Technology Information & News

Reduce Travel Costs & Expense With Video Calling Apps

Endless airline terminals. Overpriced airport food. Overly-close seating on packed planes. What’s there to love about business travel? Sure, there are some road warriors who appreciate never having to clean a room or make a bed as they spend all their time in hotels, but for most people, business travel is simply something to be endured. Even 10 years ago, it would have been challenging to have the kind of high-speed access and seamless experience that you need for video conferencing, but today’s a different story. See how you can save time and money by utilizing some of these next-gen video calling apps.

Business Happens Everywhere

Workers want to be able to be productive anytime, anywhere — and that could include while watching their child’s baseball game, stepping out of a client meeting for a few minutes or even from home on the weekends. This is especially true of small business owners who are never truly off duty. Fortunately, video conferencing software and apps have come a long way from the fuzzy, slow-moving images and poor sound quality of the past to provide crystal-clear images and sound with no noticeable lag. If you haven’t tried it lately, video calling apps are now quite seamless to use and work equally well from your desktop, laptop, tablet or mobile phone.

Benefits of Video Calling

Let’s face it: travel is expensive, and the cost is not always justified for the value that you provide. There are certainly times when business travel will still be required, but many negotiations and conversations can happen equally well over a high-speed video call. Phone calls without video are not enough to provide you with the nuanced information that you receive when you’re able to see someone directly in front of you, and video calling fits that bill nicely. Business is increasingly global in nature, making video calls one of the few cost-effective ways to work with teams that are scattered throughout the region — or the world. Until the last few years, it was a bit more difficult to ensure that both individuals or teams had access to the right software and hardware to make video calling truly viable. With the majority of laptops being shipped with high-resolution video conferencing hardware already installed and the prevalence of smartphones, that is no longer the case.

Top Video Calling Apps

While certainly not an exhaustive list, here are a few of the top video conferencing apps that are used in business today:

  • Skype — consistently one of the top-rated apps by technology professionals and users
  • Zoom — free video calling that allows you to instantly share information from your phone
  • Cisco WebEx — businesses professionals love it, and there are extensive shared workplaces available in the platform
  • GoToMeeting — quickly and easily collaborate with partners and clients in real time
  • Slack— cross between a chat platform and video conferencing, built specifically for team communication

No matter what your video calling needs are, there’s probably a platform on the market today that will fulfill your needs — and cost far less than relying on expensive business travel.

Video Conferencing

New Threat Advisory: TrickBot (Warnings/Recommendations)

TrickBot is up to its tricks again. Once cyber experts get a handle on it, TrickBot releases new modules that advance its capabilities. Here’s what you need to know to protect your organization from TrickBot.

Trickbot

Don’t Get Tricked By TrickBot

TrickBot is up to its tricks again. Once cyber experts get a handle on it, TrickBot releases new modules that advance its capabilities. Here’s what you need to know to protect your organization from TrickBot.

What Is TrickBot?

The Multi-State Information Sharing and Analysis Center (MS-ISAC) recently released a security primer on TrickBot. Originally developed in 2016 as a Windows-based banking Trojan, TrickBot has recently advanced its capabilities.

TrickBot is a modular banking trojan that targets user financial information and acts as a vehicle for other malware. It uses Man-in-the-Browser attacks to steal financial information such as login credentials for online banking sessions. (The majority of financial institutions consider Man In The Browser attacks as the greatest threat to online banking.)

Malware developers are continuously releasing new modules and versions of TrickBot— And they’ve done this once again.

How Is TrickBot Distributed?

TrickBot is disseminated via malspam campaigns. Malspam is a combination of malware and spam. It’s usually delivered through phishing or spear-phishing emails. Its goal is to exploit computers for financial gain.

These malspam campaigns send unsolicited emails that direct users to download malware from malicious websites or trick the user into opening malware through an attachment.

TrickBot is also dropped as a secondary payload by other malware such as Emotet. Some of TrickBot’s modules abuse the Server Message Block (SMB) Protocol to spread the malware laterally across a network. (SMB is an application-layer network protocol that facilitates network communication while providing shared access to client files, printers and serial ports.)

The developers behind TrickBot have continue to add more features via modules to this potent trojan virus. It can download new modules that allow it to evolve if left unchecked.

How Does The TrickBot Malspam Campaign Work?

The malspam campaigns that deliver TrickBot use third-party branding looks familiar to you and your staff such as invoices from accounting and financial firms. The emails typically include an attachment, such as a Microsoft Word or Excel document. If you open the attachment, it will execute and run a script to download the TrickBot malware.

And, TrickBot is really tricky. It runs checks to ensure that it isn’t put in a sandboxed (quarantined) environment. Then it attempts to disable your antivirus programs like Microsoft’s Windows Defender.

And even worse, TrickBot redeploys itself in the “%AppData%” folder and creates a scheduled task that provides persistence. Persistence is the continuance of the effect after its cause is removed. So, even after you remove TrickBot, it can still create problems.

What Happens If Your Network Gets Infected With TrickBot?

TrickBot’s modules steal banking information, perform system/network reconnaissance, harvest credentials and can propagate throughout your network.

TrickBot:

  • Will harvest your system information so that the attacker knows what’s running on your network.
  • Compares all files on your disk against a list of file extensions.
  • Collects more system information and maps out your network.
  • Harvests browser data such as cookies and browser configurations.
  • Steals credentials and configuration data from domain controllers.
  • Auto fills data, history, and other information from browsers as well as software applications.
  • Accesses saved Microsoft Outlook credentials by querying several registry keys.
  • Force-enables authentication and scrapes credentials.
  • Uses these credentials to spread TrickBot laterally across your networks.

What’s New With TrickBot?

In November 2018, a module was developed and added that gave TrickBot the ability to steal credentials from popular applications such as Filezilla, Microsoft Outlook, and WinSCP.

In January 2019, three new applications were targeted for credential grabbing: VNC, Putty, and RDP.

In addition, it can also steal credentials and artifacts from multiple web browsers (Google Chrome/Mozilla Firefox/Internet Explorer/Microsoft Edge) including your browsing history, cookies, autofills, and HTTP Posts.

How Can You Protect Your Organization From TrickBot?

We recommend that you contact us and arrange for the following to protect against the TrickBot malware:

  • Implement filters at the email gateway to filter out emails with known malspam indicators such as known malicious subject lines, and block suspicious IP addresses at the firewall.
  • Use managed antivirus programs on clients and servers, with automatic updates of signatures and software. Off-the-shelf antivirus isn’t enough.
  • Arrange for vulnerability scans to detect TrickBot or other malware threats that are hiding in your IT systems.
  • Apply appropriate patches and updates immediately after they are released.
  • Provide Security Awareness Training for your users. Regular training will ensure that they can recognize social engineering/phishing attempts, and refrain from opening attachments from unverified senders.
  • Help you employ a Password Management solution so your usernames and passwords aren’t disclosed to unsolicited requests.
  • Deploy a managed Anti-Spam/Malware Solution with the latest signature and detection rules.
  • Review security logs for indicators of TrickBot. If any are found, we can isolate the host and begin investigation and remediation procedures.
  • Make sure you adhere to the principle of least privilege, ensuring that users have the minimum level of access required to accomplish their duties. We’ll also limit administrative credentials to designated administrators.
  • Implement Domain-Based Message Authentication, Reporting & Conformance (DMARC). This is a validation system that minimizes spam emails by detecting email spoofing using Domain Name System (DNS) records and digital signatures.
  • If you don’t have a policy regarding suspicious emails, we can help you create one and specify that all suspicious emails should be reported to security and/or IT departments.
  • And more…

Don’t let TrickBot use its tricks to steal your confidential data. Contact us for comprehensive IT Security Analysis and Remediation to keep TrickBot out of your network.

What Is A Business Continuity Plan?

Business continuity plan

Creating a business continuity plan is one of the most important things a company can do.

Business continuity ensures that your business is back up and running after a critical disruption, such as a natural disaster or cyberattack.

What Is Business Continuity?

Business continuity is a big-picture approach that ensures normal business operations are continued during an emergency. It’s designed to identify and mitigate risks, assign roles and provide clear communication to key parties.

Why Is Business Continuity Important?

Business continuity allows your business to keep running during or soon after a crisis. Not having a business continuity plan carries great risks, including:

  • Loss of customers
  • Extended downtime and subsequent revenue loss
  • Reputation erosion
  • Regulatory non-compliance

Creating a business continuity plan helps you maintain control and calm in what may otherwise be a chaotic environment.

What Are the Components of a Business Continuity Plan?

There are several core components of a business continuity plan:

  • Identify the team
  • Understand data
  • Assess and rank risks
  • Prioritize essential services
  • Price and build solutions
  • Develop policies and communicate
  • Test and refine

Each of these steps helps to create a broader understanding of both the threats and how the company addresses them should they materialize.

How Do You Build a Continuity Team?

Business continuity needs to begin at the highest leadership levels and buy-in needs to be built at every level. Every department or business unit should be involved in order to provide perspective on what’s most important and critical across the company.

The team should comprise members who have a deep understanding of how the business works, make good decisions and communicate clearly. This team may be different from a disaster recovery team, which focuses on remediation — dealing with an emergency when it materializes.

How Does Data Fit In?

Understand your data is crucial, especially when risks and solutions become clearer. It’s important to understand what data your company has, especially information that is personal or proprietary.

Your company needs to understand how the data is collected and formatted, where it’s stored, who has access and how it’s accessed.

How Do We Identify Risks?

Risks can take on many forms, some of which are more severe than others. While most people consider natural disasters and cyberattacks as the most common threats, there are other risks that present a threat to the enterprise. Some of these other risks need to be addressed immediately, just like a fire or ransomware attack.

It’s worth repeating that business continuity is about keeping the business operational while the threat is being addressed. These risks include:

  • Natural disasters
  • Cyber attacks
  • Data loss or theft
  • Employee error
  • Emerging competitors
  • Shifting market conditions
  • Political changes or legislative action
  • Loss of customers or crucial staff

The assessment phase requires identifying the risks and ranking them. Companies should determine the following for each risk:

  • Likelihood of occurring
  • Potential impacts e.g. financial, reputational, regulatory

Some models define risk as the product of the two (Risk = Likelihood x Impact).

How Are Risks Prioritized?

Once the risks are identified, they need to be prioritized. The most urgent risks should be given the highest priority. One way to think about risk is to consider the services that are most essential to your business viability. Is it the production of goods or services that your customers depend on? What about processes that need to be carried out for regulatory compliance?

Part of this assessment should include the impact of incidents on your most important customers. How likely are they to leave? What do they need that you provide to them?

Next, your teams need to create solutions to the most urgent risks. These may involve recovering key data and restoring online access to applications. They may require new IT solutions that strengthen network protection and monitor activity.

The identified solutions need to be priced before the company chooses which risk mitigation work should be financed first. Cost and feasibility may require a reprioritization of the risks.

When Do We Create Policy and Processes?

An important component of business continuity is developing the governance policies around governance during and after an emergency, how communications flow and from whom, and what systems are prioritized. The processes detail roles and actions to take at each phase of disaster recovery.

Once these documents are created, it’s important to share them and educate employees about what they mean. Understanding these processes before an incident occurs helps employees to react more effectively.

How Do You Know If Your Plan Works?

Testing is an important part of business continuity. Simulated drills can identify how employees perform, how effective the plan is and what needs to be changed. The value of a business continuity plan comes from continual reassessment, reprioritization, retesting and revising.

Disasters and incidents can derail companies in many ways. Business continuity planning helps minimize those impacts on your company and keeps you running during and after an emergency. To learn more about business continuity planning, download this free template.

How Composing Email On Multiple Devices Keeps Business Moving

Email is one of the primary forms of communication for today’s active businessperson, but there are certainly some challenges when you’re on the go. It’s not unusual to start an email on one device and save it as a draft to finish up later from your desktop. This productivity hack allows you to quickly jot down ideas on your mobile phone and save the email for further refinement when you’re back in the office. See some additional best practices for keeping your email synced across devices.

The Rise of Mobile Email

The share of global web pages served to mobile phones has changed dramatically over the past 10 years, from less than 3% in 2010 to over 52.2% (and climbing!) in 2018 according to Statista. This doesn’t even include tablet traffic, which accounts for approximately another 10% of traffic in the United States. The same shift can also be seen in email, with the percentage of emails being opened on mobile devices growing to 55% or greater. Return Path, an email data aggregator, shared that the converse is true for emails opened within an internet browser; this number has dropped from 37% in 2012 to 28% in 2017. These dramatic shifts are representative of the way we create emails, too.

The End of Poorly-Worded Mobile Messages?

While it would be great to note that the increased ability to work cross-platform would mean that you’re less likely to receive poorly-worded, autocorrected emails that originated on a mobile phone, but that’s probably too much to ask. However, the ease with which you can save messages for later editing and sending may reduce the possibility that it’s obvious your email was jotted down on a mobile phone. Business professionals are more likely to take the time to create a well-written message that covers the necessary points when they’re able to re-read the note on their laptop. Few people are able to flawlessly compose a thoughtful email message on a 4″ mobile screen.

Taking Control of Your Inbox

It’s all too easy to allow your inbox to control your life and make you extremely reactive, especially when your emails are close to hand at all times on your mobile devices. It’s essential to stay organized to reduce the possibility that you’ll miss replying to an important message when you’re on the go. Try using labels for “Need to Reply” or “Respond Tomorrow” that will prompt you to draft a reply the next time you’re in the office.

Don’t lose productivity when you’re out of the office — simply jot notes to yourself for later refinement! You’ll love this time-saving trick, and your email recipients will appreciate that your emails have had a few minutes of review and editing before they’re fired out of your Sent mailbox.

Email Sync

Staying Safe Online: Are You the Target of a Fake Check Scam?

Fake Check

Great news! You’ve posted a batch of pricey items from your business on Craigslist, and someone has offered to purchase the lot. However, when you receive the check you realize it’s not for precisely the right amount. Perhaps you contact the seller to get a revised check — and they are so accommodating that they trust you to deposit the full amount and then wire them the difference. You’ve sold your excess inventory or goods and have payment in hand, so where’s the concern?

Unfortunately, this all the hallmarks of a traditional fake check scam. Selling online is one of the three scenarios where you are most likely to find a check scammer, but it pays to always be aware that this could be a possibility. Fake checks are rampant in today’s culture, with scammers making off with millions of dollars on a regular basis. The Better Business Bureau (BBB) estimates that over 500,000 Americans are the victims of swindles involving counterfeit checks, costing each victim an average of $1,200.

How Fake Check Scams Work

First of all, there really isn’t a legitimate reason for someone to ask you to wire money back to them after handing you a check. None. If someone requests this of you, your first thought should be that there is something fishy going on — whether it’s a business or personal situation. The checks that these individuals will pass to you look completely real; even cashier’s checks that portend to be certified by a bank. Unfortunately, you’re responsible for funds from the check that you’ve deposited. This means that you will be liable for the entire amount that you wire to the criminals. Some variations of fake check scams include:

  • Foreign lottery: Congratulations! You’re the winner of a (fake) lottery. Here’s your prize money!
  • During the job application process you’re asked to submit a check for an application fee.
  • An online buyer requests you to set up an account for them to deposit payments into

Scammers are taking advantage of your trusting nature — something that you simply cannot afford to have in today’s society.

Your Liability With a Fake Check Scam

You might think that your liability is limited in the event of a fake check scam, but the opposite is true. While your bank may make deposited funds available to you immediately or within a few days, they are simply acting in good faith that the funds are available from the check you’ve deposited. When it turns out that the check is fraudulent, by federal law you are responsible for any funds that are withdrawn against the check. It often takes weeks to untangle the conspiracy around a fake check, and banks are perfectly within their rights to withhold funds from your use to equal the amount you’ve overdrawn during that period.

Protecting Yourself from Fake Check Scams

Other than simply never accepting a check, there are a few ways to stay safe from this particular type of fraud. Any offer that asks you to submit payment to receive a prize or gift should be immediately tossed. It’s always a good idea to limit how and where you are wiring money — both personally and as a part of your daily business dealings. It’s never a good idea to accept payments that are greater than the amount you’ve requested for a particular online sale, and consider using an escrow service or other third-party payment strategies for more substantial online sales. When you’re working with a new vendor for the first time, it doesn’t hurt to quickly check out their customer service number and even Google their location to ensure that it is on the up-and-up. Avoid any exceptional offer that purports to only be available for a limited time,” where the buyer is putting extensive pressure on you to act immediately. These are rarely legitimate, and can cause you much more frustration in the future.

The hard fact is that scammers are everywhere, and if something seems too good to be true — it probably is! If you think you have been a victim of a counterfeit check scam, you can report the issue to several government agencies including: U.S. Postal Inspection Service, the Federal Trade Commission and local authorities. Even though it may not save you from losing any funds, you can potentially stop the fraudsters from targeting others in the future.

Healthcare Fines For Breaches Are Increasing

Patient Healthcare Information

Healthcare was a lucrative target for hackers in 2018. Cybercriminals are getting more creative despite better awareness among healthcare organizations. And fines for breaches of patient information are increasing. What more can you do to ensure your patient data is secure?

What Should You Do To Secure Your ePHI?

Healthcare was a lucrative target for hackers in 2018. Cybercriminals are getting more creative despite better awareness among healthcare organizations. And fines for breaches of patient information are increasing. What more can you do to ensure your patient data is secure?

If You Don’t Secure Your Data–Prepare For Ever-Increasing Fines

According to Health IT Security, in February 2019 Tennessee-based Community Health Systems (CHS) settled with the 4.5 million patients impacted by its 2014 data breach. Those patients who experienced identity theft or fraud due to the cyber attack will receive up to $5,000 each.

The lawsuit counsel also requested approval to award attorney’s fees for the case (about $900,000), as well as an incentive award of $3,500 for each patient they represented.

This is just one example of a healthcare breach and its effects. Click here to learn about some of the biggest healthcare breaches for 2018. 15 million patient records were breached in 2018 as hacking and phishing surged. This number tripled from 2017.

Don’t Let This Happen To Your Healthcare Business–What Should You Do To Secure Your ePHI? — Ask your IT provider to implement a Layered, Managed & Proactive Approach To IT Security.

This is the industry’s definitive source to prevent healthcare data breaches…

You need these 4 layers:

1. For your Computers: Your need Anti-Virus, Anti-Malware and Zero-Day Protection that’s managed by your IT Managed Service Provider so you know new updates are being applied daily.

  • Managed Anti-Virus & Anti-Malware: This keeps both known and emerging viruses and malware off of your workstations and servers. Because it’s managed, it stays up-to-date with the latest cyber threats. It also protects against new viruses by using behavioral scanning and heuristic checks. These detect new, unrecognized viruses and malware and send them to a sandboxed environment away from your core systems. This is essential with all the new virus and malware threats being created each day.
  • Zero-Day Protection: This provides end-to-end cybersecurity protection for your computers, as well as your networks, endpoints, mobile devices, and cloud-based services when an unknown security vulnerability in computer software or an application occurs, and where a patch hasn’t been released to handle it.

2. On Your Network: You need a Next Generation Firewall. This detects and blocks complicated cyber attacks by enforcing security measures at the protocol, port and application level.

Next-Generation Firewalls can be implemented in either software or hardware. The difference between a standard firewall and a next-generation firewall is that the next-gen performs a more in-depth inspection and in smarter ways. It brings added information to the firewall’s decision-making process. It also has the ability to understand the details of web traffic passing through, and can take action to block anything that might exploit your network’s vulnerabilities.

3. Email:  You need SPAM filtering with link and document scanning. This is a service designed to block SPAM from your users’ inboxes. It sets up an email gateway that stops the bad guys before they reach your inbox while making sure the good guys (you) aren’t bogged down trying to manage it. Many email messages today are SPAM. SPAM filtering is critical for keeping phishing emails off your computers. However, even the best filters can’t block 100 percent of SPAM messages. This is another reason why you need #4 below.

4. User Education: Different sized organizations cope with dissimilar problems, but all have employees who are usually the weakest link in their IT security. Modern phishing and social engineering attacks are a major threat to medical businesses today. Even a single unaware employee is enough for a cybercriminal to trick through email to gain access to your ePHI, data, finances and more.

Security Awareness Training tackles this problem head-on. You need ongoing education that trains your employees in cybersecurity measures and protocols via a comprehensive curriculum that includes simulated hacking and phishing attempts —This helps your employees know what to look for when using your IT systems.

To ensure cybersecurity, your staff should know…

  • How to identify and address suspicious emails, phishing attempts, social engineering tactics, and more.
  • How to use your practice management technology without exposing data and other assets to external threats by accident.
  • How to respond when they suspect that an attack is occurring or has occurred.
  • Additional vital information to maintain cybersecurity.

In addition …

Ask your IT provider to implement these 4 solutions to minimize your risk:

  1. Data encryption so your ePHI and EHRs are secure both in transit and storage.
  2. Multi-factor authentication where your users must use two or more forms of electronic identification to access data.
  3. Routinely patch and update your software programs to close any security gaps.
  4. Mobile Device Management to protect your data if mobile devices are lost or stolen.

With this and a layered, managed and proactive approach to IT security, you should have a fighting chance against today’s cyberattacks.