Category: Uncategorized

BaseStriker attacks are software attacks that computer hackers use in an attempt to break through the defenses of an account or program. These attacks have been developed through unique coding while operating in a phishing-style in recent times. They’ve been so successful that they’ve grown and evolved becoming increasingly problematic to small business owners.

Used to get past anti-phishing filters while splitting and masking links with URL tagging code, researchers have found that Microsoft business products have become a big target. In the past, Microsoft Office 365 used very effective forms of security for their software and cloud-based products. Safe Link and Advanced Threat Protection feature some excellent security protocols.

baseStriker Attacks on the Rise

baseStriker attacks are escalating. Recently Microsoft reported that the security protocols built into Office 365 failed to protect 100 million email users. This is one of the largest security flaws ever reported for Office 365. Unlike similar attacks that could be discovered and blocked, hackers were able to use this vulnerability to completely bypass all of Microsoft’s security. This included its advanced services like ATP and Safe Links.

The name baseStriker originated due to the method hackers used to create this vulnerability. They split and disguise a malicious link using a tag called the <base> URL tag. This results in your antivirus software not being able to detect the link as malicious.

How baseStriker Attacks Work

A malicious link (that would normally be blocked by Microsoft security) is sent to the user. This URL is split into two snippets of HTML: a base tag and a regular href tag. In traditional phishing scams, a malicious link found in an HTML email would be blocked by the security programs found in Office 365. When these programs see a suspicious link, they perform a lookup using a list of known bad links.

For those customers who use Advanced Threat Protection, the suspicious URL is replaced with a “safe link” that prevents the user from proceeding to a phishing website. Using baseStriker methods, a phishing email that contains a malicious link is allowed through the email filters because they not handling the <base> HTML code correctly.

How ATP and Safe Links Can Help

Office 365, ATP, and Safe Links, along with Office 365 ATP Safe Attachments combine a number of security features for enterprise organizations. These are offered as part of Office 365 Advanced Threat Protection. Safe Links can help protect your business by providing time-of-click verification of web addresses in both official documents and websites.

This type of security can be customized by setting your own ATP Safe Links policies. Your security team can setup up your Office 365 program so that it works the way your business does. Once your ATP Safe Links policies are in place, your security team will get regular reports that show how Advanced Threat Protection is working. This information can help your security team take other steps to create stronger security for your company.

In spite of all these advancements, hackers work harder than ever to find new ways to get through all this security and steal personal and financial information.

What Attacks Have Been Common And What Has Been Done?

Security Affairs explained that baseStriker attacks have been more common in the past year. They were increasingly frequent in October 2017 and have continued since that time. The attacks are most commonly used to bypass Safe Links.

While Safe Links have been improving user capacities to protect against attacks in programs including Excel, Word, PowerPoint, baseStriker attacks have intensified.

Gmail users have not been as vulnerable to this specific method of attack because their developers have created base tag detectors. Mimecast has also built in ways to protect Office 365 users with Gmail accounts.

Microsoft is continuing to make improvements that address weaknesses in their security products. Patches and additional security protocols are being developed for the future. The landscape of hacking evolves almost daily so security must evolve as well.

Current forms of Office 365 security attempt to identify potential security risks through scans of base domains, and until some software development is built that does not ignore relative URLs, the security risk is expected to remain. Due to this, as Avanan reports, the attack method is analogous to viruses of biological immune systems, with even known attacks not being successfully addressed by Microsoft.

SC Media reported that Microsoft is aware of the issue and has dedicated resources to address it. Of course, they have recommended that customers follow common best practices for safe computer operations, but they have yet to develop software products that are capable of automatic recognition in the same manner as Gmail.

What Can I Do?

Enabling two-step authentication from within Office 365 allows users to reduce their vulnerabilities to information thefts made by malware. Organizations can purchase Advanced Threat Protection and have their security team optimize it for best protection. All employees should be trained on the latest hacking methods so they are well aware of what to look for. Many companies today are hiring IT consultants to come in and assess their security protocols, then recommend improvements.

New Study Shows That the Global Cost of a Data Breach Is Up in 2018

The Ponemon Institute recently released its annual Cost of Data Breach Independent Study that was sponsored by IBM Security. This study included two new factors that impact data-breach costs: Artificial Intelligence (AI) and the all-encompassing use of Internet of Things (IoT) devices.

The analysis also factored in the cost of a “mega breach” — the breach of 1 million records or more — and also used a formula to measure the financial cost of customers’ loss of trust in a company.

According to the 2018 Cost of a Data Breach Study, around 25 percent of all U.S. data breaches were recognized as carelessness or user error. The study stated that users consistently failed to properly erase data from devices. The study also reveals that negligent breaches are about half as frequent as criminal breaches.

The rate of data breaches is rising, and they are costing companies more to manage. U.S. businesses are shelling out about $7.9 million per year to fight off and recover from data breaches.

Root Causes by the Numbers

The study made known that malicious or criminal attacks caused the most data breaches at 48 percent. 27 percent were due to human error, and 25 percent were comprised of both IT and business process failures (system glitches).

Data Breach Cost Is Up in 2018

In this year’s study, the average cost of a data breach per compromised record was $148, and it took companies 196 days, on average, to uncover a breach. Based on these averages, The Ponemon Institute determined that the per-capita cost, average cost, and overall cost have swollen in 2018.

With the U.S. leading the way at almost five times that of the global average of notification costs, the Middle East had the highest percentage of the most expensive type of data breaches: Malicious or Criminal Attacks.

Globally, here is how the numbers broke down:

The Size of the Breach Does Matter

The Ponemon Institute’s 2018 report found that the average total cost of a breach ranges from $2.2 million for incidents with fewer than 10,000 compromised records to $6.9 million for incidents with more than 50,000 compromised records.

The study also revealed that a “mega breach” (what the Ponemon Institute deems as 1 million compromised records) can cost upwards of $39.49 million. As expected, this figure goes up as the amount of breached records grows.

The Consumer Impact

According to the report’s findings, organizations globally lost customers due to data breaches in the past year. But it also pointed out, businesses that put in the effort to improve customer trust reduced that number significantly. When a Company’s senior-level leader, such as a CEO or CISO (chief information security officer) addressed customer’s security concerns and pointed to fixing the issues, businesses lost fewer customers and reduced the overall cost of the consequences of a breach.

The Effects of AI and IoT

The 2018 study, for the first time, assessed the effects of a company implementing Artificial Intelligence (AI) and the use of Internet of Things (IoT) devices. The conclusion is AI security platforms have saved companies an average of $8 per compromised record at identifying and containing breaches by incorporating machine learning and analytics. So far, just 15 percent of companies reviewed in the study said they had fully implemented AI. At the same time, businesses that comprehensively use IoT devices pay on average, $5 more for each compromised record.

How Companies Can Reduce Data Breach Costs

In total, The Ponemon Institute’s 2018 report included 477 companies. It found that the mean time to identify a breach was 197 days, while the meantime to limit a breach is 69 days.

There are, however, strategies that support businesses and work on lowering the likely cost of a data breach. This is the 13^th year of The Ponemon Institute’s study, and an alarming trend has reared its ugly head. For the fourth year in a row, the study found a connection between how fast a business detects and contains a breach and the sum of the total cost when all is said and done.

Conclusion

The study found that, above all, preparation and vigilance is crucial. An incident response team can reduce the cost of a breach by as much as $14 for each breached file from the average per-capita cost of $148. Comparably, extensive use of encryption can cut the cost by $13 per person. What all these statistics mean is that companies can reduce the cost of a data breach and reduce the negative effects to their company simply by being prepared. Your company needs a data breach team on staff who knows what to do and how to respond should any type of breach occur.

Identifying the Right IT Services Provider for Your Business

IT service providers, also called managed services providers (MSPs), are in the business of managing a company’s IT needs.  IT service providers can offer their services both remotely and on-site. They normally render their services by one of two ways:

• On an output-basis model
• On a fixed-price subscription model

Pricing Model Breakdown

IT service providers often offer pricing models that are broken down per-device, per-service, per-user, and an all-inclusive subscription model. Since managed service providers charge for their services using several pricing models, it’s wise to evaluate what the essential needs of your business are in order to get the best bang for your buck.

The Balancing Act of Business Growth and IT Support

As your business starts to take off, your IT support will need to increase as well. Navigating both where your business is headed and how to manage that growth with proper IT support can be a delicate balancing act. So often, business owners tend to focus on growing their business rather than on their IT support, leaving their company open for easy attacks from online predators.

What exactly do businesses need to look for in a managed IT services provider?

Ability

The first thing to look for is an IT support provider that has a proven track record of hiring and employing properly trained employees that are well versed in both IT and the company’s vision.  Look for company reviews with remarks stating that their staff is furnished with the right skills and experience to successfully execute all the expected IT tasks.

Another important item to look for is their certifications from top IT trade organizations, such as the Computing Technology Industry Association (CompTIA) or Microsoft Certified. These credentials are proof that the IT company takes training their team seriously.

Quality Customer Service

Another important factor to look for when finding the right IT provider is how quickly and effectively they respond to your company’s needs. Normally you can find this out by asking about their help desk software and ticketing system. A capable ticketing system that has a history of correctly prioritizing IT glitches is necessary for a fluid IT support team. The better the provider’s help desk and ticketing system, the more efficient the managed services provider will be. They should demonstrate a good system of keeping track of all their tasks and assignments. That way, your IT issues won’t get lost in a heap of paperwork lying on someone’s desk.

Budget Planning Value for Your Company

Too often the majority of a businesses’ IT budget goes to unexpected expenses. This puts a strain on making crucial planned improvements. You can’t purchase new computers or software when you need it. Your employees aren’t productive and there’s a higher rate of frustration in the workplace. Fortunately, a good managed IT service provider will offer managed services at a fixed rate to ensure your business runs efficiently and affordably.

By customizing the services that you get, you can focus on specific services that fit your company’s needs, such as:

• Cybersecurity
• Daily backups
• Disaster Recovery Planning

On-Call IT Support

A necessary service for most companies is fast IT support. You never know when servers or computers might break down. Who can you call for any problem? Will they get there right away?

When combing through a company’s review section, look for their quick response rates and their on-site support. A good IT provider will be adept at hiring experts in their respective fields that they can turn to when you have a problem.

Much of the time, managed service companies can remotely diagnose and repair common errors. However, some issues cannot be resolved remotely and need to be handled on-site. Look for a company that has a reputation for being there when you need help. They should work to establish and nurture a good business relationship with you by responding quickly to your IT needs.

Cloud Integration Services

With the emergence of cloud technology, protecting your company’s data is essential. Just about every business now relies on data acquired through different means. Today, almost every IT provider offers data backups as part of their service.  They normally offer different pricing options based upon the frequency of backups and the incorporation of other cloud-based services.

Just like disaster recovery planning, routine backups provide insurance against all types of disasters. It simply makes sense to back up your data frequently to avoid any type of threat to your company’s files.

Monitoring Cybersecurity

Cyberattacks are becoming more prevalent and causing major disruption and damage to even the strongest of companies. Hackers can easily breach outdated software after determining the unpatched software’s security flaws. Look for an IT services provider that has a proven track record of not only monitoring a company’s cybersecurity, but regularly testing it as well.  A good IT services company will keep all software updated and secure.

IT consulting companies manage large data centers and put multiple layers of protection in place, but companies can still be breached by hackers. All it takes is one careless employee who clicks on the wrong email attachment. Employee training is a must these days. And it usually works better if you can provide quarterly training for employees. They do get busy and forget and this can result in disaster.

Summary

Keeping up with the ever-changing world of information technology means exploring new solutions as they become available to your business. When searching for the right IT services provider for your business, look at their years of experience. Check the type of industries they have worked with. Read over their client’s testimonials and reviews. When setting up a meeting with the IT company, make sure to have a summary of your business needs on hand. Come armed with a thorough list of questions for the IT consultants. With in-depth research, you will be able to determine the right IT managed services provider for your business.

More and more dental practices are outsourcing their IT needs, and are reaping the benefits of such a choice. By using a vendor, you are able to maintain better control of your IT budget, you can leave the headaches and complexity of IT technology to the experts, and you can save on office space (which is often at a premium), as well as hardware costs. However, it can be tricky to find the right provider for your dental practice, so here are seven things to look for when outsourcing your IT services.

They Take Security and Privacy Very Seriously

Dental offices are not immune to hacking and data theft. In fact, personal health information is a very desirable target for hackers. A solid IT provider will make sure that your system has up-to-date security software and tools to protect that data. This can include firewalls, encryption, anti-virus, web filters, and anti-malware software. It also entails keeping security software and tools up-to-date and patched.

No dental practice can afford to have a hacker prowling around in their patient’s data. In fact, ransomware crimes are escalating in the healthcare sector. Imagine logging into your network only to find that hackers have seized all your patient records and are holding them for ransom. Either you pay or you could lose everything. Consumers are not very forgiving when they hear that a favorite store or medical practice has been hacked.

An often-neglected aspect of security is not only making sure your data is backed up, but can be quickly recovered if an issue should arise. A good IT provider should offer a system that allows you to seamlessly continue normal operations while repairs are being performed. You can’t afford to lose access to patient files, billing information, and scheduling. Any good IT services provider should rank your network security as a number one priority.

Support HIPAA Compliance

The importance of HIPAA compliance cannot be overestimated, and you need an IT provider that is not only well-versed in the rules and regulations involved, but is as dedicated as you are to preserving the privacy of your patient’s information. A good dental IT vendor will be committed to securing your patient’s sensitive information and will offer tools and features to help support HIPAA compliance.

They Understand the Practice Management Software You Use

Dental practices have IT needs that are far different from other types of healthcare practices. It’s important to find an IT provider that is experienced not just with dental practices but with the particular type of practice management software you use. It is vital that they efficiently integrate the IT services they provide with things like patient clinical charting, radiographs, and digital x-rays. To do this well, they must be familiar with the type of software you use.

They Focus on Your Needs

A good dental IT provider will be focused on the specific needs of your practice. Before anything is implemented, you should expect your IT provider to perform a thorough review of your technology requirements. And when outsourcing your IT, make sure they understand not just the ins and outs of IT, but the special challenges involved with a dental practice. This way they can integrate the most important components of your dental practice with an effective, reliable IT system. This will ensure better productivity for your staff.

They Support Cloud Services

Another key feature to be considered when shopping for an IT provider is cloud services. Cloud services can save on the cost of (and space required for) server hardware. The cloud makes backup and disaster recovery easier and more robust. If you choose to go with a paperless office, then cloud services are your best answer. In fact, cloud services can make HIPAA compliance easier as well. There are a lot more great reasons to choose the cloud and your IT services consultant should be able to spell these out for you.

They Can Help You Scale

As your practice grows, your IT needs are going to expand. Make sure that any IT services company you are considering can help you easily scale up your IT resources both in terms of hardware and software. Whether it’s setting up additional storage for your practice’s file system or installing an upgrade of your practice management system, they should be able to fully support your needs not just now, but in the future.

They Are Strong on Support

Having the most state-of-the-art, robust IT system does your employees little good if there is poor customer support. Check into what types of remote support any potential IT providers offer. Let’s face it: when the IT network goes down, it limits access to critical files and you need that access restored ASAP. Imagine the chaos that can quickly result when your staff can no longer pull up a patient’s chart or schedule appointments.

Another aspect of support is onboarding, where the IT vendor provides you and your employees with training. Good training for your employees is vital. They may need extra help in dealing with the bugs that seem to go along with new software installations.

Conclusion

If you are planning to outsource the IT needs of your dental practice, keep in mind key factors like security, HIPAA compliance, scalability, and support. Also, don’t forget to make sure they are familiar with the practice management software you use, as well as dental office needs in general. Finding a suitable IT services provider can be challenging, but you’ll be glad you made the switch to outsourcing if you take the time to find the right IT provider for your dental practice.

EHR interoperability – considered by some to be the “holy grail” of electronic health record systems – may be a little closer than you think. This summer, a new architectural innovation will be implemented that is guaranteed to positively impact the way different EHR systems exchange information with each other.

o

Interoperability

In the context of electronic health records (EHR), Interoperability refers to the ability of healthcare providers using two different EHR systems to be able to exchange patient information. A combination of standards and architecture are required in order to achieve this type of data exchange between different (and often competing) systems, and past attempts have been hampered by a wide variety of issues and concerns. However, things are about to take a dramatic turn through the work of two powerful influences in modern EHR development.

Who Is Involved

The major players in this undertaking are CommonWell Health Alliance and Carequality. Carequality works under the Sequoia Project and provides the necessary framework needed for successful data sharing among EHR systems.

CommonWell Health Alliance, on the other hand, is a network or trade association of EHR vendors. CommonWell’s goal is to make interoperability among EHR vendors a reality. Any medical facilities or doctors who use a major EHR vendor will benefit from this collaboration.

Major Accomplishment in Interoperability

CommonWell and Carequality are preparing to go live with a health information exchange that will allow doctors to share Continuity of Care Documents. This breakthrough in interoperability includes all major EHR vendors as well as the hospitals and clinics that subscribe to them. A doctor in one hospital that subscribes to a major EHR vendor will be able to exchange patient data with any other doctor that also subscribes to a different EHR vendor.

The collaboration between Carequality and CommonWell actually began back in 2016. As a result of this collaboration, Carequality created their own version of CommonWell’s record locator service. This will allow Carequality members to search patients in CommonWell’s network. CommonWell, in turn, implemented Carequality rules, which is making it possible for network members to easily query each other. This phase of interoperability is due to go live this summer, barring any unforeseen delays.

What This Will Mean for Healthcare

Once the current information exchange goes live, an estimated 80% of doctors will be able to share their patient data – even among EHRs that are fierce competitors. For those in the medical field, the ability to share patient information across EHR systems – especially as the interoperability continues to evolve and expand – will support more informed decisions about patient care. Decisions can be made more quickly and providers will have far easier access to critical patient data. This will reduce ambiguity that can adversely affect patient care and recovery. It also enables better and more efficient workflows, and no doubt will have a positive effect on patient satisfaction as patients will receive better quality care.

Current Limitations

The dream is, of course, for a physician to quickly and easily track down tiny details of a patient’s information (e.g., medication allergies). The technology and software have not progressed to that point quite yet. At this stage, physicians using major EHR systems will be able to search for and access Continuity of Care Documentation, which is basically a data dump of information about a patient.

Challenges and Concerns

It is natural that some resistance to cooperation would be present from vendors because it does not seem like good business to facilitate a client’s ability to connect with services from your competitor. Some physicians may have concerns about making it too easy for a patient to seamlessly transfer all their medical records to a different doctor. Another issue that causes difficulty for vendors is that they have clients over a continuum of sizes, from small, one-physician clinics to massive hospitals. Trying to ensure interoperability between clients at opposite ends of the spectrum may be problematic as the architecture progresses further.

Another critical challenge is one that can only be overcome by forging forward: bugs and unforeseen technical issues that arise. These can only be found and dealt with after the interoperability architecture goes live this summer, and actual users begin to interface with it in a clinical setting.

Conclusion

The ultimate goal, according to CommonWell and Carequality, is for a patient’s healthcare information to follow them wherever they go, regardless of what EHR vendor the medical facility uses.  This, in turn, means that healthcare information is no longer bound by geographical boundaries. However, this dream cannot become a reality without a robust framework of standards, which is already being successfully developed through the hard work of Carequality. The process will require collaboration among sometimes competing EHR providers, which is already taking place thanks to the CommonWell network community and positive cooperation among vendors.

What’s A Blockchain?

A “blockchain” is basically a financial record similar to that of a spreadsheet, only for bitcoins and other forms of cryptocurrency available publicly and online. As the use of cryptocurrencies has evolved, it has created some innovative business opportunities. According to MIT Technology Review, the transparency and trust created through them have increasingly facilitated trade across the world in a number of ways.

First of all, they are publicly available, and access to the records is superior to that of public access to annual company reports. Many organizations do not produce annual reports out of a lack of obligation. The extent of transparency and detail in blockchain records generally exceeds those provided through annual reporting methods. This can allow investors to have more insight into trends and opportunities for investment, trade, and other forms of business growth.

The Rise of Bitcoin and Other Cryptocurrency

Bitcoins are the most common form of cryptocurrency recorded in these newer and more unique forms of financial transactions. They were initially used in 2009 with some trepidation, but have become so popular that, today, you’ll find hundreds of different forms of digital currency, now generally referred to as cryptocurrency.

Soon after the bitcoin was introduced, people began developing cryptography tools for public use, including the blockchain. Cryptocurrency was considered valuable because it provided a global means of completing financial transactions. Due to the complex nature of the bitcoin, it is nearly impossible for individuals or organizations to spend the same bitcoin currency twice.

This successfully addressed the previous challenges with digital currencies and effectively removed the demand to establish and maintain a central authority to mediate such electronic exchanges. Cryptocurrency transactions can be difficult or impossible to trace. That’s why they’re most often used by hackers when requesting ransomware payments from their victims.

Approximately two years after introduction, bitcoins grew from novelty to the preferred payment method in online commerce. “Altcoins,” a comparable cryptocurrency, were developed after bitcoin as an alternative form of digital currency but used the same open-source code for bitcoin. There were some slight differences between the two.

At this time, approximately $1 billion dollars’ worth of bitcoins and other cryptocurrencies are in circulation. Developers realized that blockchains could be more useful to other areas of common business operations as well. Normal steps in the development and use of a blockchain include the establishment or creation of a business transaction. This most often involves the sending of a form of cryptocurrency in exchange for a product or service. They’re also used for all types of investment and financial transfers.

The placement of a line of code representing the transaction as a ‘smart contract’ is initiated when specific conditions are met within the program. The sending of a broadcast to an access network on nodes and the ongoing listing of node subsets are referred to as ‘blocks’ within a ‘chain.’

More on the steps in the creation of blockchains and their history is available through MIT Technology Review.

What Other Uses Does It Have Currently?

With the fundamental added advantages of business transparency and prediction potential, blockchains have created exciting new business opportunities. According to Ignite, as their popularity has grown, they have affected a range of indirectly related aspects of business ranging from the manners by which banks transfer money to how medical records are handled.

Also referred to as ‘shared ledger technology,’ the transparency and trend perception is expected to become commonplace for the majority of business transactions. With over half of businesses now using them, increased opportunities for investors and small businesses, in general, are expected to escalate for an overall positive economic impact.

The use of cryptocurrency increases competition, diversification of products and services, and increased trade opportunities around the globe.

An example of improved business opportunities on a larger scale is the case of the New York City Depository Trust and Clearing Corporation, which began to use blockchain to more successfully facilitate their transactions. Experts attribute this to the success of $11 trillion dollars’ worth of transactions funneled through cryptocurrency technology.

More specific business uses include their infiltration into the banking system, once hesitant to use this form of digital currency. Cryptocurrency was originally thought to be unstable, as it was not backed by gold or other tangible assets. But today, many financial institutions have accepted the use of digital currency due to the increased speed and safety in making financial settlements.

Additionally, other organizations can increase efficiency by using the smart contract in the automatization of their agreements, with high potential for increased speed especially applicable to supply chain management and manufacturing. In addition to transparency, there is increased accountability, helping organizations to experience increased security over previous forms of common practice in transactions and records. This is why, as introduced above, the technology is even beneficial to the healthcare industry and medical records. More on how these areas, communications technologies, and other industrial developments can benefit from blockchain is available at Ignite.

According to The Economist, blockchain and smart contracts have even benefitted the way companies pay employees, the nature of cloud storage, and electronic voting. It seems increasing use and development continues to give rise to further opportunities, as organizations realize the potential benefits of using cryptocurrency and block chains over traditional financial transactions.

Can You Use Blockchain?

If you have the resources and other means required for conversion, your organization could benefit from blockchain if you are seeking increased security or efficiency in:

• Banking transactions
• Medical records
• Manufacturing or inventory records
• Communications records
• Employee payments
• Electronic voting
• Cloud storage records

Even if your organization does not have a strong emphasis in any of these areas, the increased transparency and universal appeal of cryptocurrencies may be sufficient to warrant gradual integration.