by Felicien | Aug 30, 2018 | Education
A Look Inside a Company Who Has Successfully Made the Switch
If you are self-employed or run a business, you more than likely use Microsoft Office in some or most of your day-to-day operations.
If you haven’t made the switch to Microsoft Office 365, you have probably considered it or given it some thought. Maybe you’ve been so busy running your business that you’re not sure exactly what Office 365 can offer over traditional Microsoft Office software. Let’s take a closer look.
What Exactly is Office 365?
Here is Microsoft’s product description:
Office 365 refers to subscription plans that include access to Office
applications plus other productivity services that are enabled over the
Internet (cloud services), such as Lync web conferencing and Exchange
Online hosted email for business, and additional online storage with
OneDrive and Skype world minutes for home.
To break Microsoft’s description down, you get access to full Office desktop apps, mobile apps for Android and iOS for your tablets and smartphones, OneDrive storage, Skype minutes and more.
Basically, this is Microsoft Office for the Cloud.
As a business owner, it’s important to decide whether it’s wise to keep using the traditional perpetual-license versions of Office. An Office 365 subscription does include a lot more features and they’re accessible from anywhere. Your employees can work from home computers or smartphones.
If we’re talking big picture, making that switch to 365 presents a lot of benefits for you and your business.
Office 365 offers a regular and predictable subscription rate. The office programs are updated automatically. Contrast this with buying the physical version that must be upgraded every few years.
You can install Office apps on multiple devices without encountering all the activation issues that can come with software downloads.
Since it is cloud-based, Microsoft offers regular patches for any known vulnerabilities.
Gain access to Microsoft’s vast collection of cloud-based services.
Let’s Look at a Company Who Has Already Made the Switch
Henkel, a chemical products manufacturer based out of Düsseldorf, Germany, made the switch to Office 365 back in 2015. With nearly four years of regular use, their company is a good case study to observe and calculate if the switch to Office 365 was worth it.
Henkel has made a name for itself by manufacturing laundry and home care products, beauty supplies, and adhesives. With their products being used by consumers and organizations in over 75 countries, Henkel needs to implement their software solutions in various languages.
To achieve their business goals, the company is proactive in implementing the latest technology to provide a modern workplace for employees. As the world continues to be more and more connected, this company understands the need to connect team members with their business partners and customers to produce successful outcomes.
Before making the switch to Office 365, Henkel had an aging IT set-up with outdated productivity tools. These antiquated tools did not allow team members to collaborate and communicate with the company’s 47,000 employees. Implementing Microsoft Office 365 changed the way they operated, and they observed immediate benefits. Since adding Office 365, Henkel has increased productivity and employees can stay connected across all departments and locations around the globe.
Choosing to take a huge jump and invest in the cloud instead of upgrading their old systems, they were able to simplify the environment in which they operated.
Not only were they more connected across their massive company, Henkel also noted the benefits of a simplified way to work in mobile situations. Team members were able to freely work outside the office space and connect with their business partners and customers.
Watch Henkel’s Office 365 Video HERE
What Are Your Purchasing Options?
If you choose to adopt Office 365, the next decision is picking the right Office 365 edition for you and your business. As with everything else in the modern workplace, Microsoft offers more than a dozen options to choose from, at prices ranging from $5 to $35 a month, per user.
Every Office 365 package includes:
Office desktop apps for Windows or Mac – They are frequently updated giving you the latest version.
The ability to install the desktop programs on up to five PCs or Macs.
Exchange Online Email.
1TB of OneDrive cloud file storage.
Mobile apps for installation on up to five phones and five tablets, running iOS (iPhone or iPad), Android or Windows.
Collaboration and communication tools for your employees.
Microsoft breaks down the options to purchase an Office 365 Home subscription or an Office 365 business edition. Some of the smaller businesses may able to get by using a home subscription if their needs are small or if they are self-employed.
For a complete list of your purchasing options, you can visit the Microsoft Office 365 Store for Home and the Microsoft Office 365 Store for Business.
by Felicien | Aug 30, 2018 | Education
How Does One Choose Technology to Properly Manage People, Planning, and Processing in the Legal Sector?
Although law firms are often willing to improve and modernize their level of technology to better serve their clients, they are hesitant, as they do not know where to begin. What sort of technology would best fit their personal situation? Additionally, many firms are partner-based where there is less collaboration that is often found in other organizational structures. This can make it difficult to implement new technology, even when there is a consensus that it would be beneficial.
The security of personal information, however, is important in any organization. This is even more vital in the legal sector. The legal ramifications and increased regulations to protect the privacy and security create greater challenges. Increases in the volume of data handled by many law offices require a more technically savvy, automated system. The skill levels of those trying to illegally obtain that sensitive information points to a higher level of governing security. There are several aspects to consider.
What Are Variations Between Information Governance (IG) and Data Governance?
The “Information Governance Initiative” (IGI) defines IG as the following: “The activities and technologies that organizations use to maximize the value of their information while minimizing risk and cost.” Where Data Governance focuses primarily on data, IG goes beyond merely governing data. It requires businesses to work closely with Information Technology (IT) to improve the following aspects:
Improve data protection
Improve overall business processes
Improve information management
Effective IG works to utilize IT counterparts to implement the improved organizational technology. The goal is to protect data and information, as well as overall make the business more efficient. This improves the attorney/client experience and ultimately improves the bottom line. Therefore, it offsets the initial cost of increasing technology.
How Does Communication Technology Improve the Attorney’s Experience?
By integrating more modern communication technology options, firms enable data transfer and information to reside in a centralized location to which the necessary parties have access. With portals, such as the LAA Online Portal, associates collaborate on cases and share files with ease.
Chatbots provide a simple way for clients to contact their lawyer directly. They also let consultants speak one-on-one without scheduling appointments. With faster communication, the typically slow “wheels of justice” are sped up exponentially. A combined approach that a consulting IT organizes and implements, reduces confusion and errors, as answers are often prompt, if not instantaneous.
How Does Organization Technology Aid Law Firms?
Organizational technology includes such things as improved data management plans, as well as better file storage systems. As information is more readily available, it is easier to find. Rather than spending hours or days searching through paper archives and journals, the information is right at a lawyer’s fingertips. They are easily accessible via search terms. This frees legal staff to spend their time on other aspects and tasks. It decreases workload and, perhaps, allows the firm to take on a greater number of clients. This results in a more profitable fiscal year.
What Forms of Content Analysis and Information Management Are Required?
Not only does IG require a data organization system. It requires information storage featuring secure retrieval. Data Loss Prevention (DLP) is a concern for any business. This is important in the legal sector, as having secure and easily accessed records is instrumental. Protection against loss is necessary.
More than ever before, risk management is part of IG’s importance for law offices. The potential threats of losing data to a cyberbully have increased as the technology itself has grown. In fact, the accident transferal of sensitive material is not out of the realm of possibility. This is especially true as associates spend more time working digitally, rather than working with hard copies. Without the proper protections in place, this could be catastrophic.
Data mapping allows an organization to determine what information is in their possession, where that information should be located, and how to easily access it. This is important for the following purposes:
Business Intelligence
Compliance
Data Privacy
Data Security
Litigation
Risk Management
It is also important that firms work with those who understand and can meet their specific needs. There aren’t a “one-size-fits-all.” An individual approach per field, as well as office, is required. Working with a team to develop the best plan is integral for successful, sustainable use.
In Conclusion
Implementing more advanced technology is required for the proper governance of information. With the currently available IG technology, solutions provide content level and file level analysis throughout a legal firm or a network of partners. Having access to the right IG plan for a specific law firm allows it to fulfill the necessary communication, organization, filing, security, data privacy, and legal accountability that some data requires. IG practices realize how important the three key ingredients are in creating a functional, efficient workspace. The essential elements are people, process, and technology.
by Felicien | Aug 29, 2018 | Education
BaseStriker attacks are software attacks that computer hackers use in an attempt to break through the defenses of an account or program. These attacks have been developed through unique coding while operating in a phishing-style in recent times. They’ve been so successful that they’ve grown and evolved becoming increasingly problematic to small business owners.
Used to get past anti-phishing filters while splitting and masking links with URL tagging code, researchers have found that Microsoft business products have become a big target. In the past, Microsoft Office 365 used very effective forms of security for their software and cloud-based products. Safe Link and Advanced Threat Protection feature some excellent security protocols.
baseStriker Attacks on the Rise
baseStriker attacks are escalating. Recently Microsoft reported that the security protocols built into Office 365 failed to protect 100 million email users. This is one of the largest security flaws ever reported for Office 365. Unlike similar attacks that could be discovered and blocked, hackers were able to use this vulnerability to completely bypass all of Microsoft’s security. This included its advanced services like ATP and Safe Links.
The name baseStriker originated due to the method hackers used to create this vulnerability. They split and disguise a malicious link using a tag called the <base> URL tag. This results in your antivirus software not being able to detect the link as malicious.
How baseStriker Attacks Work
A malicious link (that would normally be blocked by Microsoft security) is sent to the user. This URL is split into two snippets of HTML: a base tag and a regular href tag. In traditional phishing scams, a malicious link found in an HTML email would be blocked by the security programs found in Office 365. When these programs see a suspicious link, they perform a lookup using a list of known bad links.
For those customers who use Advanced Threat Protection, the suspicious URL is replaced with a “safe link” that prevents the user from proceeding to a phishing website. Using baseStriker methods, a phishing email that contains a malicious link is allowed through the email filters because they not handling the <base> HTML code correctly.
How ATP and Safe Links Can Help
Office 365, ATP, and Safe Links, along with Office 365 ATP Safe Attachments combine a number of security features for enterprise organizations. These are offered as part of Office 365 Advanced Threat Protection. Safe Links can help protect your business by providing time-of-click verification of web addresses in both official documents and websites.
This type of security can be customized by setting your own ATP Safe Links policies. Your security team can setup up your Office 365 program so that it works the way your business does. Once your ATP Safe Links policies are in place, your security team will get regular reports that show how Advanced Threat Protection is working. This information can help your security team take other steps to create stronger security for your company.
In spite of all these advancements, hackers work harder than ever to find new ways to get through all this security and steal personal and financial information.
What Attacks Have Been Common And What Has Been Done?
Security Affairs explained that baseStriker attacks have been more common in the past year. They were increasingly frequent in October 2017 and have continued since that time. The attacks are most commonly used to bypass Safe Links.
While Safe Links have been improving user capacities to protect against attacks in programs including Excel, Word, PowerPoint, baseStriker attacks have intensified.
Gmail users have not been as vulnerable to this specific method of attack because their developers have created base tag detectors. Mimecast has also built in ways to protect Office 365 users with Gmail accounts.
Microsoft is continuing to make improvements that address weaknesses in their security products. Patches and additional security protocols are being developed for the future. The landscape of hacking evolves almost daily so security must evolve as well.
Current forms of Office 365 security attempt to identify potential security risks through scans of base domains, and until some software development is built that does not ignore relative URLs, the security risk is expected to remain. Due to this, as Avanan reports, the attack method is analogous to viruses of biological immune systems, with even known attacks not being successfully addressed by Microsoft.
SC Media reported that Microsoft is aware of the issue and has dedicated resources to address it. Of course, they have recommended that customers follow common best practices for safe computer operations, but they have yet to develop software products that are capable of automatic recognition in the same manner as Gmail.
What Can I Do?
Enabling two-step authentication from within Office 365 allows users to reduce their vulnerabilities to information thefts made by malware. Organizations can purchase Advanced Threat Protection and have their security team optimize it for best protection. All employees should be trained on the latest hacking methods so they are well aware of what to look for. Many companies today are hiring IT consultants to come in and assess their security protocols, then recommend improvements.
by Felicien | Aug 29, 2018 | Education
New Study Shows That the Global Cost of a Data Breach Is Up in 2018
The Ponemon Institute recently released its annual Cost of Data Breach Independent Study that was sponsored by IBM Security. This study included two new factors that impact data-breach costs: Artificial Intelligence (AI) and the all-encompassing use of Internet of Things (IoT) devices.
The analysis also factored in the cost of a “mega breach” — the breach of 1 million records or more — and also used a formula to measure the financial cost of customers’ loss of trust in a company.
According to the 2018 Cost of a Data Breach Study, around 25 percent of all U.S. data breaches were recognized as carelessness or user error. The study stated that users consistently failed to properly erase data from devices. The study also reveals that negligent breaches are about half as frequent as criminal breaches.
The rate of data breaches is rising, and they are costing companies more to manage. U.S. businesses are shelling out about $7.9 million per year to fight off and recover from data breaches.
Root Causes by the Numbers
The study made known that malicious or criminal attacks caused the most data breaches at 48 percent. 27 percent were due to human error, and 25 percent were comprised of both IT and business process failures (system glitches).
Data Breach Cost Is Up in 2018
In this year’s study, the average cost of a data breach per compromised record was $148, and it took companies 196 days, on average, to uncover a breach. Based on these averages, The Ponemon Institute determined that the per-capita cost, average cost, and overall cost have swollen in 2018.
With the U.S. leading the way at almost five times that of the global average of notification costs, the Middle East had the highest percentage of the most expensive type of data breaches: Malicious or Criminal Attacks.
Globally, here is how the numbers broke down:
The Size of the Breach Does Matter
The Ponemon Institute’s 2018 report found that the average total cost of a breach ranges from $2.2 million for incidents with fewer than 10,000 compromised records to $6.9 million for incidents with more than 50,000 compromised records.
The study also revealed that a “mega breach” (what the Ponemon Institute deems as 1 million compromised records) can cost upwards of $39.49 million. As expected, this figure goes up as the amount of breached records grows.
The Consumer Impact
According to the report’s findings, organizations globally lost customers due to data breaches in the past year. But it also pointed out, businesses that put in the effort to improve customer trust reduced that number significantly. When a Company’s senior-level leader, such as a CEO or CISO (chief information security officer) addressed customer’s security concerns and pointed to fixing the issues, businesses lost fewer customers and reduced the overall cost of the consequences of a breach.
The Effects of AI and IoT
The 2018 study, for the first time, assessed the effects of a company implementing Artificial Intelligence (AI) and the use of Internet of Things (IoT) devices. The conclusion is AI security platforms have saved companies an average of $8 per compromised record at identifying and containing breaches by incorporating machine learning and analytics. So far, just 15 percent of companies reviewed in the study said they had fully implemented AI. At the same time, businesses that comprehensively use IoT devices pay on average, $5 more for each compromised record.
How Companies Can Reduce Data Breach Costs
In total, The Ponemon Institute’s 2018 report included 477 companies. It found that the mean time to identify a breach was 197 days, while the meantime to limit a breach is 69 days.
There are, however, strategies that support businesses and work on lowering the likely cost of a data breach. This is the 13th year of The Ponemon Institute’s study, and an alarming trend has reared its ugly head. For the fourth year in a row, the study found a connection between how fast a business detects and contains a breach and the sum of the total cost when all is said and done.
Conclusion
The study found that, above all, preparation and vigilance is crucial. An incident response team can reduce the cost of a breach by as much as $14 for each breached file from the average per-capita cost of $148. Comparably, extensive use of encryption can cut the cost by $13 per person. What all these statistics mean is that companies can reduce the cost of a data breach and reduce the negative effects to their company simply by being prepared. Your company needs a data breach team on staff who knows what to do and how to respond should any type of breach occur.
by Felicien | Aug 28, 2018 | Education
A recent study conducted by The Harris Poll on behalf of Scout, a healthcare marketing firm, uncovered some interesting statistics about healthcare data security and public perception. It determined that out of 2,000 US adults, about half are extremely or very concerned about the security of their healthcare data.
Another study, conducted by Protenus Breach Barometer, found that in the second quarter of 2018, from April to June, more than 3.15 million patient records were compromised across a total of 142 healthcare data breaches. The report reinforces the need for strong security measures in the healthcare system, concluding that healthcare organizations must maintain vigilance and be constantly on the lookout for best practices in healthcare privacy.
Examining The Data
Protenus Breach Barometer joined forces with Databreaches.com to gather data from a number of sources, including press reports, HHS, and nonpublic data from Protenus’ AI platform. According to incidents reported to the HHS or by the media, 31% of these breaches were executed by insiders.
According to the report published by Protenus, it’s believed that an individual healthcare employee who has breached patient privacy once is more than 30 percent more likely to repeat the offense within a three-month time frame. The chances that the employee will do so again within one year rises to more than 66%. Therefore, a delay in identifying and reporting these offenses is further putting institutions at risk.
The company estimated that out of 1,000 healthcare employees, more than nine are responsible for breaching patient privacy — an estimate up from five employees in the previous quarter.
One of the most common insider-related data breaches was family snooping, which accounted for a whopping 71% of the reported privacy violations. This number is down from 77 during Q1 of 2018.
According to the report, it can take organizations, on average, 204 days to identify a breach once it has occurred. Out of 61 incidents in which data was disclosed, the average time between when a data breach is identified, to the time it is reported to HHS or other sources, is 71 days. According to HHS requirements, a healthcare organization must report a breach involving 500 or more individuals no later than 60 days of discovery of the breach. Coincidentally, the largest gaps between the occurrence of the breach and discovery were reported with insider-related cases.
Out of the 143 healthcare data breaches disclosed, healthcare providers reported 99 of them, whereas 15 of them were disclosed by an insurance company or health plan. Business associates and third-party vendors were responsible for disclosing 18 of the cases, and ten were reported by other organizations.
It’s well known that healthcare security teams are lacking in manpower. It was reported that in hospital teams responsible for identifying insider threats, one investigator may be responsible for monitoring nearly 4,000 employees on average. This individual is responsible for 2.5 hospitals and handles a median of 25 cases.
With cyber threats on the rise within the industry, it’s vital that healthcare organizations do more to more to protect patient data. Thirty-eight states were included in the report’s 142 disclosed health data breaches. Out of these, California was responsible for the largest number of data breaches, with 20 incidents. Texas reported 13 incidents, ranking it the second highest.
The Rise Of Healthcare Hacking
Cyber threats are common in the digital world, but the stakes are particularly high in healthcare systems. According to the report, healthcare hacking accounted for 52 data breaches in Q2, which is a figure up from 30 during Q1.
Forty-four of these hacking incidents affected 2,065,813 patient records, with seven of them involving malware or ransomware. Ten hacking incidents mentioned a phishing attack.
In addition to phishing, malware, and ransomware, 23 incidents of those reported were related to theft. More than 600,000 patient records were compromised, with data disclosed for 19 of the 23 incidents.
Healthcare Hacking Prevention Tactics
There are some actions healthcare organizations can take to ensure they are keeping up with best practices in patient record security. The most important action to take is to perform an organization-wide risk analysis that covers all devices that contain ePHI or systems and devices that may be used to access PHI. Once this is performed, organizations can put into action a risk management plan that addresses and reduces all identified vulnerabilities.
It’s also important for healthcare organizations to keep up-to-date with the latest in equipment and regulations. All software systems should be maintained properly, with encryptions and backups implemented accordingly to protect patient information to the fullest extent. According to HIPAA, a good strategy for patient information backup is the 3-2-1 approach, which calls for at least three copies of data, across two different media, with one of these copies stored securely off-site.
Healthcare organizations may also do well to consider teaming up with threat intelligence organizations to keep privy about newly discovered threats and vulnerabilities. All of these steps combined can form a strong line of defense against healthcare hacking.
by Felicien | Aug 28, 2018 | Education
What Is Snapchat And What Business Uses Does It Have?
Snapchat is a form of now commonly used social media more recent than Facebook, Myspace, or Twitter. It’s unique in that it allows users to create pictures or messages that are only available for a short period of time before they become inaccessible to viewers. This is considered a convenient self-cleaning of media in addition to its other features. Just like Facebook timelines and Twitter feeds, users are allowed to create original “Stories” as 24-hour feeds of content presented chronologically through the app.
A “Discover” feature allows businesses to have an interactive exploration of their products or services. The app was developed for mobile technology and continues to evolve with the emphasis on virtual ‘stickers’ and affected ‘reality objects.’ Although not all features are unique to the software, business uses of Snapchat can include some pretty attractive features:
Frequently updated postings
Promotion through marketing channels
Creating sponsoring lenses
Allowing people to explore content through interactive features
Integrated content created by users
Promotion of products or services through discounts and promotion code marketing
Promoting new products
One of the best features that users love is that SnapChat allows celebrities and other people of interest to directly access the app. This means you might be able to view Jennifer Garner’s favorite places to eat or check out LeBron James on vacation in Italy.
Many of today’s top organizations are now successfully using the Snapchat app, including:
Taco Bell
Disney
Gatorade
Starbucks
McDonald’s
AT&T
Many others
As with other widespread social media programs, Snapchat can be used in traditional business practices including the social media marketing mix, brand strengthening processes, community engagement, and brand awareness.
According to The Social Media Examiner, over 100 million people use the app every day, responsible for up to 400 million snaps each day, and while 71% of the estimated billion viewers are between the ages of 18 to 34, it is considered one of the fastest growing networks. Access to live events can be provided through streaming, and the NBA is an example of a major organization that has been taking advantage of this.
Private content can be delivered through the software, and contests and other perks can be added to the organization’s storyline. Internal developments can be shown through the service while users can partner with influencers. People can also effectively “follow” organizations analogous to post subscriptions available on Twitter or Facebook.
What Are The Security Risks And Why Should I Be Concerned?
Snapchat’s features can be more convenient for some users, but it has security risks that may also be unique and therefore uniquely be concerning to users. The software, in short, may not be as private as it may seem. The creative nature of the app means that much of the user provided content is not covered by the same privacy and protection offered through other social media services like Facebook and Twitter.
The “snaps” that are made and posted can be potentially retrieved with software tools, and both forensic analysts and hackers alike have some potential to exploit this. According to the Telegraph, it is possible for hackers to intercept Snaps in transmission processes despite levels of encryption. This is due to the potential for decryption through a form of reverse engineering possible through the Android application package file.
This does not mean that Snapchat is less secure than services such as iMessage, but it is likely less secure than many people assume. Another potential issue is the possibility that a business will not have access to records if claims are made regarding the nature of posts that have automatically deleted. This could result in dually unfounded claims in court that can cost the organization funding and negative publicity if nothing else.
As explained in depth by The Hacker News, the source code of the program itself has also been hacked and posted online after a cyber thief was able to obtain it. The posting made the confidential information of the organization vulnerable to other people who could misuse it. In addition, a number of apps now exist that can capture your Snaps without alerting you. One popular site like this called “SnapSave” was breached in 2014 and 200,000 Snaps were leaked publically.
What Additional Security Concerns Should I Have If Using SnapChat?
In general, businesses who plan to use SnapChat should take some precautions to avoid being exploited. These are discussed below:
Enable login verification (2FA).
Educate users at your workplace who will be in charge of SnapChat with information about security breaches and such.
Manually restrict and control access.
Ignore random requests.
Make sure that only those connected with your account are able to connect with it.
Limit who can see your stories.
Transfer private snaps saved in memories to the ‘my eyes only’ section for added privacy.
Never publically share your Snapcode or username.
Conclusion
SnapChat can be a powerful business tool that lets your company connect directly with your consumers, fans, and other interested parties. However, by following a few security protocols you can protect your account against hackers and other intruders. As with all your IT technology, hackers are always on the look-out for weak perimeters that will allow them to come in and steal from you.
