required to download the app on your mobile phone also and follow the setup instructions. At this time the Your Phone app does need Android 7.0 or later to work correctly.

Does The Your Phone App Have Any Enhancements, Limitations or Warnings?

Enhancements – Besides supporting 70 languages, Microsoft also announced some related improvements, which launched in April 2018, to its Windows Timeline, which displays sites and accessible files you’ve recently gone to or used. The Your Phone feature rolled out to all Windows users in October 2018. Currently, emails, websites, and documents you’ve recently viewed on your Android phone will also get included in the Windows Timeline. As for other Windows timelines, Microsoft will notify you through your account.

Limitations – Microsoft’s Your Phone is a UWP app that links to software running on Android 7.0 or later devices to share only the latest 25 pictures on your phone with your PC. At first, the Your Phone app will support Android phones running 7.0 or later. It will also run on newest versions of Google’s mobile operating system. As for iOS users, Microsoft has not stated whether or when it would make the app’s feature available to those users.

Warnings – There is a photosensitive seizure, warning notice, you need to be aware of, especially if certain visual images, flashing lights or patterns trigger an epileptic seizure with you or anyone you know or work with. The photosensitive epileptic seizures have a variety of symptoms.

• altered vision
• confusion
• disorientation
• eye or face twitching
• jerking
• lightheadedness
• momentary loss of awareness
• shaking of arms or legs

Please be aware; some seizures may cause convulsions and loss of consciousness. That could lead to a head injury from falling or landing on nearby objects.

Did you find this article informative? If you liked this one, check out our other content we think you’ll find interesting.

As technology continues to evolve, those people threatening it adapt as well. This is also true in the legal sector where a breach in security can be devastating. Clients are demanding more from law firms by way of protection. Firms are scurrying to respond.

Unfortunately, those offices with even the most advanced IT teams are often deficient. They have weaknesses that they are unaware of. In a few months when cybercrime has made further advances, those vulnerabilities will have multiplied.

Individual law firms generally realize that the plight is not theirs alone. Cybersecurity works better when networks cooperate. Since it is about sharing information, it is essential that offices band together for their common good.

By taking a few small steps, law offices can enhance their organization, and utilize the more affordable security resources available. In this way, they can fight the problem together.

How Will Appointing a Security Leader Benefit a Law Firm?

Appointing a dedicated security leader and the team helps identify cybersecurity goals. It also encourages the development of actionable strategies. This is especially important in a law firm. The consequences of a breach in security here are not only dire and embarrassing, but they could result in charges of noncompliance.

A delegated Chief Information Security Officer (CISO) would run the security team. In addition, he or she would also have the following duties:

• Set precise cybersecurity objectives
• Assess how data is being used, as well as stored
• Identify federal and state compliance requirements
• Develop cybersecurity strategies

The CISO and security team are different than the IT department. They are security experts. Their responsibilities will have surpassed the IT department’s general abilities and purpose.

Why Should Law Offices Develop Cooperative Partnerships?

There is safety in numbers. By building strong communication security information-sharing communities, firms are able to divide the challenge of keeping up with potential threats. In this way, they are able to identify and eliminate weaknesses in their systems.

Cybercriminals sniff out vulnerabilities and strike. It is nearly impossible for any single office to remain on top of all of the conceivable problems. This is why it is advisable that they band with organizations that can help.

An important step would be to join the Legal Services Information Sharing and Analysis Organization (LS-ISAO). It is affiliated with the U.S. Department of Homeland Security. It acts as a vehicle for announcements, updates, and threat alerts from the U.S. Computer Emergency Response Team, as well as other pertinent agencies.

Joining a strong information-sharing, cooperative partnership better allows firms to identify issues in their systems before it’s too late. Then, they can fortify their security when it needs it most.

How Will Partnering with Outside App Developers Improve Security?

Outside software-as-a-service (SaaS) applications enable law firms to beef up security without depending solely on their internal defenses. This allows them to improve their protection and adapt to ever-evolving technology.

Additionally, working with outside sources increases access to the latest developments. This is something that is difficult to do for even the most technically savvy CISO in a law firm. By working together, they may develop technology that is specific to the needs of the firm and its clients.

What Does a Layered Set of Security Technologies Include?

No longer is a one-layer system sufficient for securing a law office. Cyberspace has gotten complex. Hackers and other cybercriminals have become very sophisticated in their skills and knowledge. This means their approaches are also advanced.

Rather than just having anti-virus software, today, firms require a multi-faceted approach. There are several features that should be included. A comprehensive security plan should, at a minimum, provide the following elements:

• Encryption technology
• A firewall that includes phishing protection
• Intrusion detection systems
• Multi-factor authentication

Lastly, offices should invest in measures to improve resiliency, such as micro-segmentation. Even if intruders are able to initially access one or more servers, micro-segmentation puts a stop to it. It increases application visibility so unusual behavior is more quickly detected. This prevents intruders from being able to move laterally through a cloud environment across data centers to access all servers. It helps minimize the impact of a breach.

In Conclusion

Taking proactive measures to prevent clients’ data loss or disclosure is a vital aspect in the field of law. Failure to adequately do so is not only an ethics issue that could adversely affect a firm’s reputation, it could also result in noncompliance.

Unfortunately, the changing landscape of cybersecurity has left many offices vulnerable to attack. By following these small, but important steps, firms are able to fight to defend the data they have been tasked with protecting. Although the criminals might seem to be a few steps ahead of everyone else, by working together with the LS-ISAO and other agencies, the legal profession will prevail.

7 Cyberattack Facts

This Halloween we’re celebrating by sharing some scary cyberattack facts. Why? Because, unfortunately, cyber attacks are increasing. The cyber threat landscape is rapidly becoming more of a concern. Not only are businesses seeing an increase in the number of attacks, but these cyber attacks are continuing to evolve.

 

Here are the scary facts:

1. Cyberattacks are the third largest global threat this year behind only extreme weather events and natural disasters!
2. Around the globe, a hacker attacks someone every 39 seconds.
3. There are nearly 6,000 new viruses released every month.
4. There are more than 4,000 ransomware attacks a day.
5. Nearly 1 out of every 100 emails is a phishing attempt.
6. 43 percent of cyber attacks are aimed at small businesses.
7. The cost of all this cybercrime last year? 600 billion dollars!

Read the details below:

Fact 1. Cyber attacks are the third largest global threat this year behind only extreme weather events and natural disasters.

According to the WEF’s Global Risks Report 2018, in terms of events that are likely to cause disruption in the next five years – cyberattacks rank behind only extreme weather events and natural disasters.

The Report reveals that:

• The top five risks to global stability over the next five years are natural disasters, extreme weather, cyber attacks, data fraud, and failure to address climate change.
• Cyber attacks are growing in risk as the potential fallout from an attack on connected industrial systems, or critical infrastructure becomes a serious threat.
• Cybersecurity risks have grown both in their prevalence and in their disruptive potential.

The good news is that many of these cyber attacks aren’t succeeding. However, increases in their growth and sophistication are troubling. Plus, because nation states are performing cyber attacks, cyberwarfare becomes a real threat.

Fact 2. Around the globe, a hacker attacks someone every 39 seconds.

A study by Clark School study at the University of Maryland quantified the near-constant rate of hacking of computers with internet access to every 39 seconds on average. And for those who use non-secure usernames and passwords, there’s a greater chance that the hackers will succeed.

Michel Cukier of Clark School’s Center for Risk and Reliability and Institute for Systems Research identified these as brute force attacks where hackers use simple software-aided techniques to randomly attack a large number of computers.

The study revealed that once hackers gain access to a computer, they:

• quickly determine if it will be of use to them,
• check the software configuration,
• change the password,
• check the hardware and/or software configuration again,
• download a file,
• install the downloaded program and run it.

Fact 3. There are nearly 6,000 new viruses released every month.

A computer virus is a program or software(malware) that once in your computer multiplies in number and affects areas of the computer according to the codes it’s based on. Computer viruses are growing. With the rise in technology, we’re at increased risk of hackers using viruses to infect our networks. They continue to be a growing threat to organizations of all sizes, across all industries. And today’s free antivirus solutions (and some paid ones) are no match against sophisticated malware. Hackers are now using machine learning technology to circumvent security and infect computers with viruses. They also use AI (artificial intelligence) to launch attacks and infect computers to steal data.

Fact 4. There are more than 4,000 ransomware attacks a day.

The FBI has reported that since January 1, 2016, more than 4,000 ransomware attacks have occurred on a daily basis (on average). This is a 300% increase from 2015 when 1,000 attacks occurred daily. Ransomware is the fastest growing malware threat, and it can result in the temporary or permanent loss of your sensitive or proprietary data. It not only disrupts your operations, but you’ll also likely incur a financial loss to recover your data. Ransomware has the potential to ruin your business’s reputation.

Fact 5. Nearly 1 out of every 100 emails is a phishing attempt.

Researchers (from FireEye) reviewed over half-a-billion emails sent between January and June 2018. They found that one in 101 emails are malicious and sent with the goal of compromising a user or network.

When spam is discounted, only one-third of emails are considered “clean.” Highlights of the report showed that:

• There was an increase in phishing attempts during tax season (January – April).
• Impersonation attacks are commonly used for CEO fraud.
• Hackers rely more on friendly name impersonation today.

The WEF’s Global Risks Report 2018 also revealed that 64 percent of all phishing emails sent during 2017 contained file-encrypting malware.

Fact 6. 43 percent of cyber attacks are aimed at small businesses.

This was reported in Symantec Corporation’s Internet Security Threat Report. They also revealed that 1 in 40 small businesses are at risk of being the victim of a cybercrime. Hackers don’t discriminate when choosing businesses. They are targeting their money. Small businesses are big targets for phishing attacks. Phishers target employees who are responsible for the company’s finances. When the phishing emails are opened, it can result in sensitive financial information being exposed. This is how the cybercriminal gains access to a company’s money.

Fact 7. The cost of all this cybercrime last year? 600 billion dollars! That’s three times the amount spent on Halloween candy.

In the February 2018 report “Economic Impact of Cybercrime – No Slowing Down” it says that cybercrime may now cost the world almost $600 billion, or 0.8% of global GDP. The reasons for this growth are as follows:

• Quick adoption of new technologies by cybercriminals
• The increased number of new users online (these tend to be from low-income countries with weak cybersecurity)
• The increased ease of committing cybercrime with the growth of Cybercrime-as-a-Service
• An expanding number of cybercrime “centers” that now include Brazil, India, North Korea, and Vietnam
• A growing financial sophistication among top-tier cybercriminals that, among other things, makes monetization easier

Do these facts scare you too? Are you worried about the cybersecurity of your business? If so, contact us, and we’ll help you determine if you are adequately protected.

What’s The Remote Access Protocol And Why Should I Worry About It?

The Remote Desktop Protocol (RDP) is a means that Microsoft provides for Windows (and Mac) users to access another computer remotely. Remote computer access is often used by IT people to diagnose and repair a problem with a computer. If you’ve ever worked with a company’s Help Desk, then the technician may have asked for remote access to check out your computer. The help desk tech has all the powers and abilities that the user has.

If that user is an administrator (if only one user is authorized on the computer, that user is set up as an administrator by default), they have total control over the remote computer. They may well have total control over the network as well, depending on how the network administrator’s permissions are set up.

So How Does RDP Work?

RDP works by connecting the computer remotely, then controlling it over a local network or the internet. The internet port used for this is 3389. If that port is open in the remote computer’s settings, anyone can potentially connect to it and control it.

The FBI recently warned that hackers are constantly scanning the internet for open RDP ports and selling the access information that they find on the Dark Web. Several types of ransomware and other exploit tools rely on finding open 3389 ports. One security company, Rapid7, found 11 million open 3389 ports on the internet in 2017. There are over 1,000 attempts to find open RDP ports per day.

Obviously, if you don’t know your ports are open, you are not going to be able to protect them. The first step is to make sure that only machines that need remote access are set up for it. Your system administrators can use several methods to make sure that only computers that need remote access have it.

But We’re Covered…Or Are We?

Ah, you say, but we are protected against this kind of attack because we have all our RDP-enabled computers protected by a password. Guess again. If you look, you may well find RDP servers (and servers in general) that are not password protected. Sloppy system administrators (sysadmins) all too often leave the machines they manage unprotected, so they don’t have to remember the passwords to them.

Even if both the servers and the remote machines are protected by usernames with strong passwords, there are two ways that hackers can still access them. One, called a brute-force attack, keeps trying usernames and passwords until it scores a hit. This is known as a dictionary attack.

The other way is to use lists of username/password combinations that are automatically created, bought on the Dark Web, stolen, or some combination of this. The only defenses against this are two-factor authentication or the use of security keys (dongles).

In two-factor authentication, users have to enter a second password, sent by SMS to a smartphone or by email, to log on. When dongles are used, a physical device, such as Google’s Titan security key is used.

Use of biometric identifiers (fingerprints, face scans, retinal scans) is another way of either single-or two-factor authentication (i.e., the user is required to use a password and scan a fingerprint.)

How Bad Is This Problem Really?

Remember, once a hacker gets into your system via RDP, you are probably vulnerable if you do not have two-factor authentication and/or biometric identifiers enabled on all your machines, both Mac and Windows. In any other condition, you are vulnerable. The lists of RDP endpoints being sold on the Dark Web include those stolen from airports, hospitals, nursing homes, and government agencies.

How Bad Could This Get?

So far, the use of RDP as a means of network penetration has been limited to attempts to install ransomware or steal banking, credit card information, and online shopping information.

There is little evidence (remember, we don’t find it unless we look for it or the hackers make a mistake) of any state actors or terrorists using it. But RDP access is really low-hanging fruit for them.

Practically everything runs on computers today, and the vast majority of them communicate over the internet with unencrypted data. Imagine terrorist hackers shutting down first-responder communications systems. They also have the potential to shut down hospital EHR systems or disrupt air traffic control at the airport.

Once we begin to think of the vulnerabilities in our systems, this problem of open RDP ports gets worrisome very quickly. Small wonder that the FBI is warning everyone about it.

In 2017, just one Dark Web site had 85,000 RDP endpoints for sale. It has dozens or hundreds of imitators. We just do not know until the FBI or some other agency finds the Dark Web site and tries to take it down. If you work with a managed IT services company, then it can be worth your while to ask them to check your computers and networks to see whether you have RDP ports open and susceptible.

We know it’s important to have good habits in many parts of our lives, from our work to our daily hygiene. However, quite a few of us forget that we need to have good computer habits, too. Developing wise practices in connection with our computers and smartphones can make our lives much easier and help us to stay much safer on the internet.

Back Up Your Files

One thing that many people fail to do is back up their files. All it takes is one catastrophic computer crash and days or even months of work can be lost. Priceless family photos, fun videos with friends, key work files, and important school assignments that were a work in progress can be lost. Backing up your files isn’t that hard nor is it expensive. And, to make things even better and easier, you have many different options from cloud-based backups (such as GoogleDrive, OneDrive, or DropBox), convenient USB thumb drives, portable hard drives, and even specialized backup drives. A good practice is to make sure your files are backed up daily, or at least weekly.

Keep Your Software Updated

Software updates can be a pain, but they are vital to ensuring that your computer and software runs smoothly. In fact, one of the major reasons that updates are released is to fix bugs and issues that could make your computer vulnerable to cyber threats. Hackers know about these bugs and vulnerabilities. If you don’t allow your system to install the patches and fixes, then you are making yourself a prime target for a cyber attack.

Keep in mind that you don’t have to perform updates in the middle of your work anymore. Most software (and smartphones) will give you options for when the update should take place, so you can choose times when you aren’t busy on your computer.

Be Smart When Using Public Wi-Fi

Public Wi-Fi in places like fast food restaurants and coffee shops can be tempting to use when you need an internet connection, but they can also be dangerous. These public Wi-Fi networks are a common target of hackers, and even hackers with minimal skill can quickly figure out things like your social media credentials and more.

If you do have to use public Wi-Fi, take safety precautions such as turning off network discovery, file sharing, and printer sharing and make sure your firewall is turned on. Don’t be an easy target for hackers.

Make Use of Antivirus Software and Passwords

Would you leave your front door unlocked if you lived in a high-crime neighborhood? Well, the internet is a high-crime neighborhood. Failure to use updated anti-virus software and good passwords is the same as leaving your door unlocked. You can’t afford to make it easy for the wrong people to access your personal and financial information.

Your first line of defense lies in the passwords you choose. Don’t use easy to guess passwords, and don’t use the same passwords for everything. Include letters and symbols with your passwords to make them harder to crack, and add some numbers for good measure.

Your second line of defense, much like a deadbolt for your front door, is anti-virus and firewall software. They don’t have to be expensive in order to do a good job of protecting your computer. It is also vital that you keep your anti-virus and firewall software updated and don’t ignore alerts they provide.

Be Careful with Email

Going back to our analogy of living in a high crime area: if your doorbell rang in the middle of the night, would you fling the door open and invite whoever it was inside? You would probably want to make sure who it was, and even check their ID if they claimed to be some kind of official demanding access to your home. Strangely enough, far too often we inadvertently provide access to individuals with malicious intentions when we click on links in emails without making sure where those emails are really from.

In short, don’t open an email unless you have a good idea of who it is from, and beware of clicking links in emails even if they seem to be from friends. Be cautious about opening attachments, too. In short, be as careful with your email as you are with your front door.

Conclusion

You work hard to keep yourself safe from physical dangers such as criminals and disease. It makes sense that you should work just as hard to keep your electronic devices safe, too. Backing up files (including documents, photos, and videos), keeping your software updated, and being smart when on public Wi-Fi is a good start. Add to that antivirus and firewall software, robust passwords, and the careful use of email and you are on the road to developing excellent computer habits that will keep your files, data, and personal information safe.

The Health Insurance Portability and Accountability Act (HIPAA) is a Federal statute, and associated regulations, that, among other things, control what healthcare providers and other “covered entities” do with “protected health information” (PHI). The HIPAA regulations are fairly straightforward, but there are a lot of them. There is a good summary here, with links to the relevant portions of the Code of Federal Regulations (CFR). This article covers only the basics.

Who Does HIPAA Apply To?

“Covered entities” are health care providers, health plans, and health information clearinghouses. The latter are usually aggregators of health information from hospitals, doctors, and the like. “Protected health information” is any information that relates to an individual’s past or present health status, treatment, and payments for any treatment an individual receives. Past, present, and future healthcare records are covered.

Data falls under HIPAA protection for 50 years after the death of the patient. The form in which the information exists does not matter – it can be written, oral, or electronic. If the information is in electronic form, additional requirements for protecting it apply.

Why Should I Worry About All This?

People are concerned about following HIPPA guidelines and they should be. It’s important to protect the personal and healthcare information of all patients. In addition, the Office of Civil Rights (OCR) within the Department of Health and Human Services (HHS) can impose large fines and other penalties for HIPAA violations. Hospitals and health systems have been fined in the millions of dollars for HIPAA violations. And HIPAA violations, if they make it into the news media, always create bad publicity.

What Can I Do To Remain Compliant?

Training of staff on HIPAA rules and practices is by far the most important step. The second is making sure that PHI stored in electronic form is protected. That involves things like:

• Using encryption when data is stored or transmitted
• Making sure that staff have only the access needed to do their jobs
• Making sure that access to systems is, at a minimum, protected by strong passwords
• Protecting records with the latest technology such as swipe cards or biometric identifiers

What Do I Have To Do To Conform To HIPAA?

You need to:

• Formulate your privacy practices
• Notify patients of privacy practices
• Obtain consent or authorization when required
• Make sure that your arrangements with business partners meet HIPAA requirements
• Make sure you distinguish your normal health care operations, where consent is not required, from disclosures, where consent or authorization is required
• Make sure you follow the HIPAA “security rule,” which covers PHI in electronic form

It goes without saying that your legal department needs to be involved in all of this. The Notice of Privacy form should inform patients and staff of what your practices and guidelines are. The notice should be given in written form to patients when they are first encountered.

“Arrangements with business partners” concerns companies that may have access to PHI in the course of providing services to a health care provider. These include companies that provide storage of documents, destruction of documents, or electronic handling of documents. You are required to make sure that they understand the HIPAA requirements and conform to them. You can think of it as the HIPAA requirements “flowing downhill” from you to your business associates.

What’s The Difference Between Consent And Authorization?

In many cases, no consent is required. This includes disclosure of PHI for treatment, payment, and health care operations. A covered entity may, but is not required to, seek consent from a patient for these purposes, but it is common to do so.

On the other hand, an authorization is required for any use of PHI other than the ones listed above. An authorization is more formal than a consent, must be written, and must contain several elements, which are covered here.

Authorization is required when the disclosure is for any purpose other than treatment, payment, or health care operations. This includes disclosure to a third party, such as a life insurance company, an employer, or a provider not affiliated with your healthcare organization.

Please note that electronic transmission of PHI is covered by the authorization requirement as well. If authorization to send the information on paper is needed, authorization to send it electronically is needed as well.

What Are The Takeaways?

• HIPAA compliance is not optional.
• Penalties for violating it can be very costly.
• HIPAA applies to PHI in any form – paper or electronic.
• Obtaining consent is generally a good idea; authorizations are required.
• Depending on the services your business partners provide to you, they may be required to conform to HIPAA as well.
• It is always better to err on the side of caution when dealing with HIPAA.

If you still have questions, be sure to visit the HIPAA website. Today, there are many organizations that can help you learn about and comply with HIPAA guidelines. For instance, many managed IT services providers have tools to help with compliance.