by Felicien | Apr 12, 2019 | Education
First, there was the GDPR, with organizations around the world scrambling to create cookie and privacy policies to ensure that their data storage and use would meet the restrictive standards imposed by the EU. For smaller organizations in the U.S., the GDPR didn’t cause quite the fuss as it did for multinational corporations. The California Consumer Privacy Act (CCPA) has the potential to upset marketers and technology experts in businesses of all sizes — especially since it’s expected to unleash the floodgates for other states to declare their data privacy standards. The CCPA goes into effect January 1, 2020, but what exactly does that mean for your business?
The CCPA Provides Ownership, Control and Security Over Personal Information
At the heart of GDPR as well as CCPA are the rights that individuals have over the ownership, control and security of their personal information. When businesses are allowed to share data, precisely which data points can be shared, who they can be shared with and how individuals are able to request complete deletion of their information from an organization’s database. There are some high-level rules that help determine the businesses that must comply with the regulations, including:
Any business or for-profit entity that does business in California
Organizations with $25 million or more in gross annual revenue
Maintaining personal or household data for more than 50,000 organizations
Whose annual revenue is composed 50% or more of selling the personal information of consumers
Unfortunately, GDPR compliance does not guarantee that your business will be compliant with California’s new regulations around consumer data.
What Are the Challenges with CCPA Compliance?
California’s new consumer data policies mirror the GDPR policies in many important ways, meaning organizations who have already invested in GDPR compliance may be far ahead of their competitors who are just embarking on this journey. Compliance with these prohibitive policies may require consolidation of a massive amount of information from multiple disparate databases, something that cannot be accomplished quickly or without cost. Organizations are expecting to spend upwards of six figures to become compliant, with businesses with reliance on selling consumer data projecting a significant reduction in revenue opportunities. Simply identifying all the personal data that is stored within your various applications can be difficult, but under CCPA you must also be able to identify where and how the data is being used, who owns the data, who creates it and more. Plus, individuals must have an easy way to access their data storage preferences and effectively erase themselves from your corporate databases.
How Can You Get Ready for CCPA Compliance by January 2020?
Data consolidation is one of the key initiatives for businesses, and many organizations will need to retain an attorney to work through the various requirements and ensure that the business is fully compliant. There are also privacy notices that must be posted on digital channels such as websites and mobile apps, letting consumers know how their data is being stored and used by the business. Data breach reporting is another crucial part of CCPA compliance, as you’re required to maintain roles and responsibilities for data sets as well. Although California was the first state out of the gate with a new compliance ordinance, it’s unlikely that they will be the last. This will introduce the additional complexity of determining where your users are located and tracking their behavior over time to ensure that you’re delivering the correct privacy policies based on their geographic location.
Data governance is not a new concept, but the level to which organizations are now being required to track minute shifts in information is often costly and time-consuming. It’s crucial that you work with a technology services partner who truly understands the requirements of CCPA and GDPR, and stays up-to-date with new legislation as it is introduced to ensure that your compliance is in order. With penalties of $7,500 per intentional violation and $2,500 per unintentional violation, businesses are going to be extremely motivated to become compliant.
by Felicien | Apr 11, 2019 | Education
You don’t have to look long or hard through the news to find the latest cybersecurity incident — or the terrible press and loss of business that the organization suffers due to their inability to quickly respond to the threat. Chief Information Security Officers (CISOs) are actively looking for ways to protect their organization from the devastating effects of ransomware or other malware and trying to find ways to get the business back up and running quickly in the event of an attack. These three incident response tips can help keep your operations from buckling during an extensive incident that involves your data, hardware or software.
Make Sure You Have a Kill Switch
Today’s systems are dynamically interconnected, which can make it exceedingly difficult to segregate out one particular section that has been infected before it can infest the rest of the organization’s digital assets. With forethought and planning, you can create a kill switch that puts a walled garden around IoT devices, different operating systems in your back office, servers and more that will help you protect the remainder of your organization in the event of an incident. Think about what you can break off from your infrastructure that still allows you to marginally function as a business, and create kill switches accordingly. Data loss is one of the most expensive components of a cyber attack, making it crucial to save as much of your data and information structure as possible when a breach occurs.
Segment It to Save It
Segmentation and segregation is a good thing when it comes to networks and applications, but this same concept can also apply to user groups and even vendor management. The concept of “Segment it to save it” is generally constructed around data and networks, but it can easily be expanded to include user access controls and authorizations, vendor management and more. If a particular user group has been compromised, it’s much easier to rebuild a segment than it would be to rebuild your entire organization’s infrastructure. Think beyond the logical and physical implementations of segmentation, and think about everything you could possibly cordon off within your business — including vendors, partners and customer segments.
Invest in Regular Updates to Your Incident Response Playbook
Is your team confident that they know the required steps to protect your organization in the event of a cybersecurity incident? What happens if your cybersecurity expert just happens to be on vacation the week that a massive attack is launched? There are few substitutes for a written incident response playbook that provides you with step-by-step instructions that will help your business regain its footing in the digital world. Simply creating this playbook isn’t enough, you will still need to update it on a regular basis to ensure that you’re taking recent attack types and vectors into consideration as a part of your response and recovery planning. Your incident response playbook should be as dynamic as possible, reflecting today’s realities and offering achievable solutions to salvaging your business operations.
With luck, your business will be in the minority — those organizations that are never hit by a cyber attack. The unfortunate reality is that when a cyber attack hits your organization, it will cost you an average of 50 days to regain full operations of your business. Understanding these various components of incident response and forming your plan before you need it are crucial to ensuring that your organization is protected in the event of an attack.
by Felicien | Apr 9, 2019 | Education
If your company is still using the Windows 7 operating on your business computers, it’s time to look for a change. That’s because Microsoft is ending support for this popular and reliable operating system that has been popular with companies for years.
On January 14, 2020, Microsoft will stop offering security patches and dates for Windows 7. In the next few months, choosing a new operating system is a time-sensitive issue that should not be left until the last minute.
What Does Microsoft Mean When It Says Windows 7 Is Ending?
That’s not exactly what Microsoft is saying. After January 14, 2020, Windows 7 will continue to operate. However, doing so comes at a considerable risk to your business and employees. The “end of life” description of what’s happening to Windows 7 means that Microsoft will stop all paid and unpaid support.
Microsoft will stop creating and making available important security updates. It will also stop offering new features or design improvements of any type.
More critically is the stoppage of any kind of support for customers having problems with Windows 7. Free support that had been included in licensing agreements has already ended. As of January 2020, any “extended support,” which is Microsoft’s term for paid support and which is currently available, will stop as well.
Why Not Keep Using Windows 7 After the Support and Upgrades End?
Your Windows 7 operating system will continue to operate after support ends. However, your business will be highly susceptible to cyberattacks by those looking to exploit new vulnerabilities using viruses, phishing attempts and other attack vectors. Those vulnerabilities will multiply as your computers will not be protected by the regular patches that Microsoft offers to its customers for operating systems and software.
In addition, you may find that software applications you use on Windows 7 will also not work as well. Many software companies will stop offering upgrades or support for their programs for customers using Windows 7. While some may provide some updates and support after January 2020, those services are unlikely to last very long.
Hardware and peripheral companies are also unlikely to continue to provide updates or compatibility features with an eye on Windows 7. Newer technologies of all types will likely take advantage of newer features and capabilities that were not available in the Windows 7 operating system.
Older versions of operating systems like Windows 7 come with the browser Internet Explorer embedded. Support for these older versions of Internet Explorer will also cease in January 2020. Microsoft urges customers using Internet Explorer to upgrade to IE 11.
Hackers are well aware of the January 14, 2020, deadline and are apt to look to businesses still using Windows 7 as prime targets for their attacks.
What If We Use a Windows Embedded 7 Product?
Support for certain versions of Windows Embedded 7 end in October 2020, April 2021 and October 2021. More information about these cutoffs can be found here.
Can I Activate Windows 7 After the Cutoff Date?
If you still want to activate a purchased version of Windows 7, you may do so up to and after the January 2020 date. Just remember that a newly activated version will still be vulnerable to malware and virus and will not receive Microsoft support or upgrades.
What Are My Options for Replacing Windows 7?
Microsoft is understandably encouraging current Windows 7 customers to upgrade to Windows 10, its flagship operating system product. It is also encouraging customers to buy new computers with Windows 10 installed, as older computers may not have the minimum requirements to support Windows 10 and optimize its performance.
If you purchase Microsoft 365 Business, a cloud-based version of the popular suite of Microsoft Office Apps such as Word, Excel, PowerPoint, Outlook and OneNote. Microsoft 365 Business buyers get a free upgrade if they are currently using a Windows 7, 8 or 8.1 Pro license. Microsoft 365 Business owners can also upgrade all old Windows Pro licensed device at no additional cost.
What If I Need More Time to Upgrade from Windows 7?
If you use Windows 7 Professional or Windows 7 Enterprise, you can buy Extended Security Updates through January 2023. Those upgrades became available for purchase on April 1, 2019. For more information on this option, please contact Microsoft directly as there are specific technical and product guidelines regarding eligibility.
Understanding the options and risks when it comes to Microsoft’s cessation of Windows 7 support and updates helps your company make an informed decision.
by Felicien | Apr 9, 2019 | Education
Email is one of the best ways to communicate with people in the business world, but it’s also one of the biggest time drains for those same individuals. Some of the most productive people turn their email completely off and only check it a few times a day, but is there more that you can do to stay productive throughout the day without stressing out that you’re missing important messages? This quick email productivity hack may be the answer that will help you stay more organized and less distracted throughout the day.
Delayed Email Delivery
Even though it’s a core part of Microsoft Outlook, few people realize that you’re able to delay the delivery of emails until a later date or time — and even fewer people use this function on a regular basis. Delaying the delivery of your email is a great way to ensure that people receive your message when they are most likely to act upon it. If you need someone to provide a crucial report for you but they’re currently on vacation, sending an immediate email request is likely to get lost in the waves of requests they will be wading through when they return to the office. If you delay the message until a day or two after they are back in the office, you’re much more likely to receive a response without having to follow up again.
Scheduling Your Day
Another great way to stay focused during the day is to schedule all of your emails to go out at a certain time, perhaps around the time you will be leaving for the day. This allows you to answer emails at preprogrammed times throughout the day, but not being a slave to pinging notes back and forth when you would prefer to focus on other tasks. The hope is that others will respond to your requests at the end of their day, and you’ll have a wealth of actionable responses waiting for you when you come into work the next morning. It’s not difficult to schedule emails for delivery at a later time, and this simple productivity hack could save you over an hour each day — providing you with a significantly greater amount of targeted time to pay attention to what you need to accomplish each week.
You’re not getting more hours added to your day, and there’s almost always more than you can accomplish in any given week. Using these simple email scheduling tips to delay your email deliveries helps you eke more work (and fun!) out of the time that you do have available.
by Felicien | Apr 9, 2019 | Education
Passwords are a problem. In one sense they are exactly the opposite of what they should be. They’re hard for users to remember but easy for intruders to guess or steal. The user frustrations with the current system make it ripe for abuse, and that’s exactly what’s taking place every day.
The best solution for lawyers and law firms alike is to implement a password management utility. We’ll take a look at that solution after exploring the nature of the problem in greater depth.
The Problems with Passwords
Can you even count how many digital sites and services you’re required to log in to with a username and password? Most people have upwards of one hundred. It’s challenging, if not impossible, to keep them all straight without some kind of assistance. People usually resort to one of several very insecure methods to solve this. One of the most common is reusing the same username and password on multiple sites.
Password Reuse Is Easy but Dangerous
Security professionals will tell you that reusing passwords is dangerous. This is because when (not if) your credentials are captured or stolen on one site, you become vulnerable on every other site that uses those same credentials. The problem here is that it’s just so easy to reuse passwords, especially on accounts we don’t consider to be sensitive in nature. Nearly half of security professionals themselves admit to reusing passwords, even though they know firsthand the dangers of doing so.
Strong, Unique Passwords Are Too Hard to Remember
If you’re not supposed to reuse passwords, then what should you do? Ideally, you should create a strong, unique password for every site. Each one should be lengthy (the longer the better) and should contain a mix of lower and uppercase letters, numbers, and symbols. The longer and more complex the password, the harder it is for a computer to crack it. People won’t be able to guess Gbje23+3zp?$T0n very well at all.
The problem with a password like Gbje23+3zp?$T0n, though, is obvious. You’ll have a tough time remembering even one of those, let alone a hundred.
Experts will suggest other tactics, like turning a familiar phrase into a password. “Four score and seven years ago our fathers brought forth a new nation” could become “4s&7yaoFbfaNN”. This method uses the first letters of each word (along with numbers and symbols where appropriate) to create a passcode that’s nearly inscrutable but that’s easier to remember.
This method helps, but it doesn’t scale well. It’s true you’ll have an easier time reproducing that than the previous example, but you’ll still have a tough time replicating that a hundred times over.
The Solution: Password Management
The best solution to the password conundrum is using a password management utility. Setting up a password management utility isn’t difficult, and putting one in place greatly increases your digital security. Once you’ve set up a password manager, you don’t even need to remember all those passwords. You just have to remember one.
How Password Management Tools Work
Password managers are programs or apps that function as a digital safe, or a digitally encrypted locker. All your passwords are stored inside the safe. Password management tools will also help you create long, complex, unique passwords for all your accounts. Some can even do this automatically once you supply your existing credentials.
With a password manager, it’s easy to maintain a different complex password for every account, because you no longer need to remember those passwords yourself. You just need to create and memorize one very strong password for the password manager itself.
Once you’ve set up a password manager, it will autocomplete the login fields on most websites. For the few that don’t auto-populate, you can access a database of your account credentials and copy and paste the proper credentials into the corresponding fields. All the major password managers also offer some degree of integration with both iOS and Android. Your passwords remain accessible, yet secure, on your mobile devices.
The Security of Password Management Tools
Password management tools stake their reputation on their security. They aren’t perfectly secure—nothing is. The Washington Post notes some of their flaws. They are, however, a vast improvement over most people’s current password practices. No one gets access to your vault without your master password, and hackers won’t get that password from the utility makers since they don’t store your master password anywhere. There’s no database to be hacked.
On that note, make sure your master password is itself long and complex. Consider using the “familiar phrase” tactic described earlier.
Conclusion
Lawyers have an obligation to keep their digital accounts secure. Doing so manually is difficult if not impossible. Implementing a strong password management solution is the answer. If you have more questions about implementing a quality password management system for your law firm, we’re here to help. Contact us today to discuss the options available.
by Felicien | Apr 8, 2019 | Education
Our days are full of distractions, from phones that don’t stop ringing to apps that don’t stop dinging. Each time we pause from one task, it takes us several seconds to a few minutes to get our minds back on track. This may not seem like much of an impact, but it can really add up over the course of a day. Not to mention all the time that is lost during meetings because someone was multi-tasking when they are asked a question and needs to regroup before they answer. It may seem like this is simply the way we do business today, but there are ways that you can eliminate distractions and be more productive during your workday.
Be Singularly Focused
Each task that passes your desk isn’t the highest priority. When you rigorously prioritize your work, it can help create a singular focus on the task at hand. When you absolutely must get something accomplished, train yourself to turn off everything else — turn your phone on airplane mode, pause email notifications and send your office phone straight to voice mail. Close all applications other than the one you’re working in at that moment, or go old school with a pad and paper in a quiet corner of the office where you know you won’t be disturbed. This singular focus on a task allows you to put all of your brainpower behind it, and you’ll be surprised at how quickly and efficiently you’re able to get things accomplished.
Be Ruthless in Meetings
Meetings today can be quite a challenge, with people working remotely and others tied to their laptops or tapping away on their phones. If you want to have a truly productive meeting, then you have to get a little ruthless! Schedule your meetings for a shorter period of time, and set up the expectations as soon as everyone is in the room. Ask for agreement from the room that everyone will leave their phones off and turned over, so they are not running the risk of distractions. Even a 15-minute meeting can accomplish great things if you have the full mental capacity of everyone in the room focused on the task at hand.
Being productive doesn’t have to mean constantly locking yourself into a corner or alienating colleagues by closing your office doors. You can find pockets of productivity in your day when you can focus on your most important tasks, providing you with the structure that you need to help move your organization — and your life — in a positive direction.
