Multi-Factor Authentication is Effective and Easy to Use

From: Law Technology Today, Posted by: Andrew B. Stockment November 24, 2014

You have probably heard horror stories about people whose personal accounts were hacked or companies that suffered data breaches that exposed customer information. The personal and business repercussions of an account being hacked range from minor inconvenience to major embarrassment, a damaged reputation, and financial loss. And for those of us in the legal profession, we have an ethical obligation to take reasonable precautions to safeguard our clients’ confidential information.

In order to prevent unauthorized access to your account, most online services (such as your email provider and your bank) require you to enter a username and password in order to authenticate your identity and log-in to the service. Two big weaknesses of the username and password model are: <READ MORE>

EHRs continue to be a challenge for HHS

From: Healthcare IT News, Erin McCann, Managing Editor, November 20, 2014

A report from HHS’ Office of Inspector General outlines the top challenges faced by the Department of Health and Human Services in FY 2014. Among them: meaningful use and interoperability. The office also highlighted several areas HHS continues to struggle with heading into 2015, including electronic health records.

First, HHS oversight of the EHR Incentive Programs has been significantly lacking and ultimately “vulnerable to inappropriate payments to participants that do not meet program requirements.” The Centers for Medicare & Medicaid Services, for instance, has paid out more than $25.4 billion in incentives payments to eligible hospitals and providers that have demonstrated meaningful use, but have failed to implement adequate controls ensuring that those participants were actually entitled to the federal money. <READ MORE>

Inspiration From 10 Entrepreneurial Heavyweights

From: Intuit QuickBooks, by Leslie Barber on November 11, 2014

A few weeks ago, I attended the QuickBooks Connect conference with thousands of other small business owners, accountants and developers. I listened to many accomplished entrepreneurs share their experiences as well as tips they’ve learned along their journeys. Below are some of my favorite inspirations and tidbits.          <READ MORE>

How to Transition from Spreadsheets to Accounting Software

From: Intuit QuickBooks, by Michael Ansaldo on October 27, 2014

Thanks to its presence on just about every business-class computer, Microsoft Excel has become the de facto tool for handling basic small-business accounting tasks. But while spreadsheets can be useful for a startup, they inevitably become cumbersome — and potentially harmful — when managing financial data for a growing business. When you have more than a handful of clients and transactions, it’s time to move on to accounting software. Here’s how to make the transition.

Why You Should Switch to Accounting Software

As your customers, vendors, and transactions increase, managing them in Excel becomes exponentially more complicated. Reporting — which requires you to manually enter specific formulas to get the information you want — becomes particularly time-consuming when working with large amounts of data. Also, spreadsheets are only as accurate as the person entering the information, and studies show the error rate increases with the complexity of the spreadsheet. Just ask JPMorgan about the devastating effect an Excel blunder can have on the integrity of your data.           <READ MORE>

Hackers swipe data of 60K in vendor HIPAA breach

From:Healthcare IT News, by Erin McCann, Associate Editor, 11/12/14

A state insurance plan subcontractor is at the center of a serious security incident after hackers gained three months of unfettered access to its computer system, compromising thousands of members’ health records. What’s more, despite discovering the HIPAA breach in April, it took officials some four months to notify those affected.

The Dallas-based Onsite Health Diagnostics – a medical testing and screening company, which contracts with the state of Tennessee’s wellness plan – notified 60,582 people that their protected health information was accessed and stored by an “unknown source.” The breach affected members from the Tennessee’s State Insurance Plan, Local Government Insurance Plan and Local Education Insurance plan.

[See also: Vendor sacked for HIPAA breach blunder.]

The system accessed, as OHD officials pointed out in an August notification letter, was not in official use since fall 2013. Health benefit member names, dates of birth, addresses, emails, phone numbers and gender were compromised in the incident. <READ MORE>

How the House from “A Christmas Story” Spawned a Small Business

From: Intuit QuickBooks – by Neil Cotiauxon November 10, 2014

Love the movie and the story behind the original house that is now a museum.

Sometimes, the quirkiest things can spark a novel business idea. Like a lamp shaped like a woman’s leg in a now-classic holiday film.

That lamp, along with an ill-fated turkey and other rib-tickling reminders of A Christmas Story, beckons tens of thousands of visitors a year to A Christmas Story House, tucked away on a side street in Cleveland, Ohio.

Spun from radio monologist Jean Shepherd’s memories of his Indiana boyhood, the 1983 movie in which the kitschy lamp appeared has become must-see TV each year for tens of millions of viewers who delight in the hijinks of Ralphie, The Old Man, and other quintessentially American characters.

“It was a hit right out of the gate for our family,” says Brian Jones, founder and owner of A Christmas Story House and several affiliated businesses.

When a failed vision test dashed Jones’s dreams of becoming a Navy pilot, his parents cheered him up with a homemade replica of The Old Man’s leg lamp, an oddball gift that got Jones’s entrepreneurial juices flowing.

Working out of his San Diego condo in 2003, Jones single-handedly assembled hundreds of lamps to sell on his website, RedRiderLegLamps.com, with his pickup  truck serving as collateral for parts. When sales took off, he outsourced production to China. <READ MORE>

Masque Attack – New iOS Vulnerability Allows Hackers to Replace Apps with Malware

From: The Hacker News – November 10, 2014

Android have been a long time target for cyber criminals, but now it seems that they have turned their way towards iOS devices. Apple always says that hacking their devices is too difficult for cyber crooks, but a single app has made it possible for anyone to hack an iPhone.

A security flaw in Apple’s mobile iOS operating system has made most iPhones and iPads vulnerable to cyber attacks by hackers seeking access to sensitive data and control of their devices, security researchers warned.

The details about this new vulnerability was published by the Cyber security firm FireEye on its blog on Monday, saying the flaw allows hackers to access devices by fooling users to download and install malicious iOS applications on their iPhone or iPad via tainted text messages, emails and Web links. <READ MORE>

Alert (TA14-310A) Microsoft Ending Support for Windows Server 2003 Operating System

From: United States Computer Emergency Readiness Team, 11/10/14

Systems Affected

Microsoft Windows Server 2003 operating system

Overview

Microsoft is ending support for the Windows Server 2003 operating system on July 14, 2015.[1](link is external) After this date, this product will no longer receive:

  • Security patches that help protect PCs from harmful viruses, spyware, and other malicious software
  • Assisted technical support from Microsoft
  • Software and content updates

Description

All software products have a lifecycle. End of support refers to the date when Microsoft will no longer provide automatic fixes, updates, or online technical assistance.[2](link is external) As of July 2014, there were 12 million physical servers worldwide still running Windows Server 2003.[3](link is external)

Impact

Computer systems running unsupported software are exposed to an elevated risk to cybersecurity dangers, such as malicious attacks or electronic data loss.

Users may also encounter problems with software and hardware compatibility since new software applications and hardware devices may not be built for Windows Server 2003.

Organizations that are governed by regulatory obligations may find they are no longer able to satisfy compliance requirements while running Windows Server 2003.

Solution

Computers running the Windows Server 2003 operating system will continue to work after support ends. However, using unsupported software may increase the risks of viruses and other security threats. Negative consequences could include loss of confidentiality, integrity, and or availability of data, system resources and business assets.

The Microsoft “Microsoft Support Lifecycle Policy FAQ” page offers additional details.[2](link is external)

Users have the option to upgrade to a currently supported operating system or other cloud-based services. There are software vendors and service providers in the marketplace who offer assistance in migrating from Windows Server 2003 to a currently supported operating system or SaaS (software as a service) / IaaS (infrastructure as a service) products and services.[4(link is external),5(link is external)] US-CERT does not endorse or support any particular product or vendor.

References

Revisions

  • November 10, 2014: Initial Release

4 Reasons to Migrate to the Cloud in 2014

From: Intuit QuickBooks, by Angela Stringfellow on January 28, 2014

Good information to consider as 2014 comes to an end.

Thinking of migrating to the cloud in 2014? Many small-business owners are realizing the value of handling essential processes, such as storing data and maintaining the necessary hardware to do so, remotely. Software-as-a-Service (SaaS) and Infrastructure-as-a-Service (IaaS) solutions may be just the ticket to help you ride the waves of change and growth.

What Are IaaS and SaaS?

IaaS refers to the infrastructure of an off-site data center: hard drives, servers, and networking components. An IaaS provider maintains the equipment, renting space and services out to multiple customers. This allows small businesses to share in the costs of maintaining a data center and avoid the hassles of securing real estate and hiring staff to keep it running.

SaaS operates on the same premise but refers to software applications hosted in the cloud and accessed via the internet. Again, the SaaS provider handles all the security, maintenance, and upkeep off-site, allowing multiple customers to share in the costs and reap the benefits of a high-end program, such as a customer relationship management app.

Why Should I Move to the Cloud?

Whether your small business needs a data center or you’re looking for better, more affordable software that can accommodate your company’s evolving needs, here are four compelling reasons to migrate to the cloud in 2014. <READ MORE>

Holiday Heads Up

The 2014 Holiday Season is upon us.  We have already seen an increase is malware issues, most of them coming from businesses that do not have a managed proactive service platform in place.  .

Proactive support and maintenance coupled with business grade anti-virus, anti-malware and spam filtering is the right place to start.  There are other things that you, as a business owner, can do to keep your data safe.  Take a moment to review this document.

It’s time well spent: http://dytech.com/Proactive_Support-Security_Best_Practices.pdf

Happy Holidays from Dytech Group.