Category: Uncategorized

Cybercriminals no longer act alone. Find out the strategies and means cybercriminal networks are using to launch dangerous attacks against your organization. 

According to technology industry blogs, cybercrime incidents are growing by 15 percent each year and cybercrime has become the most profitable type of criminal activity around the globe. Cybercriminals are no longer acting alone and carrying out destructive activities that are relatively simplistic. Instead, cybercriminals have become more sophisticated in their approach. Activities are more damaging and organized. IBM’s CEO and president has stated that the new cybercriminal dangers are “the greatest threat to every profession, every industry, every company in the world.” Being aware of the fact that cybercriminal activity is now executed using the same types of structures and approaches seen in businesses can help IT leaders guard against the dangers cybercrime presents.

Common Types of Cybercriminal Activities

The scale and scope of cybercriminal activities have evolved swiftly since the 1990s. Back then, cybersecurity-related attacks entailed destroying websites and executing simplistic codes that reflected a strong dislike of the corporate culture. Now, modern cybersecurity-related attacks have not only embraced the notion of the corporate model, but have exploited the corporate world’s reliance on digital connectivity. Common cybercriminal activity now involves extortion, the theft of data and information, and sabotage. The design and spread of ransomware through electronic means reaps over $11 billion annually.

Hierarchical Structures

Besides using more sophisticated and profitable methods of wreaking havoc, cybercriminals have formed networks that resemble hierarchical structures within traditional organizations. Many groups of cybercriminals are led by someone who operates as a pseudo executive of a firm who designs an overarching strategy and tasks that are delegated to other leaders who resemble middle managers. In turn, those who work on developing malware and ransomware code are concentrated in a single “department,” while another group is focused on developing and executing distribution methods. Each group represents and operates like a functional department within an organization. Training and recruitment programs are also developed and executed for hackers that wish to join these extensive cybercriminal networks. Knowing that these networks are employing the same strategies and tactics as an experienced corporate marketing department means that any cybersecurity defense plan has to respond in an identical fashion.

The corporate structure and mentality have resulted in the equivalent of million-dollar salaries for some. Cybercriminals are also starting to incorporate other types of illegal activities into their “business models.” Some of those activities include illegal drug production and distribution, human trafficking, and counterfeit goods. Stopping and removing the threats that cybercriminals pose mean considering the possibility that these cybersecurity threats are occurring in conjunction with seemingly unrelated activities. Any defense plan must consider all possibilities and guard all potential and vulnerable points of access.

The Dangers of Purchasing Third-Party Computer Accessories

Think all computer accessories and cables are safe? Think again! Learn how your next accessory purchase could expose your organization to hackers and threats.  

Buying third-party accessories for computing devices can save money, but what if those purchases ended up being the cause of a cybersecurity attack and the exposure of your company’s sensitive data? New third-party charging cables that have come on the market could be your next data breach culprit if you’re not careful. According to a blog post written by NewQuest IT Solutions, modified versions of Apple’s Lightning cables could be used to gain unauthorized access to your organization’s devices. A hacker can use the wireless implant embedded in the cable to commit an intrusion simply by typing in the cable’s IP address.

How It Works

Since the third-party cable cannot be identified as counterfeit with the naked eye, it is easy for many to be fooled into believing it is legitimate. When you plug in the cable to charge or sync a device, a hacker can now access all the information on that device. The wireless implant inside the cable sends out signals equivalent to a Wi-Fi hotspot. By typing in the cable’s IP address, the hacker is able to pull up data from the device, install malware, send scripts and other commands. The hacker can accomplish all of this as long as he or she is within 300 ft of the cable’s wireless signal.

Devices at Risk

Any device that uses a third-party charging cable or accessory is at risk. That risk increases if multiple third-party accessories are plugged in or the supplier of the accessories could be considered suspect. Although the example highlighted by NewQuest IT Solutions is applicable to Apple devices, there are enough third-party cables and accessories for Windows-based devices that can make them far from risk-adverse. Smartphones, computers, tablets and older devices like the iPod that sync are all vulnerable.

What to Look For

To avoid buying counterfeit accessories and cables, double-check the packaging, the accessory and the supplier. Only purchase third-party accessories that are labeled as certified. Another way to avoid a potential cybersecurity threat is to only purchase from trusted and verified suppliers. Finally, consider switching to OEM versions whenever possible. Although the initial or per unit cost might be higher, it could save you and your organization a more expensive headache in the long run.

Outsourcing Managed IT Services Improves Business Goal Achievement

Industry leaders require a laser-focus on profit-driving initiatives. Outsourcing an organization’s IT oversight saves time, money, and keeps everyone on task.  

Whether you are a decision-maker for an upstart, mid-sized, or large corporation, outsourcing IT support, maintenance, and cybersecurity oversight can improve your operation. Managed services conducted by a third-party outfit with experience and expertise, brings high-level knowledge to the table that most business team members lack.

That’s generally because industry leaders staff their organizations with people who deliver profit-driving benefits. Managing an in-house IT team tends to distract from the goal-achievement tasks that keep an operation competitive and successful. Owners, CEOs, and other captains of industry with heightened IT needs would be wise to consider these five benefits of outsourcing.

1: Risk Reduction

Every business operates with a certain degree of risk. Those risks include fines for not meeting changing government regulations or falling behind competitors in cost-effective technology applications, among others. But perhaps the greatest threat that businesses of all sizes and every sector face are data theft and hacks. Without a doubt, less-than-adequate cybersecurity applications, protocols, and employee preventative training present the greatest threat to your organization.

2: Cost Consistent Budgeting

Entrepreneurs working hard to grow fledgling operations often have thin budgets. Every dollar counts and financial constraints generally do not allow for overspending. People in the private sector are fully aware they cannot manage a thriving enterprise using the faulty methods of the federal government. Either you have the revenue, or you don’t.

Managed IT service contracts allow decision-makers to allot a specific sum toward computer network oversight. There are no excessive payroll taxes, or unexpected overtime hours to strain the company’s resources. You write one monthly check and renegotiate when your managed services agreement expires.

3: Heightened Expertise

Perhaps the greatest difference between hiring an in-house IT team and outsourcing is the improved access to specialized knowledge. Some small and mid-sized operations think it’s savvy to hire a recent technical school graduate who has been immersed in the latest trends and technologies. That thinking seems reasonable on its face.

But the inherent flaw is that your outfit often requires that person, or team, to focus exclusively on your system and operations. What you lose over time is their immersion in trends, new applications, heightened cybersecurity threats, and other pertinent issues. A third-party managed service provider invests its time, resources, and people into cutting-edge training. When a managed services expert reviews your system, they bring the latest knowledge to every task. It’s simply not cost-effective to pay an IT team and then have them attend far-away seminars for weeks at a time.

4: Avoid Potential Downtime

After cyber-theft and hacks, downtime ranks among the most costly setback a company can experience. Imagine for a moment, you are looking out over your offices and employees are unable to work because the system is down. Now imagine you are paying them to not perform the necessary tasks to meet the business’ financial necessities.

When you outsource your IT needs to a third-party provider, it’s not uncommon for them to conduct due diligence, and preventive maintenance while your profit-driving staff is not on the clock. Smooth functioning networks are a type of hidden benefit that companies gain by having 24-7 IT services.

5: Improved Business Focus

Goal-oriented thought leaders enjoy improved success when they are able to focus on the things that make a company successful. Unless you are running a managed services outfit, computer issues, cybersecurity, and managing an IT team is not the best use of your time and brainpower.

Business visionaries achieve goals and enjoy the fruits of their innovation and labor by maintaining a laser-focus on industry trends, cost reduction, improved production, services, and staying ahead of their sector’s learning curve. It’s essential not to get bogged down in seemingly peripheral issues such as IT. Maximizing your skillset and outsourcing IT maintenance and oversight to a professional is the smart play.

Maximizing budgetary resources in a way that delivers the cutting-edge IT needs of today’s business community may be best left to professionals. When industry leaders take the time to do the math on best practices and profitable outcomes, third-party managed IT services remain a tried-and-true practice.

Are You Ready for the Cloud?

With a clear, comprehensive implementation plan, you can minimize downtime and disruptions while you move your data and applications to the cloud.  

Let’s walk through the 5 W’s + How.

• Who?
• What?
• When?
• Where?
• Why?
• How?

No, this isn’t an intro to journalism course. Instead, we’ll use this formula to break down your options for finding the best IT outsourcing firm to help you move your health care practice to the cloud.

What Should You Be Looking For?

Clouds are private, public or a hybrid of the two. These labels can be confusing. Public clouds aren’t open to the public and private ones serve as remote data centers for a single health care provider.

To decide the best cloud for your organization, determine what you’re actually looking for. Choose from a service that supplies platform, infrastructure or software as a service — PaaS, IaaS or SaaS. Relevant considerations include company size, HIPAA impact and what you wish to accomplish.

Who Is the Best Cloud Provider?

Healthcare IT News identifies seven top providers:

• Amazon Web Services, who developed these services first, has aggressive pricing and releases new features regularly. Their main service is IaaS.
• CDW Cloud Solutions, familiar to many healthcare organization, offers a variety of services, such as migration planning and project support.
• IBM Cloud, ClearDATA, Google Cloud Platform, Microsoft Azure and VMWare receive honorable mention.

It’s best to look into several services to determine the best one for your IT needs.

When Is it Time to Switch to the Cloud?

Most companies have some kind of cloud-based functionality already. For those still deciding whether to switch, the following questions can help clarify your thoughts.

• Who can help us with the migration plan?
• Is the management team stable?
• What’s the strategy driving the move?
• Are local providers reliable?
• Is it in the budget?
• Will we net a positive return on our investment?

These questions get right to the heart of the matter and help you find out if your team is ready, able and willing to make the switch.

Where Should the Data Centers Be Located?

The physical location doesn’t matter that much. It’s more important to replicate data and applications in distinct regions for redundancy and to ensure access to your data. Where you locate or have your IT consultants locate your backups is determined by the technology and configurations that work best with your systems. In fact, if you’re paying for around-the-clock monitoring, location becomes irrelevant.

Why Are You Thinking About Moving to the Cloud?

This question is a bit outmoded. A better question would be, “Why wouldn’t you move to the cloud?” That’s a question most companies have or are asking themselves right now. Cloud systems scale easily and they’re cheaper than the cost of maintaining your own local data centers. In the cloud, critical processes, such as data replication or disaster recovery are more straightforward.

Cloud services also offer a pay-as-you-go model that fits the budget of more practices and startups. While data security used to be considered a risk on the cloud, new technology has helped ensure the security of your systems and client data.

How Can You Get There?

Vet out an experienced healthcare IT provider that’s handled multiple cloud implementations and integrations. Reputable providers should be able to share their own cloud models, provide references, and ensure that you start and end with a reasonable budget.

Scalability is key in the cloud. It’s one of the major benefits, so make sure your organization is in a position to leverage it. With the right cloud set up, scaling up your user base should be easy and hassle-free. The documentation your IT consulting provides should include detailed plans regarding the tools and features needed for HITECH and HIPAA requirements. With a clear, comprehensive implementation plan, you can minimize downtime and disruptions while you move your data and applications to the cloud.

Are you working closely with your CFO to determine the most efficient and effective methods for maintaining your business infrastructure? These questions will help you drill in.  

Are your financial operations taking more time and effort than you realize? There are plenty of ways to reduce the overhead and operations cost of your finance team, but that starts with asking your CFO some tough questions. Finding the right business solutions to support your organization begins with a thorough knowledge of the landscape and the pressure points and redundancies that could be relieved through automation. The answers that your CFO provides to these searching questions will help you make the right decisions when you consider upgrades to your technology infrastructure.

1. Are we addressing compliance issues that are concerning for our business?

Business compliance goes far beyond the requirements for HIPAA, personal privacy and employee security. Today’s compliance requirements are varied and complex for even the simplest organization. If you are capturing or maintaining personal information — much less financial or health information — chances are your business is subject to California’s Consumer Privacy Act and those of several other states, besides. You’ll find a comprehensive state-based map online at the International Association of Privacy Professionals. Ensuring that your data stays safe and that you’re fully complying with these laws often falls to the CFO in terms of education, but the technology team in terms of implementation of the strategies.

2. Where do you see slowdowns during monthly, quarterly and annual closing?

Closing the books is a process that happens on a regular basis, but that doesn’t mean it’s fully routinized. Even the simplest tweak to this ongoing process may be enough to save thousands of hours of productivity over a relatively short period of time. Looking closely at the business’s models for this ongoing operation can identify some weak points that can be addressed through automation or software updates.

3. What are the barriers to fully integrating metrics into our organization?

Using metrics throughout the organization is a great way to keep your business running smoothly — and also quickly identify areas that need a little extra attention. Are there systems that do not work well together? Perhaps a large variety of solutions providers whose “solutions” are causing problems with other business units? Whatever the issues are, identifying what it will take to get to a unified metrics system for the organization may point to some opportunities to apply consistency to your operations and platforms.

4. Are there opportunities to reduce the cost of delivering a secure and efficient infrastructure?

Providing a secure infrastructure for your business is a critical success factor, but are you currently knocking it out of the park — or falling down on the job? If your teams are frustrated with the speed of change and you’re concerned that your operations aren’t fully secure, you may have some work to do on your infrastructure. Even something as simple as slow WiFi or poor networking in conference rooms can reduce the effectiveness of your staff and boost frustration levels beyond the breaking point.

One key way to improve efficiency, reduce costs and heighten security is to work with advanced technical support staff to review your business operations and ensure that you’re taking full advantage of the opportunities available on the market today. Leaders at the largest organizations in the world routinely work with external service providers to ensure that they have access to the tools and technology needed to create a secure and consistent infrastructure for their business.

Microsoft Vulnerability Affects Most Recent Operating Systems

Learn about two recently discovered vulnerabilities that could put your company’s computers and operations at risk and what Microsoft is doing to fix the issue.

Two newly discovered security vulnerabilities could put Windows users at risk of attack if they do not download and install security patches Microsoft recently issued.

What Are the New Microsoft Security Flaws?

Nicknamed DejaBlue, the two security flaws are designated CVE-2019-1181 and CVE-2019-1182. They are similar to the BlueKeep vulnerabilities Microsoft issued patches for in May 2019. The newest flaws, like Bluekeep, could allow hackers to create so-called “wormable” attacks that easily can be spread from one computer to another without any interaction from a user.

The main difference is that the newer security vulnerabilities are potential threats to newer versions of Windows products.

What Systems Does DejaBlue Affect?

There are potentially hundreds of thousands of computers that could be affected by the Windows worm. They sit within the Windows Remote Desktop Services (RDS) package. According to Microsoft, the vulnerabilities could affect the following systems:

• Windows 7 SP1
• Windows Server 2008 R2 SP1
• Windows Server 2012
• Windows 8.1
• Windows Server 2012 R2
• Windows 10 (all supported versions, including server versions)

That’s a massive number of potential targets that could be infected if the patches are not deployed and active monitoring tools are not in place.

Windows XP, Windows Server 2008 and Windows Server 2003 are not affected.

How Does DejaBlue Work?

Like with BlueKeep, the vulnerabilities can be used to exploit RDP, a tool that administrators use to connect to other computers on a network. Hackers could then use that exploit to code and load a worm that is automated. It would “jump” from one computer to another, potentially affecting millions of computers quickly.

What makes the DejaBlue and Bluekeep vulnerabilities so dangerous is that they can propagate without any user interaction.

What’s more dangerous is that the new vulnerabilities differ from BlueKeep, which targeted Windows 7 operating systems. The new exposures could affect Windows 7 and all recent versions of Microsoft’s operating systems. That amplifies both the risk and the potential impact.

“At this point, nearly every contemporary Windows computer needs to patch, before hackers can reverse engineer those fixes for clues that might help create exploits,” notes Wired magazine.

While a British intelligence agency, GCHQ, is credited with identifying BlueKeep, Microsoft notes that it identified the new threats itself. To date, no evidence that exists that indicates the vulnerabilities were known to third parties, the company said.

“These vulnerabilities were discovered by Microsoft during hardening of Remote Desktop Services as part of our continual focus on strengthening the security of our products,” Microsoft said in a release.

The scale of the potential damage is extraordinary. As of July 2019, there were as many as 800,000 computers worldwide that were still vulnerable to BlueKeep, with a much larger potential threat from DejaBlue.

What Can We Do to Protect Against Cybersecurity Threats?

The key to maintaining a secure network is developing a comprehensive, multilayered security strategy. A managed services provider can partner with you to develop a cybersecurity plan that includes:

• Comprehensive network perimeter monitoring using next-generation firewalls to detect, contain, disable and destroy threats
• Continuous monitoring of systems, endpoints and users
• Automated downloading and installation of software and firmware updates, upgrades and patches that respond to emerging threats
• Anti-malware, anti-spam and anti-virus software installed on each user’s machine or device, updated automatically, and analyzed to determine potential threats
• Email and data encryption
• Password security, including multifactor authorization
• Mobile device management, including remote location finding, disabling and wiping functions
• Cloud solutions for secure hosting of data, apps and operating systems
• Business continuity and disaster recovery planning
• Employee training

Having the right security in place greatly reduces your risk of being affected by a cyberattack that can debilitate your business, ruin its reputation and cost thousands to repair.

How to Choose the Best IT Outsourcing Company

Outsourcing IT service and care is a smart idea for many businesses. Here’s how to evaluate and select the best IT outsourcing company to handle your IT.

Your healthcare practice undoubtedly relies on technology to operate smoothly and effectively. In fact, more than any other type of business, businesses in the healthcare industry absolutely must have a stronghold on the digital aspects of their operation. Personal patient information is simply too sensitive to not be properly stored and maintained.

As a result of these specific demands on dental and other medical practices, many healthcare institutions are turning to information technology outsourcing companies to handle their technology.

If your practice is seeking a local IT outsourcing company to hire, here are the steps you should take to properly evaluate and select your option.

Step 1: Scope out your local options.

We recommend going with a local hire when it comes to IT outsourcing companies. Local is better for several reasons. First, you’ll likely know their other clients and be able to speak with them about the quality of care they’re receiving.

Next, local companies will certainly be able to offer on-site assistance, which is exactly what you should be looking for. Companies located out-of-state or too far away within your state won’t be able to get to you in time if they need to offer hands-on assistance. This is simply unacceptable for a dental or medical practice as you may someday require emergency on-site assistance that can’t wait.

Try to come up with a complete list of local potential candidates to interview.

Step 2: Narrow the list based on industry expertise and experience.

Either by examining each candidate’s website or speaking directly with a sales representative, get an idea for what expertise and experience each company has. You want to see that they’ve not only been a fully-functioning IT outsourcing company for at least a few years, but that they also have unique experience in the healthcare industry.

While businesses in other industries may be able to work with IT companies who don’t specialize in any particular industry, healthcare practices should be looking for IT companies who cater specifically to businesses and organizations in the healthcare world. You should also look for IT companies who’ve had consistent clients who have been with them for a considerable amount of time.

Step 3: Narrow the list based on what services each candidate offers.

Nearly all IT outsourcing companies have comprehensive websites where you can see the services they offer. We can’t tell you exactly what services to look for because the needs of your unique practice may vary.

However, some of the services you’ll likely want to have include:

• Backup and recovery services
• Cloud services
• Disaster recovery
• Consulting and project management
• Application hosting
• Telecommunication services
• Email and IM archiving
• Business continuity planning
• Cybersecurity

Step 4: Schedule interviews and prepare a list of interview questions.

Once you have three or four IT company candidates who may be able to adequately handle the outsourcing of your practice’s technology, schedule interviews with each one.

You’ll want to prepare for each of these interviews by making a list of questions to ask. We recommend asking the following questions to each IT outsourcing company you interview:

• What is the scope of the services you offer? Do you work with a range of industries or exclusively with healthcare practices?
• How can you push our practice to stay up-to-date with the latest trends in healthcare technology without causing service interruption or technology that quickly becomes redundant?
• How will you ensure that our patients’ personal sensitive data stays safe from cybercriminals and hackers?
• Who will we be working directly with when we have a question or an issue? Will we be assigned a unique service manager?
• How fast is your response time if we have an emergency?
• What credentials and certifications does your technical staff have?
• Do you offer 24/7 service and assistance?
• Who is your oldest client, and how long have you been working with them?
• How do you plan on helping our practice meet our business goals?
• What levels of service do you offer, and how do you take payments?

It is crucial to take your time when choosing an IT outsourcing company for your practice. By following the steps above, you’ll streamline the selection and interview process and set your practice up for success where your technology management is concerned.

Are your online reviews killing your website traffic? It’s true — many customers won’t click if they see your reviews are less-than-favorable.  

When is the last time you felt strongly enough about a product or service to leave an online review? While some people do it as a matter of course for every restaurant, doctor’s office and retail establishment they visit, most people only take the time to review something when they were either extremely pleased with the service or over-the-top mad about their experience. Unfortunately, this can result in some pretty painful online reviews, but does it really impact the traffic to your website — and ultimately your business revenue? You might be surprised to learn that more than 95% of people aged 18-34 read reviews for local businesses before making a decision and 86% of all consumers do the same. Still think reviews don’t matter?!?

Improving Engagement with Positive Feedback

When customers leave your business, it can be challenging to know if they’re satisfied with their goods and services. It may not be until you read an online review that you find the uber-polite professional who left your office with a smile is now posting to all their friends on social media about the horrid experience that they had. In general, people are not fans of direct conflict and may leave their poor feedback in a very visible and damaging way for your business — through online reviews. Yelp, Google and many other sites provide an easy way to aggregate both positive and negative comments about your business, all of which can be visible from within a Google search of your business. Google adores reviews and according to Moz data, their search algorithm could be impacted by up to 9% by consumer reviews. Google wants to present the most trusted and relevant search results and one of the best ways to do that is to listen to the audience: your consumers.

Offsetting the Damage from Negative Reviews

As you can imagine, if Google takes up nearly 10% of its algorithm to focus on your reviews, a few poor reviews can drop you significantly lower in the all-important search engine results page. Reviews are a vital part of your SEO strategy, and it’s challenging to bounce back from negative reviews in the past. One of the things new customers are looking for is the responsiveness of the business to this type of feedback. If you watch your main review sites carefully and audit for positive and negative reviews, you can offer timely feedback that shows you recognize there are issues and you are taking steps to solve them in the future. This can help turn a negative review into a positive, encouraging new customers to take a chance and click through to your website.

Driving Positive Reviews is a Critical Component in Your Digital Marketing Strategy

Did you know that a Harvard study shows that a one-star increase on Yelp can lead to a 5-9% increase in sales? That’s what you call a direct correlation, and it makes reviews fully relevant and worth working for. Fortunately, those same customers who are ready to spout off about a negative experience are also surprisingly willing to post a positive review — but only if you ask. Up to 68% of consumers will take the time to review your product or service, and all you have to do is ask! Your marketing strategy should include a simple tactic that some of the best businesses in the world use (think Amazon): send a quick followup note via email requesting that customers leave a review on your preferred platform. When you flood the web with positive reviews, your business is more likely to rank higher and receive more high-quality traffic than a competitor who is not focused on improving their online reputation.

The moral of the story is that reputation still matters, even in a world where digital rules the day. In decades past, word of mouth reputation was what needed to be protected and that truly hasn’t changed as we edge into the future. Protecting the online reputation of your business is relatively straightforward and that quick automated email after a sale may be your very best selling tool — and the least expensive marketing tactic that you deploy!