Uncategorized – Page 81 – Ulistic Projects Blog

April 9, 2018

The City of Atlanta Held Hostage By Cybercriminals

A ransomware attack has left Atlanta officials with no choice but to shut down their municipal courts while they determine the best course of action. The hackers responsible are demanding $51,000 worth of bitcoin in ransom.

Atlanta Ransomware

In late March, the city of Atlanta’s IT systems were hit by a ransomware attack that is still affecting them today. Described by Atlanta Mayor Keisha Lance Bottoms as a “hostage situation”, the ransomware attack has crippled their municipal court’s IT systems and is preventing residents from paying bills online. The cybercriminals have demanded a ransom of $51, 000 to be paid in bitcoin.

Since the ransomware was first discovered, the city officials, along with members of various law enforcement agencies, such as the FBI and Department of Homeland Security, have been working hard to determine what type of information was compromised and whether it could affect citizens directly.

The SamSam malware in question hunts for critical files and uses AES 256-bit encryption to lock them up, offering a key to decrypt them only if a bitcoin ransom is paid. If the victim doesn’t pay, they erase all the data.

What makes SamSam different is in the way the attacks develop. SamSam scans for open ports and uses a brute force attack until it gets in. A brute force attack means that they’ll constantly hit the port with credentials until one works. Once the hacker group succeeds, they’re inside your system.

The ransom note left by hackers said that refusing to pay the $51,000 would result in deletion of all the information. This particular group of hackers has successfully collected $850,000 since last year.

This wasn’t the first time SamSam paralyzed a government – it also infected offices in Colorado, North Carolina, Alabama, and Maryland. Governments’ operations are mission-critical, and so hackers like this know that they often pay the ransom.

What about your business? Could you wait more than a week after a ransomware attack to start turning your computers back on? How long could you hold out before the loss of business and downtime would cause permanent damage to your bottom line?

How Ransomware Works and How To Defend Against It

In a ransomware attack, a hacker gains access to an organization’s computer systems. Typically, an unsuspecting employee clicks on an emailed attachment that appears to be a bill or other official document. In actuality, the attachment installs a malicious software program (malware) onto the computer system. Once embedded, the malware allows a hacker access to critical systems, often giving complete remote control data and access.

Hackers are getting more sophisticated. Today, the malicious code may be placed on a website. When a user with an unsecured or unpatched software program accesses the site, the malware slips inside that user’s computer.

Protecting your business

The FBI recommends that organizations continue to be vigilant when it comes to safeguarding systems and educating employees. The two areas that the FBI recommends that organizations focus on are:

Creating and frequently reviewing a robust business continuity plan that can be deployed in the case of a ransomware attack. Data should be backed up regularly. The backups should be inspected to verify that they maintain their integrity. Backups need to be secured and kept independent from the networks and computers they are backing up.
Ensuring employees receive proper awareness training and that prevention controls are in place and comprehensive.

Tips for keeping systems secure

The FBI has released the following tips that are applicable to organizations, employees, and individual computer users:

Be sure that employees understand what ransomware is and what role they play in keeping the organization’s data and computer network systems protected.
All software, firmware, and operating systems should be patched on desktop and digital devices (including smartphones, tablets, and laptops). A centralized network patch management system can make the coordination of these efforts easier in large organizations.
Confirm that anti-malware and antivirus settings are deployed to automate all updates and to continually conduct system and device scans.
Have very clear access and authorization procedures in place. Do not provide administrative access to employees unless absolutely necessary. Administrator accounts should be used sparingly.
Access controls should be configured so that shared permissions for directories, files, and networks are restricted. The default settings should be “read-only” access to essential files, with limited permissions for write access to critical files and directories.
Macro scripts in Office files should be disabled when sent over email.
Software restriction policies should be created or other controls implemented that prevent execution, especially in the common locations where ransomware lurks, such as temporary folders used by the most common web browsers.

The FBI encourages any organizations that believe they have been a victim of a ransomware attack to report the issue to the agency’s Internet Crime Complaint Center.

Don’t wait until a ransomware attack locks up your data. Take steps to protect your business now by partnering with Ray Morgan Company. Get in touch with us at (530) 343-6065 or info@raymorgan.com to get started today.

April 6, 2018April 6, 2018

5 Startling Statistics About Cybersecurity In 2018

Cybersecurity facts you might not already know, that are affecting you right now and what you need to know to protect yourself and your business.

Cyber Attack

With the benefits of the Internet came negatives as well, like one of those group bundles that you have to buy together. In order to protect yourself from the negatives of the Internet, you need to know the cost of cybercrime, and how it can impact your business. These are 5 startling statistics about cybersecurity in 2018 and what they mean for companies of all sizes

Cybercrime will inflate to $6 trillion
Cybercrime will cost us $6 trillion annually within the next three years, which is twice what we paid in 2015. The Wall Street Journal estimated that the cost of cybercrime in the U.S. in 2015 was $100 billion. With cybercrime growing at this rate it is essential to ensure that your cybersecurity is rapidly progressing as well. This is more than the amount of money we spend combating all illegal drugs combined, which is a whopping $44 billion, just this year. In 2017 WannaCry ransomware worm held companies, large and small, to more than $100,000 in ransoms.
Cybersecurity costs are similarly inflating
It is reported that we will spend more than $1 trillion in combating these escalating cybercrimes. To gain some perspective, the US has spent $4.79 trillion on the War on Terror collectively from the countries of Iraq, Afghanistan, Syria, and Libya, since Sept 11, 2001. In 2017, WannaCry ransomware reached over 150 countries costing $4 billion in damage (apart from the ransom). This example is representative of the average cost of a cybersecurity breach – this does not count towards the costs of insurance, which usually doubles or triples the insurance premium after an attack.
Cybercrime overshadowing its counterpart
While cybersecurity tries to keep up with the inflation of cybercrime, it still falls short year after year. Cybersecurity positions remain underqualified and understaffed. The number of positions not filled will triple to 3.5 million by the year of 2021. Currently, to combat this, all IT positions are dual-purposed as cybersecurity positions as well.
Humans overpopulating their technological counterparts
Cyberattacks have shifted their focus from machines to humans. In 2017, there were 3.8 billion Internet users. This is staggering when you realize that this makes up 51% of the total world population. Even worse, this increase shows no signs of slowing or stopping anytime soon. It is calculated that by 2030, that there will be more than 7.5 billion Internet users. Within 12 short years, Internet users will increase from 51% to 90% of the total world population. More users mean more cybercrime.
Ransomware damage costs increase by 1500%
The cost of global ransomware is estimated at $325 million in 2015. By the end of 2017, this number had already multiplied to $5 billion. Again this growth is only predicted to get worse. By 2020, this should easily quadruple to $12 billion. It is reported that currently, more than 4,000 ransomware attacks happening each day. In 2017 a ransomware attack occurred every 22 seconds. By 2020 they will happen every 14 seconds.

So what does this mean for your company?
This means that just as fast as these criminals and attacks are occurring, you need to be preparing. You can prepare your business to survive these attacks by completing a few tasks. To be able to prepare, respond and recover from these attacks you need to train your staff, to know what current threats are out there, and develop cybercrime policies and procedures.

You can prepare for a cyberattack by keeping up to date on current cyber threats to your company. Over 2 million new malware attacks are launched every day. Recent examples of these hazardous cyber threats are seen in the Meltdown and Spectre bugs. Both Spectre and Meltdown could allow potential attackers access to your business’s data. Ransomware, crypto, and malware attacks are the top cybersecurity threats as reported by Forbes Magazine in 2018.

Responding quickly to a cyberattack is incredibly important. If you suspect a cyberattack, you need to immediately work to isolate it, so that it cannot spread through your entire business’ network. Then, you should identify critical assets of your organization so that you can protect those the most. Having a policy in place establishes what steps should be taken, and who is responsible for what. This will limit the confusion of trying to combat an active attack while directing everyone in what to do.

Recovering from a cyberattack should start with informing your customers. It is reported that one of the most significant costs of a cyberattack is the lost value in customer relationships and brand name. For example, Home Depot and Target suffered a combined total of $554 million in losses due to lost customer relationships and damage to their brand name. To avoid this, you should be transparent with your customers right from the beginning. Letting your customers know will ensure that you are saving yourself from class-action lawsuits, and protecting your business’ reputation. Explain your plan of action to clients so that they can understand that you are containing and correcting the problem. After assessing the attack, you should know which portions of your company have been affected and which haven’t. This way you can restore missing data from the previous backup, and address where there is still missing data.

Establishing policies and procedures aid in protecting your company but you should also consider software that can help detect and isolate cyberattacks. For example, in just one month’s time, Symantec software blocked an average of one million online attacks each day.

According to Microsoft, 20% of small to mid-sized businesses have been cybercrime targets. Small and medium businesses need to make sure they are protected just as well as large companies are. Hiring cybersecurity staff is not in everyone’s budget, but there are other options such as software that can automate detection of these attacks through your corporate network. The faster your business responds to an attack, the better your company will be able to recover.

Knowing these facts, ask yourself: what is your business doing to prepare? Being proactive is your best option – don’t sit idle while your world crumbles around you.

April 6, 2018April 9, 2018

Calling All Architects

Do You Want to Save Time, Money and Beat Out the Competition? We Have Some Important Information to Share

Architects Computers

As you know, your architecture company is under constant pressure from economic shifts, a shrinking talent pool, and a fiercely competitive marketplace. When it comes to information technology you need solutions that don’t cost a fortune and can really make a difference.

One such solution is 3D modeling software. You can easily develop 3D designs with automatic features and without a lot of experience. There’s software for beginners, as well as more sophisticated solutions for experienced architects.

3D modeling software enables you to produce detailed and realistic results, and it’s the best solution to help you save time, money and efficiently modify your models as needed.

Are you looking for better collaboration with your team? Some forms of 3D modeling software use the cloud. They allow you and your coworkers to work on a computer model at the same time.

When IT solutions like 3D modeling are used wisely, they can provide a strategic advantage for your architectural firm. You can win bids, manage projects efficiently, and complete them without cost overruns.

The following are some 3D CAD modeling software solutions you might want to consider:

ArchiCAD is architectural CAD software that uses BIM (Building Information Modeling) that allows you to produce both 3D and 2D drafting, visualization, and modeling. It enables you to complete your building designs via the high-quality photorealistic renderings of both interiors and exteriors.

Revit is a BIM solution that allows you to collaboratively design buildings and infrastructures with your team. Authorized users can access centrally shared models to work together on designs and save time.

AutoCAD Architecture is a complete and practical tool that allows you to do both 2D design and 3D modeling, so you can better visualize your project. With it, you can create realistic-looking models with a blend of solid, surface and mesh modeling tools. AutoCAD Architecture is also useful for 2D drafting and drawing. Plus, it allows you to communicate and collaborate with others on the same project.

AutoCAD Civil 3D provides all the benefits of the solutions above but is better suited for civil engineering and construction professionals. You can produce civil designs, connect to AutoCAD Civil 3D to Revit, and rework and complete your designs with structural modeling.

3D Studio Max (3DS Max) although mainly used by those in the video games industry, is great for by architects who require previsualization. Training is available online if you want to give it a try.

Chief Architect is a CAD software for 2D and 3D rendering. It’s very easy to use, and you don’t need to have 3D modeling skills. The interface is intuitive, includes smart building tools, and lets you easily create a 3D structure. You can also export 360° panorama renderings that you can share with your clients.

SketchUp is also easy to use. It will help you save time and can be used for 3D modeling. You can create walkthroughs and flyovers to present your work to clients. It can also be scaled for accurate 2D drawings.

Rhino 3D is mainly used for industrial design and architecture. It provides great accuracy for models. It can be used along with Grasshopper, a graphical algorithm editor created by Rhino’s developers and made for 3D geometry and visual language. It’s designed for structural engineering, architecture, and fabrication.

CATIA is used in various sectors such as aerospace, automotive, high tech, and architecture. This software allows you to create complex and very accurate models. It has a practical collaborative environment as well.

Solidworks is a 3D modeling software mainly used by engineers. It can be a great solution if you want to create a quick design. You won’t be able to perform complex renderings, but it’s capable of designing a building and to obtain overviews of your architectural projects.

When using any 3D software programs, don’t forget about your IT security.

In this age of rapidly expanding IT networks and Internet economies, data and network security are of increasing importance. For architectural firms, managing your reputation and providing optimal customer service is of primary importance.

Data breaches are now commonplace. Imagine turning on your computer and finding that ransomware has locked down all your designs. Every minute that you can’t retrieve them means lost time and money and potentially lost clients. It’s essential that you protect your firm’s IT assets from malware, viruses and other forms of cyber attacks. To do this, you must adopt the following best practices for IT security.

Data Encryption

Stored data and across-the-wire transfers must always be encrypted. Architectural firms benefit from data encryption and user authentication tools to maintain the confidentiality of product designs, test-market results, and patent applications. Encryption is essential to protecting this sensitive data, as well as preventing data theft.

Disaster Recovery and Business Continuity

We live in a digital age where technology is used for most business operations. Disaster recovery and business continuity planning can prevent the catastrophic effects of data loss. Architectural firms must retain project documents for legal purposes, for future alterations, and historical documentation. If this data gets lost or stolen, a backup and disaster recovery plan prevents total loss of important documents.

Auditing

It’s important for architectural firms to regularly conduct IT audits to monitor, identify, alert, and block the flow of data into and out of a network. In addition, auditing can help locate and correct errors in business processes.

Anti-Spam Software

In order for an architectural firm to utilize their design software, computers and electronic devices must be up and running properly at all times. For any anti-spam software to be successful, it must be kept up-to-date. Keep in mind that anti-virus software isn’t enough; architecture firms must also use a comprehensive endpoint security solution, including anti-virus, personal firewall, and intrusion detection.

Security Awareness Training

Educating your users is the most important non-hardware, non-software solution available. Informed users behave more responsibility and take fewer risks with valuable company data.

Just like you design quality architectures, your IT provider will design a secure architecture for your network that keeps your data safe. So, before you invest in CAD software, set up a consultation with your local IT Managed Service Provider.

April 5, 2018April 9, 2018

Does Your Law Firm Require IT Managed Services?

Technology is invaluable in the legal landscape, and with time it will become even more so. Why is this? Because legal work is highly regulated, and many attorneys fear malpractice suits or failure to comply with regulations. Law practices throughout the world are adopting new technologies. Just like other businesses, they need to streamline their services, and secure their data, and technology helps them do this.

Law Firm Managed Services

Every legal practice has three basic technology requirements:

To analyze diverse, extensive amounts of data.
To ensure the security of clients’ confidential information.
To increase efficiencies, productivity and cost savings.

However, some aren’t meeting these basic requirements because they aren’t using an IT Managed Services Provider (MSP) to ensure they’re using the right IT solutions.

If you want to succeed in today’s technology-driven environment, you need up-to-date, reliable and secure IT solutions. By handing this chore over to an MSP, you can focus on your core legal competencies.

What Should You Look For In An MSP?

Expertise in the following:

Case Management Software

The computerization of legal work has promoted the adoption of electronic spreadsheets, word processing, databases, telecommunications, legal research software, and presentation applications. Electronic case management has probably altered how your legal documents are prepared. You can now manage large case files and use software to search, edit, track, archive and distribute documents.

Case management software helps you stay organized. It brings your desktop calendar, contacts, filing system, and task systems together into one solution. You also need it for managing deadlines, storing client information and coordinating communications. It provides you the information you need to effectively manage your practice, along with feedback on how you’re progressing in all aspects of your cases. Make sure your MSP is well-versed on the applications you rely on every day, such as Copitrak, CompareRite, LexisNexis and other legal software solutions.

Cloud Technologies

Just like with other businesses, legal professionals can now work remotely. With the right cloud solutions, you can travel for court dates and still access your documents securely. And, cloud technology can help you stay connected to your clients, staff, and colleagues. Solutions like Microsoft Office 365 that are powered in the cloud let you access documents and applications, and collaborate online securely from anywhere you have a computer and internet connection.

By embracing cloud computing, you can:

Save on paper costs.
Locate files more easily.
Maintain and process Big Data (large amounts of information).
Work collaboratively on files securely in real time.

Make sure your MSP is up to date on today’s secure cloud solutions. They should be able to help you improve your firm’s productivity, efficiency, collaboration and IT accessibility. They should also help you find the right solutions for data security, document management, and workflow improvement.

Financial Management Software

You no longer need stacks of papers, files and cumbersome logs to track your finances. Today, there are many software solutions you can use to track every transaction. But how do you know which is right for you? Your MSP should help you find the most suitable financial management software to help with budgeting, managing billable hours, accounts receivable, accounts payable, tax filing and more. They should also help you find the right software to aid in your short- and long-term planning. Unfortunately, many attorneys don’t think about the future when considering their financial goals. The right MSP can help you find the right software to do this as well.

Data Backup and Recovery Services

The intellectual property and sensitive information you store must be backed up securely. As you know, computer hard drives can fail, laptops can be stolen or lost, and data can be erased due to human error or viruses. It’s important for your firm to have a reliable backup system to keep data safe and avoid data loss. Your MSP should ensure your business continuity and disaster recovery solutions meet your objectives with robust backup and secure off-site replication solutions.

Ask them if they can provide:

A Complete Backup and Recovery Strategy – Your firm requires a comprehensive onsite and offsite backup and recovery service that backs up all data and provides for your quick recovery when disaster strikes.
Power Protection – 90% of disasters are power-related. Be sure your MSP provides UPS protection to ready your firm with alternative power sources to keep you operating.
Email Continuity – Can your firm keep running if your email isn’t? Most can’t for more than 24 hours. Make sure your MSP can ensure you have a proper email continuity solution in place.
Telephone Services –What would happen to your law firm if your telephone services were down? How would your clients reach you? Make sure your MSP tells you how they can keep your phones up and running when phone lines are down.

Remote Monitoring to Prevent Downtime

A qualified MSP will prevent IT downtime. Your firm can’t afford to be idle. With remote monitoring solutions, your Managed Services Provider can detect and mitigate issues with your technology before they cause problems. Your MSP should provide 24x7x365 Monitoring and Maintenance services. If not, look for another.

Cybersecurity

As you know, it’s your legal obligation to protect your clients’ confidential information. Your MSP should be capable of handling all of your IT security measures and should be up to date on the latest cyber threats and solutions to protect your data.

They should implement a multi-layered, managed security defense using sophisticated security devices, technical controls like firewalls, patching, antivirus, software updates, intrusion-detection and log analysis systems. They must also be able to provide Security Awareness Training for your employees to ensure they don’t click malicious links or open phishing emails.

Data and Email Encryption

It’s essential that you use encryption to protect your confidential data. Encryption should include both emails and data to ensure the security of this information. It should protect data at rest, such as on laptops or portable servers, as well as data in motion, such as over wireless networks or the Internet. Your MSP must be capable of providing this service for you.

Mobile Device Management

With the rising use of BYOD (Bring Your Own Device), it’s essential for your MSP to provide Mobile Device Management. If an employee’s mobile phone is lost or misplaced, they must be able to erase the contents of the phone. This requires the expertise to know how to ensure your mobile devices are set up correctly, and your business information is properly safeguarded. If a mobile device is lost, or a staff member leaves your employment with your legal data, you can rest easy knowing that the device can be remotely locked or wiped if necessary.

Artificial Intelligence (AI)

Legal professionals now use AI to handle laborious and time-intensive tasks so that they can focus on higher-value work. Using AI makes it possible for you to concentrate on more important tasks and use your expertise and time for the benefit of clients. AI is highly reliable and can identify key documents that staff members might miss. During the due diligence phase of a transaction, AI can locate contractual provisions with a high degree of accuracy. AI can also help you deliver services to clients more quickly and affordably without sacrificing the quality they demand. The right MSP should be able to suggest AI solutions to save you time and money.

April 4, 2018April 23, 2018

Another Day, Another Major Data Breach – 20 Tips to Protect Your Business in 2018

Over Easter weekend, hackers stole 5 million credit and debit card numbers that were used at Saks Fifth Avenue, Saks Off Fifth, Lord & Taylor, and Canada-based Hudson’s Bay Company. The personal information of customers who shopped at these stores is now compromised.

Saks Hacking

Most of the stolen card data — which goes all the way back to May 17 — was obtained from these stores in the New York City metro area, and other stores in the Northeast U.S. It appears that these stores weren’t using a secure credit card payment system. Security firm Gemini Advisory reported:

“The attack is amongst the biggest and most damaging to ever hit retail companies...Credit card data was obtained for sales dating back to May 2017. The breach likely impacted more than 130 Saks and Lord & Taylor locations across the country, but the majority of stolen credit cards were obtained from New York and New Jersey locations.”

Gemini Advisory says that the hacking group JokerStash/Fin7 boasted about their success on the Dark Web and that the data is now for sale. The name of their “product” is BIGBADABOOM-2. Gemini Advisory’s co-founder and chief technology officer said that this group previously targeted major hotel and restaurant chains. They were also responsible for other data breaches like the ones that affected companies including Whole Foods, Chipotle, Omni Hotels & Resorts and Trump Hotels.

The hackers typically use phishing emails to gain confidential information. They send the emails to company employees including managers and supervisors who are key decision makers. They disguise themselves as an entity these people would recognize as legitimate. The email contains an invoice and asks them to pay it via a link provided. Once clicked, their IT system is infected.

No store is immune from this type of breach. However, you can protect your business from phishing attacks by educating your employees.

Cybersecurity training is a must for all businesses today. You can have all the right security technology in place, but if one of your employees unknowingly clicks a malicious link, or visits a counterfeit website, your business can be ruined.

Phishing is when a scammer uses fraudulent emails, texts, or copycat websites to get you to click a link so that they can steal your confidential information like Social Security numbers, account numbers, login IDs, and passwords. They use this information to rob you of your money and your identity.

The majority of account takeovers come from simple phishing attacks where you or someone in your organization gets tricked into releasing private credentials and information.

Scammers also use phishing emails to get access to your computer or network, so they can install programs like ransomware that lock you out of your important files unless you pay a ransom.

Spoofing

Phishing scammers try to lure you or your employees into a false sense of security by pretending to be a trusted source like a legitimate company, the IRS, a colleague, vendor, or even a friend or family member.

Phishers create a sense of urgency, making it seem like they require your information right away or something terrible will happen to you. They may threaten to hold back a tax refund or close your bank account. Essentially, they lie to get your information.

Here are things that you and your employees should do to protect your business.

Be cautious about opening attachments and clicking links in emails.

Files and links may contain malware that can infect and weaken your computer’s security.

Type in URLs and email addresses.

If a company or organization you know sends you a link or phone number, don’t click the link or call the number. Go to your search engine and type in the correct URL for the company’s site and find the legitimate phone number.

Call the source. Don’t respond to emails that request confidential or financial information. Phishers use strategies that prey on fear. If you think the contact in the email needs this information, refer to the phone number in your address book, not the one posted in the email, and call them to verify the request.

Use Two–Factor Authentication. For accounts that support this, two-factor authentication is an extra step to ensure the security of your information. It requires both your password and an additional piece of information to log in to your account. The second piece might be a code the company sends to your phone or a random number generated by an application or token. Two-factor authentication protects your account even if your password is compromised.

Update your applications and Operating System. Use a good security software you trust, and make sure you set it to update automatically. Also, make sure you update all your applications and your Operating System when you receive patches from the manufacturer. Don’t delay, as there are good reasons for these updates, and they will protect your information from the latest threats.

Back up your files to an external hard drive and enterprise-based cloud storage. Back up your files regularly to ensure you have a duplicate of all your files and applications if your network is compromised.

Google conducted a study between March 2016 and March 2017 in conjunction with researchers from the University of California, Berkeley. The results revealed that phishing is far riskier for users than data breaches because of the additional information phishers collect.

Use a unique email address.

Spammers send out millions of messages to name combinations hoping to find a valid email address. If you use a common name like Joe, you’ll receive more spam than with a name like Wwmj4itvi. It’s harder to remember an unusual name like this. Try using an acronym like: “We were married June 4 in the Virgin Isles (Wwmj4itvi).

Use an email filter.

If your email account provides a solution that filters out potential spam or will channel it into a bulk email folder, opt for this. If they don’t, you might want to consider another Internet Service Provider.

Use more than one email address.

Consider using a disposable email address service that forwards messages to your permanent account. If the disposable address receives a lot of spam, you can shut it off without affecting your permanent address.

Limit your exposure.

Don’t share your email address in public. This includes blog posts, chat rooms, social networking sites, or in online membership directories. Spammers use the web to obtain email addresses.

Check privacy policies and uncheck boxes.

Before submitting your email address to a website, determine if they can sell your email to others. Don’t provide your address to sites that won’t protect it.

Be wary of messages that:

Try to solicit your curiosity or trust.
Contain a link that you must “check out now”.
Contain a downloadable file like a photo, music, document or pdf.

Don’t believe messages that contain an urgent call to action:

With an immediate need to address a problem that requires you to verify information.
Urgently asks for your help.
Asks you to donate to a charitable cause.
Indicates you are a “Winner” in a lottery or other contest, or that you’ve inherited money from a deceased relative.

Watch for messages that:

Respond to a question you never asked.
Create distrust.
Try to start a conflict.

Watch for flags like:

Misspellings
Typos

Always Use Secure Passwords.

Use Two-Factor Authentication if it’s available.
Never use words found in the dictionary or your family name.
Never reuse passwords across your various accounts.
Consider using a Password Manager (e.g., LastPass or 1Password).
Use complex passwords.
Create a unique password for work.
Change passwords on at least a quarterly basis.
Use passwords with 9+ characters.

Keep Your Passwords Secure.

Don’t tell anyone your passwords.
Don’t write them down or email them.
Never include a password in a non-encrypted stored document.
Don’t speak your password over the phone.
Don’t hint at the format of your password.
Don’t use “Remember Password” feature of application programs such as Internet Explorer, Portfolio Center or others.
Don’t use your corporate or network password on an account over the Internet that doesn’t have a secure login starting with https://. If the web address begins with https:// your computer is talking to the website in a secure code that no one can access. There should be a small lock next to the address. If not, don’t type in your password.

If you believe your password may have been compromised, you should change it.

Regularly Backup Your Data Both Onsite and Remotely.

Maintain at least three copies of everything.
Store all data on at least two types of media.
Keep a copy of your data in an alternate location.

If you haven’t backed up your data and you’re attacked, it’s gone forever.

Ask Your IT support to Conduct Testing and Security Awareness Training for Your Employees.

Give a social engineering test.
Share the results with your staff.
Debrief and train your users.
Test again each year.

Report Phishing Emails and Texts to the Federal Trade Commission.

Forward phishing emails to the Federal Trade Commission at spam@uce.gov – as well as the organization that was impersonated in the phishing email. Include the full email header if it’s available.

File a report with the Federal Trade Commission at FTC.gov/complaint.

Visit Identitytheft.gov. Victims of phishing could become victims of identity theft; there are steps you can take to minimize your risk.

You can also report phishing emails to reportphishing@apwg.org. The Anti-Phishing Working Group which includes Internet Service Providers, security vendors, financial institutions and law enforcement agencies uses these reports to fight phishing.

April 3, 2018April 2, 2018

Hold on to Your Credit Cards… Alexa’s On a Shopping Spree!

I love my Alexa. I don’t know what I’d do without it. Last year I decided to set it up for voice shopping. That way, when I come home from work, I can start cooking dinner, get the kids going on their homework, and tell Alexa what I want to buy.

Alexa Shopping Spree

Evidently, other moms and dads are doing this too. Research shows that people are spending about $2 billion a year using voice shopping with their Echos and Alexas.

And, it’s predicted that this amount will increase rapidly over the next few years to a whopping $40 billion by 2022! According to the company that provided these statistics:

“Voice commerce represents the next major disruption in the retail industry, and just as e-commerce and mobile commerce changed the retail landscape, shopping through smart speakers promises to do the same…The speed with which consumers are adopting smart speakers will translate into a number of opportunities and even more challenges for traditional retailers and consumer products companies.”

It seems that Amazon is the preferred vendor with 85% of people choosing the products Amazon suggests. For those like me who purchase groceries online, 45% of online grocery orders are made through Amazon Fresh.

Here are some more interesting statistics:

Right now, only 13% of homes have one of these devices, but by 2022 this is supposed to grow to 55%.
Amazon Echo is the most used of any U.S. virtual assistant. Google Home is the next at 4%, followed by Microsoft’s Cortana at 2%.
Those of us who have an Amazon smart speaker spend 66% more on Amazon than other people do.
Amazon Alexa owners spend on average $1,700 a year at Amazon, while members of the Amazon Prime program spend around $1,300 a year at Amazon.

Well, what can I say? It’s so much easier to just speak into my Echo and tell Alexa to reorder what I did last week from Amazon Fresh. When I’m making dinner, I don’t have the time to sit down and type away on a keyboard. The Voice Purchasing function of Amazon’s Alexa and Echo is so convenient. I can order practically anything from Amazon without using my computer. It’s great!

It seems that the smart speaker market is still in its infancy (unlike my precious children), and it’s still not clear if the Google and Microsoft smart speakers will be able to catch up to Amazon in the future.

Speaking of children…

Because Amazon doesn’t ask me to confirm my purchases with a “yes,” I’ve found some items in my orders that I didn’t place – but that my “precious” children did! Sugary cereal, microwave popcorn, chips, cookies, etc. Boy, was I mad when I found out they did this. You can be sure these purchases will come out of their allowance!

When I complained to Amazon, they told me to increase the security on my Alexa. They said there are two ways I can secure the Echo speaker from the kids or others. I can disable the Voice Purchasing feature or simply create a four-digit PIN (a secret one of course!).

Here’s how to disable Voice Purchasing.

By disabling Voice Purchasing, you can still shop with your Alexa and add items to your cart. However, you’ll have complete your checkout from the Amazon website or app.

Sign on to amazon.com(or open the Alexa app on your iOS or Android device).
Go to Settings.
Select Voice Purchasing.
Toggle off the Purchase by voice to disable Voice Purchasing.

They also suggest the I use a confirmation code.

Doing this lets me keep Voice Purchasing enabled without allowing others to purchase things with my Amazon account. I have to speak my confirmation code aloud to complete my order. So, I make sure to do this when the kids or others aren’t around!

Sign on to amazon.com(or open the Alexa app on your iOS or Android device).
Go to Settings.
Scroll down and choose Voice Purchasing.
If it isn’t enabled choose “Purchase by Voice” to enable it.
In the text field beside Require confirmation code, enter a (secret) four-digit PIN.
Save.

Why do I love my Alexa for shopping? Because it’s so convenient! If I’m running out of paper towels or toilet paper, rather than jotting this down on a shopping list, I just ask my Echo to tell Alexa to order what I did last month. They arrive at my house in just two days! No more going to the store, putting them in a cart, jamming them into my car, taking them out of my car, etc. (you get the idea). They magically appear on my doorstep with minimal effort on my part.

And, if I happen to order something that requires a return, I don’t have to pay for shipping. Come to think of it, I should have returned the kids’ chips, cereal, etc.!

If you haven’t shopped with Alexa, you should give it a try. I know, it can be a little scary the first time. But once you see how easy it is, you’ll be “hooked” like me.

Here’s how to set up Alexa for shopping.

First, you need to set up an Amazon Prime account, provide a U.S. shipping address, billing address and a U.S.-based payment method. Set your Amazon Prime account for 1-Click shopping.

Check the settings in your Alexa to make sure Voice Purchasing is enabled. You can go to Settings -> Voice Purchasing in the Alexa app, and enable it. You can also manage your 1-Click settings here and set a 4-digit PIN to make sure the kids don’t order stuff!

Now, you can order anything that’s Amazon Prime-eligible:

Order new products: If it’s something you’ve never ordered before, Alexa will suggest an “Amazon Choice” product that meets your description. If you’re not sure about what you want to buy, you can add it to your cart and cancel it right away if you change your mind.

Reordering: Alexa will look at your past orders, so if you ordered a particular brand of paper towels, you can easily reorder them with a “reorder _____” command. Alexa will ask you to confirm the order, and if you say yes, you’re all done.

Tracking: You can always track what you’ve ordered by asking Alexa. Just say, “Alexa, where’s my stuff?” She’ll let you know when your order will arrive.

So, you can see why I love my Alexa and why I can’t do without “her.” She’s my newest best friend!

April 3, 2018April 2, 2018

What? Artificial Intelligence is Snooping Around In Our Private Electronic Health Records?

This may sound like science fiction, but it’s not. The leading electronic health record vendors are, or will soon be, using Artificial Intelligence (AI) to read our EHRs. They revealed this at the 2018 HIMSS18 conference.

Doctors Artificial Intelligence

EHR vendors Allscripts, athenahealth, Cerner, eClinicalWorks, and Epic all plan to add AI into the next versions of their EHR platforms – some as early as 2019. AI will be incorporated into things like population health, telemedicine, voice interactions and even clinical decisions.

At the conference, Microsoft displayed how AI runs in conjunction with the Epic EHR system using Microsoft Azure. Siemens Healthineers showed how AI works with its cloud-based imaging software. Caradigm said they’re adding AI into their population health tools.

Dr. John Glasser from Cerner/Siemens tells us how this works:

“Right now, when [a physician goes] to order a prescription or you go to document, let’s say, on a patient, the machine — because you’ve got to document this, that or the other — … asks you the same questions, like if someone has diabetes regardless of the nature of the diabetes, and what’s been done before. So … you have the AI that says ‘I’m only going to document the stuff that is really tailored to this patient and their particular issues … and I’m going to populate with stuff I already know. I’m going to go ahead and take care of a bunch of the documentation and I’m going to focus [the physician’s] documentation on key items. That’s one way we do it. Really tailor … so they don’t waste time documenting stuff that’s irrelevant or that’s not going to be useful….

The second thing we have, and this is still early, … you’re in the room examining your patient, the machine is pulling data from the EHR … it’s looking at activities, what screen you go to as the doctor, it’s listening to the encounter, so it’s listening to the discussion and it’s pulling up key phrases and this, that and the other, and it’s watching the interaction. It’s actually seeing you listening to the patient’s chest or looking in the patient’s ear. But based on the system watching the conversation and listening to the conversation and pulling out the data it actually generates the documentation automatically. It’s still early, but it looks pretty darn promising … through recognition of voice and recognition of images and movement it will actually automatically generate this. Anyway … [with usability] it’s the fact that … if you can take time out of these kinds of things and reduce clicks, then we’ll have made progress with usability.”

Beyond EHRs – If AI can help a doctor save time and better serve their patients, isn’t this a good thing?

Saving time in the healthcare setting may mean the difference between life and death. AI can help a physician diagnose a condition and treat it promptly. An early diagnosis for a patient who suffers from a heart attack or stroke can be lifesaving.

With assistance from AI perhaps doctors will be able to spend more time with their patients. With an aging population that needs more time with doctors, extra time is a precious commodity.

Physicians have a never-ending pile of paperwork that often needs immediate attention. Today, most spend two-thirds of their time handling paperwork. This is up from one-third only 10 years ago.

A report from the Annals of Internal Medicine revealed that – “During the office day, physicians spent 27.0% of their total time on direct clinical face time with patients and 49.2% of their time on EHRs and desk work. While in the examination room with patients, physicians spent 52.9% of the time on direct clinical face time and 37.0% on EHR and desk work. The 21 physicians who completed after-hours diaries reported 1 to 2 hours of after-hours work each night, devoted mostly to EHR tasks.”

AI not only helps doctors save time, it also saves lives.

The treatment and prevention of dangerous diseases depend on early detection. And, a late or wrong diagnosis can have fatal consequences. AI research is being used to not only keep people healthy but to save lives as well. In 2017, doctors from Harvard and Beth Israel Deacon partnered with Philips to improve the diagnosis of cancer. Without AI, it could take 6 months to compile the data from 10,000 ultrasound reports. With Philips AI, physicians can retrieve the information from 200,000 ultrasound reports within 5 days.

Philips Research China, one of the company’s divisions specializing in AI, developed a Natural Language Processing (NLP) algorithm that extracts structured data from clinical reports, so doctors are provided with the proper information for secondary analysis. It’s currently being piloted in several large hospitals.

IBM is helping to fight cancer with AI, and its Watson Oncology platform. It will soon be used in a community hospital in Florida to help treat cancer patients. Watson takes in reams of clinical trial data and medical journal entries, detects patterns and gives cancer care specialists a list of effective treatment options.

Experts at the University of North Carolina School of Medicine tested Watson’s effectiveness with 1,000 cancer cases and found that it came up with the same recommended therapies as professional oncologists in 99% of the cases. Where this will really be of help is in smaller and rural medical centers where specialists are lacking.

AI helps doctors and patients in other ways.

Health assistants can also save you an unnecessary trip to the doctor, and time sitting in a waiting area with others who may have contagious illnesses. When you don’t feel well, you typically go to the doctor where he or she checks your vital signs, asks questions about your symptoms, and provides a prescription if warranted.

Now, a program called Your.MD can ask you about your symptoms and suggest steps you can take to help you feel better. It will also warn you if you need to visit a doctor. Other health assistants like Ada work in conjunction with Amazon Alexa to provide a symptom assessment report, and an option to contact a real doctor.

AI is also being used to remind patients to take their medicines. AiCure is another mobile app that uses AI to ensure patient compliance with prescriptions. This will help those who can’t remember to take their medications on time or those with serious illnesses who might skip their recommended doses altogether.

Will AI replace doctors one day?

As much as we like to think they won’t, it is a possibility according to authors Richard Susskind, chairman of the advisory board of the Oxford Internet Institute, in an article in the Harvard Business Review, and his son Daniel, an economics fellow at the University of Oxford’s Balliol College.

They believe that “AI will not only support physicians but ultimately replace them. The argument that technology cannot be empathic is moot, they argue, and many aspects of professional work do not require compassion. They argue that judgment, creativity, and empathy are not necessary to the practice of medicine”.

But have no fear. For the foreseeable future, AI will augment healthcare – not replace it.

April 2, 2018

SamSam Strikes Again! Demands $51K from City of Atlanta

In case you haven’t heard, IT systems for the City of Atlanta were shut down by SamSam, a virulent form of ransomware.

City of Atlanta Ransomware

What’s SamSam? The SamSam malware hunts for critical files and uses AES 256-bit encryption to lock them up. The hacker then asks for a Bitcoin to be sent to a Bitcoin wallet. If the victim doesn’t pay, they erase all the data.

“SamSam is a ransomware controlled by a single threat group,” explained Keith Jarvis, a researcher with Secureworks Counter Threat Unit. “It’s unlike other ransomware that’s out there.”

What makes SamSam different is in the way the attacks develop.

SamSam scans for open ports and uses a brute force attack until it gets in. A brute force attack means that they’ll constantly hit the port with credentials until one works. Once the hacker group succeeds, they’re inside your system.

1 in 4 of those who pay a ransom never recover their data. The FBI urges victims not to pay. This is why it’s essential that you back up your data to a reliable source.

This wasn’t the first time SamSam paralyzed a government.

It’s also infected offices in Colorado, North Carolina, Alabama, and Maryland.

Governments’ operations are mission-critical, and hackers know that they will ultimately pay the ransom.

Experts say that SamSam and other ransomware attacks will increase. No one is safe.

So, what should you do? Here’s what cybersecurity experts recommend.

“Backup, backup, backup!” You can restore your files from your last backup.

However, not all backups are the same. You must regularly back up your files to an enterprise-cloud solution. If you use a disaster recovery as a service (DRaaS) solution, you should be able to do this and quickly “spin up” the image of your backup on your computer. But first, make sure your most recent backup wasn’t infected as well. By spinning up the image in a self-contained virtual machine (VM), you can inspect the backup image without exposing it to your entire network.

Backup your data to a reliable source. A ransomware attack can hold your data hostage and paralyze your business just like it did for the City of Atlanta. That’s why having a reliable enterprise-cloud backup solution is crucial. Ask your Technology Solutions Provider to help you decide which one is best for your unique needs.

Work with your IT provider and answer the following questions so they can provide the best backup solution for you:

How critical is the data you store?

This will help your IT support determine when and how it should be backed up.

For critical data that includes databases, you’ll require a backup plan that extends over a number of time periods.
For confidential information, your backup data should be physically secure and encrypted.
For less critical data, an extensive backup plan isn’t required. However, you should still back up data regularly and ensure it is easily recoverable.

Do you need to back up your backup?

If you use large servers, your IT provider should create an image of them so your data can be retrieved immediately. Remember, backups can fail, so it’s important to back up your backup.

Do you test your backups to ensure they are readily recoverable? No matter how comprehensive your backup plan is, you’ll never know if it actually works unless you test it. Avoid potential backup failures by asking your tech provider to regularly test the recoverability of your data backups.

How long can your business survive if your data is unavailable?

It’s important to consider this possibility. It could be a while before your data can be retrieved if it isn’t stored properly. For some, this means weeks without their data. However, your IT support provider can make sure you’re using a proper extensive backup solution so that you can retrieve your data within minutes.

Time is an extremely important factor. Every minute of lost productivity will cost you. Not only in terms of money, but in regard to your reputation with your customers.

You should regularly back up your information to the cloud to protect against data or financial loss if you’re hit with ransomware. Just like you need this protection in the event of a power loss, accidental deletion of data, or a disaster that destroys your servers, you need it to protect your business from ransomware attacks.

Here are some other things that cybersecurity experts recommend:

Turn off Remote Desktop Protocol (RDP). It should never be used on any public facing port, and its use should be discouraged anywhere else on a network.
Turn on two-factor authentication. Brute force credential attacks won’t work if two-factor authentication is in place.
Perform regular audits of your external network for open remote access ports. You can use the Shodan browser for this.
Have robust credentials. Weak credentials make a break-in easier and faster.
Use whitelisting. That means keep a list of the sites on the Internet where users are allowed to go and a list of what sites can have access to your network.
Never allow Windows shares on the public network.
Patch religiously. While you need to confirm that a patch will work, it’s critical to apply it promptly. The practice of delaying patches for months or forever is certain to cause problems.
Finally, train your employees to recognize threats such as phishing emails.

Security Awareness Training for your employees Is the first step towards protection.

Hackers work 24/7 to obtain access to your confidential information, and using ransomware is one of the easiest ways for them to do this. It’s easier for them to trick your employees than it is to break into a well-secured IT system.

Ransomware succeeds via phishing attacks, where employees are convinced to click a malicious link. Once they do, the virus enters their computer and locks down all the data. Good employees make mistakes. If they aren’t properly trained to recognize a cyber threat, your network and business are vulnerable.

Today’s  security solutions are no match for ransomware. This is because the criminals get into your system via your employees’ negligence. Malicious emails coupled with a lack of employee cybersecurity training  is the leading cause of successful ransomware attacks.

Ask your IT support partner to conduct regular Security Awareness Training for you and your employees.

When conducted properly, this traininitg will reduce the risk to your organization’s IT systems and limit the chance of a data breach.

It’s essential to train your employees to recognize phishing emails and know what to do if they receive one. Make sure they know how to avoid common dangers like opening attachments from unknown senders. Every employee should participate in this training – and ensure that your IT provider holds refresher courses, as threats are constantly changing.

Don’t wait until a ransomware attack locks up your data. Take steps to protect your business now.

April 2, 2018April 10, 2018

Under Armour’s “Armor Gets Penetrated”

How Would It Cost Your Business If This Happened To You?

Under Armour Data Breach

Have you read the news? According to Reuters, Under Armour Inc., headquartered in Baltimore, Maryland, recently suffered a breach of the private information for their 150 million MyFitnessPal app users.

This is the largest breach this year according to experts. It included account usernames, email addresses, and passwords. Lucky for them, Social Security numbers, driver license numbers, and payment card data weren’t stolen like they usually are in data breaches of this kind.

Once again we learn that keeping up to date on cybersecurity, changing passwords often, and using an IT support provider to implement a layered approach to security is essential if you want your business to stay safe in today’s digital world.

Perhaps, if Under Armour had used these services, they could have prevented this breach. Now, their reputation has been ruined.

Would you trust your private data to them?

I wouldn’t.

With so many data breaches today, they should have known better and considered the privacy of their customers. How can they salvage their creditability now?

As a business technology professional, I know that data protection costs much less than what I’d face from a breach – legal liability, fines, and lost customers.

With the rising number of cyber thefts, numerous lawsuits have been filed against businesses like Under Armour. In the last few years, data breaches have become so prevalent that it’s almost commonplace to hear that a company has been breached.

Learning that all their personal information is in the hands of thieves causes a significant change in the behavior of customers. One study found that consumers who learned of a data breach at their favorite retail store significantly cut back on their purchases.

With over 1,500 data breaches in 2017, consumers responded in this way:

84 percent said they might not consider doing business with a retailer who had experienced a data breach.
57 percent of holiday shoppers felt that identity theft and data breaches would be a significant threat during the holiday season.
Four in 10 consumers said they believed businesses aren’t doing the best they can to protect them.
38 percent said they weren’t sure all companies were doing everything possible to stop data breaches.

I know that my business has the best cybersecurity and IT management that money can buy. I take full responsibility for this and all my customers’ private data.

After what I’ve learned, this is what I would tell the CEO of Under Armour, and others to do from now on:

Protecting your security isn’t only a job for your IT support provider but one for you as a CEO as well. You must understand that any interruption in your information systems can hinder your operations, negatively impact your reputation, and compromise your customers’ private data.

Many CEOs don’t fully understand this. They spend their energy developing new products and services and managing current ones. Security comes in second. Maybe they’re unaware of the risks or feel that it’s solely an IT concern. Some may not be very technical and fear to discuss what could be an intimidating topic, but this isn’t wise.

The Department of Homeland Security recommends five questions that CEOs should ask themselves to lower the risk of cyber attacks:

1) What is the current level and business impact of cyber risks to our company? What is our plan to address identified risks?

2) How is our executive leadership informed about the current level and business impact of cyber risks to our company?

3) How does our cybersecurity program apply industry standards and best practices?

4) How many and what types of cyber incidents do we detect in a normal week? What is the threshold for notifying our executive leadership?

5) How comprehensive is our cyber-incident response plan? How often is the plan tested?

We also need to train our employees on cybersecurity practices like recognizing phishing attacks and using secure passwords. The folks at OneSource handle this for us. Here are some of the topics they cover:

Lesson 1: Ignore Ransomware-Threat Popups and Don’t Fall for Phishing Attacks.

These threats look like they’re from an official entity like the IRS or FBI. If a screen pops up that says you’ll be fined if you don’t follow their instructions, beware! If you do, the criminal will encrypt all your data and prevent you and your employees from accessing it.

Watch out for messages that:

Try to solicit your curiosity or trust.
Contain a link that you must “check out now”.
Contain a downloadable file like a photo, music, document or pdf file.

Don’t believe messages that contain an urgent call to action:

With an immediate need to address a problem that requires you to verify information.
Urgently asks for your help.
Asks you to donate to a charitable cause.
Indicates you are a “Winner” in a lottery or other contest, or that you’ve inherited money from a deceased relative.

Be on the lookout for messages that:

Respond to a question you never asked.
Create distrust.
Try to start a conflict.

Watch for flags like:

Misspellings
Typos

Lesson 2: Always Use Secure Passwords.

Never use words found in the dictionary or your family names.
Never reuse passwords across your various accounts.
Never write down your passwords.
Consider using a Password Manager (e.g., LastPass or 1Password)
Use password complexity (e.g., P@ssword1).
Create a unique password for work.
Change passwords at least quarterly.
Use passwords with 9+ characters.
- A criminal can crack a 5-character password in 16 minutes.
- It takes 5 hours to crack a 6-character password.
- 3 days for a 7-character one
- 4 months for 8 characters
- 26 years for 9 characters
- centuries for 10+ characters
Turn on Two-Factor Authentication if it’s available.

Lesson 3: Keep Your Passwords Secure

Don’t email them.
Don’t include a password in a non-encrypted stored document.
Don’t tell anyone your password.
Don’t speak your password over the phone.
Don’t hint at the format of your password.
Don’t use “Remember Password” feature of application programs such as Internet Explorer, Portfolio Center or others.
Don’t use your corporate or network password on an account over the Internet that doesn’t have a secure login where the web browser address starts with http:// instead of https:// If the web address begins with https:// your computer is talking to the website in a secure code that no one can eavesdrop on. There should be a small lock next to the address. If not, don’t type in your password.

Lesson 4: Backup Your Data Onsite/Remotely and Securely

Maintain at least three copies of everything.
Store all data on at least two types of media (one offsite in a secure enterprise cloud solution).
Keep a copy of your data in an alternate location.

If you haven’t backed up your data, and you’re attacked, it’s gone forever.

Lesson 5: Secure Open Wi-Fi with a VPN.

Don’t go to sites that require your personal information like your username or password.
Use VPN whenever possible. Limit your access to using sites with: https://
Don’t connect if all the Wi-Fi networks you have ever accessed appear as “Available”.

We have our tech support professionals train our employees a few times a year because the threats keep changing. Plus, we have them conduct Vulnerability Assessments to make sure our cybersecurity “armor” stays strong and intact.

Don’t risk your data. Keep your data secure and your employees educated. I recommend that if you’re in an area they serve, that you should contact us immediately.