by Felicien | May 9, 2019 | Education
A major accounting software and cloud services company has been hit by malware, affecting their many clients across the US.
Wolters Kluwer, a major provider of tax accounting software and cloud services, has been hit by malware. The many financial software services they offer to clients across the country have been down since Monday, May 6.
The software provided by Wolters Kluwer is extremely popular in the US accounting industry. Users include every one of the top 100 American accounting firms, as well as 90% of the top banks worldwide, and 90% of Fortune 500 companies.
This malware attack comes at an especially vulnerable time when many accounting firms (and their clients) are intending to file their taxes. With their primary accounting systems offline, they won’t be able to do so, or at least not with Wolters Kluwer software.
However, it’s not as simple as just using different accounting software. Wolters Kluwer also provides cloud services to their clients, which means that necessary client financial data is stored in their servers, and inaccessible by the accounting firms during this outage.
Since the attack began Monday morning, Wolters Kluwer took many of its systems offline to slow the spread of the malware. According to representatives, they have since been working non-stop to try to eliminate the malware and bring their systems back online. They have contacted authorities and third-party forensic teams to investigate the attack.
“We’re working around the clock to restore service, and we want to provide [clients] the assurance that we can restore service safely,” said Elizabeth Queen, vice president of risk management for Wolters Kluwer, to CNBC. “We’ve made very good progress so far.”
However, end-users have still not been able to access their tax documents that are stored in Wolters Kluwers cloud servers. The many systems that Wolters Kluwer took offline on Monday include the customer services lines that end users have relied on to get info from the software provider.
When a backup customer service number was finally provided, users were told that there is no estimated window in which the services will be fully restored. For the time being, thousands of accountants at numerous firms across the US are being expected to wait and see.
by Felicien | May 9, 2019 | Education
For CEOs, digital transformation has changed the game. CEOs today need new approaches to leadership, planning and vision. Otherwise, they risk leaving themselves and their companies falling behind in the wake of rapidly changing technologies.
The last decade has seen a remarkable rise in digitally disruptive technologies that have forever changed business models, business processes and the nature of work.
Consider the impact the Internet of Things, Big Data, analytics, automation, artificial intelligence and cloud computing have had on the way businesses operate. One only needs to look at what impact companies like Airbnb and Uber have had on the lodging and transportation verticals to realize that a new leadership approach is an absolute mandate for CEOs today.
How Is the Modern CEO Role Changing?
“Technology isn’t changing only corporations—it’s also changing the job of the CEO, bringing with it the challenge of keeping up with technological development,” notes a recent McKinsey & Co. article.
There are plenty of resources out there to help CEOs stay in touch with and understand emerging technologies, according to one anonymous business leader in the McKinsey piece. “What’s much harder for a leader is deciding what’s relevant and what’s not,” he said.
That means today’s CEOs need to be clear about priorities and be able to make fast decisions about to pursue.
What Leadership Structure Does a Tech-Savvy CEO Need?
The c-suite looks very different today than it did a decade ago. New titles reflect the importance of technologies in the modern enterprise: Chief automation officer, chief data officer, chief digital officer and chief information security officer are just a few of the roles that companies realize are critical for success.
Board members and senior executives alike need to be adept at and capable of adapting to the technical revolution, providing leadership and guidance to the CEO. These leaders may have experience and demonstrated success, but today they need to be agile. And the CEO needs to be aware of what they need and make changes accordingly.
How Can CEOs Plan for Digital Transformation?
“I very rarely get pulled into the today,” Amazon founder Jeff Bezos told Forbes in a 2018 interview. “I get to work two or three years into the future, and most of my leadership team has the same setup.”
That’s the right approach for CEOs wanting to lead digital transformation.
With so much disruption, Greg Crandall of Query Consulting Group suggests CEOs need planning processes that focus on customers and employees first. Customer expectations are evolving; they expect easy access to brands and that those brands know who they are, how they have interacted and can deliver immediate answers.
“Today’s organizations must compete within themselves to meet the needs of current and targeted customers. … This means internal teams, departments and other groups must compete … and cooperate with each other to transform the customers’ experiences by empowering employees to think and act in ways that, ultimately, transform the organization itself,” Crandall writes. “And to do this, those teams need leadership from the top that promotes thinking critically, communicating transparently, and acting with agility.”
The focus on the customer is paramount to Tim Cook, Apple’s CEO. In a January 2019 interview, he said, “What I focus on is the customer. The customers speak every quarter. They speak every year. They speak every day. And the most important thing for us is that they’re satisfied.”
The cycles are changing too. Gone are the days when 3- to 5-year planning cycles suffice. Today’s CEO needs to lead a process of continuous planning and assessment.
How Do Today’s CEOs Have To Communicate?
Transparency and humility are the order of the day for the modern CEO. Customers, partners, employees and stakeholders expect open and clear messaging. They cannot think of digital strategy as somehow separate from other strategic planning.
Instead, CEOs need a holistic approach that embraces and incorporates technology, listens carefully to customers, and applies that learning and perspective into changes to business models, business processes, markets, structure and culture. The CEO needs to project that the organization is one that is adaptive, learning and nimble.
How Big a Role Should the CEO Play in Digital Transformation?
Traditionally, Research and Development and IT divisions have been responsible for product development and innovation. That’s changing, notes Thomas Siebel, chairman and CEO of C3 IoT.
“With the 21st-century digital transformation, the adoption cycle has inverted. What I’m seeing now is that, almost invariably, global corporate transformations are initiated and propelled by the CEO,” Siebel writes. “Visionary CEOs, individually, are the engines of massive change that is unprecedented in the history of information technology—possibly unprecedented in the history of commerce.”
As technology transforms companies, industries and how we live, work and play, it’s only natural that the CEO’s role also needs to change. CEOs who recognize and embrace the digital revolution are most likely to see their organizations thrive and grow.
by Felicien | May 8, 2019 | Education
Personal email accounts for business purposes
It can be tempting to use your familiar, personal email account to send and receive emails for your professional life – but you shouldn’t take the risk.
Is it safe to use your personal email for business?
Using your personal email to communicate for business purposes isn’t a good idea. It can expose you to a number of legal and other liabilities. And, to be honest, it doesn’t look very professional, does it? Read on to learn more about the legal and security implications of conducting business on your personal email account.
Every so often, a client of ours will check with us about using their personal email to do business.
While there is a range of implications that come with doing so (legal, reputational, etc.), usually the question is asked to double check about how it could affect their cybersecurity.
Regardless of why a user may be asking the question, the answer is that it is never advisable to use a personal email account for business purposes. Period.
But if you’d like more detail as to why and, specifically, if you’d like to understand what risks you may be taking right now if you’re already using a personal email account at work, then keep reading.
4 reasons why you should never use personal email for business.
Legal implications and data integrity
The first risk, and likely one of the most severe, is that when you use your personal email account for work (or, allow your employees to do so), then you’re adding a number of uncontrollable variables into how your business data is accessed and where it is stored.
In an ideal situation, in which everyone at your business is using approved, professional business email accounts on a verified client, then you (or, more likely, your IT department or outsourced Leesburg, FL IT services company) know where your data is.
Especially in the age of cloud computing, when all data is stored “offsite” and accessed remotely in one way or another, you may assume that your data’s “location” isn’t very important – can’t you just access it the same way no matter where it is?
It’s not that simple.
When working with a professional cloud-based IT environment, your IT people should know where your data is stored, and that it’s being stored properly in secure and backed up data centers. Even though your data isn’t hosted onsite (or not entirely onsite, depending on the size of your business) it is still accounted for.
When you factor in personal email, all those assurances go out the window. Your IT team won’t be able to confidently track where your data is being kept, and how well it is being maintained. Depending on the personal email accounts your staff members use, this data may not be backed up.
Furthermore, in the event of legal proceedings, personal emails are often not discoverable, meaning that it wouldn’t be possible to externally scan users emails (e.g. Google specifically prohibits this for Gmail accounts).
And lastly, don’t forget about compliance. Depending on the business sector in which you operate (finance, healthcare, government contracting) you may be subject to compliance regulations that strictly state how data is stored and accessed. Personal email accounts are woefully ill-suited to meet compliance standards.
Security implications and data protection
This one should be obvious – personal email does not have the same cybersecurity measures as their professional counterparts.
In order to properly secure a business’ email accounts, a number of protections must be put in place:
Sophisticated spam filters to keep time-wasting or even dangerous spam emails out of your employee’s inboxes.
Top-quality inbound virus blocking capabilities, further protecting you and your employees from incoming threats.
Automatic quarantine procedures for malicious links and attachments before they arrive. These focus on email-based exploits such as phishing and spyware, to remove the possibility that someone in your organization may open a link without considering the dangerous ramifications.
Secure email archiving capability so that you have an impeccable record of each and every email in your business.
Email encryption measures to ensure that your communication is secured against unwelcome readers while in transit.
Can you guarantee that your employees’ email accounts have all the same protections in place?
If one of your staff members is targeted by a cybercriminal or has their personal email address added to a mass phishing campaign, they are much less prepared to defend against it than a robust, professional email client would be.
It’s then only a matter of the personal email account being compromised for a cybercriminal to access any and all private business information that has been sent and received on that account. Given that it’s a personal email and not one managed by an IT department, it’s much less likely that you would be able to wipe its contents, or remotely log it out and reset the login info.
Staff changes and data continuity
Here’s a scenario to consider: what happens when you have to terminate an employee, but they had been using their personal email to conduct business on your behalf?
You can’t remove their access to their own email, and so, when they leave your business, (perhaps not on the best terms), and will continue to have copies of what is potentially private and valuable business information.
They continue to have contact info for your current employees, clients, and other business contacts – and may even be contacted by your clients that may not have been aware of their termination (let’s be honest – you don’t always want to spread the word that you had to fire someone).
By allowing your employees to use their personal email now, you surrender control of a great deal of business data in the future. While it would be nice to assume that your current staff members will always be with you, and if they do leave, that it will be on good terms – but it’s not likely. And you shouldn’t risk your data and your business betting on it.
Professional and reputational implications
While it may not involve legal, compliance, or security implications, this risk could very well affect your bottom line.
Let’s call a spade a spade – using a personal email for work doesn’t look very good, does it?
It’s the same line of thinking that suggests that using a .org domain for your business isn’t a good idea either.
It just makes you look cheap – like you wouldn’t spring for a specific domain that matches the name of your business.
If a potential client gets in touch with you over the phone or in person, and then later follows up on email and gets a reply from something like john.smith.mybusiness@gmail.com, they probably won’t think very highly of your business, will they?
That’s four solid reasons why you shouldn’t be using your personal email at work, but there’s actually one more – it’s completely unnecessary.
Getting a business email account has never been easier. Virtually any service provider will be able to offer secondary accounts that can be personalized with a business-specific domain. Furthermore, any IT services company worth their salt can set it up for you.
Don’t cut corners and try to save a buck when it comes to your business’ email. Beyond the many serious risks to which it can expose you, it also just makes you look bad.
by Felicien | May 8, 2019 | Education
Healthcare providers have a legal obligation to keep patient data security, whether it’s at rest on a server or in transit to the cloud or a third party. To maintain regulatory compliance and the confidence of your patients, your practice needs to be vigilant in the technologies that it deploys to make sure that all personal and medical information is protected.
Unfortunately, hackers are using sophisticated means to steal this data, sell it or hold your medical practice hostage until you pay massive ransoms. The cost to your practice can be significant, both in dollars spent, patients who leave and reputation lost.
Your practice and patients need an IT solution that provides reliable services to protect data and monitor your IT systems. Otherwise, you leave the data far more vulnerable.
A managed service provider (MSP) that knows the complex issues facing medical businesses today is your best defense. Here’s a look at some of the most common IT issues facing practices and how you and your (MSP) can guard against them.
How Do I Manage All the Users Who Have Access to Patient Data?
Not all cyberattacks are perpetrated by outside parties. Employees — current and former — may have access to sensitive information, which is why processes and procedures need to be in place to manage access. Two common issues are:
Controlling Privileged Access. Your practice needs to routinely review which employees have administrative access or privileged accounts in your system. Assess access needs for employees who change roles within the practice and practice “need to know” procedures when determining who sees what.
Removing Accounts. Whenever an employee leaves a practice, especially if they are terminated, it’s important to remove their access immediately and inactivate their accounts. Many practices create generic accounts for vendors, contractors and consultants and forget to review and delete them. In addition to deletion in the moment, there should be a regular review of active accounts to make sure they are still necessary.
What Security Issues Are Due to Our Products?
Servers and software are major access points for disruption. There are a couple of common vulnerabilities that practices should look at:
Changing Default Credentials. Desktop computers, laptops, firewalls, wireless access points and routers come equipped with default usernames and passwords. These defaults are widely known. If you keep those credentials on the devices, you’re making it that much easier for hackers to gain access.
Changing Default Configurations. Just as with your devices, your operating system will come preconfigured with settings that should be changed immediately after installation.
What Do I Need To Do When Transmitting Data?
Many servers include services such as file transfer protocol (FTP), Telnet and terminal services. You should not transfer any information using these tools as they are easily “sniffed” by hackers using freely available methods. For example, FTP and Telnet need to regularly reauthenticate access credentials. Usernames and passwords are sent as text that can be easily accessed by third parties.
Data transfer should be done using sophisticated encryption protocols when transmitting and backing up data.
What Can I Do To Help Employees?
Your employees are your first line of defense against a cyberattack. Automation and education are the keys to prevention.
You need to make sure they are aware of methods used by bad actors and can detect suspicious emails and attachments that pose a major risk to the practice.
It also means making sure you have automated security tools in place to prevent attacks. You need to provide anti-spam, anti-malware and anti-phishing tools that run automatically on every connected device on your network. These software apps should be updated automatically to address the ever-emerging new viruses, worms and trojans that do damage.
You also need to make sure that patches to software and operating systems are applied automatically and immediately.
With some careful planning and the right technology partner, your health care business and its data will remain safe.
by Felicien | May 8, 2019 | Education
It’s already obvious to most businesses that search engine optimization (SEO) is critical to business success. That’s because, being listed high in search engine results means a higher likelihood that consumers will go to your website and choose your company to do business with.
But what about voice search optimization? Is your business ready?
If you’re not familiar with the term, let’s start there before exploring how your business can prepare for this new wave of online searching.
What is a voice search?
Voice search simply refers to online searches (via sites like Google or Bing) that are carried out with a user’s voice. Think of someone driving in their car, looking for a place to have dinner. They may ask Siri, “What’s the closest Chinese food restaurant to where I am?” This is a voice search.
Why is voice search optimization important?
Alas, if you feel like you’ve only just begun to grasp the importance of SEO for text searches, strap in. The next new frontier is voice search optimization. It’s important because more and more people are doing it.
According to Andrew Ng, co-founder of Coursera, half of all online searches will be voice searches by 2020. While this has yet to be confirmed, there are certainly signs that the prediction is accurate.
For one thing, an increasing number of people are investing in smart speakers like Google Home, Apple HomePod, and Amazon Echo. Additionally, use of virtual assistants like Google Assistant, Alexa (Amazon), Siri (Apple), and Cortana (Microsoft) are being utilized more.
While voice search use rates aren’t sky-high quite yet (a recent study found that 21% of respondents used voice search on a weekly basis), experts estimate that they soon will be.
What does this mean for your business?
At this time, it’s not necessary to put all of your efforts and marketing funds into voice search optimization. Furthermore, many of the things you’ve ideally already done to optimize your business for text searches will also help when it comes to voice searches.
Still, there are several key things that are unique to voice searches and voice search optimization:
Only “position zero” gets the spotlight. With a regular Google text search, search result position 1 (“position zero”) is best, but positions 2, 3, and 4 are still pretty good. When it comes to voice searches, however, Sir or Alexa will only read the first search result, which means you won’t even be seen if you’re in position 2 or beyond.
People use longer key phrases and questions with voice search. While a user might type “best dentist Denver” into Google Search, they might vocally ask Google Assistant: “Who is the best dentist in Denver?” This means you must optimize your content for both text and voice search key phrases.
There are several core inquiries that voice searchers will continually ask. Think about who usually voice searches and when. Often, it’s in situations where typing isn’t possible (e.g., while driving) or when the user wants one simple answer (e.g., “What time does the post office open?”) In these cases, businesses must first ensure the accuracy of their location information (address, phone number, hours, etc.). Second, they must optimize their content for quick and succinct answers to their most commonly asked questions.
As you can see, it’s wise to at least take some preliminary steps right now in order to ensure a seamless transition into the soon-to-be world of prevalent voice searching. This starts with assessing your company’s current voice search status and speaking with SEO professionals who can help optimize your content for voice search.
