Technology Information & News

Password Management: What Lawyers Must Know

Password Management

Passwords are a problem. In one sense they are exactly the opposite of what they should be. They’re hard for users to remember but easy for intruders to guess or steal. The user frustrations with the current system make it ripe for abuse, and that’s exactly what’s taking place every day.

The best solution for lawyers and law firms alike is to implement a password management utility. We’ll take a look at that solution after exploring the nature of the problem in greater depth.

The Problems with Passwords

Can you even count how many digital sites and services you’re required to log in to with a username and password? Most people have upwards of one hundred. It’s challenging, if not impossible, to keep them all straight without some kind of assistance. People usually resort to one of several very insecure methods to solve this. One of the most common is reusing the same username and password on multiple sites.

Password Reuse Is Easy but Dangerous

Security professionals will tell you that reusing passwords is dangerous. This is because when (not if) your credentials are captured or stolen on one site, you become vulnerable on every other site that uses those same credentials. The problem here is that it’s just so easy to reuse passwords, especially on accounts we don’t consider to be sensitive in nature. Nearly half of security professionals themselves admit to reusing passwords, even though they know firsthand the dangers of doing so.

Strong, Unique Passwords Are Too Hard to Remember

If you’re not supposed to reuse passwords, then what should you do? Ideally, you should create a strong, unique password for every site. Each one should be lengthy (the longer the better) and should contain a mix of lower and uppercase letters, numbers, and symbols. The longer and more complex the password, the harder it is for a computer to crack it. People won’t be able to guess Gbje23+3zp?$T0n very well at all.

The problem with a password like Gbje23+3zp?$T0n, though, is obvious. You’ll have a tough time remembering even one of those, let alone a hundred.

Experts will suggest other tactics, like turning a familiar phrase into a password. “Four score and seven years ago our fathers brought forth a new nation” could become “4s&7yaoFbfaNN”. This method uses the first letters of each word (along with numbers and symbols where appropriate) to create a passcode that’s nearly inscrutable but that’s easier to remember.

This method helps, but it doesn’t scale well. It’s true you’ll have an easier time reproducing that than the previous example, but you’ll still have a tough time replicating that a hundred times over.

The Solution: Password Management

The best solution to the password conundrum is using a password management utility. Setting up a password management utility isn’t difficult, and putting one in place greatly increases your digital security. Once you’ve set up a password manager, you don’t even need to remember all those passwords. You just have to remember one.

How Password Management Tools Work

Password managers are programs or apps that function as a digital safe, or a digitally encrypted locker. All your passwords are stored inside the safe. Password management tools will also help you create long, complex, unique passwords for all your accounts. Some can even do this automatically once you supply your existing credentials.

With a password manager, it’s easy to maintain a different complex password for every account, because you no longer need to remember those passwords yourself. You just need to create and memorize one very strong password for the password manager itself.

Once you’ve set up a password manager, it will autocomplete the login fields on most websites. For the few that don’t auto-populate, you can access a database of your account credentials and copy and paste the proper credentials into the corresponding fields. All the major password managers also offer some degree of integration with both iOS and Android. Your passwords remain accessible, yet secure, on your mobile devices.

The Security of Password Management Tools

Password management tools stake their reputation on their security. They aren’t perfectly secure—nothing is. The Washington Post notes some of their flaws. They are, however, a vast improvement over most people’s current password practices. No one gets access to your vault without your master password, and hackers won’t get that password from the utility makers since they don’t store your master password anywhere. There’s no database to be hacked.

On that note, make sure your master password is itself long and complex. Consider using the “familiar phrase” tactic described earlier.

Conclusion

Lawyers have an obligation to keep their digital accounts secure. Doing so manually is difficult if not impossible. Implementing a strong password management solution is the answer. If you have more questions about implementing a quality password management system for your law firm, we’re here to help. Contact us today to discuss the options available.

Eliminate Distractions In Your Work Day

Our days are full of distractions, from phones that don’t stop ringing to apps that don’t stop dinging. Each time we pause from one task, it takes us several seconds to a few minutes to get our minds back on track. This may not seem like much of an impact, but it can really add up over the course of a day. Not to mention all the time that is lost during meetings because someone was multi-tasking when they are asked a question and needs to regroup before they answer. It may seem like this is simply the way we do business today, but there are ways that you can eliminate distractions and be more productive during your workday.

Be Singularly Focused

Each task that passes your desk isn’t the highest priority. When you rigorously prioritize your work, it can help create a singular focus on the task at hand. When you absolutely must get something accomplished, train yourself to turn off everything else — turn your phone on airplane mode, pause email notifications and send your office phone straight to voice mail. Close all applications other than the one you’re working in at that moment, or go old school with a pad and paper in a quiet corner of the office where you know you won’t be disturbed. This singular focus on a task allows you to put all of your brainpower behind it, and you’ll be surprised at how quickly and efficiently you’re able to get things accomplished.

Be Ruthless in Meetings

Meetings today can be quite a challenge, with people working remotely and others tied to their laptops or tapping away on their phones. If you want to have a truly productive meeting, then you have to get a little ruthless! Schedule your meetings for a shorter period of time, and set up the expectations as soon as everyone is in the room. Ask for agreement from the room that everyone will leave their phones off and turned over, so they are not running the risk of distractions. Even a 15-minute meeting can accomplish great things if you have the full mental capacity of everyone in the room focused on the task at hand.

Being productive doesn’t have to mean constantly locking yourself into a corner or alienating colleagues by closing your office doors. You can find pockets of productivity in your day when you can focus on your most important tasks, providing you with the structure that you need to help move your organization — and your life — in a positive direction.

What Exactly Does A Managed IT Services Company Provide?

IT Managed Services

Running a business requires a great deal of focused attention. Unfortunately, when your technology team is spending a great deal of time dealing with login problems, software licensing, cybersecurity and more, it doesn’t leave a lot of time for growth activities and strategic thinking. As businesses grow, many organizations find that it makes sense to work with an IT managed services company to maintain a high level of security and staff productivity that would be nearly impossible using only internal assets. These technology partners provide best-in-class tools and support that can scale with your business as you expand. Here’s an overview of the type of services that many of these technology partners provide.

Day-to-Day Operations

Technology teams often refer to “death by a thousand cuts” — which is what happens when you have dozens of people relying on you to provide technical support for your organization. Everything from computers that refuse to reboot to conference rooms where the projection isn’t working all come into your help desk. This can overwhelm the individuals in IT and also cause a productivity loss for the staff members who are waiting on a response or support. IT managed services providers are able to step into this gap and solve a variety of simple challenges, including:

  • Retrieving lost files or folders
  • Resetting passwords
  • Issuing software licenses (based on pre-set business parameters)
  • Troubleshooting network connectivity
  • Rebooting servers

These are only a few of the “Help me now!” requests that technology professionals receive on a daily basis, and all of these options can be resolved remotely by a friendly technician from your IT managed services provider.

Creating or Refining Cybersecurity

Ensuring that your business information stays safe is a primary directive for today’s organizations. With many companies storing personal financial and health information for clients or staff, cybercriminals are enjoying access to data from organizations of all sizes — especially those businesses without a robust security posture. Staying current with the latest threats takes time and attention, and can be challenging for technology staff members to juggle with other priorities. When you work with a managed services provider, you have easy and immediate access to cybersecurity professionals who are able to review your current processes, make recommendations for improvement and then even help with the implementation of those suggestions.

Long-Term Technology Strategies and Budgeting

Even things that you might think of as integral to your business can be supported through a trusted IT managed services provider. A good technology partner may have access to dozens of business models and be able to make recommendations for your business based on a broader scope of understanding. Your external IT team can help with research on new vendor partners, negotiating better pricing on software due to shared buying power and even help create budgets based on the unique needs of your business.

Advanced Backup and Disaster Recovery

Should the unthinkable happen, it definitely pays to be prepared. There are any number of reasons you might have to restore operations from a backup, but without a proactive backup and disaster recovery process in place this can be a big challenge for businesses. Massive fires, flooding or other natural disasters claim thousands of businesses every year, as those businesses are unable to restart operations after a disaster. Cyberthreats or data loss could also spell doom for your business, especially if the loss leads to an extended period of time without access to your business data. With an IT managed services partner, you’re gaining access to advanced backup and disaster recovery software and protocols that will help protect your business in the event of an emergency — and help you restart operations quickly. More than 96% of businesses with a disaster recovery solution in place continue operations, but the same cannot be said of those without the forethought to create a comprehensive plan.

There are hundreds of scenarios where an IT managed services provider can help support your business. The bottom line is that you are gaining access to a deep bench of qualified professionals who are solely focused on helping make your business successful. Whether you need immediate assistance with help desk support or longer-term strategic advice, IT managed services providers serve a vital role in today’s business world.

Why This Missouri Dentist Was Targeted by Russian Cybercriminals

Dentist Cybersecurity

You don’t think about a small business in middle America being targeted by hardened Russian cybercriminals, but that’s exactly what happened in the case of Smile Zone. This Missouri dental office caters to children, looking for ways to provide them with a higher comfort level with dental procedures. Smile Zone had not yet invested in any aggressive cybersecurity measures, because they didn’t expect to become the target of malicious attack from overseas. Unfortunately, they were wrong, and their lack of planning for cybersecurity cost them over $200,000 due to a simple phishing scam — money that Smile Zone has never been able to recover.

Determining the Attack Vector

It didn’t take long for investigators to determine the attack vector, as it was a simple phishing email that was launched on the computer that Smile Zone used to conduct their banking business. With the information stored on that computer, the Russian cybercriminal and his associates were able to tap into the bank account of Smile Zone and create a transaction for $205,000 that looked perfectly legitimate to the bank. Unfortunately, that also meant that the bank would not accept liability for the transaction — something that they would have done if the account were a consumer account instead of a business account. What’s worse, the cybercriminals left the back door of the business open so they could help themselves to more funds in the future if the vulnerability was not addressed in time.

Why Russian Hackers Target Small Businesses

It’s hard to imagine, but why would a well-known Russian hacker who was on the FBI’s Most Wanted List waste their time attacking a small business for “only” a few hundred thousand dollars? The answer is simple: small businesses are less likely to have invested in cybersecurity. Not only are the businesses perceived to be less secure, but cybercriminals are looking for an ongoing payday — not a one-time bankroll. Small to mid-size businesses may not even notice relatively small amounts being shifted around until the dollars add up to a significant amount of money. This allows these nation-state actors to slowly siphon away funds that could otherwise be used to fund payroll or grow the business. Even if small businesses do have passive cybersecurity, they may not be actively monitoring their transactions and systems in a way that would allow them to see the fraud happening in near-real time. Symantec defines the time between the injection of malware or a data breach to the discovery time as “dwell times“, and they average 191 days before many businesses discover that their systems have been compromised.

Are There Legal Avenues for Recourse?

The unfortunate reality is that it’s difficult for the government, local police or anyone else to help regain access to your funds once they’ve been exfiltrated to a remote location. Hackers are extremely savvy, in taking just enough money that they can easily move it around without a lot of notice from others. It’s difficult for law enforcement to prove that there has been a crime, much less track down a slippery individual thousands of miles away from the crime. When your business suffers this type of loss, it’s unlikely that the money will ever be recovered — a devastating blow for a small business.

Are There Ways to Protect Your Business?

Fortunately, you don’t have to simply wait for your business to be hacked, and you don’t have to invest in over-the-top security solutions that are meant for enterprises instead of small to mid-size businesses. Your trusted technology services partner can help you understand the various options that are available to help protect your organization. This could include a variety of solutions:

  • Endpoint protection and monitoring of WiFi hotspots that are available to customers and employees
  • Rigorous password policies
  • Ongoing employee and contractor security training and testing
  • Active monitoring of your network by knowledgeable security professionals
  • Proactive notification systems so your technology partner can immediately begin remediation in the event of a breach
  • Email and website security software that helps filter out malware and spam before it reaches your staff
  • Robust backup and recovery procedures, to ensure your business can continue functioning even if you’re under attack
  • Systematic review of all potential fail points within your infrastructure on a regular basis
  • Rigorous management of user accounts and logins, to ensure that accounts are inactivated quickly when they’re no longer needed

Each business is unique, and working with your trusted IT managed services provider will offer more direct and detailed recommendations that will fit the unique needs of your business.

No one is expecting to be the target of a Russian hacker, and small businesses may be even less prepared than larger ones. No business is truly safe from cybercriminals unless your business is fully protected by a suite of cybersecurity measures that include active management of your infrastructure. It pays to invest a small amount upfront to protect your business from what could be a disastrous cyberattack in the future.

How to Share Notes with Microsoft OneNote

Here’s a quick tech tip for Microsoft OneNote. Today we’ll look at how users can share notes that they have created in Microsoft OneNote. First, though, since Microsoft OneNote isn’t one of the “Big Four” Office programs (Word, Excel, PowerPoint, and Outlook), we’ll look at what OneNote can do and why you should be using it.

What Is Microsoft OneNote?

Microsoft OneNote is an awesome but lesser-known part of the Microsoft Office family. At its core, it’s a high-powered note-taking program. When you first open a OneNote Notebook, it looks an awful lot like a Word document. However, it works quite differently. Click anywhere on the page and start typing. A text bubble will be created right there. Click somewhere else, and you can create another one. OneNote allows for free-flowing note-taking, and it lets users annotate their content using freehand drawing (with a mouse or on a touchscreen). It’s a great place to brainstorm or to take non-linear notes.

Sharing Is Powerful

Over the years, OneNote has also become a powerful collaboration platform. In all recent versions, users can share a notebook with numerous friends or coworkers, and those users can all edit the notebook simultaneously. This collaboration is powered using either Microsoft SharePoint or Microsoft OneDrive, depending on the version and edition (home or professional) being used.

How might this help you? Perhaps you want to create a table, sign-up sheet, or tutorial guide. Get one started, then share it with your coworkers or friends. They can jump right in, simultaneously filling in details, correcting mistakes, and fleshing out written procedures in real time. This is a powerful tool for businesses.

How to Share a OneNote Notebook

To share a notebook, open the notebook you want to share. In the upper right you should see the word “Share” between some other menu options, just below the Minimize button. Click the word “Share” to open the Share sidebar. In this sidebar you can select which notebook or notebooks you want to share. Fill in the email addresses of the people you want to share the notebook with. Next, click the drop-down menu and choose which level of access you want the people to have. You may want them to be able to edit, edit and share, or view only. Next, click the big Share button.

The people you’ve shared the notebook with will receive an email explaining the next steps. Soon they will start working with your document in real time. You can see initials next to people’s changes to help keep things straight. If you’d like to hide those, click “View” up in the ribbon, then click “Hide Authors.”

Now you know the basics of how to use and share notebooks in OneNote. Time to get collaborating!

Top Criteria for Selecting the Best IT Support Company

Selecting A New IT Company

Researching IT support companies can lead to confusion — and quite a headache! You may have started down the path of finding a technology partner due to internal frustrations or a lack of time to support basic technology needs, but your search can quickly expand due to the number of potential partners in the marketplace. Trying to determine exactly the level of support that you need and the associated costs may feel like an exercise in futility, but there are some basic tenets that will help you find the best IT support company for your needs. From reviewing the pricing models to service levels, here are the key considerations that will help you determine which partner is right for your business.

1. Does Your IT Support Company Offer Flexible, Scalable Contracts?

Technology solutions are rarely one-size-fits-all, and your IT services partner should recognize this and be able to provide you with customized recommendations that will meet your unique business needs. This could mean shorter contracts so you can evaluate the working relationship to support packages that provide you with scalable options that are designed to grow with your business. Your IT services partner should feel like they are on your side, making recommendations that will save you money while providing you with the support that your business desperately needs to grow.

2. Does Your IT Support Company Focus on Ongoing Education?

Technicians with industry certifications in various platforms should indicate to you as a client that your technology partner is placing an emphasis on ongoing education. The technology landscape changes dramatically in the course of several years. If your IT professionals are not maintaining their certifications or growing their body of knowledge, it can be challenging for them to provide your business with the support that you deserve. Key certifications to look for include Microsoft Silver or Gold Partner Certifications and CompTIA Certifications, to name a few. Your partner should be able to demonstrate that they value ongoing education by setting aside time for team members to attend training or continue their education.

3. Does Your IT Support Company Value Proactive Security and Account Management?

Proactive account management is crucial to your business success, as your IT services partner should be continually looking for ways to save you money and improve the efficiency of your operations. This should include a bi-annual or quarterly review of your business, that truly digs into the details and provides you with actionable recommendations. The right partner will be able to peek into the future and call out items that could become a problem in the future, so you can resolve them before they negatively impact your business operations. Active security measures are another valuable aspect of your partnership, as your IT services technicians are continually reviewing network activity to discover discrepancies so remediation of any problems can begin immediately.

4. What Are the Stated Response Times for Your IT Support Company?

There is no slick or easy answer that you should be looking for in terms of response times, as that can vary based on the needs of your business. Some businesses may find that getting a response within several hours is perfectly acceptable, while others need to get help desk support in a matter of minutes. What you are looking for is the best match for your business: an IT support company that is able to provide you with workable response times at an acceptable cost.

5. Is Your IT Support Company Aggressive About Cybersecurity?

Protecting your business assets is a mission-critical task for your IT support company, and they should treat it as such. You need to know that you will have access to cybersecurity professionals who are actively reviewing your account on a regular basis to ensure that all appropriate precautions are being taken to protect your digital assets. This includes everything from user training to backup and data recovery processes, all of which must be in line with your business needs.

Sometimes, it’s not a matter of finding the best IT support company — it’s a matter of finding the best fit for your business. You’ll want to consider everything from the support you want to receive from your account team to the quality of the training that technicians receive on an ongoing basis to find the best IT support company to meet your unique business needs.