Ulistic Projects Blog

A major accounting software and cloud services company has been hit by malware, affecting their many clients across the US.

Wolters Kluwer, a major provider of tax accounting software and cloud services, has been hit by malware. The many financial software services they offer to clients across the country have been down since Monday, May 6.

The software provided by Wolters Kluwer is extremely popular in the US accounting industry. Users include every one of the top 100 American accounting firms, as well as 90% of the top banks worldwide, and 90% of Fortune 500 companies.

This malware attack comes at an especially vulnerable time when many accounting firms (and their clients) are intending to file their taxes. With their primary accounting systems offline, they won’t be able to do so, or at least not with Wolters Kluwer software.

However, it’s not as simple as just using different accounting software. Wolters Kluwer also provides cloud services to their clients, which means that necessary client financial data is stored in their servers, and inaccessible by the accounting firms during this outage.

Since the attack began Monday morning, Wolters Kluwer took many of its systems offline to slow the spread of the malware. According to representatives, they have since been working non-stop to try to eliminate the malware and bring their systems back online. They have contacted authorities and third-party forensic teams to investigate the attack.

“We’re working around the clock to restore service, and we want to provide [clients] the assurance that we can restore service safely,” said Elizabeth Queen, vice president of risk management for Wolters Kluwer, to CNBC. “We’ve made very good progress so far.”

However, end-users have still not been able to access their tax documents that are stored in Wolters Kluwers cloud servers. The many systems that Wolters Kluwer took offline on Monday include the customer services lines that end users have relied on to get info from the software provider.

When a backup customer service number was finally provided, users were told that there is no estimated window in which the services will be fully restored. For the time being, thousands of accountants at numerous firms across the US are being expected to wait and see.

For CEOs, digital transformation has changed the game. CEOs today need new approaches to leadership, planning and vision. Otherwise, they risk leaving themselves and their companies falling behind in the wake of rapidly changing technologies.

The last decade has seen a remarkable rise in digitally disruptive technologies that have forever changed business models, business processes and the nature of work.

Consider the impact the Internet of Things, Big Data, analytics, automation, artificial intelligence and cloud computing have had on the way businesses operate. One only needs to look at what impact companies like Airbnb and Uber have had on the lodging and transportation verticals to realize that a new leadership approach is an absolute mandate for CEOs today.

How Is the Modern CEO Role Changing?

“Technology isn’t changing only corporations—it’s also changing the job of the CEO, bringing with it the challenge of keeping up with technological development,” notes a recent McKinsey & Co. article.

There are plenty of resources out there to help CEOs stay in touch with and understand emerging technologies, according to one anonymous business leader in the McKinsey piece. “What’s much harder for a leader is deciding what’s relevant and what’s not,” he said.

That means today’s CEOs need to be clear about priorities and be able to make fast decisions about to pursue.

What Leadership Structure Does a Tech-Savvy CEO Need?

The c-suite looks very different today than it did a decade ago. New titles reflect the importance of technologies in the modern enterprise: Chief automation officer, chief data officer, chief digital officer and chief information security officer are just a few of the roles that companies realize are critical for success.

Board members and senior executives alike need to be adept at and capable of adapting to the technical revolution, providing leadership and guidance to the CEO. These leaders may have experience and demonstrated success, but today they need to be agile. And the CEO needs to be aware of what they need and make changes accordingly.

How Can CEOs Plan for Digital Transformation?

“I very rarely get pulled into the today,” Amazon founder Jeff Bezos told Forbes in a 2018 interview. “I get to work two or three years into the future, and most of my leadership team has the same setup.”

That’s the right approach for CEOs wanting to lead digital transformation.

With so much disruption, Greg Crandall of Query Consulting Group suggests CEOs need planning processes that focus on customers and employees first. Customer expectations are evolving; they expect easy access to brands and that those brands know who they are, how they have interacted and can deliver immediate answers.

“Today’s organizations must compete within themselves to meet the needs of current and targeted customers. … This means internal teams, departments and other groups must compete … and cooperate with each other to transform the customers’ experiences by empowering employees to think and act in ways that, ultimately, transform the organization itself,” Crandall writes. “And to do this, those teams need leadership from the top that promotes thinking critically, communicating transparently, and acting with agility.”

The focus on the customer is paramount to Tim Cook, Apple’s CEO. In a January 2019 interview, he said, “What I focus on is the customer. The customers speak every quarter. They speak every year. They speak every day. And the most important thing for us is that they’re satisfied.”

The cycles are changing too. Gone are the days when 3- to 5-year planning cycles suffice. Today’s CEO needs to lead a process of continuous planning and assessment.

How Do Today’s CEOs Have To Communicate?

Transparency and humility are the order of the day for the modern CEO. Customers, partners, employees and stakeholders expect open and clear messaging. They cannot think of digital strategy as somehow separate from other strategic planning.

Instead, CEOs need a holistic approach that embraces and incorporates technology, listens carefully to customers, and applies that learning and perspective into changes to business models, business processes, markets, structure and culture. The CEO needs to project that the organization is one that is adaptive, learning and nimble.

How Big a Role Should the CEO Play in Digital Transformation?

Traditionally, Research and Development and IT divisions have been responsible for product development and innovation. That’s changing, notes Thomas Siebel, chairman and CEO of C3 IoT.

“With the 21st-century digital transformation, the adoption cycle has inverted. What I’m seeing now is that, almost invariably, global corporate transformations are initiated and propelled by the CEO,” Siebel writes. “Visionary CEOs, individually, are the engines of massive change that is unprecedented in the history of information technology—possibly unprecedented in the history of commerce.”

As technology transforms companies, industries and how we live, work and play, it’s only natural that the CEO’s role also needs to change. CEOs who recognize and embrace the digital revolution are most likely to see their organizations thrive and grow.

Personal email accounts for business purposes

It can be tempting to use your familiar, personal email account to send and receive emails for your professional life – but you shouldn’t take the risk.

Is it safe to use your personal email for business?

Using your personal email to communicate for business purposes isn’t a good idea. It can expose you to a number of legal and other liabilities. And, to be honest, it doesn’t look very professional, does it? Read on to learn more about the legal and security implications of conducting business on your personal email account.

Every so often, a client of ours will check with us about using their personal email to do business.

While there is a range of implications that come with doing so (legal, reputational, etc.), usually the question is asked to double check about how it could affect their cybersecurity.

Regardless of why a user may be asking the question, the answer is that it is never advisable to use a personal email account for business purposes. Period.

But if you’d like more detail as to why and, specifically, if you’d like to understand what risks you may be taking right now if you’re already using a personal email account at work, then keep reading.

4 reasons why you should never use personal email for business.

Legal implications and data integrity

The first risk, and likely one of the most severe, is that when you use your personal email account for work (or, allow your employees to do so), then you’re adding a number of uncontrollable variables into how your business data is accessed and where it is stored.

In an ideal situation, in which everyone at your business is using approved, professional business email accounts on a verified client, then you (or, more likely, your IT department or outsourced Leesburg, FL IT services company) know where your data is.

Especially in the age of cloud computing, when all data is stored “offsite” and accessed remotely in one way or another, you may assume that your data’s “location” isn’t very important – can’t you just access it the same way no matter where it is?

It’s not that simple.

When working with a professional cloud-based IT environment, your IT people should know where your data is stored, and that it’s being stored properly in secure and backed up data centers. Even though your data isn’t hosted onsite (or not entirely onsite, depending on the size of your business) it is still accounted for.

When you factor in personal email, all those assurances go out the window. Your IT team won’t be able to confidently track where your data is being kept, and how well it is being maintained. Depending on the personal email accounts your staff members use, this data may not be backed up.

Furthermore, in the event of legal proceedings, personal emails are often not discoverable, meaning that it wouldn’t be possible to externally scan users emails (e.g. Google specifically prohibits this for Gmail accounts).

And lastly, don’t forget about compliance. Depending on the business sector in which you operate (finance, healthcare, government contracting) you may be subject to compliance regulations that strictly state how data is stored and accessed. Personal email accounts are woefully ill-suited to meet compliance standards.

Security implications and data protection
This one should be obvious – personal email does not have the same cybersecurity measures as their professional counterparts.

In order to properly secure a business’ email accounts, a number of protections must be put in place:

• Sophisticated spam filters to keep time-wasting or even dangerous spam emails out of your employee’s inboxes.
• Top-quality inbound virus blocking capabilities, further protecting you and your employees from incoming threats.
• Automatic quarantine procedures for malicious links and attachments before they arrive. These focus on email-based exploits such as phishing and spyware, to remove the possibility that someone in your organization may open a link without considering the dangerous ramifications.
• Secure email archiving capability so that you have an impeccable record of each and every email in your business.
• Email encryption measures to ensure that your communication is secured against unwelcome readers while in transit.

Can you guarantee that your employees’ email accounts have all the same protections in place?

If one of your staff members is targeted by a cybercriminal or has their personal email address added to a mass phishing campaign, they are much less prepared to defend against it than a robust, professional email client would be.

It’s then only a matter of the personal email account being compromised for a cybercriminal to access any and all private business information that has been sent and received on that account. Given that it’s a personal email and not one managed by an IT department, it’s much less likely that you would be able to wipe its contents, or remotely log it out and reset the login info.

Staff changes and data continuity

Here’s a scenario to consider: what happens when you have to terminate an employee, but they had been using their personal email to conduct business on your behalf?

You can’t remove their access to their own email, and so, when they leave your business, (perhaps not on the best terms), and will continue to have copies of what is potentially private and valuable business information.

They continue to have contact info for your current employees, clients, and other business contacts – and may even be contacted by your clients that may not have been aware of their termination (let’s be honest – you don’t always want to spread the word that you had to fire someone).

By allowing your employees to use their personal email now, you surrender control of a great deal of business data in the future. While it would be nice to assume that your current staff members will always be with you, and if they do leave, that it will be on good terms – but it’s not likely. And you shouldn’t risk your data and your business betting on it.

Professional and reputational implications

While it may not involve legal, compliance, or security implications, this risk could very well affect your bottom line.

Let’s call a spade a spade – using a personal email for work doesn’t look very good, does it?

It’s the same line of thinking that suggests that using a .org domain for your business isn’t a good idea either.

It just makes you look cheap – like you wouldn’t spring for a specific domain that matches the name of your business.

If a potential client gets in touch with you over the phone or in person, and then later follows up on email and gets a reply from something like john.smith.mybusiness@gmail.com, they probably won’t think very highly of your business, will they?

That’s four solid reasons why you shouldn’t be using your personal email at work, but there’s actually one more – it’s completely unnecessary.

Getting a business email account has never been easier. Virtually any service provider will be able to offer secondary accounts that can be personalized with a business-specific domain. Furthermore, any IT services company worth their salt can set it up for you.

Don’t cut corners and try to save a buck when it comes to your business’ email. Beyond the many serious risks to which it can expose you, it also just makes you look bad.

Healthcare providers have a legal obligation to keep patient data security, whether it’s at rest on a server or in transit to the cloud or a third party. To maintain regulatory compliance and the confidence of your patients, your practice needs to be vigilant in the technologies that it deploys to make sure that all personal and medical information is protected.

Unfortunately, hackers are using sophisticated means to steal this data, sell it or hold your medical practice hostage until you pay massive ransoms. The cost to your practice can be significant, both in dollars spent, patients who leave and reputation lost.

Your practice and patients need an IT solution that provides reliable services to protect data and monitor your IT systems. Otherwise, you leave the data far more vulnerable.

A managed service provider (MSP) that knows the complex issues facing medical businesses today is your best defense. Here’s a look at some of the most common IT issues facing practices and how you and your (MSP) can guard against them.

How Do I Manage All the Users Who Have Access to Patient Data?

Not all cyberattacks are perpetrated by outside parties. Employees — current and former — may have access to sensitive information, which is why processes and procedures need to be in place to manage access. Two common issues are:

• Controlling Privileged Access. Your practice needs to routinely review which employees have administrative access or privileged accounts in your system. Assess access needs for employees who change roles within the practice and practice “need to know” procedures when determining who sees what.
• Removing Accounts. Whenever an employee leaves a practice, especially if they are terminated, it’s important to remove their access immediately and inactivate their accounts. Many practices create generic accounts for vendors, contractors and consultants and forget to review and delete them. In addition to deletion in the moment, there should be a regular review of active accounts to make sure they are still necessary.

What Security Issues Are Due to Our Products?

Servers and software are major access points for disruption. There are a couple of common vulnerabilities that practices should look at:

• Changing Default Credentials. Desktop computers, laptops, firewalls, wireless access points and routers come equipped with default usernames and passwords. These defaults are widely known. If you keep those credentials on the devices, you’re making it that much easier for hackers to gain access.
• Changing Default Configurations. Just as with your devices, your operating system will come preconfigured with settings that should be changed immediately after installation.

What Do I Need To Do When Transmitting Data?

Many servers include services such as file transfer protocol (FTP), Telnet and terminal services. You should not transfer any information using these tools as they are easily “sniffed” by hackers using freely available methods. For example, FTP and Telnet need to regularly reauthenticate access credentials. Usernames and passwords are sent as text that can be easily accessed by third parties.

Data transfer should be done using sophisticated encryption protocols when transmitting and backing up data.

What Can I Do To Help Employees?

Your employees are your first line of defense against a cyberattack. Automation and education are the keys to prevention.

You need to make sure they are aware of methods used by bad actors and can detect suspicious emails and attachments that pose a major risk to the practice.

It also means making sure you have automated security tools in place to prevent attacks. You need to provide anti-spam, anti-malware and anti-phishing tools that run automatically on every connected device on your network. These software apps should be updated automatically to address the ever-emerging new viruses, worms and trojans that do damage.

You also need to make sure that patches to software and operating systems are applied automatically and immediately.

With some careful planning and the right technology partner, your health care business and its data will remain safe.

Java and JavaScript still the most widely-used languages in business, outpacing C# and Python by a relatively large margin in a recent survey by Cloud Foundry. These flexible, cloud-native languages represent 57-58% of businesses that responded to the study, with Python only being used in about 25% of businesses. Java and JavaScript, along with C++, continued to show market growth through the end of 2018, unlike some other languages whose share continues to decline. With the strong user base and growth for Java, it’s not surprising that Oracle has decided to consolidate several different models into a more streamline licensing agreement. While this has been discussed since mid-2018, as of January 2019 organizations that want to continue receiving support for Java may need to revise their licensing agreement to incorporate the paid model. See how this could impact your continued usage of a programming language that continues to gain importance in the business world.

Building Flexibility Into Business Systems

Being able to reference multiple languages helps businesses retain the flexibility and agility that they need to be relevant in today’s fast-paced business world. With startups claiming niche markets, established businesses and enterprises need access to well-known and widely used languages such as Java and C++. Even though Java has been around since “Green Team” developers at Sun Microsystems released it 1995 after a multi-year marathon of programming, it is still revolutionizing the way we interact with digital devices. As the invisible force behind many of today’s most complex solutions, Java has been building flexibility into business systems since the mid-1990s. Java is a platform independent, meaning it can run a variety of different operating systems which creates a highly extensible base language.

Creating Cloud-Native Practices

Businesses are continually looking for ways to drive innovation as a way to differentiate from their competitors, and cloud-native languages such as Java will help drive these initiatives into the future. Says Cloud Foundry Foundation CTO Chip Childers: “Cloud-native practices enable developers within large companies to pick the language that best supports their functional needs—and our research shows that the most commonly chosen languages for cloud-native application development are Java and JavaScript”. While more than 25 languages were noted by respondent companies, the majority were only used by 1-2% of businesses, unlike Java which was prevalent in close to three-fourths of the organizations. It would not be surprising for there to be consolidation within the various platforms as organizations look to bring consistency to their overall development practices.

Java’s New Licensing Model

While Oracle’s July 2018 announcement caused many organizations to rethink their Java usage, it’s clear that the platform is still required for development. The particular version that was impacted is Java SE (Standard Edition), Java SE Advanced, Java SE Advanced Desktop and Java SE Suite. These licensing options will be consolidated down to two paid models starting in January 2019: Java SE Subscription and Java SE Desktop Subscription. Each version is a monthly subscription that includes public updates for Java SE 8 or later, with terms available from one to three years. This shift will impact all users of commercial-grade Java, although customers of older Java SE models will not be forced to make the switch. While moving to the new model is not mandatory for non-commercial use, business users will require a license according to Oracle’s new licensing policies.

Business users do have a few decisions to make as their model shifts:

• Server-based deployments will use a processor-based metric such as CPUs to calculate license requirements, starting with an Oracle-licensed server and the number of cores and the processor core factor into the calculations
• Desktop deployments use a Named User Plus-based metric to make the calculation of ongoing licensing costs

Businesses who opt out of the paid model, should not expect to receive additional Java SE critical updates after January 1, 2019, a situation which can easily place business operations at increased risk of breach or failure.

Review Use of Java in Your Business

If you have significant usage of Java SE in your business, it’s time to launch a full review to determine whether you need to upgrade or renew licensing agreements with Oracle. Determine whether your business is fully compliant with new Java SE requirements based on your current and estimated future usage on servers or desktops. You could find that it is more cost-effective to make a switch to the new Java SE licensing models based on your current business requirements and maintenance agreement. Reviewing future development needs is also an important part of your analysis. If you plan to reduce overall Java use in the next few years, that could dictate the term of the negotiated agreement. You could also look for ways to incorporate a sliding scale based on estimated future usage.

Even though the language is now more than two decades old, there is no indication that the usage of Java is declining in the near future. As long as this flexible platform provides the link between computers and other digital devices, developers will continue to use and value this agile platform for business development.