by Felicien | Jun 20, 2019 | Education
There are many types of risk in business: the risk that a new competitor will come on the market and steal market share, the risk that top staff members will jump ship for a better offer . . . but are you considering the significant risk that is associated with a cyber attack? A recent report by IBM shows that more than 77 percent of companies don’t have a cybersecurity response plan in place, a dangerous proposition when you consider that 60% of businesses that suffer a cyber attack fail within 6 months. These are pretty terrifying statistics for small to mid-size business owners, especially in specific verticals that require the capture and storage of sensitive customer data such as health and financial information.
See why unsecured data is the #1 security threat to local small businesses.
(Response) Time is Money
When your business is able to react quickly to a malware or ransomware attack, you significantly raise the likelihood that you will be able to bounce back to full operations before your business is devastated by the impact. The response time that your technology team and business leaders are able to command could easily be a make-or-break moment, as cyber attacks can cost organizations thousands of dollars a minute in reduced productivity, losses of sales, compliance charges and more. Knowing that you have a comprehensive cybersecurity response strategy in place can help your business make the best of a bad situation and achieve the proper resilience that you need.
Ditch That False Sense of Security
You might think that your business is too small to be of interest to cybercriminals. Those hackers are going after the big haul, right?!? Turns out, the majority of cyber attacks are being committed against smaller organizations, because there is a perception that infiltration will be easier and criminals will be able to easily make off with your valuable customer data. Brokers on the dark web are willing to pay a significant fee for each stolen record, complete with a tiered pricing scale for financial data that is based on the size of the bank account. It’s crucial that businesses do not have a false sense of security, but proactively put plans in place that will help reduce the risk associated with a cyber attack.
Put Staff Members on Lockdown
Increase the security requirements for passwords, and require them to be reset on a regular basis. Invest in ongoing training for staff members that will help them understand everything from the potential of phishing attacks to why it’s important to stay away from specific activities online. Create security policies and put strategies in place to ensure that they are followed — and regularly reviewed and updated by cybersecurity experts. Actively engage white-hat hackers to look for holes in your current data security and then quickly put a remediation plan in place. While staff members may feel as though they are being placed on a type of lockdown, it’s imperative that information technology professionals effectively communicate the severity of the issue that is facing businesses today. When employees understand the damage that can be accidentally done to the organization, they are much more likely to be an active member of the solution instead of a part of the problem.
Creating a secure environment for your business data requires the proactive involvement of business and technology professionals alike. Just as you wouldn’t leave customer credit card information lying around the office or on a printer, you can also educate staff members that using an easily-guessed password is the digital equivalent of those poor security practices.
by Felicien | Jun 20, 2019 | Education
Most people know not to open email attachments from senders that they do not know. Unfortunately, it is not just attachments from strangers that you have to be on the lookout for. It happens quite often that people will get emails that seem to be from known senders that have malicious attachments, or that ask for confidential information. If you get such an email—or if someone gets such an email that appears to be from you but that you did not send—does that mean that your email has been hacked? Not necessarily.
Hacking and spoofing are two methods that bad actors use to manipulate individuals and businesses into doing things that are against their best interests. Hacking and spoofing can appear to be the same at first glance but are actually quite different. The risks of hacking, especially for businesses, are much greater than those posed by spoofing. Neither is desirable, but you want to know the differences between the two so that you and your employees can identify potential compromises to your email accounts.
Hacking vs Spoofing—What You Need to Know
What does it mean when your email account has been hacked?
A hacked email account is something you should be very concerned with. Being hacked means that a bad actor has managed to gain full access to your email account—which could mean that they have access to more than just your email account. There are a variety of ways to hack an email account, including:
Guessing your email password (seems unlikely, but you would be surprised how simple many email passwords are, such as birthdays, anniversary dates, and other information easily obtained on social media)
Answering your security questions correctly
You entered it into a website or form (it may have been a phony website, one that offered you a free gift, or a site you visited from a link in an email)
You used the same password on a different site and the site used it to access your email
You have a spyware program on your computer that recorded you typing in your password and sent it to a hacker
Viruses, malware or other undesirable software is on your computer and allowed a hacker to get your email password
If your email account has been hacked it means you need to take immediate steps to correct the situation. The risks to your system and your company information vary based on the way that the email password was obtained. A hacker guessing the password is much less problematic than having viruses, spyware or malware on your computer. A guessed password simply needs to be changed, whereas an infected computer needs to be cleaned up before more compromises occur that may be even more damaging to your business.
Even if the hacker guessed the password, there is a real risk that he or she could use the email account to access other information or accounts. If you suspect your email account has been hacked you need to take immediate steps to remedy the situation, including:
Check your recent email activity to see if anything was sent that you were not aware of
Change your password
Use different passwords for every account
Start using a password manager to generate random, complex passwords
Update your system to the latest OS and update your security software
Run your antivirus and malware detection programs
What does it mean when your email account has been spoofed?
Although spoofing can look a lot like hacking, it is actually something completely different. When your email has been spoofed, it means that someone sent an email that appeared to be from your email account but was not actually from your account. You can think of it as someone sending a letter and putting your return address on the envelope. Doing this is not too complicated with the right software. The bad actor does not need access to your email account to spoof your account.
Your account is safe even if you have been spoofed. However, having your account spoofed can be quite concerning, especially in a business setting. A bad actor could spoof your email and send a message to an employee asking for sensitive company information. There are a few things you can do to help prevent spoofing of your email address, including:
Do not share your email address with anyone who does not need it for business purposes
Do not allow employees to share your email address
Improving Business Email Security
For more information about improving email security for your business, please contact our IT services team.
by Felicien | Jun 20, 2019 | Education
According to the LawSites blog, as of this writing, there are 36 states that have adopted the ABA’s updated Model Rule 1.1, which states that lawyers should maintain technology competence. The rule is purposefully vague to allow for the constant changes in technology that the legal industry is encountering. Unfortunately, the vagueness can create some anxiety for lawyers who want to meet the requirements of the rule. What does the ABA mean by “technology competence”, and how can lawyers achieve competence?
To better understand the expectations of the ABA and the states embracing its rules, it is necessary to take a closer look at how technology has impacted legal representation and ways that it can improve a lawyer’s practice.
Your main goal as a lawyer has always been to represent your client to the best of your ability. It was once enough to be knowledgeable in your legal area to ensure competent representation, but skilled representation today also means being able to use technology to improve efficiency, security and ideally the results you get for clients.
Technology Competence—The Basics
Update to ABA Model Rule 1.1
To get a grasp on what technology competence means for you and your practice, it is helpful to read the updated ABA rules:
Maintaining Competence
To maintain the requisite knowledge and skill, a lawyer should keep abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology, engage in continuing study and education and comply with all continuing legal education requirements to which the lawyer is subject.
As you can see, the rule is not terribly specific about what it means to be competent in technology for a lawyer. It states that you should, “…keep abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology…” However, if you consider what the relevant technologies are in law—and their benefits and risks—you can get a clearer idea of how to approach tech in your own practice.
Relevant Technology in Law
There are some technologies that are quite relevant to the practice of law and are being used by lawyers across the country and the globe. These include:
Electronic Discovery
Discovery has always been the backbone of case building, but electronic tools have increased the power and efficiency of the discovery process in numerous ways. These tools allow for more comprehensive preservation of information, more thorough review of information and faster production of information. Failing to leverage electronic tools in the discovery process is doing clients a disservice.
Internet Investigations
You do not have to be a professional internet investigator to get a lot of benefit out of internet searches. Just being able to do simple internet searches for information can make the investigation process faster and more thorough than it otherwise would be. There are also numerous tools available online for conducting investigations.
Cyber Security
Considering that most of the information you obtain for clients and from clients will be digital, it is incredibly important that you take basic cyber security measures to protect that information. From hackers looking to blackmail victims to government agencies reviewing every bit of information they can get their hands on, there is a multitude of actors who can target your data and compromise your practice.
Understanding the Technology Used by Clients
The clients you represent are using technology in a myriad of ways. You need to have a basic understanding—or possibly a much more in-depth understanding—of what tech they are using and how they use it. That means educating yourself not only on legal tech but also on any tech pertinent to your clients and their legal needs.
Courtroom Technology
There are a variety of tech tools that can make you more effective in the courtroom. They can help you better organize, present and explain information to your audience. Every little advantage you can get can make a difference when presenting your case.
Legal Technologies that Make Business Easier and More Efficient
Many legal technology tools are fairly mundane, but that does not make them any less useful. You can leverage them to provide your legal services with less work on your end. File sharing, automated document assembly and electronic court scheduling are all useful.
Using Technology to Better Serve Your Clients
Your ability to serve your clients is improved in many different ways through technology competence. While it may take time and effort to improve your competency, the benefits of doing so can be significant for both your clients and your practice.
To learn more about legal technologies that might benefit your firm, please contact our managed IT services team.
by Felicien | Jun 19, 2019 | Education
Creating a secure, usable network of systems is top-of-mind for Australia’s Digital Transformation Agency (DTA). The recent growth of security challenges for organisations of all sizes has caused this government agency to closely examine how businesses are interacting through the cloud. The Australian government’s new Secure Cloud Strategy provides a framework for service providers to follow that is targeted to “improve resilience, life productivity and deliver better services” — lofty goals for any organisation. While the Secure Cloud Strategy is ostensibly to help the government take full advantage of the benefits of cloud computing, IT services providers will also need to adopt the more robust security measures if their systems interact with secure public information.
Ongoing Challenges with Healthcare Data Security
Moving towards compliance requires managed service providers and cloud support partners to fully embrace the enhanced security requirements of the Secure Cloud Strategy. Healthcare data breaches are at an all-time high according to the Office of the Australian Information Commissioner (OAIC), where 812 notifiable breaches occurred in 2018. Australia’s “My Health Record system” has come under attack lately, as cybercriminals seem to have discovered that this is a rich well of information simply waiting to be tapped. Healthcare leads the top sector for data breaches in Australia with 20%, while finance, professional services and education lag significantly behind. While some of these data breaches are determined to be a human error due to a variety of issues such as loss of storage devices and sending information to the incorrect individual, nearly half were caused by a malicious attack.
Key Points of the Secure Cloud Strategy
Protecting the security of your data and that of your clients is of the utmost importance to service providers, and DTA’s new Secure Cloud Strategy is targeted to do exactly that. These key points are considered crucial to protecting the security of data in the nation’s healthcare infrastructure:
Organisations will appreciate a shared understanding of requirements, including a common assessment framework
The Digital Transformation Agency will lead the way by developing a platform to share knowledge and expertise
A focus on reducing the duplication of effort by providing shared services that can be leveraged by multiple organisations
The responsibilities and accountability of cloud service providers will be clarified by a new contract model
Renewed energy towards creating sustainable change in the data security infrastructure of the government and interconnected entities
While these common-sense measures are aimed at revising the way the healthcare industry approaches data and security, industry analysts are concerned that the efforts may prove too expensive for IT service providers that are already struggling with detailed compliance requirements, increased complexity of requirements and rising costs. The talent shortfall is also a factor in the updates that the Australian government is requiring of their IT service providers, as local experts are struggling to maintain certifications and compliance requirements.
As Australia circles the same issues that are tormenting healthcare organisations throughout the world, it may be the cloud software providers that have the most work to do to maintain adequate levels of security. IT managed services providers are often able to step in and help understand how to implement broader security requirements and automate ongoing tasks to free up time with valuable technology professionals.
by Felicien | Jun 19, 2019 | Education
Did you know you can use just about any Amazon Echo device to make phone calls for free? You can do the same in the Alexa app on iOS or Android, whether or not you have an Echo device. You can also call others in your contacts on their Echo devices instead of their phones. These services can be convenient, and they are real money savers for people paying per minute for their cell or landline phone. In today’s tech tip we’ll show you how to make calls with Amazon Alexa.
Step 1: Open the Alexa App on Your Phone
Making phone calls using Alexa is an opt-in service, meaning you’ll need to enable it and set it up before it will work. Open the Amazon Alexa app on your phone, and tap on the menu bars (likely in the upper left). Choose “Things to Try”. On that page, choose “Calling”. This area reveals several videos and explainers on how to get calling with Alexa set up.
Alternatively, you can simply ask your Echo device, “Alexa, how do I set up calling?” for verbal instructions. Those are nice, but you’ll end up needing to work in the app anyways. For that reason, we think it’s easiest to start in the app.
Step 2: Give Alexa Access to Your Contacts
In the Amazon Alexa app, open the Communicate tab by tapping on the Communicate button in the bottom row. If you’ve not done this before, the app will ask for access to your contacts. Tap OK to grant access.
If you want to use the Alexa app to make calls directly from your phone, you can do it from this screen. Simply select the contact you want to call, choose the right number (cell, work, or home), and the call should begin.
Step 3: Talk to Your Echo Device
If what you really want to do is make calls using your Echo device, you should be able to do so after following steps 1 and 2. You have to know the right lingo, however. You can start with a simple phrase like “Alexa, make a call.” Your Echo device will respond with a question of its own, asking who you want to talk to.
Some of your contacts can be reached multiple ways, so you’ll need to be specific with Alexa. Alexa should understand commands like “Call mom’s cell phone” or “call Shawna at work.” You can also call numbers not in your contacts list with “Alexa, call (555) 356-4321.”
To call another Echo device, simply say “Alexa, call Leslie’s Echo.” If Leslie has calling enabled on her echo, you’ll get patched right through.
If you want to explore phrases in more detail, look back at the “Things to Try” area in the app.
Note: Alexa Can’t Do Everything
One thing to note before diving into the world of phone calls with Alexa: Alexa and her associated devices do have some limitations. There are a few types of phone calls that Alexa can’t make. First, and most importantly, Alexa can’t call 911 or other emergency service numbers. These services need to know where you are, and even though you might think Alexa knows that, the functionality isn’t foolproof enough to support emergency calls.
Alexa also can’t (or won’t) call those pricey 1-900 numbers. (Yes, that’s still a thing.) Similarly, directory assistance and information lines of the 211, 411, or “star-88 on any cell phone” variety aren’t compatible with Alexa’s calling technology. For now, Alexa also won’t call internationally, nor will it respond to “call 1-800 CONTACTS” or other letter-to-number prompts.
Conclusion
Making phone calls through Amazon Alexa is a great way to save if you’re still counting minutes on your landline or cell phone plan. Follow the steps above to enable the feature and give it a try today.
by Felicien | Jun 19, 2019 | Education
An uptick of vendor consolidation in the Ambulatory electronic health records industry has been a cause for concern for many small and medium practices recently. The main cause for concern lies in the preparation and costs associated with integrating their patient health records into new programs that are made necessary with vendor acquisition, especially if the acquisition has forced a phase-out of their current EHR program.
According to KLAS Research, an Orem, Utah based IT Review Firm, EHR vendors have dropped from 1000 plus companies 10 years ago, to roughly 400 companies in total. Some of the larger companies responsible for merging and acquiring in the Ambulatory EHR market are Cerner, McKesson, Allscripts, Epic, and eClinicalWorks. Many see the opportunity for innovation, but these mergers have also created a unique set of challenges for small practices, Specialists and Outpatient Facilities. With these practices being reliant on the need to efficiently organize patient data as well as cross-share information to several labs, pharmacies, and other facilities in their networks, EHR has now become a necessary tool.
Market dynamics and technology advancements have proved that the move to electronic medical records systems is inevitable, but services once offered at low or no cost, now come with a monthly price tag. Service level changes, training costs, technology implementation, and practice continuity also serve as impact areas that Physicians should be prepared to address if migration to another system is required.
What About Technical Support?
Comprehensive Databases, such as Ambulatory EHR, will make technical support an important concern, not only for maintenance, but for any issues that may arise affecting day to day business. Will mergers cause reduced levels of tech support? Some physicians seem to think so. Practices reliant on specialized support options will now have to contend with an influx of other consumers operating on the same system, increasing help wait time and support availability. Frustration at rising costs, service level changes, and the elimination of special features in existing EHRs, have physicians worried that they will no longer be able to cater to their specific practice needs.
How to Prepare for Health IT Innovation
Ideally, Practices that are already utilizing EHR systems offered by the bigger players in the market have no cause for concern. For those practices that do find themselves needing to integrate into a new EHR system, preparation is key in order to avoid any potential negative impacts. The most important way to ensure a smooth transition is the current data organization. Physicians should understand where and how their data is organized, what format it is in, and the steps it would take to transfer it to another system. Current vendor communication and a review of contracts can also provide insight into costs and procedures of data migration, as well as a list of replacement vendors that would be best suited to practice needs if a switch needs to be made.
The Ambulatory EHR market will continue to make strides in innovation and technology advancement. Most of these changes are positive, like the introduction of Patient Portals, where data collection, tracking, and cross sharing have become streamlined and consumer friendly. Small Practices can avoid any potential negative impacts by simply understanding the data they collect, how to transfer it if they need to merge into another system, and by preparing a solid transition plan.
