Multi-Factor Authentication is Effective and Easy to Use

From: Law Technology Today, Posted by: Andrew B. Stockment November 24, 2014

You have probably heard horror stories about people whose personal accounts were hacked or companies that suffered data breaches that exposed customer information. The personal and business repercussions of an account being hacked range from minor inconvenience to major embarrassment, a damaged reputation, and financial loss. And for those of us in the legal profession, we have an ethical obligation to take reasonable precautions to safeguard our clients’ confidential information.

In order to prevent unauthorized access to your account, most online services (such as your email provider and your bank) require you to enter a username and password in order to authenticate your identity and log-in to the service. Two big weaknesses of the username and password model are: <READ MORE>

The Data Guardian: Transforming Legal IT

From: Law Technology Today, Posted by: Anthony Foy September 11, 2014

Just like nearly every other knowledge worker, legal professionals are becoming more mobile than ever. Based on recent research commissioned by Workshare, 96 percent of legal professionals are accessing documents on the move, with as many as 84 percent requiring access to work documents outside of the office to get their jobs done. This requirement for mobile working is being sufficiently met with an abundance of cloud-based file sharing applications in the marketplace, but this is often at the expense of security.

More than half of employees are bypassing corporate policies and opting instead for unsanctioned file sharing applications – like Dropbox and Google Drive – and risk exposing sensitive and high-value legal documents. Not all law firms are equipped with their own security and risk management teams, which leaves essential data protection responsibilities unclaimed. And as consumer-grade apps continue to flood the workplace, it’s time for someone to regain control of corporate data and content. <READ MORE>

Am Law Survey — Information Security a Top Concern

From: Law Firm Risk Management Blog, American Lawyer Survey, 11/1/14

The American Lawyer has just published its annual technology survey: “Survey: Data Security Is Tech Chiefs’ Top Worry

  • “Worries about data security have reached new heights, our annual technology survey shows, with potential threats coming from outside the firm, and within.”
  • “Yet one topic dominates the discussion. In response to our question asking technology directors about their biggest challenges, 55 percent cited security, by far the most frequent answer. And overall, 74 percent of the chiefs say they are more concerned about security now than they were two years ago. Their clients are concerned too. While security was a leading topic on last year’s survey [“A Secure Location,” November 2013], the focus has only become more intense—and more time- and budget-consuming.”
  • “‘Five years ago, we didn’t have client security audits,’ says Gary Becker, the chief information officer at Reed Smith. ‘We’ve had over 15 of them this year.'”
  • “For law firm CIOs, the result is often a to-do list of remedial measures—new security hardware and software that must be deployed to satisfy the client, whose hypervigilance, several chiefs said in follow-up interviews, stems from multiple sources, including headlines hammering companies that suffered data breaches and beefed-up regulations, particularly in the finance and health care sectors.”
  • “But it is also time- and resource-consuming. Reed Smith now has three full-time staffers ‘dedicated to meeting the security requirements of clients,’ says Becker. ‘That’s three people I didn’t have five years ago.'”
  • Other firms have similarly bulked up on security experts. Vinson & Elkins, for instance, now has a full-time security director it didn’t have a few years ago. ‘There are a lot of steps we need to do now to meet client expectations on security,’ says the firm’s CIO, Dennis Van Metre. It’s not just a matter of installing the systems the client asks for, he says, but also ‘asking the questions our clients will ask us’ whenever a new tool, service or product is evaluated, from cloud computing to tablets to online deal rooms.

How to Transition from Spreadsheets to Accounting Software

From: Intuit QuickBooks, by Michael Ansaldo on October 27, 2014

Thanks to its presence on just about every business-class computer, Microsoft Excel has become the de facto tool for handling basic small-business accounting tasks. But while spreadsheets can be useful for a startup, they inevitably become cumbersome — and potentially harmful — when managing financial data for a growing business. When you have more than a handful of clients and transactions, it’s time to move on to accounting software. Here’s how to make the transition.

Why You Should Switch to Accounting Software

As your customers, vendors, and transactions increase, managing them in Excel becomes exponentially more complicated. Reporting — which requires you to manually enter specific formulas to get the information you want — becomes particularly time-consuming when working with large amounts of data. Also, spreadsheets are only as accurate as the person entering the information, and studies show the error rate increases with the complexity of the spreadsheet. Just ask JPMorgan about the devastating effect an Excel blunder can have on the integrity of your data.           <READ MORE>

Hackers swipe data of 60K in vendor HIPAA breach

From:Healthcare IT News, by Erin McCann, Associate Editor, 11/12/14

A state insurance plan subcontractor is at the center of a serious security incident after hackers gained three months of unfettered access to its computer system, compromising thousands of members’ health records. What’s more, despite discovering the HIPAA breach in April, it took officials some four months to notify those affected.

The Dallas-based Onsite Health Diagnostics – a medical testing and screening company, which contracts with the state of Tennessee’s wellness plan – notified 60,582 people that their protected health information was accessed and stored by an “unknown source.” The breach affected members from the Tennessee’s State Insurance Plan, Local Government Insurance Plan and Local Education Insurance plan.

[See also: Vendor sacked for HIPAA breach blunder.]

The system accessed, as OHD officials pointed out in an August notification letter, was not in official use since fall 2013. Health benefit member names, dates of birth, addresses, emails, phone numbers and gender were compromised in the incident. <READ MORE>

Masque Attack – New iOS Vulnerability Allows Hackers to Replace Apps with Malware

From: The Hacker News – November 10, 2014

Android have been a long time target for cyber criminals, but now it seems that they have turned their way towards iOS devices. Apple always says that hacking their devices is too difficult for cyber crooks, but a single app has made it possible for anyone to hack an iPhone.

A security flaw in Apple’s mobile iOS operating system has made most iPhones and iPads vulnerable to cyber attacks by hackers seeking access to sensitive data and control of their devices, security researchers warned.

The details about this new vulnerability was published by the Cyber security firm FireEye on its blog on Monday, saying the flaw allows hackers to access devices by fooling users to download and install malicious iOS applications on their iPhone or iPad via tainted text messages, emails and Web links. <READ MORE>

Alert (TA14-310A) Microsoft Ending Support for Windows Server 2003 Operating System

From: United States Computer Emergency Readiness Team, 11/10/14

Systems Affected

Microsoft Windows Server 2003 operating system

Overview

Microsoft is ending support for the Windows Server 2003 operating system on July 14, 2015.[1](link is external) After this date, this product will no longer receive:

  • Security patches that help protect PCs from harmful viruses, spyware, and other malicious software
  • Assisted technical support from Microsoft
  • Software and content updates

Description

All software products have a lifecycle. End of support refers to the date when Microsoft will no longer provide automatic fixes, updates, or online technical assistance.[2](link is external) As of July 2014, there were 12 million physical servers worldwide still running Windows Server 2003.[3](link is external)

Impact

Computer systems running unsupported software are exposed to an elevated risk to cybersecurity dangers, such as malicious attacks or electronic data loss.

Users may also encounter problems with software and hardware compatibility since new software applications and hardware devices may not be built for Windows Server 2003.

Organizations that are governed by regulatory obligations may find they are no longer able to satisfy compliance requirements while running Windows Server 2003.

Solution

Computers running the Windows Server 2003 operating system will continue to work after support ends. However, using unsupported software may increase the risks of viruses and other security threats. Negative consequences could include loss of confidentiality, integrity, and or availability of data, system resources and business assets.

The Microsoft “Microsoft Support Lifecycle Policy FAQ” page offers additional details.[2](link is external)

Users have the option to upgrade to a currently supported operating system or other cloud-based services. There are software vendors and service providers in the marketplace who offer assistance in migrating from Windows Server 2003 to a currently supported operating system or SaaS (software as a service) / IaaS (infrastructure as a service) products and services.[4(link is external),5(link is external)] US-CERT does not endorse or support any particular product or vendor.

References

Revisions

  • November 10, 2014: Initial Release

4 Reasons to Migrate to the Cloud in 2014

From: Intuit QuickBooks, by Angela Stringfellow on January 28, 2014

Good information to consider as 2014 comes to an end.

Thinking of migrating to the cloud in 2014? Many small-business owners are realizing the value of handling essential processes, such as storing data and maintaining the necessary hardware to do so, remotely. Software-as-a-Service (SaaS) and Infrastructure-as-a-Service (IaaS) solutions may be just the ticket to help you ride the waves of change and growth.

What Are IaaS and SaaS?

IaaS refers to the infrastructure of an off-site data center: hard drives, servers, and networking components. An IaaS provider maintains the equipment, renting space and services out to multiple customers. This allows small businesses to share in the costs of maintaining a data center and avoid the hassles of securing real estate and hiring staff to keep it running.

SaaS operates on the same premise but refers to software applications hosted in the cloud and accessed via the internet. Again, the SaaS provider handles all the security, maintenance, and upkeep off-site, allowing multiple customers to share in the costs and reap the benefits of a high-end program, such as a customer relationship management app.

Why Should I Move to the Cloud?

Whether your small business needs a data center or you’re looking for better, more affordable software that can accommodate your company’s evolving needs, here are four compelling reasons to migrate to the cloud in 2014. <READ MORE>

Holiday Heads Up

The 2014 Holiday Season is upon us.  We have already seen an increase is malware issues, most of them coming from businesses that do not have a managed proactive service platform in place.  .

Proactive support and maintenance coupled with business grade anti-virus, anti-malware and spam filtering is the right place to start.  There are other things that you, as a business owner, can do to keep your data safe.  Take a moment to review this document.

It’s time well spent: http://dytech.com/Proactive_Support-Security_Best_Practices.pdf

Happy Holidays from Dytech Group.

Court shuts down alleged PC tech support scam

From PC World, October 24, 2014 – by Grant Gross

This the kind of thing that can really hurt the honest companies that actually provide a great security platform.  Please read:

A court has shut down a New York tech support vendor after the U.S. Federal Trade Commission accused the company of scamming computer users into paying hundreds of dollars for services they did not need.

The FTC’s complaint against Pairsys, based in Albany, New York, also alleged that the company charged customers for software that was otherwise available for free.

Pairsys cold-called computer users in the U.S. and other countries, claiming to be representatives of Microsoft or Facebook, and convinced them to allow the company’s workers to gain remote control over the customers’ PCs as a way to diagnose computer problems, the FTC said.

Pairsys charged computer owners US$149 to $249 to fix nonexistent problems on their PCs, the FTC alleged.

The company also purchased deceptive online ads that led computer owners to believe they were calling technical support lines for legitimate companies, the FTC said in its complaint, filed with the U.S. District Court for the Northern District of New York in September.

Pairsys did not immediately return a message seeking comment on the FTC complaint.

Pairsys and its operators “targeted seniors and other vulnerable populations, preying on their lack of computer knowledge to sell ‘security’ software and programs that had no value at all,” Jessica Rich, director of the FTC’s Bureau of Consumer Protection, said in a statement. “We look forward to getting consumers’ money back in their pockets.” <READ MORE>