Phishing in Your Own Waters

If you own a small business or professional services firm, you depend on your employees to have enough tech savvy and common sense to avoid links in email messages or on websites that open your system to bad actors. No matter how much you trust them, you need to verify they’re doing the right thing. You can test your human security defenses by using your own phishing expedition to see how they’re doing.

We’ve become acquainted with independent cybersecurity firms by attending conferences over the years. We learn a lot from our peers and presenters – such as it takes an average of 244 days to detect a system breach and that using the cloud will be a necessity by 2028. We’ve also emphasized the need to have a thorough security audit, but as an IT firm, there’s only so much we can do. We also think that an IT firm is not the best organization to really get into the granular details of your security because we all have a vested interest in finding problems to fix.

An independent security expert can find the smallest breach openings in your system and tell you what needs to be done. One of the most fascinating tools they use is a phishing campaign aimed at everyone who works in your organization. They can plant fake links and QR codes and any other tool that a hacker can use to get someone to open a window into your system. They also have tools to mimic the follow-up methods that hackers use once somebody makes the initial click – or the first phone call to a bogus number.

The educational value of using your own phishing expedition is enormous. Not only will it help you patch up holes in your organization, but it also becomes a great teaching tool about why everyone needs to be vigilant. As we use more and more data to conduct business – and in our personal lives – it becomes more and more important to protect that data. You should remember that your organization is part of a data custody chain – a chain that can branch off in many directions. Intruders are highly sophisticated and well-funded – as well as very patient. They will do whatever it takes to get into your system and build tunnels to other systems. You put your reputation and integrity on the line every time you take in data and send it out.

AI will be able to generate untold amounts of data, but there is little it can do to eliminate misinformation automatically.

Eliminating misinformation requires real human intelligence and deliberate, active steps to prevent that first breach – the one that could take 244 days to find. At the risk of sounding like a broken record, in every location and on every device used to conduct your business:

  • Use a firewall and make sure it’s up to date.
  • Use anti-virus and malware software and make sure it’s up to date.
  • Install updates to operating systems and application software on every device you have. Those updates contain security patches and bug fixes to prevent intrusions.

We can help you arrange for a comprehensive security audit that includes a phishing expedition and a deep dive into your equipment and practices. Call us – 973-433-6676 – or email us to discuss your needs and develop a security action plan.

Computer or Tablet?

Our world is changing fast. Computing and business experts tell us that by 2028, the cloud will be a necessity. AI (artificial intelligence) will have us using so much data that only the cloud will handle the workload. We’ll need more computing power, but at the same time, we’re demanding the ability to access that data quickly and from anywhere – even while traveling. Tablets are looking more and more like replacements for laptops.

We’ve seen a steady switch to smaller devices with greater portability. From being tied to desktop computers that were impossible to move, we increased our mobility when we found ways to access our stationary laptops with an internet connection. Using a laptop, we could essentially access our apps and files and modify them – or even create new files – and find everything up to date when we returned to our desks. The penalty was speed, but it wasn’t a prohibitive penalty.

The next step in the progression was to hook our laptops into docking stations, a step that still works for many who work in the office and remotely. You could have your big monitor and a regular keyboard in the office, but you could use the same computer – with all the same apps and files – working at home or in a hotel room.

The power of tablets and cell phones combined with the expansion of the cloud has made it possible to work on the road without a computer. A vast number of business applications have versions for computers and mobile devices, and you actually can access and edit files with a lightweight device that’s easy to carry outside the office. The newest tablets and phones actually have more powerful processors than many laptops still in use because the mobile devices contain NPUs, Neural Processing Units, that give you faster processing and better photo/video capabilities.

So, as you decide what platform to use as your main computing device, you have a lot of options. Your choice will depend on how you work, and it’s a personal decision for every user.

Computers, on one hand, give you better multitasking capability. You can keep multiple files and web browsing windows open at one time on multiple screens and monitors. It’s a lot easier to move among all those apps and views on multiple screens than it is on a single mobile device screen.

Mobile devices, on the other hand, can process data, including photo and video files, faster, and if you need to work on an Excel, Word, or PowerPoint file, you can tie your device to a portable keyboard. But you can’t use multiple screens. That may be outweighed by the ability to carry a cell phone in your pocket or pocketbook or carry a tablet (and keyboard) in a small backpack. Road warriors, field workers and anyone who needs to access data away from a desk will appreciate this.

If you need to work in public places, you should use a tablet that can work on a cellular network just like your phone. I will never tell you unequivocally that a cellular connection is hack-proof, but it is far more secure than a Wi-Fi network. With the availability of unlimited-data cellular plans, it doesn’t make sense to rely on Wi-Fi in the US.

If your PC has an eSIM, you might be able to add your device to your current mobile account by using the Mobile Plans app in Windows 10 (not available in all computers) and 11. The app connects you to your mobile operator’s website so you can get a data plan for your device and connect to their cellular network.

Whatever devices you use, make sure your operating system (OS) software and apps are up to date. If your device can’t accommodate the latest OS and app software, we urge you to replace the device. Keep in mind the realities of today’s technology environment and how it will change in the near future:

  • We will be making more use of the cloud. By 2028, the vast amounts of data needed to work with AI will require cloud storage because it will be the way to meet your capacity needs.
  • Your device must be capable of processing more data faster to work with AI.
  • Your device must be capable of using the latest security technology. Cybercriminals are spending big money to find a hole in your system – in hopes it will lead them to holes in bigger systems.
  • Remember the number 244. That’s how many days it takes on average to detect a security breach. You can best protect your system by being well-prepared and vigilant.

We can help you choose and configure the devices that best fit the individual needs and corporate needs of everyone in your organization to maximize performance and security. Call us – 973-433-6676 – or email us to set up an appointment to discuss your needs and available options and costs.

Who’s Minding the Electronic Store?

I recently couldn’t fill a prescription online because the third party that processes pharmaceutical products for my drug plan was hacked. Little did I know at the time this would be an ongoing problem affecting a substantial part of our healthcare system. We’ll leave policy debates to others and focus on what we can do.

The hack was made at Change Healthcare, a subsidiary of UnitedHealth Group, that manages healthcare technology pipelines and processes 14 billion transactions a year. The company said ransomware criminals ALPHV, or Blackcat, had claimed responsibility for the attack but did not say whether it paid or negotiated a ransom. WIRED has reported a ransom payment of $22 million. The company said its investigation determined that Change Healthcare, Optum, UnitedHealthcare, and UnitedHealth Group systems have been affected.

The American Hospital Association has called it “the most significant cyberattack on the U.S. healthcare system in American history.” Providers can’t get paid for services provided, which affects their ability to pay their bills. They can’t preauthorize procedures or authorize payments for prescriptions. The tragedy is that a lot of people can’t afford to lay out the money for prescriptions, much less procedures. Pharmacies are scrambling for drugs. Treatment is not being provided.

But that’s not the end of the problem. Patient records – sensitive personal information – may have been compromised, and that’s another set of issues.

United Healthcare said it immediately disconnected Change Healthcare and started working with law enforcement agencies and cybersecurity experts. They instituted workarounds, including manual processes to submit information, check eligibility, look at claim status to make claims, clear prior authorizations, and fill prescriptions.

While most of us are nowhere near the size of United Healthcare, we can be ransomware targets and suffer just as significantly on our own level. And on our own level, we must be willing to make the necessary investments in our technology because we depend so much on its operating performance and reliability. A good plan to prevent problems looks something like this:

  1. Make sure all your hardware can run the most up to date software for your operating system, cybersecurity, and apps. For example, Microsoft will no longer support Windows 10 a year from now. You may need to upgrade to systems capable of running Windows 11. Newer versions of other software may not run on Windows 10.
  2. Have a documented process in place to make sure updates for operating system, security, and application software are automatically downloaded and installed on every piece of equipment in your office. You also need to verify the process is being followed.
  3. Have an emergency response plan with people trained to implement it as soon as a problem is detected. That plan may include disconnecting systems from the internet and processes to reconnect or work without full web-based capabilities.

We can help you by assessing your technology assets and liabilities; procuring and installing new technology; and developing an emergency response plan. Call us – 973-433-66776 – or email us for an appointment.

Living and Growing with Technology

We have kids and grandkids who have never known life without wireless technology, and now we’re moving on to AI. Whether you’re a business or a family with an array of technology comfort zones, there’s an array of paths you can follow to help you keep it all together.

I believe one of our biggest dangers with technology is online shopping. Did you see who had the most ads? According to my observations, it was Temu, the Chinese shopping site. What’s the red flag? There are two: 1.) data collection and 2.) legal recourse.

With every purchase you make, Temu collects a tremendous amount of personal data, including, of course, the credit card number you use to buy stuff. AI, which is really the use of superfast computers that can digest and regurgitate massive amounts of data, makes it possible to analyze every aspect of your shopping preferences. Even if you guard the privacy of your data persistently and diligently, some well-programmed AI can find out things you never knew about you. Conceivably, it helps Temu and similar websites present you with product choices and price points that will generate a purchase.

And because Temu is based in China, it operates under Chinese law, not US law. Not only will you not have the same legal recourse in China to protect you from financial loss, you likely won’t have the same regulatory protection about what data is collected and how it’s protected.

Another convenience we like is setting up automatic payments for products or services that are linked to our credit card or bank account. It’s a convenience for consumers and providers, and you can sometimes get a discount for automatic payments.

I dread the day my payment info gets hacked, and there’s no convenience factor that makes it worth the risk of being hacked. If you agree, there are two critical steps you can take to minimize your risk: 1.) Reset your login credentials for your financial accounts and the sites that draw automatic payments. 2.) Set up two-factor authentication (2FA) for every website account that offers it; biometrics and text messages to a device only you can access are best.

Biometrics can include facial recognition, and it offers the best combination of safety and convenience, especially for phones and tablets. Unless somebody has stolen your device and used your digital passcode to get into your settings and take a picture of themselves to reprogram your facial ID, only you can respond. Using a mobile device for a text is good because you should have the device in your possession for the authentication process. The use of authenticator apps such as Microsoft Authenticator or Google Authenticator is a good step.

Younger people typically take more easily to these new authentication methods, but those who are older or not entirely comfortable with technology should find them easy to use once they’re properly installed and configured.

Staying with the theme of age and technology, we have an elderly client who had some issues with a new computer. We tend to think older people are more comfortable with a computer, but we found the client preferred to have a second iPad. We associate iPad and iPhone use with younger people who can easily adapt to a different way of doing things with really quick thumbs. But there are keyboards for any mobile device, and those who use hearing aids can take advantage of Bluetooth with their devices.

The biggest challenge with using a tablet or phone in place of a computer is setting up ways to download, store, and use files with apps mostly associated with a computer. Multitasking is more difficult with a tablet or phone, but we can accommodate most needs for most people.

With tech playing such a large part of everyone’s business and personal lives, it makes sense to tailor the technology to the person rather than the other way around. If you or someone you know has special technology needs, call us – 973-433-6676 – or email to discuss ways to make technology work.

Nimble and Quick

Being nimble and quick is more a matter of knowledge than pure speed. By assessing a new client’s comfort level with technology and knowing what computer to buy and where to get it, we worked together on a holiday miracle. It took a lot of cooperation among parties who’ve worked together to make it happen.

Naturally, as you might imagine, the story begins a few days before Christmas – Dec. 20, at 4 p.m. to be exact – and it involved a new client who had been referred by an existing client. The client’s laptop computer had died, and they needed a new one. But the timing complicated matters. In addition to the holidays, we had a vacation planned during the week between Christmas and New Years Day.

From talking to the client, we learned their comfort level with technology, and we knew what type of laptop they needed, including all the performance specs. We basically had two days to get the computer to the client and have it up and running.

We have a trusted distributor who can get us the equipment we need fast, and they had what our client needed. They said they couldn’t have it ready – configured to the client’s specs – until the next day.

I didn’t have time for me to drive to their warehouse, pick up the computer and a printer, too, but the client was willing to get it late Thursday. They brought the computer to our office first thing Friday morning, and by noon, everything was set up, including the printer, and they were on their way. They still can’t believe they had new equipment purchased, configured, and ready for use in less than 48 hours.

A month later, we got an email from a client at 8:15 a.m., and we saw it 15 minutes later. The client had spilled tea on their laptop’s keyboard, and it didn’t work. We figured the tea probably shorted the electronics in the keyboard. Regardless, the client was leaving town later that day and needed something that worked.

We knew that the damaged computer was put in service in 2018 and determined that we could get a new one for the same price. But by that time, the client was in the air. We sent an email asking them to call us when they landed so we could explain the available options.

We recommended that we have the computer shipped directly to them. They called us when it was delivered the next day, and we walked them through the set-up process. By 5 p.m., it was completely set up, and the client was ready to do business.

The secret to pulling off both successes was knowing what resources were available, knowing the clients’ technical capabilities and being able to make decisions right away. Had they been working with a larger IT service company, their requests would have had to go through a chain of command to authorize the arrangements and go through a purchasing process. With our personal service, we dealt directly with the clients and the equipment suppliers.

If you or someone you know needs equipment immediately, if not sooner, call us – 973-433-6676 – or email us, and we’ll mobilize our resources.