by Felicien | Jul 9, 2019 | Education
A recently discovered security vulnerability could leave Mac users exposed to malware disguising itself in other programs. If your business relies on Mac, it’s important to know how you can protect your company from falling victim to a cyberattack.
What is the Security Vulnerability?
In early 2019, security expert Filippo Cavallarin discovered a bug in Apple’s Gatekeeper functionality. Gatekeeper is a service that inspects apps that you want to install on a device to ensure they are certified by Apple. If not, you’ll get an “are you sure?” message before you complete the installation.
Cavallarin discovered that there’s a flaw that lets untrustworthy apps trick Gatekeeper into giving the all-clear signal, meaning you never get that “do you really want to do this?” alert.
Instead, once bypassed, you will get a simple, “please download” message, which could contain a zip file that once unpacked, connects back to the hackers’ server.
Cavallarin gave Apple 90 days to repair the flaw, but Apple did not, leading the researcher to disclose the exploit himself in late May. The vulnerability affects all macOS versions. As of this posting, Apple has yet to address the vulnerability.
How Can the Vulnerability Be Exploited?
In late June, cybersecurity companies began noticing the first identified attempts to bypass the Gatekeeper function, now dubbed OSX/Linker. The first identified attempts were believed to be a test to see if the flaw can truly be exploited and worked by writing something to a text file on a compromised computer. Those test runs were signed with certificates used by known adware producers behind the OSX/Surfbuyer malware.
At present, it does not appear that the OSX/Linker malware has taken root outside of test environments.
The identified malware attempts also used a common technique used by malware writers. In a second strain discovered, the malware was disguised to look like Adobe Flash Player installers, a tried and true approach that tricks Apple users into downloading malware when they think they’re downloading a routine software update.
The second strain of malware, dubbed OSX/CrescentCore, checks to see if there’s evidence of common third-party anti-malware software and tools that reverse engineer code on a computer. It also checks to see if it’s being installed on a virtual machine. If so, it will not install itself. Researchers have already found OSX/CrescentCore on multiple websites. It’s also disguised as an Adobe Flash Player installer.
CrescentCore also appeared via high-ranking Google search result listings, which redirected multiple times to a suspicious website.
Once installed, OSX/CrescentCore installs a LaunchAgent folder in a Mac Library folder that includes code to be run every time a user logs in.
It appears the malware coders got access to an Apple Developer ID to deliver the sample code in some instances.
Another identified exploit, called OSX/NewTab, inserts new tabs into a Safari browser session. The injected tabs can contain loaders or malware packages.
One danger of this potential malware is that the embedded code on disk images points to a malicious app on a single linked server. That means that a malicious app could be distributed more easily at any time.
Aren’t Apple Computers Virus-Proof and Much Safer than Windows and Other Operating Systems?
It’s a longstanding myth that Macs are inherently safer than Windows PCs. In recent years, hackers have increasingly targeted Apple operating systems to exploit vulnerabilities.
In February 2018, for example, OSX/Shlayer was discovered, yet another Adobe Flash Player scam that would download additional adware and malware. Similar to the newly discovered threats, it also looked for installed anti-malware software. The year also brought the discovery of OSX/MaMi, which pointed an infected computer to a server allowing them to access websites, even those with encrypted traffic.
June 2018 was an active month for malware discovery. There were several types of malware that exploited a Firefox browser vulnerability. A cryptocurrency miner was discovered embedded in pirated copies of audio software, making it possible to take over a Mac’s processing capabilities to mine.
What Can My Business Do To Protect Our Systems?
There are several security steps to take if there are Apple operating systems in play on any devices connected to your business network.
Stick to What You Know and Trust
Make sure you stick to apps you know are certified by Apple or are from highly trusted sources. Be suspicious about any apps that are downloaded from an unrecognized source, too.
Scan Your System
Make sure that your anti-virus programs have added the OSX/Linker vulnerability to their detection registries. Many commercial and free anti-virus apps and tools have already added the vulnerability to their known threat lists.
Don’t Install Adobe Flash Player
It’s really not necessary or helpful to install Flash at this point, as Adobe is discontinuing the product and will stop releasing security updates after 2020.
Partner for Security
No matter what operating systems your organization uses, you need comprehensive network and data security. Partnering with a valued managed IT services company gives you the security and confidence that hardware and software are protected and monitored constantly. With next-generation firewalls and best-in-class anti-malware protection, you can keep hacker threats contained and minimized.
by Felicien | Jul 9, 2019 | Education
Microsoft Office products have become ubiquitous throughout a range of industries, and there are more choices than ever before to find the suite of professional office software tools you need to run your business effectively.
While you can still find Office products available for a single licensing fee (Office 2019, for example), most businesses are turning to Office 365 as a subscription software solution that offers a range of powerful tools, including cloud storage and seamless sharing integration across devices.
But if you’re ready to move forward with a subscription-based Office 365 solution, you’ve still got to narrow it down for the right product. Will your business benefit from the Business or Enterprise option? If you choose Enterprise, which level makes the most sense for your organization? Read on for a breakdown on how to choose the best Office 365 product for your team [OPTIONAL CTA] and feel free to reach out to us at any time for support or guidance in making the transition to Office 365.
Choosing Between Office 2019 and Office 365
The key distinction between Office 2019 and Office 365 is connectivity. Office 2019 is different in the way you purchase and use it, but more importantly, it does not offer any of the cloud-connected features of Office 365. For businesses wishing to utilize the power of cloud storage as well as greater choice in terms of features and connectivity, the subscription-based Office 365 is the way to go.
Business vs. Enterprise
If you operate a small business, you can find several Office 365 Business options that provide licenses at a set rate per user for up to 300 users. Select either basic plans that focus on cloud storage solutions to more advanced options that also include desktop access to products like Microsoft Word and Excel, as well as cloud collaboration system, SharePoint. Opting for Office 365 Business is a good move if you’re keeping an eye on your budget, but still want to access many of the staple features that Office has developed over several decades. To take full advantage of the cloud tools, larger businesses will want to opt for Office 365 Enterprise options, which offer unlimited data storage, including archive and mail storage. Enterprise plans also allow for greater interaction and collaboration across platforms like SharePoint, which is another bonus for larger companies with employees in multiple sites.
Which Enterprise Level is Right for Your Business?
If you run a larger business, or have a small business with high data storage needs, then choosing Office 365 Enterprise is probably the right choice. Microsoft currently offers 3 levels of service: E1, E3 and E5.
The first level, E1, offers basic office tools, including Word, Excel, and SharePoint, at a reasonable monthly rate. E3 includes these tools as well as additional connectivity–and the protection to go with it. Data loss prevention and encryption are among several tools that Office 365 customers at the E3 level will be able to take advantage of. To consolidate your entire suite of digital solutions into one overarching tool, the E5 level of Office 365 Enterprise includes advanced protection for your company’s data, plus communication tools and video conferencing platform options to best accommodate larger business and keep them in compliance.
As you find the right next move for your organization, feel free to reach out to {company} today to assess your needs and the potential solutions that today’s Office products can provide.
by Felicien | Jul 8, 2019 | Education
Technological downtime can make or break a law firm. Even an hour of downtime can cost a small or medium firm as much as $250,000.
What Exactly Can Go Wrong?
Unfortunately, Murphy’s Law has been known to apply in legal cases, meaning if there is an opportunity for things to go wrong they will. It is important that your firm has a dedicated professional, our team of professionals, either inside or outside the firm that can honor your firm’s confidentiality and keep potential problems at bay and/or under control. Some potential issues include
Case Management Issues
Filing is most efficient when stored electronically. They manage related documents, billing, and customer relationships
Security Problems
Reputation is everything for a law firm, and that extends to the attorneys and other staff at the firm. Still, even with so much on the line, the American Bar Association found that as many as a quarter of firms did not have security policies in place. Nothing puts a damper on a firm’s reputation, or even on specific lawyers than a security breach,
Compliance Issues and Software Integration
Various industries and professions have their own set of confidentiality agreements, that any legal team that works with the company needs to follow in order to protect clients, consumers, and any others involved. Some of these include Health Insurance Portability and Accountability (HIPAA), the Gramm-Leach-Billey Act of 1999 (GLB) and the Sarbanes-Oxley Act (SOX). Following these privacy acts means that legal professionals are prevented from disclosing information. The same discretion needs to translate to technology compliance.It is necessary to have software in place that can handle this responsibility, and see to it that attorneys and anyone else with access can run any necessary software correctly and efficiently without violating compliance standards.
Internal Collaboration
Internal Collaboration is an issue that needs constant monitoring due to the way social media quickly evolves. It is common for attorneys to use the internet for communication, however, it is less common for them to communicate internally about a case, which would make their casework more efficient. The right social media integration can help improve communication and make casework more thorough and efficient. Salesforce, customer relationship management solutions are a common tool used by attorneys and their firms in order to produce better results for clients.
How a Managed Service Provider Can Help
Proactive and Regular Maintenance at a fixed can cost can help with all these issues by applying the knowledge to give your firm or business the right IT infrastructure that will support your needs. That means that attorneys and other employees will receive the training they need to serve your clients confidently and safely. if you have an existing system in place, we can analyze what you have been doing so that any necessary changes can be quickly set in motion.
While we at the {company} manage your system remotely, we are still there remotely to answer questions remotely that will improve customer relations and overall productivity. To learn more about how {company} can help your firm contact us today.
by Felicien | Jul 8, 2019 | Education
Patient scheduling IT doubles the output of booking agents and cuts the time needed to schedule an appointment in half. This can increase the happiness of patients and physicians by lowering the costs of healthcare. When health care professionals digitize their systems, the resulting process improvement enables them to adopt a more consumer-friendly culture.
What Are the Main Problems with Manual Scheduling?
Your staff becomes bogged down taking calls that last up to 20 minutes each. This makes manual scheduling a potential nightmare. It’s bad enough in an office environment, but for providers that rely on a call center, agents end up wasting a lot of time referring to spreadsheets to optimize the provider’s calendar. Also, they have to memorize or look up various scheduling rules that would work better in an automated system.
In a manual call center environment, many incoming calls aren’t scheduled due to poor turnaround times. This often means that patients have a poor experience and may go to competitors with a better process in place.
What Are the Main Problems With a Manual Scheduling Process?
Some providers have patient liaisons and schedulers who focus on new patients. Agents using cumbersome methods to link providers and patients have to access several provider schedules to determine the closest appointment that fits the patient’s schedule. This method can compromise access to care for the patient and revenue for providers. With manual scheduling, closer appointments are often missed. Patients may be scheduled out months in advance, and providers often end up with less than 10 appointments a day.
How Can IT Scheduling Tools Change This?
Providers who implement automated scheduling IT enjoy real-time integration that maximizes the number of appointments set up. Agents see available appointments in one interface and enter basic information to schedule appointments in another — which makes the scheduling process go faster.
Scheduling IT tools let you tailor the presentation for each provider. It designates what time slots can be filled with what type of appointment. Also, scheduling IT can do so for many providers at the same time. This leads to a streamlined process that improves the experiences of agents, patients and doctors.
What Applications Are Available on the Market?
Providers and call centers can choose from a number of patient scheduling systems. Popular vendors include
BookSteam
Ability
Atlas Business Solutions
CareCloud
DocMeIn
SimplyBook.me
DrChrono Medical Scheduling
Luma Health
QGenda
DoctorConnect
Information about these programs is available online and many vendors are happy to schedule a demo.
What Difference Do These Systems Make?
Before implementing a patient scheduling system, agents had to manually look through online calendars for each provider and verify insurance on another website, all while trying to determine which physicians were accepting new patients.
After implementing integrated IT scheduling systems, agents are available to view available appointments in real time, which lets them identify the most convenient appointment based on the patient’s preferences and needs.
How Does a Patient Scheduling System Improve the Process?
Comprehensive scheduling software improves not only the scheduling process but the entire care outcome. Here are some of the main improvements:
Average call handling time can be cut in half
Fewer booking agents are needed and more appointments are set up
Agents efficiently book appointments and have an easier time complying with the rules of the provider and needs of the patient
Providers get a consistently full schedule that enables them to plot out their day in advance
Call centers and booking liaisons can maximize the capacity of providers to reduce the wait times for appointments
Significant cost reductions enable providers to invest in other areas
What’s the Bottom Line on IT Scheduling Systems?
IT scheduling software balances the needs of the patient, scheduling agents and providers for a better overall experience. Automated systems are better equipped to evolve with the practice of each provider. Lean technology organizations benefit the most from the efficient booking process. They can leverage digital systems to improve existing workflows.
by Felicien | Jul 8, 2019 | Education
IT teams have been talking about the dangers of instant messaging since the early 2000s, but that doesn’t stop business professionals from utilizing this quick n’ dirty form of communication on a regular basis. Tools for business communication have come a long way in the last decade, but there are still some significant security — and human resources — concerns. While staff members love that they can leverage a business-approved way to get immediate answers to their questions, HR teams often cringe when they think about the informal nature of this type of communication. Employees tend to share information more freely over direct text message or instant messaging, saying things that they would never state directly in an email. It’s all too easy to forget that instant messaging apps and text messages can be saved, copied and re-distributed just as easily as email communication. When you also consider that employees are using instant messaging programs that are less-than-secure, you have a perfect storm that can cause security breaches . . . and HR nightmares.
Not All Instant Communication Platforms Are the Same
Some instant messaging applications were specifically created for business users as a secure method of communication, but others are simply an outlet to an unknown individual on the other side of a mobile phone or computer screen. WhatsApp is a prime example of a non-secure method of business messaging, but one that is used in millions of organizations throughout the world. While fast and efficient at putting team members in contact with each other, there are serious privacy and security risks — not to mention the lack of oversight and administration from a corporate level. WhatsApp is particularly troubling as a choice, simply because it is owned by Facebook. Unfortunately, WhatsApp is also one of the most-used business messaging applications with over one billion global users, far outstripping enterprise-scale solutions such as Slack and Microsoft Teams.
Lack of Security in Text Messaging
With all of the concern around cybersecurity, it’s no surprise that technology professionals are looking for ways to protect the information that is being shared throughout an organization. Whether you’re sending a quick text asking for a project update or confidentially requesting an employee’s information from your HR department, text messages simply aren’t a secure method of business communication. Not only is it possible for someone to intercept the message, but it’s also too easy to accidentally send a message to the wrong person. While sometimes this could simply mean you ask a co-worker to pick up milk on the way home (a message that was meant for a family member), you could also be in a rush and send a highly personal text or picture message to someone from work. Experts recommend utilizing a secure email or instant messaging app instead of simply sending a quick text to co-workers — and always be aware of what you’re sending and where it is going. While there are a few secure ways to send text messages within your organization such as Apple’s verified iMessage platform, there’s still the risk of a misdirected text message.
Workers Are Seemingly Unconcerned About Security
Without ongoing conversations around security from IT and HR departments, it’s unlikely that your staff will even consider that their behavior is risky. A recent Symphony Workplace Confidential survey showed that workers overwhelmingly trust their technology so much that they (mistakenly!) believe their messages are completely safe from prying eyes. They even believe that their technology department is unable to monitor their messaging platforms, and 29% of those surveyed in the U.S. and UK are perfectly comfortable sharing their personal or business details over personal email or a messaging application on a regular basis. More than 25% of these individuals admit to sharing personal details and even talking about their bosses on chat applications or via text messages. While these tools may indeed improve communication and collaboration, it’s crucial that human resources professionals partner with IT leaders to ensure that there are adequate training opportunities and policies in place to protect both the organization and the individual.
Many teams adopt these instant communication platforms in an effort to cut through the clutter in their inbox, never realizing that they are potentially at risk. While text messaging and instant messaging platforms such as Slack and WhatsApp may make your HR professionals cringe, it’s important to realize that they are a part of modern business. If you’re not providing a secure, trusted corporate messaging program, it’s likely that your staff members will simply adopt something on their own. It’s worth the investigation to determine if there’s a platform that will work for your business needs and staff members to help reduce the possibility of data loss or damaging and embarrassing communication dilemmas.
by Felicien | Jul 7, 2019 | Education
Disaster can come from external factors, such as wildfires, floods and storms, as well as internal events, such as a toxic chemical spill or boiler failure in your facility. It’s crucial to have a plan to recover from these events and to provide a framework to return to work as quickly as possible.
Developing a business continuity plan can reduce recovery costs, safeguard your company’s reputation and may even save lives.
What’s the Difference Between Disaster Recovery and Business Continuity?
Business continuity planning creates a back-up plan that documents how your business will operate if it’s is crippled by unforeseen events. Examples include natural disasters, terrorist attacks, strikes and arson. A disaster recovery plan (DRP) is a subset of the BCP; it documents detailed instructions on how to respond to these unforeseen events.
Before fabricating a detailed plan, your organization should conduct a risk analysis and a business impact analysis that establish recovery objectives and time frames.
What’s the Percentage of Businesses that Close After a Disaster?
The Federal Emergency Management Agency (FEMA) reports that 40% of small businesses close following a disaster, according to CNBC’s hurricane preparedness report. Many small business owners don’t consider disasters among their business risks when making contingency plans or purchasing insurance coverage. It’s a mistake that could threaten your company’s very existence.
How Do You Decide Which Systems Are Essential in an Emergency?
Most BCPs consider how to keep essential functions running throughout a disaster and to shorten the recovery period. BCPs are essential for organizations of all sizes, but it may not be feasible to have complete backups for all your business systems. That’s why it’s important to prioritize essential systems, such as customer relationship management tools and compliance and reporting systems.
Many experts agree that once systems are prioritized the recovery budget should be allocated accordingly. Failovers systems should be initiated to ensure crucial components can be restored in case of cyber attacks, terrorism and other catastrophic events.
What Are the Components of a Business Continuity Plan?
The Components of a Business Continuity Plan:
Disaster Preparedness – Recognize the types of events that might compromise your business, assess the threats facing your company and identify steps to eliminate or minimize the impact of those threats.
Emergency Response – Develop procedures that enable you to respond when a disaster occurs or is forecast to occur. Continue with the plan until everyone is safe and there is no further threat of property damage or bodily injury.
Business Recovery – Identify your company’s critical business functions and define procedures that will facilitate restoration of sales, production and operations to pre-disaster levels.
How Do You Create a Business Continuity Plan?
There are five steps to creating a BCP:
1. Build Your Team. Use a top-down approach to build your plan. That means getting the buy-in of the C-suite, including sign-offs by senior management. One point person should own the process, supported by a core team with representatives from every business department.
2. Assess Risk. List out and rank all the hazards that could threaten your company. Examples include: climate, cybersecurity, supply chain, fire protection, facility construction, staffing and utilities.
3. Analyze Business. Create a business impact analysis (BIA) to rank the risks on your list. The idea is to strategize which systems need to come back online first after an emergency. The appropriate business units should be responsible for suggesting recovery strategies to get up and running within a recovery time objective. For example, backup data files need to be stored offsite and available within a few hours of a disaster, and your IT vendor may be able to expedite the shipment of replacement equipment following a catastrophic event.
4. Document the Plan. Documentation needs to include step-by-step procedures. This doesn’t have to be fancy — most plans are written using word-processing programs.
5. Test the Plan. To verify your recovery strategies, testing is essential. These tests vary in complexity from a discussion of the steps needed to respond to a disaster to comprehensive testing of your backup and recovery of core files and systems. Keep in mind that, business continuity planning should be continually reviewed since your systems and business relationships are static.
How Do You Plan for Personnel Disruptions?
Be sure to have a website or number that employees can call to check in. Services may be disrupted for several days, but most employees should be able to check in within 48 hours. Having a documented plan with one website and number makes it easy for everyone to stay in touch. Social media sites are another great way to let everyone post their status or ability to return to work.
Personnel disruptions. The BCP is often mainly operational, dealing with physical infrastructure. However, a business also needs its people to function. A potential disaster can affect your employees’ lives in various ways, including:
Employees may live in a disaster zone, even if your company is in a safe location.
The commute may be compromised.
Nearby disasters affect attendance and productivity.
When food, water and other necessities are scarce, it’s hard for employees to concentrate on work.
Who Should You Contact First After Checking on Personnel?
Consider your customers. During a disaster, your first calls may be to insurers and vendors. Don’t forget to keep your customers in the loop. Remember, customers want their regular services and are ready to go elsewhere to get it.
Consider vendor stability. If core services are provided by third-party vendors, double-check to make sure continued service is available during a disaster. Vendors may have an issue delivering goods to your business in a disaster area; vendors in other regions impacted by a disaster may not be able to make deliveries.
