Why Can’t We Vote Online?

We file our tax returns online. Our Social Security system is online. Businesses and financial institutions transfer billions of dollars online every day. Why can’t we vote online?

I know this is a politically charged issue, but we need to look at online voting to make our elections more accessible and more efficient. I say this as we wait for six states to reach a result, including Georgia, where my in-laws live, and neighboring Pennsylvania. We’re not complaining about the time-consuming, labor-intensive process required to count every vote, but it has given us time to think about how we can make the process better.

I’m casting a vote for online voting, and I am highly confident the many disciplines that make up our technology industry can make it happen. I know that fraud is a major concern, and while some may have overblown concerns, fraud is a valid worry. However, the industry does a good job of minimizing it.

On the personal level, we’ve already mentioned that we file our tax returns online – federal and state. Those who are part of Medicare and receive Social Security benefits can complete all transactions online, including paying their premiums and receiving their benefits by direct deposit. We can file for unemployment benefits online, access our medical records online and even re-enter the country using apps such as Global Entry, which relies on biometrics, and Mobile Pass, which relies on info accessed from a smart phone.

Businesses use all sorts of online systems to transfer money safely and securely. While government elections are sacred – as well they should be – there’s a lot of money at stake when companies and banks send billions of dollars through millions of transactions every day. When breakdowns occur, they can generally be traced back to the exploitation of someone’s sloppiness or ignorance. We know that one country’s government can have an interest in affecting another country’s government, but there’s a far larger universe of hackers looking for ways to get their hands on someone else’s money. There are more ways for them to access and monetize someone’s sensitive health information.

Therefore, if we focus just on elections, I believe we should be able to make those systems safe and secure. We have the tools in place; we just need to refine them and make them stronger. We constantly refine and strengthen tools as a general practice, so it’s not like we’re looking for something completely new.

We can also make better, more extensive use of two-factor authentication – as well as increased biometrics and other forms of password-replacement technology that can make our entire internet experience more secure.

Artificial intelligence (AI) and signature verification software has been used for years. We have systems for providing electronic signatures for financial transactions great and small. Why not apply this technology to elections? Technology can be used to verify or update many a person’s residence. We have driver’s license information and utility bills online, for example. When we change addresses, that information changes – and is recorded. In many states, we are automatically registered to vote or can register to vote when we get or renew driver’s licenses.

We have the technology to coordinate all this information. What we need now is the will to do it. Our COVID crisis has forced us to take long, hard looks at new ways of doing things we’ve always done. New processes and procedures are likely to stay as we emerge from the pandemic (we will at some point), and voting is one of them. States expanded early voting and mail-in or absentee voting to avoid larger lines and longer waits in crowded places. The overwhelming response likely means we’re not going back on that.

Going forward with online voting will require governments at all levels to change laws and requirements, and that won’t be easy. There’s a lot of passion and fears when it comes to politics and elections. The technology industry, too, will need to prove it can – beyond any doubt – provide a secure platform to hold elections.

But we, too, as individuals, will need to step up our game. We’ll need to make sure that our individual systems are secure by keeping our network and device firewalls, antivirus and malware software up to date and installed. We’ll need to make sure we have the latest operating systems – with security patches – installed, and the same goes for all the apps we use.

Online voting may not be the right option for everyone. We just think it’s time to add it to the other options already available.

And regardless of whether we have online voting, you should still take all the steps that are needed to keep your networks and devices safe and secure. If you have any questions, we can help. Call us – 973-433-6676 – or email us to discuss your online security needs – and talk about how we can promote effective online voting.

Healthcare and Ransomware

As many of you know, our family has spent a lot of time in hospitals over the past 30 days. Thankfully, we’re all healthy – and the doctors have been great. But looking at their technological support systems as a patient, parent and IT specialist, I could use an electronic sedative.

Judging from what I see in news reports, hospitals seem to be prime targets for ransomware. That’s a lot of sensitive data to hold hostage, and I have a greater appreciation of the consequences now than a month ago. Every hospital room I was in had a computer. Every member of the medical staff who examined Charlie or me had to login to enter all the data used to update our charts. Every medication we were given was logged into the system. The process created an information lifeline that was critical for every step in our treatments.

The data the hospitals used to treat us was entered before we were admitted. The doctors who examined us previously entered notes into our electronic charts. The results of COVID tests were entered. Everything, it seemed, had to be verified at every stage of our care. It was comforting to know that every caregiver had access to the latest information on a screen, where it could be clearly displayed without the need to decipher somebody else’s handwriting.

But what happens when the technology breaks down? What would have happened if just before surgery, a hacker had invaded Charlie’s chart or mine and held the records hostage as the anesthesiologist was about to administer drugs? What if one of us had a bad reaction to anesthesia during surgery? That’s not the best time for us to begin hostage negotiations, and even in the willingness to pay ransom, it’s not the same as going online to pay your credit card bill.

I’d feel a lot better about healthcare if the hospital systems put the same resources into information technology as they do into their healthcare technology. I saw truly amazing systems to treat us, but the news reports tell another story. IT systems, even in large systems in large metropolitan areas, are antiquated and don’t get regular updates for security patches and bug fixes. If I were prescribing a remedy, it would be to update those systems immediately.

And as large hospital systems acquire smaller, financially strapped hospitals, it’s even more important to take that update medicine. With telemedicine becoming more common, there’s more interaction with a variety of technology systems and networks, so I would demand the hospitals build electronic fortresses.

The same goes for physicians’ offices, regardless of whether they are part of a hospital system or in some other network. As patients, we regularly use the medical systems’ portals – websites – to access records, refill prescriptions and use other essential information. What if the doctor’s system goes down? What if someone is having a life-and-death emergency during a hostage negotiation because the doctor’s IT system was hacked?

To borrow an old phrase: Physician’s office, update thyself.

At the same time, we need to keep our systems secure. The hospital and office systems we deal with are likely to have done everything right. But if we leave a door open in our own system, it could be the opening a hacker needs to get into a healthcare system and hold critical data hostage.

We can help you make sure you keep up your end of the deal. Call us – 973-433-6676 – or email us to arrange for a security audit of your system. For hospitals and doctors’ offices, we’re always happy to provide a second opinion.

Websites and the Need to Know

Why do some companies and organizations, especially non-profits, feel the need to post the names of their entire staffs on their websites? The question came up in a recent conversation with an IT colleague.

Smaller companies and non-profits seem to get hack-attacked more often, and they tend to list everyone in the company or organization on their websites – along with their contact information. If that organization is running “lean and mean,” it could have a lot of people wearing many hats and juggling unrelated tasks. That can create a vulnerability when an outsider can distract a busy worker who has access to sensitive information.

Here’s a possible scenario that illustrates the problem.

When you list the contact info for the bookkeeper, you may be listing it for an employee who has access to all the organization’s financial data but has no need for public contact. A hacker doesn’t need to be especially skillful to use the bookkeeper’s email address to launch a phishing attack in a variety of ways. The most obvious, of course, would be to spoof a bank. But it could also be a spoof email from someone connected with the organization who is looking for something, such as wanting to know if a check was deposited.

If the bookkeeper responds to the bogus bank link or the spoofed email, it could open the door to getting more financial information or sensitive data – not only from your organization but from every person or organization you deal with.

Why take the risk? If you limit names and contact information to those whose duties involve some aspect of public contact, you can limit your exposure. If someone really needs to contact your bookkeeper, for example, they can call a general phone number for the organization where a gatekeeper can determine if it’s a legitimate call or can “take a message” so the bookkeeper or another employee can return the call. If the contact is made by email, it can go to a general mailbox, where a gatekeeper can read it and distribute it appropriately.

If you limit contact info in a small company or non-profit to the C-Suite, you can limit your exposure to hacking, ransomware and other vulnerabilities. If people outside your organization need to contact specific individuals, that information can be provided privately.

We can help. Call us – 973-433-6676 – or email us to help you set up appropriate email addresses and work with your web designer to make your website more secure.