Category: Uncategorized

It seems that small businesses rarely catch a break. Unfortunately, their employees often enjoy fewer perks than those working for larger corporations do. This is primarily because the smaller companies have fewer assets with which to work. Due to the smaller economic cushion, they also have a greater risk. That is why, when a fresh law is put into action for the “little guy,” it is newsworthy.

As with any new law, however, there are those that it benefits, those that are unaffected, and those that it may hurt. That’s why it’s good to stay informed.

What Are ESOPs?

ESOP stands for Employee Stock Ownership Plan. An ESOP allows the owner of a business to shift that ownership to his or her employees. This is often done by way of stocks or “shares.” In some companies, members buy stocks outright.

Other businesses require no upfront cost. The ESOP is part of an “employee benefits package.” It is considered part of his or her pay, and maybe figured as 50/50. This is where the company matches monies contributed by the employee. Often, the shares are held until retirement, and maybe, in fact, the bulk of that employee’s retirement.

Although ESOPs have existed much longer (just in different forms), they became prevalent in the 1980s. According to the National Center for Employee Ownership (NCEO), a few of the largest ESOP companies include the following:

• Brookshire Brothers
• Enercon Services, Inc.
• Krueger International, Inc.
• McCarthy Building Company
• Publix Super Markets, Inc.
• Travel and Transport, Inc

By 2018, the number of ESOPs has been estimated at between 7,000 and 8,900. The number of participants is over 14 million.

What Are the Pros of Employee Stock Ownership Plans?

Reputedly, there are many benefits to participating in ESOPs. For example, they generally have a positive effect on employees. A few of the primary perks include the following:

• Employees feel more invested in the company
• Invested employees are typically harder workers
• Employees feel a greater sense of job satisfaction
• They have more job stability
• They feel like a part of something greater than themselves
• They often make a tidy profit

ESOPs are particularly beneficial in small companies where the primary owner is planning to retire. This allows for a smooth transition of power. As the company succeeds, the employees succeed, and morale rises.

What Are the Cons of ESOPs?

One of the potential problems with an Employee Stock Ownership Plan occurs when the value of the company decreases after an employee buys in. When the business is worth less, each employee’s stock decreases in value. This usually occurs with companies that have inconsistent profits.

An example of this would be the case of Lifetouch Inc., which was a popular photography company. They primarily specialized in school photos. As digital photography techniques became the demand, the company struggled to adjust. Business suffered.

The company stock in ESOP declined by $840-million between 2015 and 2018. Lawsuits were filed against individual members of the Board of Directors. Unfortunately, the company’s ESOP was not protected against such losses. This is one example of what could go wrong with this type of retirement plan.

How Does the New Law Work and Who Does It Benefit?

New York Senator Kirsten Gillibrand introduced the Main Street Employee Ownership Act in May 2018. This ESOP law is the first to focus on employee ownership in the last 20 years. It eases the process for distributing loans for those transferring to an ESOP. However, there are no additional funds being allocated for this process.

Generally, the new ESOP law is thought to primarily benefit small to mid-sized businesses. More specifically, it targets the Small Business Administration (SBA) in two ways. First, it directs them to make small business loans more readily available to cooperatives. A Cooperatives is a style of business organization that is owned and run by the employees. They also share in the profits.

Second, it encourages the SBA to work with country-wide Small Business Development Centers (SBDC). SBDCs provide consultation and training to small businesses that are transitioning to an ESOP.

The ESOP Association’s president, J. Michael Keeling, was reported as saying the following:

“This law will help organizations better understand how to pursue a strategy of shared capitalism—something that our country’s founders agreed was vital to the health of our nation.”

In Conclusion

Whether Employee Stock Ownership Plans are the wave of the future is difficult to tell. The new law provides many benefits that make it an attractive proposition. It paves the way for small and mid-sized companies to more easily transfer ownership to employees. Consultation and training are more readily available for those companies wanting to make this transition. It also improves the ability to obtain loans. Overall, it appears things will be brighter for small businesses. As with anything, only time will tell.

 

An Inspector General’s (OIG) report from the Federal Department of Health and Human Services (HHS) finds that Maryland failed to secure its Medicaid Management Information System (MMIS) against several avenues of attack.

What Security Violations Did Maryland Commit?

The report, available in summary form at OIG Report on Maryland MMIS Security, does not go into detail for fear of revealing the nature of the vulnerabilities and possibly exposing the MMIS to penetration. It does note that, in addition to other techniques, automated penetration testing tools were used in an attempt to break into the system. The report indicates that these tools succeeded.

How Attacks Are Evolving

Other reports have noted that automated penetration tools are getting more sophisticated over time, and now far exceed the sort of attacks that were driven by “script kiddies” in the last decade. On top of that, despite increased efforts at email security and training workers in cybersecurity hygiene, phishing attacks, in which a phony email is used to get a user to perform an action that leads to system penetration, are all too common.

Because of the lack of detail in the OIG report, we can only speculate about what was attacked and what methods of penetration were used. Consider this, though. The typical MMIS is a mainframe-based system that is communicated with from terminals. It usually runs some version of Windows over networks that often must, of necessity, be routed partially over the public internet. Even if a virtual private network (VPN) is used for the connection, the “attack surface” – the set of points and vulnerabilities that led a bad actor to attack a system – is expansive.

All the attacker has to do is gain access to an unencrypted portion of the traffic. Inserting malware, such as ransomware or keyloggers, is simple from that point on. The lesson is that one must avoid penetration at all costs.

Was There A Cyber Security Attack on the Maryland MMIS?

The OIG report specifically notes that there is no evidence that the Maryland system had, in fact, been penetrated. But consider what might have happened if it had. The MMIS is used to pay Medicaid providers. While providers often complain that Medicaid payments are less than their cost of service, the aggregate amount of money involved is huge. Nationally, Medicaid spent almost 596 billion dollars in 2017. The expense is very roughly split 50/50 between the states and the Federal government for the traditional Medicaid population. For the people that were brought in under the Affordable Care Act (ACA) Medicaid expansion, the Federal government pays 90%.

A Huge Payday for Hackers

So, there is a pool of more than half a trillion dollars, potentially payable to providers, for hackers to attack. The MMIS in most states has modules for beneficiary enrollment, provider enrollment, recording of services rendered, and provider payments. A hacker who had control of the system could create phantom beneficiaries, phantom providers, bill for nonexistent services, and generate checks to pay the nonsexist providers for not providing them. Once the hacker is in the system, a potentially huge piggy bank is opened. The OIG’s principal worry in its report was the possible exposure of Medicaid data to the public, but the possibilities for fraud are equally worrying.

Why Does It Take So Long For Hacking To Be Discovered?

How quickly such a penetration would be detected is a function of the security measures the state has in place. The mere fact of finding a penetration does not, in and of itself, reveal where the miscreant was or what the hacker did. That requires checking of audit logs and development of a trail. Depending on what events are logged, even that might not be enough. In a worst-case scenario, not until some other event – a beneficiary notice returned as undeliverable, a bank questioning an electronic deposit, and so on – would sufficient suspicion be generated to lead to the discovery of phony providers and phony beneficiaries.

Holes In The Medicaid System

The MMIS includes tools for surveillance and utilization review, but their basic functions are still fairly unsophisticated, relying on detection of statistical outliers. Depending on where the limits are set, cases that are truly concerning may be missed. We can draw some instructive lessons from looking at what has been found out about HIV drug prescriptions under Medicare. In one case, a 48-year-old in Miami went to 28 different pharmacies to pick up HIV drugs worth over $200,000 dollars, in doses that were more than ten times what the typical HIV patient gets in a year (see Suspicious Prescriptions for HIV Drugs in Medicare).

Wrap Up

Maryland’s MMIS has parts that first came online in 1996. A contract to replace the system was terminated in 2015 and the case between the state and the prime contractor is now in the courts. Maryland’s experience in attempting to replace its MMIS system is not unique. Despite its surface simplicity, MMIS systems can involve hundreds of modules providing thousands of different functions that often have to interface with other state systems such as finance, enrollment and eligibility, public health, social services, and the state’s education system.

Designing and programming one is not easy. When it has to interface with multiple-aged legacy systems that the MMIS contractor has no control over, the job is even harder.

This month’s training on demand focuses on helping you find the most accurate information you need on Google.

We’ll leave no stone unturned in this 28-minute online training session. Learn how to find answers to your queries and questions right through to advanced techniques using Google.

Click the video play button below to get started.

Click Here To View Online

What’s WPA3?

WPA3 is an improvement to WPA2 security, which is still commonly used after having made substantial improvements over WPA. It is expected to better protect users from software hacking. In partial development for approximately 10 years, this improved form of security allows users to experience the benefits of additional features. These features include a wider range of settings, a more complex authentication system, and improved encryptions.

The recent integrations in security have included two versions, a WPA3-Personal version and a WPA3-Enterprise version. Both forms have been updated to include ongoing security improvements for the version. This involved removing legacy protocol and mandatory use of Protected Management Frames (PMFs) that have controlled resistances in networks used for operations. The personal version uses a new processing method referred to as Simultaneous Authentication of Equals (SAE), which secures connections between two devices while challenging external efforts to discover passwords.

The enterprise version provides 192-bit encryptions, higher than the enterprise version, and applies more cryptography tools than previous versions. As the software has only recently been developed, it has been integrated to some extent, but ongoing integration is expected to parallel increasing requirements for its use. This will challenge the current efforts of hackers. According to WiFi Alliance, the security improvement will be the standard for devices labeled as Wi-Fi Certified.

How Can It Better Protect Me From Hacking?

An improvement over WPA2 with increased encryption and tool application, many efforts of current hackers are expected to be again stunted without serious adaptations and improvements on their end of security demands. According to the New York Post, recent improvements in the way hackers operate have allowed them to violate users without waiting for a network connection. This improves their capacity to breach additional security and access information. However, WPA3 is expected to better protect users from both external and internal attacking.

Wired reports 9 billion Wi-Fi devices used worldwide, leading to one of the greatest security demands in computer software. This created the demand to improve WPA2 in terms of both connection security and addressing security challenges in user functions.

WPA3 development has been supervised by the Wi-Fi Alliance, and the organization does not expect WPA3 to be commonly used until the end of next year. WPA3 is also expected to lead to an increase in free connection use, improving the safety of organizations willing to extend access without any charge or subscription to a membership. The upgrade will provide substantially improved security specifically over dictionary attacks by using improved protocols for key exchange. While WPA2 uses a four-way connection between access points and clients, WPA3 will use SAE to avoid WPA2’s vulnerability to key reinstallation attacks (also referred to as KRACKs). This reduction in dictionary attacks is further supported by a system that safeguards traffic that occurred before a hack, restricting hacker access to information after an account has been breached.

Additional Benefits of WPA3 Technology

Other benefits of WPA3 can improve some areas of network and business securities. WPA2 currently allows people on a public network to observe user traffic while leaving users vulnerable to ‘middle man’ attacks and data tracking. WPA3 uses encryption connections without demanding additional credential information, and its encryption (referred to as Opportunistic Wireless Encryption) can protect users and organizations. Nonetheless, it is considered to be an investment that has significant cost to organizational operations. Business managers may not be inclined to spend more for better technology.

The timeline for mainstream integration is expected to span over the next several years. As the first release was just in June of this year, it follows a 2006 release of WPA2 that also continued to be released over several years’ time.

According to SecurityIntelligence, organizations should expect approximately 18 months before devices begin to be commonly certified, followed by additional time in organizations investing in the technology. In addition to certified devices being the foundation of use, people with mismatched hardware may find that their routers are not compatible with WPA3 Wi-Fi connections. Some routers are expected to have preservation potential while being usable with these improved security devices and connections. Some will not be usable with the upgrades.

WPA3 is not expected to address all security demands in the current Internet of Things or IoT landscape. Threats that have their roots in compromised devices will not be protected in the use of connections made by users. This remaining vulnerability alongside WPA2’s generally safe nature have made many consumers hesitant to invest in the upgrade immediately now that it is available.

What Should I Know?

• WPA3 provides improved authentication processes.
• WPA3 provides increased encryption.
• WPA3 does protect all users connected in the IoT.
• The upgrade will cost more but should be worth it in the long run.

Hand-in-hand with an increased reliance on the internet and networked systems comes to an increased risk for cyber-attacks. Whether conducted unintentionally or deliberately, cybersecurity incidents can wreak havoc on a company’s bottom line, bringing a wide range of consequences with the capability to do long-term harm to companies big and small.

For this reason, the U.S. Securities & Exchange Commission has required public companies to follow a particular set of guidelines and procedures to combat the countless number of cybercriminals scouring the internet in search of opportunities.

Cybersecurity threats and risks are ever changing, and according to the SEC, public companies need to do all they can to prevent attacks. While there exists a world of difference between public and private companies in regard to rules and regulations and how they operate, the two may often encounter the same challenges in regard to cybersecurity. This is why, while unregulated by the SEC, private companies can’t afford to ignore what’s recommended to prevent and combat cyber incidents.

In order to educate and provide support to public companies about the risks associated with cyber attacks, the SEC has introduced a cybersecurity information website containing a variety of tools to be used by companies large and small. These include alerts, compliance toolkits, educational resources and other information pertinent to cyber security and its potential effects on today’s businesses.

What Can Companies Do To Address Cyber Risks?

The SEC has some important tips for businesses to follow if they’re hoping to steer clear of cyber attacks. And in the cases where it’s too late, there is a set of procedures businesses should implement to help minimize damage once an attack hits.

The website covers a wide variety of cyber-related misconduct, including market manipulation through false information, intrusions, hacking and attacks on market infrastructure and trading platforms. According to the SEC, here are a few things private companies must do in order to effectively manage their cybersecurity risk.

Prioritize Policies

An effective set of policies and procedures for dealing with cybersecurity is vital in today’s business world, especially during a time where cybercriminals are acquiring new skills and targets by the day. Companies must be able to identify cybersecurity risks, analyze their impact, and offer open communications with tech experts who can help implement preventative measures and damage control.

There should also be a protocol to help determine the potential risks and materiality of cybersecurity incidents. It’s important for companies to assess compliance with these policies on a regular basis, as well as ensure a proper set of procedures that conveys important information to the necessary personnel.

Necessary Disclosure

Conveying cybersecurity risks and breaches to the appropriate parties is of the utmost importance for public companies, though private companies would do well to follow a similar structure of command. A company’s top directors, officers and other parties responsible for implementing these cyber controls and procedures should be informed of the potential risks in order to develop an effective plan for prevention. And while management’s role in overseeing cybersecurity is indisputable, there are other parties that must be involved.

Combatting Insider Trading

Once a system has been infiltrated by a cyber attack, timing is crucial. The SEC states that companies must have a set of procedures in place to prevent insiders, such as company directors and officers, from taking advantage of the sensitive time between discovery of an attack or cybersecurity incident and the time it is disclosed to investors. It may even be appropriate to halt transfers in the event of an ongoing investigation of a particular cybersecurity incident.

What Are The Risks?

The risks of a cyber attack are varied and depend largely upon an individual company’s IT structure. When evaluating cybersecurity risk factors, there are a number of things companies both public and private must consider. For instance, the occurrence of previous cybersecurity events in the past is helpful in determining risk, as is the probability of the occurrence and its potential magnitude.

It is also helpful to analyze the adequacy of a company’s preventative measures to reduce the risk of cyber attacks, as well as discuss the associated costs and limits of a company’s ability to mitigate these types of risks. Other risk factors include the potential for reputational harm and additional costs incurred from litigation and remediation in the event of a breach.

Conclusion

Private companies are in a unique position to learn from public companies as they navigate an ever-changing digital landscape. The SEC’s guidelines serve as a valuable point of reference to kick-start an effective game plan for cybersecurity. Although it can be difficult to determine when or where the next cyber attack will occur, familiarizing yourself with the risk factors and potential damage can prove a solid line of defense against a major cyber incident in the future.

IDC Report Focuses on How Real the Threat Actually is for Canadian Businesses

How much is your company spending on IT security? According to most analyst numbers, an average of 14% of the IT budget should be shelled out each year to safeguard a business. The reality is that less than a quarter of companies are spending even near that much.

What Was Revealed in the Report?

In a report by the International Data Corporation (IDC) that focused on Canadian companies’ security budgets, some startling statistics were revealed. The IDC, which is a global provider of market intelligence in information technology, surveyed over 200 Canadian companies. In the survey, they calculated that while the average company spent a little under 10% on IT security, the budget was mixed and varied dependent upon the company. The report states that the majority of businesses’ data security budget was subject to how smart that company’s methodology was at combating hacking.

IDC broke down the Canadian firms they surveyed into four main groups:

Egotists

17% of the businesses surveyed are what the IDC labeled as Egotists. This group has a grasp on security, spending about 12% of its IT budget on security. However, the IDC points out that even though these Canadian companies are doing some things right, their overconfidence could easily be their downfall.

Realists

Nearly a quarter of the companies fell into what the IDC labeled as the Realist category. Realist’s cybersecurity budgets are the highest, spending around 14% of their money on IT solutions. These organizations understand that a constant battle must be waged against hackers, and they can never let their guard down. They devote a lot of energy to analyzing and comparing their performance to that of their industry peers.

Denialists

The highest percentage, 37% of companies surveyed, tend to bury their head in the sand when it comes to cyber security. Their goal is to focus on installing new technologies in an attempt to solve the security problem instead of investing in processes that are secure. They also fail to train their staff about cyber security, which leads to more employee caused hacks.

Defeatists

About 25% of the firms examined fell into what the IDC says is the worst of all the categories—the Defeatists. They’re terrible at security, and they fully admit to their failures. Their strategy leans mostly on throwing a small budget at the wall and seeing what sticks. They tend to spend an average of only 6% of their IT budget on security, since they don’t think anything is really going to work anyway.

Which Type of Companies Spend the Most on Cyber Security?

The IDC reports that the three industries who will spend the most on security solutions in 2018 are banking, discrete manufacturing, and the federal government. These three groups will spend more than $27 billion combined.

The four industries that will see spending greater than $5.0 billion this year are process manufacturing, professional services, consumers, and telecommunications. The IDC also reports the industries that will encounter the fastest spending increase over the 2016-2021 forecast period will be telecommunications, education, state and local governments, and the resource industries.

How Much Should Be Spent on Cyber Security Awareness?

The IDC’s survey pointed out the importance of training the company’s non-technical employees. On average, results of the IDC survey revealed the companies that fell into the realist category spent about 24% of their IT security budget on employee awareness and education. They understand that employees are the weakest link when it comes to cyber security. People who are not well-trained to spot phishing schemes will click on suspicious links that could cripple your entire IT infrastructure.

How is the Spending on Cyber Security Broken Down?

The IDC strongly points out that not every dollar with a security benefit inevitably shows up in a company’s security budget. For example, a company might purchase a tool to locate network anomalies. This would fall under a clear security-related purchase. However, if the tool isn’t integrated into a wider detection and mitigation process within the company, it most likely won’t be effective for improving the company’s internet security.

An example of this is the attack against retail giant, Target’s point-of-sale (POS) systems in 2013/2014. The system triggered alarms, but Target’s information security team chose to ignore the warnings and not follow-up on the spotted activity. This inaction resulted in the loss of tens of millions of credit card numbers and hurt the store’s reputation with its loyal customer base.

On the other hand, an IT department that budgets for designing a system of repeatable and automated processes before it invests in high-level detection tools is causing their infrastructure to be more secure, even if the chief purpose is system efficiency. It isn’t clear what portion of that shows up as a security line item or falls into another category.

Conclusion

There’s too much at stake these days not to stay on top of IT security for your Canadian business. Educate employees; invest in the best IT security solutions. Stay on top of what’s going on in the world of cyber security. Not spending enough on cyber security should not even be considered. But neither should spending money on fancy cyber security tools with no clear methodology or IT plan in place.

 

What is PMKID?

Pairwise Master Key Identifier (PMKID) is a type of roaming feature in a network. Recent improvements in hacking have been targeting it for exploitation in vulnerable processes, thereby demanding that ongoing security efforts better address it and its affected procedures.

New wi-fi hacking strategies have been using coding and processes that have made it easier for hackers to learn user passwords for a wide range of router types that are commonly used in homes and businesses. Specifically, processes targeting PMKID zero in on internal network protocols with its features enabled, bypassing critical processes. The method was initially discovered by accident, in an assessment of developments in WPA3 security standards, with the exploitations realized to be potentially applicable to existing security systems.

What Security Vulnerabilities Are Concerning?

Online sources including The Hacker News report that hackers have used the approach successfully to gain pre-shared key (PSK) user account login passwords, which they have then used to hack the wi-fi networks of their victims. This has led to hackers penetrating even further into user databases to gain or misuse other information. While earlier methods have demanded that hackers stand by while waiting for their targets to log in to the network and acquire a complete four-way authentication handshake of EAPOL, the PMKID approach does not require this.

This approach, therefore, makes it easier for hackers to access sensitive information, since they can instead use the Robust Security Network Information Element (RSN IE) with a single Extensible Authentication Protocol over LAN (EAPOL) after making a request from their access point. This is also significantly more efficient and with higher potential for multiple attacks from a single point.

Generally, a successful attack occurs in three steps, which may or may not be followed by the subsequent abuse of personal or otherwise sensitive information. In the first step, the hacker uses a tool such as hcxdumptool to make a request to the PMKID. The PMKID is thereby asked, from the hacker’s point, and the hacker can use the tool to prepare to dump information received to a file for future access and misuse.

In the second step, the tool is used to process frame output, converting it to a hash format for future acceptance. In the third step, a tool such as Hashcat can be used to crack the WPA PSK password, at which point the hacker has the potential to access the personal information of users.

Researchers have been vague in terms of the specific routers involved and the extent of routers most vulnerable to PMKID attacks. The general method seems to be most threatening in 802.11i/p/q/r networks with their roaming functions enabled. This, unfortunately, describes most current routers, while WPA3 developments have only recently begun to counter aspects of the fundamental nature of the vulnerabilities.

The Hacker News reports that WPA3 is a new form of security protocol that is required to address previous WPA2 vulnerabilities that have been increasingly exploited despite smaller non-version-specific security developments. Newer developments employ a new framework that includes features that cannot be encompassed by these smaller software and security upgrades, demanding foundational improvements. An example of a foundational technological improvement is the establishment of Simultaneous Authentication of Equals (SAE).

In addition to the nature of the vulnerability, as is common with modern hacking potentials, access to directions in a PMKID attack are readily available online. SecuredYou is an example of one of many online sources that walk users through potential attacks. According to this source, in an optimized approach, users should first request PMKID from the router, install hcxdumptool and hcxpcaptool, and make network requests for recording through additional described steps.

Other online sources, including the Latest Hacking News and The Register, report that such an approach can be currently used for success in 10 minutes or less on most networks, depending on the extent of active network traffic. Hacking has never been so easy for predators.

What’s Been Happening In Research And Development?

Software and security protocol developers have been addressing the issue most directly through WPA3 and network security strategy research and development. One recent patent has attempted to address and improve an aspect of vulnerability by enhancing an extensible authentication protocol re-authentication protocol (EAP-RP) framework in message transition.

Another recent patent has targeted the way network information is configured and authenticated while maintaining PMKID in addition to a basis on a transient identity key pair provided to other access points. Such developments may benefit users more quickly or to greater extents than the implementation of WPA3.

What’s The Bottom Line?

• PMKID attacks do not require the same waiting times.
• The potential detriment is high.
• WPA3 technology can counter the attacks.
• Other non-WPA3 patents/developments may work but should be tested first.

Those of us who are in the know about artificial intelligence (AI) in medicine no doubt know that IBM’s efforts to use its Watson system in healthcare have been a mixed bag at best and many of the engineers working on the project have been laid off. What went wrong? Watson did so well on Jeopardy.

How Real Is Real?

One of IBM’s initiatives, Watson Genomics, was focused on using data from lab tests on patient’s cells to recommend treatments, replacing the 10-15 doctor “tumor boards” that do this sort of work. Some aspects of that initiative went very well. But another did not fare well. That initiative ran into real difficulties with patient data, so hypothetical data was used instead together with Watson’s huge intake of oncology textbooks and journal articles. That effort produced treatment recommendations that, in the real world, might have had fatal consequences.

And therein lies the rub. Real-world data is messy. Nothing guarantees that this info is accurate. Hospitals are still oriented towards billing; not excellent outcomes. But even so, this is all the data we have. Not using this information to train AIs, it seems, is not an option.

Current AI systems may use “deep learning” and other techniques to extract patterns from data; the data that they use to discover those patterns is called the “training set.” Once that work is done, the patterns learned are tested against other sets of data to see how well the AI performs. What the Watson experience, in part, indicates is something that AI researchers learned the hard way: it is very difficult to create training sets that mirror the real world. Using actual data is much more effective.

How Current Is Current?

The Watson experience indicates another problem. Medical treatment is constantly advancing, patient populations are changing – if nothing else, they are getting older – and this raises the issue of how the training set used relates to current information. Experts in the field say that so far, very little attention has been devoted to keeping the systems updated with new training set data. This increases the risk that treatment recommendations will no longer reflect the best clinical judgement or the real-world results of using new therapies.

Where Has AI Succeeded?

The success stories of AI applications in health care usually involve a combination of relatively simple questions – “Is this lump in this breast suspicious or not?” – rather than complex ones such as, “What is the best cancer treatment for this tumor in this patient?”

AIs have been proven better than human radiologists at detecting suspicious lesions on several kinds of X-rays. One focus – human eyes are in constant motion, AIs can scan the X-ray pixel by pixel.

What Is Decision Support?

For once, the name of a technology is not misleading – decision support systems act as inputs to medical decisions, and hopefully will improve them. What kinds of decisions? Among them are:

• Which antibiotic should I use to cure the patient’s infection and not increase bacterial resistance?
• What test should I order next to establish my guessed-at diagnosis?
• Which treatment option is the most effective and the cheapest?
• Can I safely discharge this patient? If not now, when?
• Should I have another radiologist look at this MRI?

Doctors face questions like these every day, and have to make decisions in real time, often without the luxury of contemplation or research. They also suffer from “cognitive overload.” Even with sub-sub-specialties, there is too much information for one doctor to carry in his or her head.

Decision support systems have the advantage of being able to handle huge amounts of data, process it in ways that a single human never could, and they do not suffer from fatigue. The combination of a human doctor and an AI ought to be a winning one. (Provided, of course, that the AI is kept current and retrained when things change.)

What’s The Next Big Thing?

Current decision support systems are notorious for generating “alert fatigue.” They hit the clinician with so many recommendations and warnings that the clinician tunes them out. They also are not well-integrated into the clinical workflow and electronic health record (EHR) operations.

The Holy Grail, of course, is for decision support to be driven by the EHR, with recommendations driven by what is happening to the patient in near real time.

“Clinical pathways” is ripe for innovation. Every patient is unique, but the course of care is in some ways highly predictable. An AI has the potential to automate orders, verify from the EHR that appropriate care has been delivered, flag deviations from the ideal pathway, and recommend corrective actions.

The key focus on AI development in the future should be on “the human use of human beings.” Maximizing outcomes for the patient while at the same time reducing the burden on caregivers—that’s the best case scenario.

 

Experts agree that the legal sector is not really on the cutting edge when it comes to adopting the latest technology trends. In fact, with the long-standing history of traditional values, it is rare to see widespread use of information technology (IT) in the industry. Even in current years, many law firms prefer to stick with hard copies (paper-based) including books, letters, and legal journals. However, as technology advances, this trend may be a contributing factor in keeping the “slow wheels of justice” at the reduced pace for which it is known.

Fortunately, it is evident that the benefits of legal IT technology outweigh the detriments. In fact, it is equally apparent that implementing the deployment of information technology is possible without disrupting the business. That is key to a successful transformation.

What Prompts Hesitation in the Legal Industry?

In the 2016 State of Digital Transformation Report, Brian Solis and the Altimeter Group conducted a survey of 500 executives. The general consensus was that the main issues included the following:

• Dangers to breached data
• Unsure of return on investment (ROI) to justify the value of increased IT
• Risk management compliance
• Managing potential legal complications
• Resources required for all employees at the office

An additional challenge law firms face is the necessary functionality of the space. In other words, digital upgrades would need to be implemented and perhaps piloted while the regular business continues on. No law firm these days can afford to just close its doors for a few months. These time constraints make it difficult for IT to be introduced and utilized in the legal sector.

Law offices often have a somewhat conservative approach to change, a lack of collaboration, and a tendency to be “set in their ways.” Also, many practices are partner-owned and operated, making the financial risk more personal than it would be for corporations. Lawyers are more likely to take a “wait and see” approach to adding cutting-edge technology.

Why Are the Trends Changing?

Although change is rarely immediate, an increasing number of law firms are acknowledging the need to modernize. Adapting to the digital age is gradual for many attorneys. Perhaps they’re dragging their feet for a few good reasons:

• The extreme amount of paper-based processes means the legal firm might spend years working to move all records to digital formats.
• Since the legal sector exchanges large amounts of data and information with many individuals and organizations, their technology upgrade could be a pain point for staff, clients, attorneys and even third-party vendors.
• Generally, legal professionals are intelligent, educated, and highly skilled. This means the move to embracing new technology should be an easy one. However, they may be reluctant to take that first step.

Perhaps a gradient approach, using a pilot group would help initiate the process. With a small team of informed individuals, the steps to introducing stronger legal IT to the remainder of the office would be much smoother.

How Would This Work?

It would likely require a process of educating the potential users about the benefits of digital technology. This would focus on how much time and money it would save. Explain how this advancement could be accomplished without disrupting the day-to-day business.

Furthermore, the top IT Directors or CIOs should understand how the evolution of their existing method of delivery would save money. It would also allow them to provide better service.

Additionally, by moving away from a paper-based system and using an automated self-service portal for IT support, legal professionals can avoid calling a support engineer when something goes wrong. Users can learn from tutorials and self-help articles to fix devices themselves. As law staff become more familiar with the equipment, they develop confidence to interact with new services and equipment. They learn modern skills and a willingness to experiment with what digitalization can do for them.

At the same time, it frees up IT engineers as law staff benefit from learning how to interact with new services. As the law firm moves forward embracing technology, they become open to further changes in the future for a more connected workforce. It has to start somewhere.

What Would Come Next?

A possible next step would be to employ a chatbot, such as Tawkto, which allows legal professionals to communicate with one another, as well as their clients. This enables real-time communication to occur at any time. By engaging their clients outside of scheduled hours, attorneys provide a more satisfying experience.

This would also help law firms that switch to charging their clients based on successful final results, rather than by billable hour. Since they aren’t being paid by the hour, it makes sense to maximize their time. Digital approaches to communication streamline this process.

In Conclusion

With a sector that is known for preferring a traditional, more conservative operation, it is even more important to take a gradual, phased approach. The right IT Director can plan accordingly to ensure the comfortable adaptation to increasing legal technology. Though the legal team may never be as adept as the IT technicians themselves, this will help the entire law office, as they attempt to improve their digital resources. With the best legal IT tools, the law office should be able to provide better services for their clients and improve their bottom line.

Tablets aren’t just digital babysitters for young kids or fancy versions of ereaders. They offer real value as educational tools. Their versatility, portability, and ease-of-use make them an excellent conduit for learning. Below are seven benefits of using tablets in the classroom.

Seven Solid Benefits of Tablets in the Classroom

1. Portability

Lightweight, easy to carry, and durable if they have screen protectors and cases, the tablets can be picked up and taken on field trips, used in group projects, even taken home. A distinct advantage over desktops and easier to transport than laptops. Bonus: Students with unreliable or no internet at home can potentially be given devices that have broadband subscriptions.

2. Easy To Use

Even elderly parents and grandparents take to touchscreen technology pretty well thanks to the work of developers who’ve studied human behavior to put out the most intuitive devices possible. Elderly people who may have had trouble figuring out the mouse or who had to two-finger hunt-and-peck on keyboards have much less trouble learning to use voice commands or use their fingers to scroll through Instagram. So much easier for younger people whose brains are primed for new information already. Remember … these kids are the future, the ones who will be picking up the tech ball and running with it before you can say Instagram for eyeballs.

3. Great Apps Abound!

There are a TON of high-quality, low-cost educational apps out there. Many are even free. Check out Edshelf.com to see lots of great apps with reviews from teachers. You can build different “shelves” of apps that fit under a certain category. For instance, you could create a shelf where you save adaptability apps that are specifically designed for children on the autism spectrum. Cough Drop is an AAC app for people who have trouble speaking and could easily be downloaded to an iPad. Many other apps may not be specifically meant for differentiated instruction, but have options that make it easier to reach every student. The trick is in finding something that is easy to use but also worthwhile. Using Edshelf.com can help teachers discover the most effective tools because other teachers will post information about how they used the app, whether or not they had any trouble, and how effective it was at enhancing the lesson in a genuinely valuable way.

4. Digital Libraries At Your Fingertips!

No more heavy backpacks! No more waiting for college before being allowed to write in their textbooks!

With tablets (and other computers) students can use digital textbooks like Geography Alive! They’re not only lighter, in the long-term they are cheaper. Most tablets are pretty affordable, and digital textbooks are typically less expensive than their paper counterparts. They have the added bonus of interactive features, annotation, dyslexic-friendly font options, audio features (the textbook reads itself!), and study materials. Even if digital textbooks were only available on desktops, they seem a lot cooler than printed books. However, with a tablet, you can carry all of your textbooks, plus digital libraries in the form of apps like Hoopla and Libby. For this benefit, alone tablets look like a sweet deal.

5. Good Training For Real Life

Touchscreens are ubiquitous. Tablets are the only computing devices right now (apart from smartphones) that offer the user interface and experience that prepares students for the type of digital experiences they will have into their adulthood. They allow teachers an opportunity to demonstrate for students how to live in a digital age. This is perhaps the most important advantage of all. The reason? Because the fact of the matter is, short of an apocalyptic event that thrusts civilization back into the Stone Age, the technological advances will keep coming. Educators need to properly prepare students to know the differences between good and bad information, to keep themselves safe online, and to use these technologies in a responsible way. Students will learn netiquette at earlier ages.

6. Versatility

With the proper accessories, tablets can be used as a slate, artist’s canvas, worksheet, journal, handwriting sheet, whiteboard, camera, laptop, and more! Kids can go through a scavenger hunt on a field trip, edit video, or just revise their papers on the tablet using the extremely intuitive UI/UX that’s only getting better every day.

7. Nearly Instant Assessment

The answer to every ADHD kid’s prayers, and the balm for every secondary teacher’s overloaded arms! Students can take quizzes and tests, run lab simulators, and turn in homework online. No more messy papers, no more shuffling through stacks of grading. Grade papers and immediately switch screens to record the grades. How cool is that?

The Final Grade?

With the ease-of-use, intuitive design, and relatively low price point, these versatile little devices belong in the classroom. It’s even better than some of the sci-fi dreams of super-powered desktops. These portable gadgets fit even into the pudgy hands of preschoolers who, given proper guidance and limits, show more engagement and improved literacy skills when tablets are included in their lessons. Tablets will never replace real human interaction, nor should they, but used thoughtfully, they’re a great tool.