Category: Uncategorized

17 Product Groups Named-Their Production Halted and Update Support Ended After Irrefutable Evidence Uncovered Flaw in Intel Chips.

The information about the Spectre attacks came to light back in January 2018. Intel and other technology firms and vendors were made aware of research findings by Paul Kocher from Spectreattack.com and Jann Horn from Google Project Zero.

Paul’s collaboration team regarding the chip flaw and the notorious Spectre Attacks were:

• Daniel Genkin (the University of Pennsylvania and University of Maryland)
• Mike Hamburg (Rambus)
• Moritz Lipp (Graz University of Technology)
• Yuval Yarom (University of Adelaide and Data61)

The research findings from Paul Kocher’s team and Jann Horn supported what the U.S. Department of Commerce’s agency, NIST (National Institute of Standards and Technology) found. At NIST’s, National Vulnerability Database website is the research published on January 4, 2018.

Take note of these excerpts, the indirect branch prediction and branch prediction in both announcements:

CVE-2017-5715

Current Description: “Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.”

CVE-2017-5753

Current Description: “Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.”

After the findings arrived, on January 3, 2018, Intel responds to Paul and Jann’s security research findings with this disbelieving statement: “Intel believes these exploits do not have the potential to corrupt, modify or delete data.”

With the proof in front of them, Intel believed the research reports were flawed and incorrect. The idea of these acts caused by a “bug”, or a “flaw” was not possible. Their explanation was, “there are many types of computing devices, using different vendor’s operating systems and processors. All are at risk of being exploited.”

But Paul’s team exploited speculative execution and had solid proof.

They experimented on multiple x86 processor architectures. They used the Intel Ivy Bridge (i7-3630QM). The Intel Haswell (i7-4650U). The Intel Skylake (unspecified Xeon on Google Cloud) and finally an AMD Ryzen processor.

In every test, the team observed the Spectre vulnerability across all of these CPUs. Similar results on both 32- and 64-bit modes, and both Linux and Windows. Some ARM processors also support speculative execution, and the initial testing confirmed, ARM processors could not pass the test.

When they attacked using native code, they were able to read the entire victim’s memory address space, including the secrets stored within it, with ease.

When they attacked using Java code, they successfully read data from the address space of the browser process running it, with zero effort.

The research evidence was irrefutable.

Their results showed there was a flaw in Intel chips.

A day later, January 4, 2018, Intel issues updates to protect systems from security exploits. They released this statement: “Intel has developed and is rapidly issuing updates for all types of Intel-based computer systems — including personal computers and servers — that render those systems immune from both exploits (referred to as “Spectre” and “Meltdown”) reported by Google Project Zero.”

Three months later on April 2, 2018, Intel’s Microcode Revision Guidance is released and what’s inside exposed the truth. In this 19-page pdf document, you will find 17 product groups listed, (color-coded in red), productions halted, and update support has ended.

Looking through the guide, you will find the columns listed by Product Names, Public Name, CPUID, Platform ID, Production Status, Pre-Mitigation Production MCU, STOP deploying these MCU revs, and New Production MCU Rev.

The pages with the discontinued products are below:

• Page 4: Bloomfield and Bloomfield Xeon
• Page 7: Clarksfield
• Page 8: Gulftown and Harpertown Xeon CO & EO
• Page 11: Jasper Forest
• Page 12: Penryn/QC
• Page 15: SoFIA 3GR
• Page 16: Wolfdale CO, MO, EO & RO, Wolfdale Xeon CO & EO
• Page 17: Yorkfield & Yorkfield Xeon

When you review the columns, you will see one labeled STOP deploying these MCU revs. Intel’s definition for this column is as follows:

• Intel recommends discontinuing using these select versions of MCU that were previously released with mitigations for Variant 2 (Spectre) due to system stability issues.

Intel also states in their Microcode Revision Guidance Legend:

• “After a comprehensive investigation of the microarchitectures and microcode capabilities for these products, Intel has determined to not release”
• “Microcode updates for these products for one or more reasons including, but not limited to the following:”
• “Micro-architectural characteristics that preclude a practical implementation of features mitigating Variant 2 (CVE-2017-5715)”
• “Limited Commercially Available System Software support.”
• “Based on customer inputs, most of these products are implemented as “closed systems” and therefore are expected to have a lower likelihood of exposure to these vulnerabilities.”

As you can see, Intel’s exhaustive investigation could not discredit Paul, Jann and NIST’s research and proof. Intel decided, due to microarchitectures and microcode capabilities, for the specific products listed, not to move forward and release microcode updates for these products.

If you own a PC, Mac, or Cell phone, a Spectre attack can affect your device. If you use Cloud Services, your provider’s infrastructure may be vulnerable to a Spectre attack and theft of customer’s data. If your device uses any of Intel’s older microprocessors, you may be shopping around for a new machine.

Social media is big business and has the potential to drive millions of visitors to websites, engage directly with customers on a public platform, and solve – or create – problems in real time. What is the future of “social business”?

Twenty years ago, marketing and promotions were simple and straightforward. The majority of efforts were focused on print: newspaper and magazine advertising, The Yellow Pages, direct mail, billboards, and perhaps flyers. Email marketing was in its infancy, and digital marketing wasn’t quite yet an industry – though there are firms that argue this time frame. Metrics were relatively predictable, and results were in the form of sales and revenue.

• Yes, The Yellow Pages telephone directories still offer printed books. Publishers of “phone books”, as they’re often referred to, reduced paper usage by half before 2013, and major efforts are in place to ensure unused or outdated materials are recycled.

This is not the case today! There are so many facets to “digital marketing” that it’s safe to say the industry is constantly evolving. Yes, constantly. The rules change just as often, and the de facto rule-maker is Google. Google has the famous “Google algorithm”, by which all search parameters are defined. If a business or brand doesn’t meet Google’s search preferences, they’ve wasted their time and won’t make the first page of a user’s search results – and when was the last time you clicked past the first page of results in an average Google search?

There are ads within emails and ads on websites, and even “sponsored results” in an Internet search. Consumers have ads coming at them from every angle of the Internet, so why would social media – including the King of Social Media, Facebook – be any different? It’s not. In fact, a Facebook user is valued even more highly than a search user. The Facebook user is already engaged with a website, and it’s one where the content that loads is customized and personalized for each user. Google tries to do this with search results, but there’s only so much Google can do with a string of words and no context. Both Google and Facebook have the user’s history of cookies, but Facebook has the incredibly valuable position of knowing a user’s friends, families, what content a user likes – literally “likes” by clicking the blue-and-white thumbs-up symbol – and what news stories, photos, and content a user clicks on and engages with. In this context, Google’s metric is the click in terms of the value of a visitor, whereas Facebook’s value of a click is a highly-engaged user already on the website and opting to give more of their time and attention. The ultimate competition comes down to the value of a visitor versus the value of a click.

After evolving from a social platform into a platform that can be highly monetized, Facebook turned the digital marketing industry upside down with the newly-invented notion of advertising right in front of Facebook users. Any organization or brand that has ever paid for advertising on Facebook is used to Facebook changing things up by now – after all, Facebook changes their approach on a regular basis. After seizing the lead and maintaining this very profitable position for years – and years – the brain trust recently announced a bold decision to simplify their overall approach – after long being the primary innovator in social media and marketing and carving the path which others follow today.

Facebook Advertisers Are Users, Too

Facebook users fondly recall a time when privacy settings at the user level resembled a “stealth” mode when users had the ability to set their account information, including their names and other details, as completely private and would not show in other Facebook user searches. The added bonus was the implied guarantee that photos, posts, and other user content had this same level of protection. Sometime around 2009, Facebook implemented a pretty major privacy settings overhaul and many users who long enjoyed stealth status were suddenly thrust into the spotlight – and was no longer “invisible”. In all fairness, Facebook gave plenty of advance notice this change was coming. Their public reason was that Facebook is a social media platform, not a private website where a user could have total control – and this is a fair position. Facebook is a free website for users, but it’s not a nonprofit organization. Ever evolving, their approach has tweaked and allowed users to choose various privacy settings for posts, images, etc., which are highly customizable if the user chooses to take the time.

In 2017, Facebook recognized a growing dissatisfaction from its users and tried to pinpoint the cause. After much speculation, Facebook realized the greatest impact to the user experience is the allowance of brands to intermingle with users in their feeds, detracting from the social purpose of the channel. Thus, more major changes were in store. Facebook announced a desire to go “back to basics” and return the focus of a user’s feed to posts shared by friends and family members and make it harder for brands to get their content seen (unless advertisers were willing to pay). The result was that post reach – the number of people that see a post in their feed – plummeted. The plan was for average Facebook users to see fewer news stories, cat videos, political posts, or branded content, but rather see more photos shared by friends of birthday parties, graduations, and other significant events entirely unrelated to corporate messaging.

Privacy, Redefined

The change to the Facebook feed was a welcome change to users and required a major adjustment to social media marketing efforts for companies. Details of how the changes rolled out and the reasons for these changes trickled into news stories until major news broke that Facebook sold private user information on more than 87 million Facebook accounts to an organization involved in the political arena in 2016. Users worldwide felt violated that a trusted entity would share such private details – a harsh reminder that Facebook is a for-profit entity and users need to read the “fine print” and not just agree to Terms and Conditions without reading. Your digital life is not your own when using a website owned by someone other than yourself.

So, what can Facebook users do to protect themselves? Without deleting your Facebook account, it’s wise to do a once-over on user privacy settings every few months to verify what might have changed and safeguard your information.

• Check your privacy settings
• Facebook offers a variety of user settings allowing for a spectrum of privacy, though most remain a mystery to users. Under “Settings”, click “Privacy” and control how visible information like posts, account information like phone numbers and email addresses, and friend requests and more are.
• Keep friends close
• Friends’ activity can impact others. If a user allows tagging in a friend’s activity, this is then affected by their privacy settings and is subject to sharing or visibility by others.
• Beware third-party apps
• At first, it seemed benign to click “accept” when a third-party app or quiz intrigued a user enough to click content, with the innocent warning that the app would thus be granted access to a user’s profile and list of friends. That list of friends became an incredibly valuable commodity in an environment where privacy settings were controlled by a user – a tricky little workaround.
• Users can adjust these settings quickly and easily but often didn’t go back to limit access.
• Review security alerts
• Users can opt for security alerts when Facebook detects a new login from a different device or browser. Two-factor authentication is also an option. To enable, access the same “Settings” menu, and click “Security and Login” from the left navigation and choose “Setting Up Extra Security”.

Security considerations impact all Facebook users, regardless if a user is also an advertiser. Before abandoning Facebook entirely, employ additional efforts to protect user data and your privacy. This type of “social security” has nothing to do with the government-issued card Americans carry, and a few additional steps will help secure user information and improve the Facebook user experience.

From humble beginnings in a garage as the brainchild of two men to an asset valuation of nearly $250 billion in 2018, Microsoft is no stranger to breaking records.

Do you think Paul Allen and Bill Gates knew what lie ahead in 1975? Nope. Couldn’t have.

In those days, developing a BASIC interpreter for the Altair 8800 seemed impossible – because no one else had done it, including Allen and Gates, yet they promised the finished product and were able to deliver in two months. Between 1975 and now, the Microsoft Windows product is a professional mainstay and continues to dominate the desktop computing market. Add to this their Microsoft Surface product line-up, and between the desktop or laptop PC or the operating system it’s running, Microsoft is The Man. And we didn’t even get to the Microsoft Office line-up yet.

Between Microsoft Office, for which organizations purchased physical software plus per-seat licenses for users roughly a decade ago, and today’s Office 365, accessible online from anywhere, Microsoft caters to the modern professional. The Office Suite has expanded in recent years, beyond Word, Excel, and PowerPoint, to include a variety of productivity apps, including OneNote, Microsoft Teams – formerly Skype for Business – for a collaborative platform, and Outlook. All Microsoft applications offer seamless integration with other Microsoft apps, as well as a variety of external apps to blend the user experience with the goal of simplifying processes to increase efficiency and productivity – therefore, revenue.

Whether it’s standalone apps or the subscription-based Office 365, Microsoft products are the staples at every professional workplace in first-world countries today. Microsoft’s SharePoint and OneDrive, and their super-seamless integration with a multitude of productivity apps, simplify communication and connectivity in the professional world. From creating documents and spreadsheets to storing and sharing with colleagues, Microsoft has you covered.

Microsoft doesn’t like to just do something first – the team behind Microsoft Teams wants to do something first and best. Case in point, Microsoft is the first global cloud provider to receive the Certification for Protected data in Australia – a great achievement. The underlying significance of this is all levels of government and critical national infrastructure in Australia will be able to accelerate and increase use of secure cloud computing and storage. By comparison, Amazon began expanding its Amazon Web Services cloud-based storage solutions in the same area in 2012, but Microsoft is still first to be awarded this certification.

Remember when we mentioned subscription-based Office 365? Microsoft Azure and Office 365 are also getting accolades: both can now boast of Protected Certification by the Australian Signals Directorate (ASD), as well as inclusion in the Certified Cloud Services List (CCSL). Microsoft has been working in direct partnership with the Australian government toward this major milestone for a few years, and this achievement grants the opportunity for immense digital transformation in the public sector in both New Zealand and Australia.

Both Certification statuses are timed well with Microsoft’s announcement on the availability of Azure Australia Central. Two new highly-secure Microsoft Azure cloud regions are located in Australia-owned facilities, designed to facilitate mission-critical operations and demands for critical elements of national infrastructure. The Australian government has established clear intentions with these Certifications and announcements, to expand the adoption of cloud solutions. The public display of confidence in Azure and Office 365 offers a high level of assurance in both Microsoft and cloud optimization.

Australia released a formal strategy recently to demonstrate the cloud’s economical digital storage solutions, offering an ideal opportunity to shift reliance to a faster and reusable environment. Cloud-based storage solutions are free from limitations and constraints imposed by on-site options, with the added bonus of being customizable and convenient.

Microsoft invested in Australia with these data centers, and demonstrate a commitment to the public sector as well as the high degree of trust other organizations can have in Microsoft as a cloud service provider.

The cloud is nothing new, and the appetite for cloud-based solutions is growing in every corner of the globe. Microsoft isn’t the only global cloud solution provider, but this move signals a level of trust that few other brands can boast – or deliver upon. Every day, news of “the cloud” reaches journalistic outposts – Time, CNN, MSNBC, you get the idea. Dozens of entities have filled the channel, claiming to offer the same level of service and security that industry leaders, like Microsoft, can – but, in reality, few do. Why? It’s likely a combination of factors: expertise, financial fortitude and flexibility, all upon which a solid reputation is built.

• Key players in the Infrastructure as a Service (IaaS) industry deliver infrastructure services on an outsourced basis to enterprise operations, providing hardware and storage solutions, servers and data center space These components each feature the benefits Australia focused on in their selection of Microsoft as their IaaS provider: security, scalability, reliability, economy, and expertise.

Is security the most critical component of the cloud? Many would argue that each benefit is nearly equal, but security and reliability are the two with the greatest impact and should, therefore, have the greatest focus when choosing a cloud solutions service provider. It’s easy to see why Australia went with the industry giant.

What’s next? Will other national governments follow Australia’s lead? Cloud is clearly the direction to take for trusted resources in data storage, with Microsoft being the lead innovator. Cloud is highly scalable, flexible, and reliable, and the future of data storage!

10 Steps Healthcare Facilities Should Take to Ensure the Security of ePHI When Employees Use Smartphones

It’s estimated that 74 percent of hospital workers use tablets or other mobile devices to collect and share information about patients.¹ And although smartphones and other mobile devices can provide many benefits in the healthcare setting, using them also presents a number of risks.

Unless they are used safely, electronic Protected Health Information (ePHI) can be exposed, and malware and viruses can enter a facility’s IT network. Without adequate safeguards in place, this can lead to costly HIPAA violations.

Hospitals, medical clinics and healthcare entities must comply with HIPAA Privacy and Security Rules to protect and secure patients’ information, even when using mobile devices like a smartphone.

Banning smartphones isn’t the answer. When a patient is in pain, every minute counts. If there isn’t an order for pain medication in the patient’s record, a nurse must consult with their physician. In this instance, using a mobile phone can speed up the process. However, this, and other smartphone communications must be handled in a secure manner to protect the healthcare facility’s IT systems, and safeguard patient privacy.

Smartphone Data Breaches and HIPAA/HITECH

CIOs and technology professionals in healthcare facilities are concerned that the increase in smartphone usage increases the chances of security breaches where ePHI is revealed. The HIPAA Privacy Rule mandates that covered entities “reasonably safeguard” PHI from any intentional or unintentional use or disclosure that is in violation of the rule’s standards. It also outlines provisions for ensuring the confidentiality, integrity, and availability of PHI that is transferred or held in electronic form.

Covered entities include not only healthcare facilities but individual providers.

The HIPAA Security Rule outlines provisions for ensuring the confidentiality, integrity, and availability of PHI that is transferred or held in electronic form.

HIPAA concerns include:

• Theft or loss of a smartphone that has PHI on it.
• Staff or volunteers taking and distributing unauthorized photos.
• Staff revealing PHI on social network pages—for example, by posting text or photos that could be classified as individually identifiable health information.
• Unauthorized individuals accessing the healthcare facility’s systems.
• Staff or physicians forwarding an unencrypted email that contains PHI from their organizational account to a personal account that does not have reasonable safeguards to protect PHI.

Data breaches involving patient information can lead to costly fines and settlements–and even criminal penalties. And the health information privacy laws and regulations in some states are even more extensive than federal HIPAA regulations.

Under the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009, breaches of unsecured PHI must be reported to the affected individual, to the U.S. Secretary of Health and Human Services, and in certain cases, to the media. Both HIPAA and HITECH emphasize the importance of privacy and security with the use of ePHI when using smartphones and mobile devices.

Improper Smartphone Use Can Spread Viruses and Malware.

“Security of Mobile Computing Devices in the Healthcare Environment,” (by the HIMSS Mobile Security Work Group) warned that “as the popularity of mobile computing devices increases, so too does the possibility that someone will create malware that is intended to impact its use or compromise patient data.”

When used in a healthcare (or any) environment, smartphones should be routinely updated with the latest antivirus software and malware protection. This is not always an easy task and should be handled by a certified, IT expert (Managed Service Provider).

And because caregivers and providers are the first lines of defense, they must undergo Security Awareness Training to be educated about unsafe practices, such as opening suspicious attachments or clicking on questionable links.

Without a clear understanding regarding safety when using smartphones, and the potential negative effects (security breaches), users may ignore a healthcare facility’s security policies. This emphasizes the need for user education about the risks and consequences of not following security policies.

10 Steps Healthcare Facilities Should Take to Ensure Data Security When Employees Use Smartphones:

1. Devise and implement policies to control who can view and access smartphone data.
2. Assess the content of email messages and file attachments to automatically identify ePHI.
3. Make sure caregivers use two-factor authentication and digitally signed documents so only authorized users can access and transfer ePHI.
4. Disable SMS (Short Message Service) preview on smartphones. This prevents others from viewing text messages without authority.
5. Disable speech recognition features like Siri, Cortana or other personal assistants. If not, unauthorized users can gain access to software on smartphones.
6. Use strong passwords that are hard to guess. They should contain at least six characters with a combination of both upper and lower-case letters, with at least one number and one keyboard character.
7. Change passwords often and at least quarterly.
8. Set smartphones for automatic logoff. If the phone is lost or stolen the culprit would need the password to open it.
9. Set smartphones to limit the number of unsuccessful login attempts.
10. If a violation is detected:

• Stop and quarantine the interaction.
• Remove the attachment from the email.
• Return a message to the original sender.
• Notify a manager.
• Retract the information.
• Re-route and encrypt* the email for secure delivery.

*There are a number of ways to encrypt data in transit. Two include using a virtual private network (VPN) or a secure browser connection. The National Institute of Standards and Technology (NIST) has several Special Publications regarding encryption processes for data in motion, including SP 800-52 [PDF – 3.2 MB] and SP 800-77 [PDF – 255 KB]. SP 800-52 has information about transport layer security (TLS). (Contact your IT Managed Service Provider for more information.)

Mobile Device Management

Some mobile devices have a remote disabling and wiping feature built in. Remote wiping is a security feature that enables you to remotely erase the data on your smartphone if it’s lost or stolen. When you enable it, you have the ability to permanently delete data stored on your phone.

When using smartphones in a healthcare setting, it’s imperative that your IT Provider implements and deploys a professional Mobile Device Management (MDM) Solution.

A Professional MDM Solution Protects ePHI with:

• The ability to locate, lock and wipe ePHI from a stolen or lost smartphone or mobile device.
• Continuous remote monitoring and management of all authorized mobile devices.
• Secure passcode implementation and enforced encryption.

As you can see, using smartphones always presents a number of risks, especially in a healthcare environment. And, unless you adequately safeguard patient data stored or in transit, unauthorized access to the healthcare facility’s systems could occur leading to ePHI breaches and HIPAA/HITECH violations. Executives and administrators should take necessary steps to prevent this by working with IT professionals who are certified in the latest security solutions.

Dementia and Alzheimer’s are scary for both patients and caregivers. Right now, there is no cure. Scientists are trying to find ways of prolonging patient’s lives and delaying the onset of the disease. IT Technicians are finding ways to make lives better and caring for patients easier. Some remarkable work is doing things for these individuals that has never been seen or done before.

First, A Word About The Disease

According to Alzheimer’s International, nearly 44 million people worldwide have Alzheimer’s or related dementia. More than 5 million American’s are living with it, and Between 2017 and 2025 every state is expected to see at least a 14% rise in the prevalence of Alzheimer’s. Those statistics are startling, especially since Alzheimer’s disease is irreversible.

Accounting for around 70 perfect of dementia cases, Alzheimer’s Disease is the most common cause of dementia, a group of brain disorders that results in the loss of intellectual and social skills. These changes are severe enough to interfere with day-to-day life. It progressively destroys the brain and ruins memory and thinking skills, and eventually the ability to carry out the simplest tasks.

A Few Other Statistics

• In 2017, Alzheimer’s cost the United States $259 billion.
• By 2050, costs associated with dementia could be as much as $1.1 trillion.
• The global cost of Alzheimer’s and dementia is estimated to be $605 billion.
• Alzheimer’s is the 6th leading cause of death in the United States.
• Between 2017 and 2025 every state is expected to see at least a 14% rise in the prevalence of Alzheimer’s.
• By 2050, it’s estimated there will be as many as 16 million Americans living with Alzheimer’s.
• Every 66 seconds someone in the United States develops Alzheimer’s.
• 1 in 3 seniors dies with some form of dementia.

Technology at its Finest

Because of these sad stats and high numbers, IT experts have come up with some amazing devices that use modern technology to aid in the care of people suffering from memory problems. Here’s a look at a few of the latest innovations.

Clocks

Clocks precisely intended for those with Alzheimer’s and dementia can help ease the stress associated with day to day life. Someone who has dementia may confuse night and day so an easy to read clock can help them to better tell the time.

Medication Management

Medication management technology created high tech automated pill dispensers which beep and open to remind caregivers and those with dementia to take their medicine. Vibrating alarms on a watch have also been fashioned to remind when it’s time for a pill. This technology serves the busy caregiver well by helping them not to forget medication time as well.

Video Monitoring

Video monitoring technology supports both care recipient and caregiver, by allowing both people more freedom. The patient doesn’t feel watched constantly because loved one can spend a little time away, and loved ones get the comfort of being able to see their family even when they’re not in the same house.

GPS Location and Tracking Devices

People with Alzheimer’s or dementia may wander. Tracking devices can be worn by the person in some way and have alert systems that let a caregiver know if their loved one has left a certain area. This type of technology can also alert emergency personnel to aid in a quick recovery.

Picture Phones

Picture phones are specifically designed for people who cannot remember phone numbers. These phones have large numbers and are pre-programmable with frequently called phone numbers. Some of the phones come with clear buttons where photos can be placed so that the person can just push the button associated with the photos to call their loved one quickly.

Electrical Use Monitoring

This device monitors a patient’s use of electrical appliances. It plugs into a wall outlet or power strip and will alert caregivers if their commonly used appliances have not been turned on or off.

Wearable Cameras

Wearable cameras and augmented reality glasses could be the next big thing in helping patients. These devices can take hundreds of pictures every day from the user’s point of view logging their lives in this way.

A Village of Care

In Kitchener, Ontario, something wonderful is happening. Facilities have been designed to be less institutional-looking, friendlier and homier. “Schlegel Villages” is one of the first of its kind and is improving the quality of life for the people that live there.

One problem they deal with though is when at-risk seniors become confused and attempt to leave. According to Schlegel’s IT director, Chris Carde, “Some seniors with certain types of mental illness can remember the door-lock code to get out but can’t remember anything else. A confused senior wandering out into a southern Ontario winter can be a serious, even fatal, incident”.

Schlegel Villages is also implementing an e-health system to replace paper charts at its care facilities. Carde states, “Nurses would have to write down a patient’s vital signs, then enter them into a desktop computer some distance away. The new system, which will use iPads and iPad minis to enter health information directly into the database, is being greeted warmly by clinicians”.

Thinking Outside of the Box

A German senior center applied the idea of using fake bus stops to keep Alzheimer’s disease patients from wandering off. Because their short-term memory is not intact, but their long-term memory works fine, they know what the bus stop sign means, and they stop. It is a huge success in Germany, now they want to bring it to several clinics in North America.

A Final Word

Thanks to these researchers and IT innovators, the future is much brighter for patients with memory diseases and their families and care providers. This is just the beginning when it comes to making life easier. Information Technology has only just begun to scratch the surface of what can be done to help in the fight against dementia and Alzheimer’s.

Believe it or not, your medical record has the potential to be sold for thousands of dollars. And due to the digitization of health records, it’s now more prone to theft.

As more patient health records have gone digital over the years, they’ve become vulnerable to hackers—and far more valuable than credit-card data or other forms of confidential data.

Why? Because they contain insurance information that poachers can use for fraudulent billing and illegal prescriptions. These thieves can falsify insurance claims and collect checks and obtain hundreds of thousands of dollars in free care on someone else’s insurance.

The healthcare industry wasn’t prepared for this, and they are trying to play catch up to secure protected health information (PHI):

“The U.S. has a huge shortage of highly qualified cybersecurity people across all industries,” says Rod Piechowski, a senior director at the Healthcare Information & Management Systems Society, or HIMSS, a Chicago-based nonprofit with more than 50,000 members. “Being late to the game, health care just can’t compete.”

Health IT professionals, although they are in great demand, haven’t been able to play a major role in employer’s’ software procurement decisions. This is unlike banking and the financial industry where their option is regularly solicited before a major IT system is implemented. And until recently cybersecurity wasn’t prioritized in healthcare the way it has been in financial services. The result is that IT professionals had no influence when it came to software security standards for medical care, and now they’re having to oversee systems that are difficult to safeguard.

If your PHI is breached, hackers have the information they need to blackmail you for the rest of your life. That’s because your EHR contains information like conditions you suffer from such as depression, anxiety or other psychological conditions, sexually transmitted diseases, or heart conditions. If released to the public, these might be an embarrassment to you or even keep you from obtaining a particular position.

How Bad Is It?

EHRs (electronic health records) are being used by over 96 percent of critical-care facilities, and 83 percent of all hospitals. While the digitization of health records enables easy access to patients’ information, if not properly safeguarded they’re also available to hackers. This poses a real threat to patient privacy.

In the year 2016, there were 450 data breaches where 27 million EHRs were affected. Of these, 120 came from the outside, while 200 (more than 65%) came from the inside.

In 2017, there were 477 healthcare breaches reported to the U.S. Department of Health and Human Services (HHS) or the media, which affected a total of 5.579 million patient records.

With major hospitals and healthcare organizations paying higher fines for lost patient data, the challenges of maintaining EHR security remains a huge concern. And because of this, the benefits of using them must be weighed against the risks of theft and misuse.

Presence Health in Chicago was fined USD475,000 by the U.S. Health and Human Services (HHS) because they didn’t report a 2013 breach in a timely manner. Advocate Health Care had to pay HHS a whopping USD5.5 million for a breach of patient privacy–the most ever by a single entity.

Compounding the issue, now physicians who are frustrated with the bogged down systems try to design their own workarounds to speed up processing of healthcare data. These ad hoc “shadow IT” systems are insecure and rely on unencrypted data and personal emails. It’s only a matter of time before a sophisticated hacker breaks in to steal their data.

How do hackers obtain medical records?

One of the ways they do this is through spoofing where the facility is fooled into thinking that the person accessing the information is legitimate. Plus, Microsoft researchers warn that many types of databases used for electronic medical records are vulnerable to leaking information despite the use of encryption.

Hospitals and healthcare organization use methods like data encryption and the scrambling of PHI (de-identification) to disguise data so hackers can’t read it.  However, the hackers simply steal the data and replace the encryption keys with their own to demand ransoms to unlock the data. This is called ransomware, and it’s very effective against healthcare facilities and hospitals that need ready access to patient data for their everyday operations.

Who are these hackers?

They’re not who you think they are. When we think of hackers, in our mind’s eye they are guys in hoodies working on computers in their parents’ basements. What’s hard to believe is that most attacks and data breaches don’t come from external hackers, but from the inside of an organization, where doctors, nurses or accounting personnel are negligent, abuse the system as disgruntled employees, or steal patient data for financial gain. In 2017, employee error affected 785,281 patient records and insider-wrongdoing affected 893,978.

One Promising Solution

Robert Lord, a former analytics systems designer, joined forces with Nick Culbertson, a former Special Forces operator when they were students at the John Hopkins University of Medicine. They created an Artificial Intelligence (AI) system to combat hacking of EHRs. They co-founded a cybersecurity company Protenus, to help the healthcare industry use artificial intelligence to prevent the theft of Protected Health Information and Electronic Health Records.

Lord explains:

“Your EHR contains all of your demographic information–names, historical information of where you live, where you worked, the names and ages of your relatives, financial information like credit cards and bank numbers…The medical record is the most comprehensive record about the identity of a person that exists today. We recognize that EHRs are living documents, so we’ve built an AI that is able to monitor how individuals interact with the EHR and associated systems, building a unique profile of every workforce member’s clinical and administrative workflow.”

The folks at Protenus are working on a solution that can tell the difference between routine access to EHRs or possible illegal attempts to retrieve this data. They do this by detecting unusual patterns and anomalies using AI that are then escalated to security officers. Over time, the solutions get “smarter” and learn exponentially as the customer base grows.

We’re Behind the 8 Ball When It Comes to Protecting EHRs.

Health care has lagged far behind banking and other industries when it comes to implementing security protocols. Until EHR records were mandated by Obamacare, many healthcare providers still used paper, faxes and handwritten charts. And once EHRs were finally implemented, the hackers were already a step ahead, and the medical industry is still scrambling to find ways to protect them.

Cybersecurity experts tell us that the seriousness of this can’t be overstated. The frequency of threats has taken off in the past 10 years as EHR data is increasingly networked between healthcare entities. And as we continue to struggle to secure our EHRs, increasingly savvy thieves are finding more ways to steal them.

An efficient and secure running IT system is essential for any organization, and especially so for today’s law practices. Your work relies on secure and ready access to your data when you’re in the office, courtroom or when on the road. You need the ability to interface your Line of Business applications with other IT solutions you and your staff depend on each day. In order to remain competitive, you must use the most advanced legal technology solutions available and use them to your best advantage. And, any form of downtime is totally unacceptable because can cost you your clients. For all this, you need a Technology Solutions Provider who can build an IT infrastructure from the ground up to meet your high-security, high-availability, high-efficiency requirements.

The Seven IT Headaches All Lawyers Face Today (And Their Remedies)

Technology challenges can lead to significant IT headaches, especially for small and medium-sized firms that manage their own infrastructure. They often “tag” the one employee who knows the most about technology. But today, it’s impossible for a non-professional to provide the 24/7 IT support, expertise and defense-in-depth protection required today.

Even law firms with a professional IT employee struggle with their changing and increasing technology demands and the need for 24/7 IT remote management. IT headaches in the legal industry vary. But the common factor is that they are pervasive and never-ending unless they are prevented by qualified Legal IT experts.

Headache #1 – Cybersecurity

Client confidentiality is a priority for every law firm. And without the proper IT management, your data can be at great risk.

Many lawyers aren’t aware that their critical data is at risk. The chance that data is breached has increased as attorneys, and their employees use mobile devices and email outside the office. They don’t realize that at a moment’s notice their IT system could be hacked, and confidential information stolen.

Cybercriminals have discovered new, creative ways to steal data. Hackers are increasingly targeting law firms to steal clients’ confidential data. Additionally, unethical competitors engage in illegal eDiscovery to harm a competing law firm, or to win a lawsuit.

Many say, “This only happens to larger legal organizations, not small ones like mine, right? Wrong–Small and mid-sized law firms are a more attractive target for hackers because they typically don’t have the right security solutions in place, nor do they train their employees to recognize phishing and ransomware threats like their larger counterparts do.

Building a cybersecurity infrastructure today can be a daunting task with all the attack vectors in play. The most important challenge comes from the requirement to protect clients’ private information. Client confidentiality is at the top of every attorney’s mind, and without the right IT management, this confidentiality can be breached. Cybersecurity should be the primary concern for litigation attorneys who handle confidential electronically stored information.

“To maintain the required level of competence, a lawyer should develop and maintain a facility with technology relevant to the nature and area of the lawyer’s practice and responsibilities. A lawyer should understand the benefits and risks associated with relevant technology, recognizing the lawyer’s duty to protect confidential information.”

Law firms must prevent:

• Unauthorized access to both their wired and wireless networks.
• Malware from corrupting their network.
• Their employees from clicking on malicious links or unknowingly revealing confidential information to a hacker.
• The disclosure of electronically transmitted communications.
• Data loss from both manmade attempts or natural disasters.

Law firms must ensure:

• Data is encrypted and safeguarded.
• Compliance with legal, regulatory and confidentiality requirements when using technology.
• Files are properly backed up both onsite and offsite, and that they are easily recoverable.
• A secure email-archiving and retention strategy for both data at rest and in transit.
• Cybersecurity is confirmed with regular Vulnerability and Risk Assessments.

The situation demands a defense-in-depth security plan that employs multiple security measures to protect confidential data. Defense-in-depth security was originally conceived by the NSA to provide a comprehensive approach for cybersecurity.

By using multiple layers of automated and remote security solutions, where the outer layers provide a first line of defense, and deeper more concentrated layers stop anything that gets through, lawyers can stop worrying about cyber threats and concentrate on their work at hand. And, as each law firm is unique, this protection requires an IT professional with the knowledge and expertise to find the right combination of security techniques and solutions.

The Remedy: The answer is to rely on a Technology Solutions Provider who will avert security risks and compliance issues that can cost you in legal liabilities, regulatory penalties, and your good reputation.

Headache #2 – Downtime

Every hour lost to downtime means lost billable hours. Time is money when it comes to law practices. Downtime due to power failures, ransomware, natural disasters and more mean your firm is paralyzed and unable to operate.

The increasing digitization of information over the last 20 years has increased productivity for law firms. When IT runs as it should, it helps you save time, and work more efficiently. However, this also means that when it doesn’t, and you’re faced with downtime that your clients, who are used to your efficiency, don’t understand and become angered when their cases come to a standstill.

This causes headaches for you, your employees and your clients. It’s critical that you recover as quickly as possible. When your IT goes down, even for a few hours during a workday, you lose billable hours, lose the ability to send and receive emails, and risk damaging your firm’s reputation.

It doesn’t matter how long downtime persists. It’s unacceptable in any case because it’s preventable. You can mitigate the risk of downtime by having the right technology in place.

The Remedy: Preventive IT measures are key to protecting your confidential data. With the right enterprise cloud backup and recovery system, and the services and support from a Technology Solutions Provider, your firm will benefit from complete system monitoring, secured servers, safeguarded data and upwards of a 99% guaranteed uptime.

Headache #3 – Inefficient IT Performance

In today’s digital world, a slow-performing IT system is like a wound that can drain the life’s blood out of your law firm. You can’t afford to wait this out and hope that things will improve. Time is money, and inefficient IT solutions are not only frustrating, but they can also impede your ability to meet your clients’ demands.

Increased IT performance is one of the biggest benefits of outsourcing your IT service and support. Often, an in-house technical staff creates new problems by overcomplicating basic configurations, because they lack the skill and experience required.

The Remedy: A Technology Solutions Provider offers a higher level of expertise and establishes a highly performing IT system to keep your law firm up and running.

Plus:

• You’ll save money. Unlike with in-house staff, you won’t have to provide benefits like healthcare coverage, sick and vacation days and workman’s compensation.
• You’ll have 24/7 Live Help Desk Support, to ensure your issues are resolved quickly, and your IT systems stay up and running at all times.
• You’ll save time with the resources to start new IT solutions quickly as opposed to waiting for in-house techs who will need to be trained.

Headache #4 – Poor Integration of Line of Business Solutions

You need your Line of Business (LOB) applications to complete your responsibilities each day for Practice Management, Document Management, Time & Billing, and Legal Document Generation.

Applications like:

• PCLaw
• Prolaw
• Juris
• Clio
• Timeslips
• Amicus
• Abacus
• Tabs3 / Practice Master
• Timeslips
• ProDocs

You also need these applications to integrate with popular software programs like Microsoft Office. And when they don’t run as expected, this can cause major headaches.

The Remedy: This requires assistance from a Technology Solution Provider with expertise in legal IT programs.

Headache # 5 How to Maintain Client Confidentiality While Using the Cloud.

Attorneys are using the Cloud in their law practices. However, this can present significant challenges when it comes to their ethical and legal obligations to maintain client confidentiality.

Your law firm can benefit immensely from cloud computing services. However, it’s important to fulfill all of your legal and ethical duties to your clients.

As an attorney, you are subject to ethical rules that make it difficult to use certain types of cloud services. But how do you know what ethical rules apply to your law firm when it comes to using the Cloud? Plus, these ethical rules vary from one jurisdiction to another. If you have firms in multiple locations, how do you manage this?

The more questions you have about cloud solutions, the greater the potential for more headaches:

Confidentiality & Integrity?

Does cloud computing threaten the confidentiality or integrity of your data? Most ethical rules contain a duty of confidentiality and competence.

Third Party Providers?

If you’re assigning responsibilities to the third-party cloud provider, you must make a reasonable effort to ensure that their conduct is compatible with your legal and ethical obligations. Most ethical rules maintain that you must supervise third parties.

Communicating with Clients about Cloud Services?

Must you ask each of your clients if you can store their data in a third party’s cloud? Most ethical rules contain a duty to seek consent for decisions regarding clients’ data.

Safeguarding of Data?

How do you know that your cloud provider can ensure the proper safeguarding of your clients’ files and documents? Are you liable if they don’t? After all, it’s your responsibility to safeguard your clients’ property.

But, cloud computing provides many benefits for the small law practice. You don’t want to miss out on these:

Low Cost

Most enterprise cloud-based services can be obtained at a very reasonable cost. Law firms typically find that it’s less expensive to use these services than running and maintaining their own servers. With cloud computing, you don’t have to pay for your additional servers and hardware.

Less Maintenance

Enterprise cloud services often include maintenance in their offerings. As an attorney, your workday is too busy to worry about updating programs and patching software. The right cloud provider will automatically install all updates for you.

Greater Accessibility

With cloud computing, you and your authorized employees can access your data from any computer, in any location where you have internet access. If you need to work long hours outside the office, you can still access the IT resources you need remotely.

More Flexibility

Cloud computing services are often sold on a subscription and month-to-month basis. They are based on the number of users who access the solution. If your workload increases, you can up the number of subscriptions. If it declines, you can reduce them. on demand.

Security

Most cloud providers employ sophisticated security measures, so you don’t need to worry about client confidentiality. Also, their staff is trained and experienced in the implementation of security measures that align with current security risks.

Cloud computing offers many benefits for your law firm. Don’t let the potential risks stop you from experiencing those benefits. But you must mitigate your risks.

Review the ethical rules that apply to your jurisdiction and determine what type of cloud services would be best for your law firm.

• Make sure you’re clear about the particular service you’re planning to purchase.
• Where are the servers located?
• How will the servers be used to process your data?
• Make sure the service is reliable and secure.

If you’re ready to purchase cloud computing services be sure to review the proposed contract carefully.

Pay attention to the disclaimers of liability, intellectual property, confidentiality, and security provisions. Also, does the service provider have a robust disaster recovery plan in place? It’s critical to ensure that the cloud service provides alternative access to data in the event of a service outage.

The top two important risks to consider include:

Security Breaches

Does the cloud provider protect your data from unauthorized access or modification? Make sure you’re informed about any security breaches that affect your data. Discuss compensation in case a security breach is caused by the cloud provider.

Data Ownership

Read the contract and look for clauses that might give the cloud provider ownership of data stored in the Cloud. Make sure the contract acknowledges that your data is owned by your law firm.

The Cloud provider may offer recommendations for security measures. Your staff must understand these security measures and sign a written agreement to comply with them, such as the prohibition of shared passwords.

The Remedy: Ask Technology Solutions Provider to address these concerns and help you choose the right cloud solutions for your law firm.  

Law firms that want to compete in today’s technology-driven environment must depend on reliable, up-to-date hardware and software solutions. But, with the complexities and rapid changes in IT today, they’re realizing the need to also outsource IT services to experts like Technology Solution Providers, so they can focus on their core competencies, and benefit from increased security, innovation, cost savings, efficiency, and productivity.

Headache # 6– How to Keep Up with Ever-Changing Legal Technology Solutions

The digitization of legal documents and the use of use of electronic word processing, databases, and research software has gone mainstream today. Most law practices now manage case files by electronic means and rely on software programs to search, edit, track, archive and distribute documents.

From legal technology in the courtroom, in corporate environments, for paralegals, for electronic discovery, to BYOD solutions, and even for Artificial Intelligence, all of these enable you and your employees to do your job more efficiently.

But these technologies are ever-changing and evolving. How are you supposed to know which ones to use, which will provide the most benefits, and how to find the time to train your employees to use them properly and securely? How can you keep up?

The Remedy: Choose a Technology Solutions Provider who is adept at keeping up with today’s legal technology solutions and can help you select which are best for your unique requirements.

Technology helps today’s lawyer carry out essential tasks, exercise professional judgment, engage with and represent clients, provide advice and settle key commercial dealings. Those who view technology as an opportunity—rather than a threat—will prosper, and more easily reap the rewards from their efforts. Those who don’t will fall behind the competition.

Headache # 7– Lack of IT Talent

Even if you wanted to hire a full-time IT staff, the talent pool is quickly shrinking if you run a small practice. Even your larger competitors are having difficulty finding the IT talent they need to compete.

Most techs in the workplace lack the breadth and depth of knowledge and experience to stay up to date on today’s ever-changing technology resources. Plus, your law firm has very specific requirements when it comes to IT.

You need the expertise of an IT professional who understands your needs, work processes, regulations, the applications you use, and your unique technology challenges. One who knows the complexities you face and can help you improve the way you use technology by:

• Automating routine legal transactions,
• Assuring you can share and store documents securely,
• Optimizing your work processes,
• Deploying mobility solutions that keep data secure, and
• Helping you capitalize on tools like electronic data discovery.

The Remedy: The only way to get this kind of IT talent is with a Service Level Agreement from a Technology Solutions Provider who specializes in Legal IT Services.

In Conclusion

Today’s law firms are moving to a Managed Services Model where their Technology Solutions Providers have the expertise and credentials to provide the proactive support they require to keep their IT systems secure and running at peak performance. When they do, they no longer suffer from the IT headaches that can put them at a competitive disadvantage.

Technology Solution Providers are helping law firms use technology efficiently and safely. The result? – Increased value from your technology assets, and no IT headaches for both you and your clients.

Orbitz has disclosed that a recent data breach could have exposed extensive information of up to 880,000 of their customers.

It’s so often these days that hacks hit big-name companies that consumers are becoming numb to it. The latest to get hacked? Orbitz.

The travel booking company recently announced that they may have been hacked, possibly compromising the personal information of approximately 880,000 users. The breach could have included their date of birth, gender, and credit card info, exposing those using the platform between January and June of 2016, and October and December of 2017.

“We determined on March 1, 2018, that there was evidence suggesting that an attacker may have accessed personal information stored on this consumer and business partner platform,” said Orbitz in a statement. “We took immediate steps to investigate the incident and enhance security and monitoring of the affected platform. To date, we do not have direct evidence that this personal information was actually taken from the platform. We deeply regret the incident, and we are committed to doing everything we can to maintain the trust of our customers and partners.”

Whereas Orbitz is big enough to handle the damage control for an incident like this, what about you and your business? Cybercriminals are often just as likely to target small organizations as they are large ones, particularly because of the lack of cybersecurity measures.

Are you prepared to defend your business? If you’re not sure, keep these tips in mind:

Stay informed about phishing and spoofing techniques. Regular security awareness training should be a top priority for your organization.

Stop and think before you click a link. Don’t click on links from random emails or text messages. Hover your mouse arrow over a link to see who sent it. Most phishing emails begin with “Dear Customer”, so watch out for these. Verify the website’s phone number before placing any calls. Remember, a secure website always starts with “https”.

Never divulge personal information requested by email. Phishing attempts try to send you to a webpage to enter your financial or personal information. If you suspect this, give the company a call. Never send sensitive information in an email to anyone.

Be skeptical of messages that contain an urgent call to action:

• With an immediate need to address a problem that requires you to verify information.
• That urgently asks for your help.
• Asking you to donate to a charitable cause.
• Indicating you are a “Winner” in a lottery or other contest, or that you’ve inherited money from a deceased relative.

Consider installing an anti-phishing toolbar and security tools. Some Internet browsers offer free, anti-phishing toolbars that can run quick checks on the sites you visit. If a malicious site shows up, the toolbar will alert you.

Never download files from suspicious emails or websites. Double check the website URL for legitimacy by typing the actual address into your Web browser. Check the site’s security certificate. Also, beware of pop-ups as they may be phishing attempts.

Block pop-ups via your browser settings. You can allow them on a case-by-case basis if you decide to.

Most importantly? Be sure you’re working with a trusted, reliable cybersecurity service provider. We have the industry experience and expertise needed to keep you and your business secure against today’s cyber threats.

Many cities and countries around the world are having problems with distracted driving accidents. During 2016, Great Britain recorded 1,445 fatal crashes where one or more people were killed. One study completed in the town of St. Albans found that one in six drivers were engaged in some type of activity that took their focus away from driving.

In the United States, approximately nine people are killed on average each day due to distracted drivers. Another 1,000 people are injured with millions of dollars in property damage. In Toronto, there were about 7,500 distracted driving accidents during 2016. Of those, there were eight fatalities and 2,642 injuries with thousands of dollars in property damage.

In spite of public awareness campaigns, drivers continue to ignore these statistics. People tend to think that bad things only happen to others, so they go ahead and text or talk while driving. This has become such a problem that cities around the world have changed their distracted driving laws, increasing penalties and fines. Ontario is one those areas that have recently increased the penalties and fines for those caught.

What is Considered Distracted Driving?

Many people connect distracted driving with texting while driving. In fact, distracted driving covers any activity that causes the driver to divert their attention away from the roads and traffic. Studies have found that younger drivers are more likely to ignore laws and put everyone on the road at risk. Distracted driving includes:

• Eating while driving
• Changing the radio
• Watching any type of media
• Talking or texting while driving
• Reading
• Looking at a map
• Smoking
• Any activity that diverts the driver’s attention

Most cities are seeing a big rise in the number of tickets issued for distracted driving each year. Lawmakers feel that these penalties and fines will eventually cause drivers to realize that times have changed. Drivers must give their full attention to the road and avoid losing focus. Lives are at stake.

A Major Factor

One of the major factors that make distracted driving so deadly is speed. A car traveling at 60mph moves at 88 feet per second. Using simple math, we can see that if you turn your attention away from the road for only three seconds, your car will have traveled 264 feet. A football field measures 360 feet so you will have traveled approximately three-fourths the length of a football field, just to put things in perspective. That’s a great distance when you consider that there are autos moving at similar speeds all around you and on both sides of the road. If each driver looked away from their driving for three seconds, there would be dozens of crashes with multiple fatalities.

The truth is that each driver feels that they’re probably the only one on the road who is looking away for a few seconds. Surely with all the other drivers paying attention, there’s no need to worry – they’ll see you and take action in time to avoid an accident. This can be a deadly assumption.

An average vehicle weighs around 3,500 pounds, making it a very dangerous weapon in the wrong hands. Though more experienced drivers are less likely to be guilty of distracted driving, the truth is that everyone occasionally feels that a text message or phone call is important enough to take the risk.

This type of thinking has become an epidemic in Ontario, England, America and many other countries. For these reasons, legislatures and lawmakers have been forced to increase the penalties for these crimes.

Changes in Ontario’s Laws

New laws have recently taken effect in Ontario that increases the fines and penalties for failing to give your undivided attention to the road. Fines for a first offense can be as much as $490 with three demerit points on your license. If you decide to fight the ticket and lose, you could pay up to $1,000 in fines. If you’re a new driver with very little driving experience, you could lose your license for 30 days. With each conviction, novice drivers will have their license suspended for longer periods of time, up to 90 days. After that, a novice driver’s license could be revoked completely.

When is it Safe to Use the Phone?

Many drivers have had questions about these new laws. In Ontario, it’s not uncommon to see drivers pull off to the shoulder in order to take an important phone call. But is this legal? Or it is dangerous as well? Each city has its own unique laws when it comes to these types of issues. In Ontario, the law states that a driver may pull off the road to a safe location and take a phone call.

In some cases, moving to the shoulder of the road is not deemed safe. There may be workers there making road repairs. The shoulder of the road often has gravel, which can fly up and crack a windshield. Since each case is a bit different, it’s up to the driver to ensure that they are pulling off and re-entering the highway in a safe fashion. If a traffic officer feels that a driver has not pulled off the road in a safe manner, the driver may receive a traffic citation for this. At the end of the day, the traffic officer’s job is to make sure that all drivers are protected. Everyone wants to get home safely to their family each day and it simply is not worth it to put anyone in danger over a text message or phone call.

Tips for Avoiding Fines

We all want to get to our destination safely so what is the standard these days for using a phone while driving? According to the new laws in Ontario, drivers can use hands-free devices (Bluetooth) to talk on the phone while driving. However, you cannot pause to dial a number or answer a call unless you can do so using voice commands.

Most experts recommend turning your phone off while driving. That way, you will not be tempted to answer a call or text message. If you are leaving on a long trip, then email all your friends and tell them that you will be driving and will not be able to return calls until you stop for service or food.

Safe Driving Tips

Always be mindful if on the road with cyclists, emergency vehicles or buses. Pay special attention to the road, your driving and other drivers. Remember that although you may not be breaking the law, there are others on the road who are. There may be a teenager who wants to talk to his girlfriend while driving to school. These drivers present a special danger due to their limited experience behind the wheel.

There may be drivers who are under the influence of drugs or alcohol. This condition has been shown to slow a driver’s reflexes. Sometimes drivers are worried about being late, so they try to speed, take shortcuts or make erratic movements. When you put all these different drivers on the road at the same time, it can be dangerous.  It’s a good idea to bear these things in mind before getting behind the wheel.

Here’s Some Up-to-Date Info That Should Be of “Interest”!

Accounting software is much-needed tool today. Gone are the days of manually writing down copious amounts of figures in heavy, dusty logbooks, or using calculators to add up debits and credits. Our computers do this for us now. Accounting software makes the process of bookkeeping more efficient and accurate.

What else is different than in years past? Today’s newest accounting solutions are now cloud-based, and they provide many advantages.

No more shelling out a large amount of cash to purchase expensive business accounting software. Instead, you can pay for a web-based accounting service via a convenient subscription.

Online accounting services are used via the Internet rather than being installed on your organization’s computers. They allow you to access the information you need through an Internet browser like Internet Explorer, Firefox, Chrome or Safari. You can access the service from anywhere you have an internet connection, and it will always look like the same wherever you use it.

Plus, you won’t have to worry about technology requirements, if you have the right operating system, backing up your accounting data, installing updates or dealing with maintenance issues. You get all this and more handled for you–And all for a convenient monthly or annual fee.

Just like any accounting software, cloud-based accounting services allow you to perform all the accounting tasks your business needs, and they include features you’re familiar with like an online general ledger, invoicing and accounts receivable capabilities, purchase histories, business inventories and much more.

And, because upgrades and data backup are managed by the accounting service vendor, cloud-based accounting services are an attractive option for small businesses.

Although these new solutions are cloud-based, you can still buy desktop accounting software if you wish. But due to their popularity, most small businesses are now using online accounting services. Because of their anywhere availability via the Internet, crunching numbers is now much easier than ever before.

What Do Online the Different Accounting Services Have in Common?

Each solution is different, but they all have the following features in common.

They are available via a subscription. Accounting software has always been expensive and needs to be updated every year. With the online version, you pay for only as many users as you need, and you can pay on a monthly or annual basis. Many offer a free trial that converts when you sign up for a service. They cost anywhere from $5 to $70 a month depending on what you require. You won’t be locked into a contract, and all the upgrades are provided. Another plus is that your data will automatically be backed up to a secure cloud.

They’re easy to navigate. Online accounting services try to make your job less taxing with intuitive, easy-to-navigate platforms where you can easily find the features you want. Toolbars, drop-down lists, fill-in-the-blank fields, buttons and icons, all help you enter the numbers for whatever calculations and financial forms you require.

They use language that you’re familiar with. Although we still refer to terms like credits, debits, and chart of accounts, online accounting solutions only use arcane financial language when absolutely needed. The developers are trying to use every-day language whenever possible. However, although centuries old, double-entry accounting is a process we all need to use, and it’s here to stay, the developers let the “wizards” handle the complex processes behind the scenes.

They provide mobile versions. If you’re on the road, traveling for business meetings, or even need to do a little work when you’re on vacation, you can access your web-based accounting services securely from your mobile devices.

You have the choice of different levels of service. Some of the best cloud-based accounting solutions provide more than one level of service at different prices. This way you can purchase just what you need and nothing more. If you need to switch to a different level, most allow you to do this easily.

You can integrate them with other solutions. As your business grows, you may find that you need to use a variety of cloud-based financial management solutions. In this case, many of the best cloud-based accounting solutions allow you to connect to other services that you may already be using.

Dashboards. Interactive home pages or dashboards will help you keep track of your finances by flagging tasks that need attention and providing visuals like graphs and charts to give you a high-level view of where you stand. They summarize data like income, expenses and cash flow in easy-to-read images, so you and your team can more easily comprehend data and can make decisions about what to do.

Which Solution is the Best for Your Business?

So, how do you decide which online accounting solution is best for your small business? You might not be able to find a perfect match, but because they are flexible and provided on a monthly basis, you can find the best one for you and tweak it along the way.

As mentioned, many offer a free trial, so you can “road test” them. Give them a try and consider the following questions when you do:

• Can you import your existing data?
• Are the tasks you perform most often supported? (recordkeeping, billing, purchasing, etc.)
• Do you like the interface? Is it easy to navigate?
• Will it support the number of users you need?
• Are there any restrictions on actions you’ll need to take?
• Is it customizable?
• Is it scalable?
• What is the quality of the mobile application?
• Are add-ons supported?
• Do they provide a help desk or support solutions?
• Is the subscription fee something that your budget will allow?

While you’re at it, we did some homework for you. Below are some of the top online accounting services for small businesses.

Consider these and take advantage of the free trials they offer. Don’t worry if these might not work for you five years from now. Assess them based on your needs for the upcoming year.

Remember, you aren’t purchasing the product. Instead, you’re signing up for a subscription that you can change or upgrade/downgrade as you need. In other words, you aren’t stuck with these like you are with regular accounting software programs.

• Freshbooks
• Zoho
• Intuit
• Xero
• GoDaddy
• Wave
• QuickBooks
• Oneup
• Kashoo
• Sage
• MYOB
• Alignbooks
• Kashflow
• CloudbusinessLLC
• Panhandle

No matter which online accounting solution you choose, you’ll have peace of mind because you won’t have to worry about security. Online accounting services have stringent security requirements to ensure that your data is safely protected from hackers and any kind of loss. Even if your physical office is destroyed, or an employee accidentally deletes information, your online accounting service will be able to retrieve your data for you.