Cost Cutting Technology

Cost-cutting measures are not unusual for organizations as they traverse the standard lifecycle of products and services. What you decide to cut during the lean times can have just as much impact as to where investments go when your business is flush with cash. Some organizations start their cuts in advertising and marketing but eventually make their way to technology projects. Managing expenses and balancing them with the associated risks is a critical task in organizations, but there are two places where the risk simply isn’t worth the savings in expense reductions: cybersecurity and proactive support for your business technology. Reducing your funds in these two vital areas could cause a negative impact on the organization that has a ripple effect felt for years to come. Here’s why these are the two places that you should never cut corners in your business.

Protecting Your Organization’s Business Systems and Data

Cybersecurity is a broad term that refers to a range of activities including hardware protection, software patches, password requirements, staff training, server maintenance, cloud-based controls and more. There is no simple definition of what can be included in cybersecurity and business requirements change on a fairly regular basis. This alone makes it difficult to set a budget and stick with it — or reduce it over time. The ever-changing nature of threats that can effectively cripple an organization in a very short period of time means that your business will need to continually invest in learning and growth opportunities to reduce the risk to your organization.

Data protection is another facet of cybersecurity that demands consideration. From the 2018 GDPR (General Data Protection Regulation) to more recent requirements in various states, data privacy and compliance has come to the forefront of the security conversation. Businesses must first wrangle and then protect sensitive personal, health and financial data — not to mention securing their business systems from infiltration by hackers. Skimping on these critical tasks or attempting to do them in-house with limited resources can open your organization to significant fines if you’re found to be non-compliant with global or state-supported regulations.

Smoothing the Cost of Technology

It’s always tempting to cut out what could essentially be considered insurance: the ongoing maintenance and support of your technology hardware and software. When your business reverts to paying only for systems that are broken and unable to be used, you’re left with a hodgepodge of user complaints due to slowdowns that aren’t “bad enough” to be sent out for repair. Plus, you’re looking at a hefty fee for getting any break-fix work done quickly — and forget about being able to budget effectively by guessing what could potentially require repair or replacement during the year.

Proactive maintenance of your business systems allows business users to maintain a high level of productivity while also factoring your technology costs at a reasonable level throughout the year. It can be extremely challenging when you’ve exhausted your budget for break-fix support for the year, only to find that it’s only the beginning of the third quarter. In that case, you’re either siphoning funds from other crucial projects or trying to limp through the remainder of the year until you can reset your budget and resolve outstanding problems. Investing in proactive maintenance means you don’t have to question whether a fix is “important enough” to be resolved as long as the issue is within your service threshold.

Protecting your business from unnecessary risk can feel like a full-time job for busy technology leaders. Fortunately, IT managed services providers are able to help with both proactive maintenance and providing the high level of cybersecurity expertise that is needed to help protect your business from both current and emerging threats.

Cutting These Two Corners Could Lead to Business Disaster

Google Chrome Password

In early 2019, white-hat security expert Troy Hunt and other researchers shared a massive database of breached passwords and usernames. The stolen data constitutes 25 billion records and 845 gigabytes of stolen data.

While many of the collected records are from previously reported thefts, there are new records there, too. It’s a clear indication of regularity, scope and potential damage caused by poor password management.

That news coincided with Google’s announcement of its new Password Checkup extension for Chrome browsers. The extension is designed to alert and protect users who may have compromised credentials.

What is the Password Checkup Extension?

Password Checkup allows users to check if their Google account, and any other account you check into while using Chrome, has been potentially compromised during a previous data breach. Developed in partnership with Stanford University cryptographers, the extension is designed to give you critical information while safeguarding your data.

How Does Password Checkup Work?

After installing the extension, Google will alert users if they find potentially compromised passwords. The passwords are checked against a database of 4 billion known compromised credentials. Warnings are issued automatically, along with a recommendation to change the potentially compromised credential.

It’s important to note that the extension will not alert you to any outdated passwords or weak passwords. While those other factors can also lead to your account information being hacked, the Password Checkup only identifies known hacked passwords contained in databases.

What Does It Look Like When Password Checkup Is Activated?

The Password Checkup icon appears in your browser bar as a green security shield. The extension app will monitor your account whenever you use Chrome to log into a website or a service.

If it detects that the password is potentially compromised, a bright red warning box pops onto your screen. It features a warning sign and urges you to change your password. The box allows you to ignore the alert for the designated site. There’s also a link to learn more information via a page with more details about Password Checkup and how to change a potentially compromised password.

If for some reason you miss the red pop-up box, the browser extension icon turns from green to red.

Can Google See My Passwords if I use Password Checkup?

No. None of the passwords that the app uses are stored and personal information is not collected. The checked passwords are anonymized using hashes and encryption. Password Checkup was designed to prevent hackers from attacking it.

What Are the Risks of Compromised Passwords?

News stories are constantly reporting on the latest corporate data breach, revealing the thousands of records that were exposed and how that company is responding. The story behind the story is what happens to those stolen credentials.

In some cases, hackers sell information on the dark web. For users that do not know about the hack or aware but choose to do nothing, the consequences can be dire. Bad actors now can access accounts, make purchases, steal money or gain other personal information that can help to steal one’s identity.

People affected by stolen credentials can spend months or years resolving the issues related to compromised accounts. This work is time-consuming, costly and stressful.

Are There Other Tools to Check Compromised Credentials?

There are many other services that help monitor and detect stolen passwords, including websites such as Have I Been Pwned? and Watchtower and password managers like Dashlane and Keeper.

How Prevalent Are Data Breaches?

According to the 2019 Verizon Data Breach Investigations Report, stolen credentials are also an increasingly popular approach for hackers looking to gain access to cloud-based email servers. Stolen credentials are a particular issue for businesses in the accommodations and food services, financial and insurance, educational services, manufacturing and professional services industries.

What Can Be Done to Prevent Compromised Credentials?

For businesses, there are several steps that can mitigate the risks of data breaches that result in compromised credentials:

  • Develop and enforce rigorous password policies, including password complexity, reuse and expiration dates
  • Implement two-factor or multi-factor authentication that uses both known information, such as a stored password, and new information, such as a texted or emailed credential, (e.g. a one-time access code)
  • Centralized identity access management
  • Centrally managed single sign-on protocols

Google’s new extension is an excellent way to provide individual Chrome users with information that will protect themselves and their personal information. When combined with broader business rules, the extension should reduce the rate and severity of compromised credentials.

Google’s New Chrome Extension Gives Your Passwords a Checkup

Windows 7 Checklist

When you’re working hard to grow your business, you can get caught up in things that take your attention away from your technology. Before you know it, your IT system isn’t up to speed because you failed to update an operating system. We don’t want this to happen. This is why we’ve provided a checklist about Windows 7, its approaching End of Life (EOL), and what you should do.

It’s Time To Upgrade From Windows 7

Extended support for Windows 7 will end on January 14, 2020. This means that Microsoft won’t provide security updates for PCs running Windows 7. This could put your IT system at risk for security and reliability issues.

We recommend that you plan your upgrade now. And, if you run a business, we advise that you skip Windows 8 and upgrade to Windows 10 Pro.

Skip Windows 8 and Migrate To Windows 10 Pro

Windows 8 product enhancements (mainstream support) ended back on January 9, 2018. And reliability and security patches will end on January 10, 2023 (the end of extended support). This may seem like a long time from now, but if you’re upgrading anyway, shouldn’t you use the most current Windows program? Windows 10 Pro offers the very latest technology, and it’s built for business use.

Windows 10 Pro Will Benefit Your Business

  • Increased Security is incorporated with ongoing protections like Windows Defender Antivirus, BitLocker, a Firewall and more (at no extra cost to you).
  • Windows Remote Desktop ensures that you can access your files from any PC or tablet with an internet connection.
  • Automatic Cloud Storage will store and protect your Word, PowerPoint and Excel files from system crashes.
  • Sign In 3 Times Faster by using Windows Hello with Facial and Fingerprint Recognition.

Take Advantage of New Features In Windows 10 Pro

  • Windows Ink with Touch Screen & Digital Pen Capabilities
  • Windows 10 Pro pairs with Office Documents and Other Apps
  • Microsoft Edge with faster and safer web browsing, automatic form filling, type or write on webpage capabilities, and much more
  • Cortana voice-activated digital assistant integrates with your calendar and other Windows apps.

You Have Two Choices For Upgrading

1. Migrate your existing machines to Windows 10 Pro.

2. Replace your old computers with new Windows 10 devices.

Consider This Before You Migrate To Windows 10 Pro

Are your current apps compatible with Windows 10? (Check Microsoft’s App Directory to be sure.)

Do your existing computers meet these system requirements?

  • 1GHz processor or faster
  • 1GB RAM for 32-bit; 2GB for 64-bit
  • Up to 20GB available hard disk space
  • 800 x 600 screen resolution or higher
  • DirectX 9 graphics processor with WDDM driver

There are 2 Migration Tool Options

1. Windows Easy Transfer

  • For a small number of computers or a single customized deployment.
  • Transfer files and settings via a network share, USB flash drive, or Easy Transfer cable.
  • Can’t use a regular USB cable to transfer files and settings

2. User State Migration Tool (USMT) 10.0

  • Best for large-scale automated deployments.
  • Uses .xml files to control which user.
  • Accounts, files, and settings are migrated.
  • Use for side-by-side migrations for hardware replacements, and wipe-and-load migrations.

Test The Quality & Performance of Your New System

Use the Windows Assessment and Deployment Kit (ABK) to test the quality and performance of your system, and to customize Windows images for large-scale deployments.

Need Help Upgrading To Windows 10 Pro?

We’re always here to help and answer your questions

Your Windows 7 Checklist

https fbi warning

Hackers Now Using HTTPS To Trick Victims Via Phishing Scams

Everything you’ve heard about the safety of https sites is now in question. According to a recent FBI public service announcement, hackers are incorporating website certificates (third-party verification that a site is secure) when sending potential victims phishing emails that imitate trustworthy companies or email contacts.

These phishing schemes are used to acquire sensitive logins or other information by luring people to a malicious website that looks secure.

Can You Still Count On HTTPS?

The “s” in the https along with a lock icon is supposed to give us an indication that a website is secure. And your employees may have heard this in their Security Awareness Training. All training will now need to be updated to include this latest criminal tactic.

What Should You Do?

Be Suspicious of Email Names and Content

The FBI recommends that users not only be wary of the name on an email but be suspicious of https links in emails. They could be fake and lead you to a virus-laden website. Users should always question email content to ensure authenticity.

  • Look for misspellings or the wrong domain, such as an address that ends in “com” when it should be “org.” And, unfortunately, you can no longer simply trust that a website with “https” and a lock icon is secure.
  • If you receive a suspicious email that contains a link from a known contact, call the sender or reply to the email to ensure that the content is legitimate.
  • If you don’t know the sender of the email, the FBI warns that you shouldn’t respond to it.
  • Don’t click links in any emails from unknown senders.

If You Run A Business Ask Your IT Service Company About New-School Security Awareness Training For Your Employees

This will give your staff the latest information about cyber threats and exploits. They’ll learn what they need to know to avoid being victimized by phishing and other scams.

Why Use New-School Security Awareness Training?

Your employees are the weakest link when it comes to cybersecurity. You need current and frequent cybersecurity training, along with random Phishing Security Tests that provide a number of remedial options if an employee falls for a simulated phishing attack.

New-School Security Awareness Training provides both pre-and post-training phishing security tests that show who is or isn’t completing prescribed training. And you’ll know the percentage of employees who are phish-prone.

New-School Security Awareness Training…

  • Sends Phishing Security Tests to your employees to take on a regular basis.
  • Trains your users with the world’s largest library of security awareness training content, including interactive modules, videos, games, posters and newsletters, and automated training campaigns with scheduled reminder emails.
  • Phishes your users with best-in-class, fully automated simulated phishing attacks, and thousands of templates with unlimited usage, and community phishing templates.
  • Offers Training Access Levels: I, II, and III with an “always-fresh” content library. You’ll get web-based, on-demand, engaging training that addresses the needs of your organization whether you have 50, 500 or 5,000 users.
  • Provides automated follow-up emails to get them to complete their training. If they fail, they’re automatically enrolled in follow-up training.
  • Uses Advanced Reporting to monitor your users’ training progress, and provide your phish-prone percentage so you can see it reduce as your employees learn what they need to know.  It shows stats and graphs for both training and phishing, ready for your management to review.

Your employees will get new learning experiences that are engaging, fun and effective. It includes “gamification” training, so they can compete against their peers while learning how to keep your organization safe from cyber attacks.

Add New-School Security Awareness Training To Your Current Employee Training

The use of https is just the latest trick that hackers are using to fool victims into falling for malicious emails. Hackers have many more “up their sleeves.” This is why regular, up-to-date New School Security Awareness Training is so important for any organization.

Important Warning From The FBI

Investing In Technology

For small businesses, information technology spending is always a balancing act. On the one hand, you need to keep to your budget to maintain financial stability and weather the unexpected. On the other hand, you are well aware of the constant tech advances happening all around you and the last thing you want is to be left behind by the competition. So, how do you determine your IT spending? The answer is, “It depends.”

Spending on IT technology needs to be based on your unique business needs. While it can be helpful to know what the average spending is for businesses, particularly businesses similar to yours in your industry, duplicating what another company does will not necessarily yield optimal results. You have a limited budget. You need to make it count. Doing so requires carefully examining your business, your options, and most importantly, your company objectives. Only when you know where you are and where you want to go can you determine exactly what you need to spend on IT.

What is Everyone Else Spending on IT?

Just because you need to define your own path does not mean you should ignore what everyone else is doing. It can be a helpful starting point to examine how much other small businesses are spending on technology. According to one study, the average spending on IT across all industries was 3.28 percent. The average came from considering a wide range of industries, with the lowest spender being construction at less than 2 percent and the biggest spender being banking and securities at 7 percent.

A study focusing on industry alone does not give a clear idea of what small businesses are spending, though. Other studies that looked at the size of the business found that small and mid-sized businesses actually spent more on IT as a percentage of their revenue than large businesses. Small businesses spend around 6.9% of their revenue on information technology, while midsized businesses spend around 4.1% of their revenue on IT. For large companies, the percentage drops to 3.2%. The smaller percentage spent by larger companies is often the result of scale—they put so much money into IT that they get better rates, perform the work in-house, etc.

How to Decide What You Should Spend on IT

The best way to choose how much to spend on IT is to ask targeted questions designed to paint a clearer picture of what your IT needs actually are. These questions should include:

What are you spending on IT right now?

Every business needs an IT budget, regardless of size. If you don’t have an IT budget, now is the time to make one. To see how much you have been spending on IT, add up your expenditures on information technology over the past year.

What are your business goals?

With so many options available, it is normal to feel a little overwhelmed when you consider information technology. Clarifying your business goals gives you perspective on your IT needs. Your IT expenditures should help you achieve specific business objectives. If the money you are spending on IT is not helping you achieve those objectives in a measurable way, it can likely be better spent elsewhere—either on different IT tools or on other areas of your business.

How is your current IT spending related to your business goals?

Each IT area that you invest money in, can and should be connected to your business objectives. Go through all of your information technology spending and verify that it is doing something for your business. If it is not working for you it is time to make some changes.

What specific IT spending can improve your ability to achieve your objectives?

There are specific areas in IT that offer leverage for your industry. You will need to identify what these are and determine how they fit into your overall strategy. Collaboration, security, data collection, marketing—what tech are you fairly certain will make a substantial impact if you add it to your business?

In what ways can you delegate or outsource the IT budgeting process?

If you are like most owners or managers, you have limited bandwidth that is already mostly consumed by running your business. Assessing your IT needs and embarking on a path to meet those needs will take time, energy and expertise. Consider who you can get to help with this process, whether internally or externally.

Are you interested in learning more about your IT options? If so, please contact our managed IT services team. We can help you clarify your IT needs.

How Much Should A Small Business Spend On Information Technology?

It is questionable whether there is any industry today that has not been forced to adopt new technology to remain competitive. But for small law firms, the need to utilize technology appropriately is necessary for more than just competitiveness—it is actually being increasingly pushed by jurisdiction. In just the past few years, the ABA Model Rule 1.1 went through revisions so that the rule now states that attorneys need to maintain a certain level of competence with technology, and 36 states have adopted the revised comment to Rule 1.1.

Lawyers Looking At A Computer

With technology competency becoming a standard for practicing attorneys, it is clear that every law firm needs to do what it can to incorporate technology into their practice. What this adoption will mean may vary somewhat from firm to firm, but the general push should be to meet the standards of the industry in all possible areas. For many firms, that will mean making some changes.

Technology for Small Law Firms—What You Need to Know

Where you and your firm sit on the technology spectrum may be far different from another attorney or another firm. You may have already taken significant steps to incorporate technology tools into your operation. You may have been doing things the same way for decades and only be interested in making the minimal changes to comply with changing professional expectations. Or, you may be somewhere in the middle. The following tips are meant to serve as a starting point on how to identify where changes need to be made and to make those changes as efficiently as possible.

Set aside time for research and the adoption of new technology.

For most lawyers, time is at a premium. Between courting new clients, keeping up with legal changes, researching cases, preparing and filing documents, traveling and doing all the other things required for you to run your firm, you are probably quite pressed for free time. However, you are also adept at measuring the workload of new projects and making time for those projects—which means you have the ability and aptitude to make technical changes to your firm. You just need to remain aware of what you are getting into and set a pace that fits with your circumstances.

If you do not want to do all of the work yourself, you can also delegate or outsource it. Whether you assign duties to employees, hire an IT services company familiar known for servicing law firms, or both, you can accomplish a lot when you share the workload.

Learn what it means to be technically proficient as a law firm.

You may already have clear ideas about the changes you need to make. But if you aren’t, consider doing some research on legal tech today. There are books available that discuss legal tech for small firms and there are plenty of websites that do the same. Educate yourself on what a technologically savvy firm looks like today so you can see where your firm is lacking and where you should aim to be moving forward.

Areas to research include:

  • Document management
  • Time and billing software
  • Legal practice management software
  • Collaboration tools
  • Security technology
  • Mobile technology
  • Potential technology certifications available

Conduct an assessment of the technology your firm uses.

Once you have an idea of what the expectations for legal technology use are in today’s environment, you can conduct an assessment of your firm to see where you are and what changes you need to make. Identify what technology you currently use for various tasks, determine what changes need to be made, if any, and then make a plan to facilitate those changes.

Prioritize technology adoption.

Ideally, you could make all the changes you need to make simultaneously. But if you do not have the time, resources, or assistance to make all those changes possible right now, you will need to prioritize which are most important. Your priorities will be based on the specific goals of your firm. For example, e-filing is becoming an industry standard for law firms. If you are still using mostly paper, moving into an e-filing system will probably be a big priority. That may mean purchasing a scanner to digitize your existing documents, as well as implementing an e-filing system for your firm to use moving forward.

Consider Partnering With A Managed IT Services Company.

Most small firms do not have the resources to employ a dedicated IT department. Managed IT services offer a way to take advantage of technical proficiency and skill sets as you need them—like when you need to do a technology overhaul on your firm. You can get the assistance you need from professionals so you can focus on running your firm.

If you would like more information about managed IT services for your solo practice or small law firm, please contact us.

What Technology Should Small Law Firms Choose

If your business has made the decision to contract with an IT services company for IT support, you’ve made the right choice. However, you’re not done yet. You still need to choose the IT services company that’s best for your business. In most markets, you’ll have choices — maybe too many choices. Use these criteria for how to find the right IT services company to narrow down your search.

IT Services Company

1. Size Matters

IT services firms come in all shapes and sizes, from boutique outfits with just a few employees to massive firms with multiple physical locations. Make sure you evaluate the size of an IT services company compared to the size and needs of your business. The right IT services company will be transparent about how many employees they have in various roles or departments, and it will have sufficient capacity to meet your needs.

2. The Right Competencies

IT services companies are generally quite competent. If not, they go out of business pretty fast. So “Are they competent?” is the wrong question. The right question to ask is whether they have the right competencies. Create a comprehensive list of your business’s hardware and software use. Don’t just ask whether the company can support what you’re using. Ask for proof that they have already successfully done so with other businesses.

3. Industry Familiarity

Along the same lines, ideally, you want an IT services company that already understands your industry. Throwing industry jargon at your IT vendor is unavoidable, so it’s important that they understand that jargon. Ask how many companies in your industry the firm has worked with previously. The more, the better.

4. Location, Location, Location

In general, we recommend giving preference to local firms. If you need on-site service, local firms can handle this directly. A distant IT support company has to find a local vendor and hope for good availability.

Finding a provider close by isn’t always possible, and it’s not feasible if you’re a multi-site organization. Still, smaller companies will benefit from choosing a local provider.

5. Service Providers Have Rules, Too

Many IT services companies have their own rules about which businesses they will take on. Before a company makes it onto your short list, make sure your business is actually qualified. For example, some service providers have upper or lower limits for the number of workstations supported, meaning if your business is too large or too small, they won’t serve you. Others may refuse to support specific hardware or software types, or they may narrow their field of clients to specific industries.

Conclusion

These are a handful of the areas you should consider when choosing the right IT services firm. If you want to ask us these or other questions, let’s get a conversation going.

How to Find the Right IT Services Company

Password Security

Some days it seems like everything in our lives requires a password: banks, apps, debit and credit cards, online banking, business applications, healthcare accounts . . . the list is literally endless. Technology professionals recommend that you use a different and highly secure password for each site — but how is it even possible for humans to associate that many unique and unusual passwords with the correct website or application? You continually hear cautions from security professionals that simple passwords or those that are reused make it all too easy for hackers to break into your accounts and steal your sensitive personal, health or financial information. Even your social media accounts and business websites are being used to glean information about your life that can potentially be used as details to build a complete biography in hopes of breaking into your confidential data. With all these challenges, these four strategies will help you create the super strong passwords that you need to stay protected online.

1. Avoid Simple Concepts and Terms

Few people enjoy creating unique and individualized passwords for each application or website, but it’s crucial that you avoid these Top 100 terrible passwords, as compiled by SplashData. The list includes everything from the expected “123456”, “password”, “sunshine”, “princess”, “football” and “monkey”. From the list, it looks like men and women are equal opportunity offenders when it comes to poor password selection, and SplashData estimates that approximately 10% of people have selected at least one of the Top 100 worst passwords in the prior year. Think of it like this: if the password seems simple for you to remember, it’s probably going to be simple to hack as well. This includes the standard dictionary of user names, birthplaces or birthdays, favorite colors or foods, pets and the names of relatives.

2. Long, Random Words Are Tough to Guess

The days of a hacker sitting in a basement in the dark trying to guess a complex password are long over. Today’s attempts to breach your account are through sophisticated computer programs that can try millions of word and number combinations very quickly. Previously, the government’s cryptography expert recommended that you create a phrase that you can easily remember and simply replace some of the letters with numbers or other letters to make it more difficult to read (and remember!). Bill Burr’s 2003 password creation recommendations are no longer considered valid, and he has since rescinded those recommendations in favor of creating a long string of random words. Well-known Bible verses, famous movie lines and other phrases that are common to the American vernacular are not ideal — nor is the phrase on your favorite coffee mug.

3. Don’t Reuse Passwords

We get it. It’s tough to remember a bunch of different long, complex and rambling phrases. Wouldn’t it be a lot easier to simply create a single phrase that you could use everywhere? It would be easier for you — and also for anyone attempting to gain access to several of your accounts at once. Reusing passwords is a major no-no, but one error that many people commit. If you ever need to share a password with a service provider, you need to be sure to change it so you don’t have that information floating around anywhere. Would you rather have hackers gain access to a single system, or have to cancel every credit card and account that you own due to having a shared password?

4. Use a Password Manager or Random Password Generator

Keeping track of your highly complex and secure passwords is something that can be difficult for humans, making password lockboxes a necessity. Instead of getting a small notebook that you lock up in your purse or pocket, consider using a password manager. These secure online solutions allow you to create a single, memorable password to a platform that automatically creates passwords for each new application or system that you need to access. When your computer is creating and memorizing these passwords for you, you’re much less likely to make simple mistakes when creating your password. The best programs also provide feedback on how secure your password is and when you should make a change. Avast, a leader in online security, offers a free random password generator that you may want to check out, too.

Creating and remembering secure passwords could either be a full-time job, and you could still end up with vulnerabilities due to the common nature of the words that you choose to make up your passwords. When you follow these four password strategies, you are more likely to protect your important business and personal accounts from both humans and computers.

4 Strategies For Super Strong Passwords

 CBD Reports 100,000 Photo and License Plate Breach

The U.S. Customs and Border Protection (CBP) reported today that nearly 100,000 travelers’ photos and license plate data were breached. If you’ve driven in or out of the country within the six-week period where the data was exposed, you could have been victimized.

CBP License Plate Breach

The department said on June 10th that the breach stemmed from an attack on a federal subcontractor. CBP learned of the breach on May 31st.

CBP report:

“Initial reports indicate that the traveler images involved fewer than 100,000 people; photographs were taken of travelers in vehicles entering and exiting the United States through a few specific lanes at a single land border Port of Entry over a 1.5 month period.”

CBP hasn’t reported when this 6-week period was.

Who Was The Subcontractor That Was Affected By The Breach?

CBP hasn’t said who the subcontractor was either. But the Register reports that the vehicle license plate reader company Perceptics based in Tennessee was hacked. And, these files have been posted online.

Additionally, the Washington Post reports that an emailed statement was delivered to reporters with the title: “CBP Perceptics Public Statement.”

Perceptics’ technology is used for border security, electronic toll collection, and commercial vehicle security. They collect data from images on license plates, including the number, plate type, state, time stamps and driver images.

Where Were The License Plate Readers Installed?

Perceptics license plate readers were installed at 43 U.S. Border Patrol checkpoint lanes in Texas, New Mexico, Arizona, and California.

CBP reports that “No passport or other travel document photographs were compromised and no images of airline passengers from the air entry/exit process were involved.”

CBP uses cameras and video recordings at land border crossings and airports. The images they capture are used as part of a growing agency facial-recognition program designed to track the identity of people entering and exiting the U.S.

Do We Know Whose Data Was Exposed?

No, we don’t. And to date, CBP hasn’t said if this data will be released. If we hear differently, we’ll be sure to report any updates, so keep watching this space.

Is Facial-Recognition A Security Threat?

Facial-recognition is a hot topic right now. The American Civil Liberties Union states:

“This incident further underscores the need to put the brakes on these efforts and for Congress to investigate the agency’s data practices. The best way to avoid breaches of sensitive personal data is not to collect and retain such data in the first place.”

Congressional lawmakers have questioned whether the government’s expanded surveillance with facial recognition could threaten constitutional rights and open millions to identity theft.

Today’s technology can recognize and track us without our knowledge or an option to prevent it. It’s inevitable that a new battle between surveillance and privacy will be taking place as more breaches occur.

Was Your Photo and License Plate Number Breached?

Business Computer Systems

Protecting your business requires more time, effort and energy from your technology team than ever before. Business systems are increasingly complex, requiring staff members to continually learn and adapt to changing conditions and new threats as they emerge. It’s not unusual for a single ransomware incident to wreak havoc on carefully balanced systems, and this type of attack can be particularly damaging if you do not have the backup and disaster recovery procedures in place to regain critical operations quickly. From checking for system vulnerabilities to identifying weak points in your processes, here are some reasons why it is so important to regularly test your business systems.

1. Business System Testing Helps Find Vulnerabilities

The seismic shift in the way business systems work is still settling, making it especially challenging to find the ever-changing vulnerabilities in your systems. Cloud-based applications connect in a variety of different ways, causing additional steps for infrastructure teams as they review the data connectors and storage locations. Each of these connections is a potential point of failure and could represent a weakness where a cybercriminal could take advantage of to infiltrate your sensitive business and financial data. Regular business system testing allows your technology teams to determine where your defenses may need to be shored up. As the business continues to evolve through digital transformation, this regular testing and documentation of the results allow your teams to grow their comfort level with the interconnected nature of today’s systems — which is extremely valuable knowledge to share within the organization in the event of a system outage or failure. Experts note that system testing is being “shifted left”, or pushed earlier in the development cycle. This helps ensure that vulnerabilities are addressed before systems are fully launched, helping to protect business systems and data.

2. Business System Testing Provides Valuable Insight Into Process Improvement Needs

Business process improvement and automation are never-ending goals, as there are always new tools available that can help optimize the digital and physical operations of your business. Reviewing business systems in depth allows you to gain a higher-level understanding of the various processes that surround your business systems, allowing you to identify inefficiencies as well as processes that could leave holes in your cybersecurity net. Prioritizing these process improvements helps identify any crucial needs that can bring significant business value, too. This process of continuous improvement solidifies your business systems and hardens security over time by tightening security and allowing you to review user permissions and individual levels of authority within your business infrastructure and systems.

3. Business System Testing Allows You to Affirm Your Disaster Recovery Strategy

Your backup and disaster recovery strategy is an integral part of your business. Although you hope you never have to use it, no business is fully protected without a detailed disaster recovery plan of attack — complete with assigned accountabilities and deliverables. It’s no longer a matter of “if” your business is attacked but “when”, and your technology team must be prepared for that eventuality. Business testing allows you to review your backup and disaster recovery strategy with the parties that will be engaged to execute it, providing an opportunity for any necessary revisions or adjustments to the plans. Whether a business system outage comes from a user who is careless with a device or password, a cybercriminal manages to infiltrate your systems or your business systems are damaged in fire or flood, your IT team will be ready to bring your business back online quickly.

Regularly testing your business policies and procedures and validating your disaster recovery plan puts your organization in a safer space when it comes to overcoming an incident that impacts your ability to conduct business. The complexity of dealing with multi-cloud environments can stymie even the most hardened technology teams, and the added comfort level that is gained by regular testing helps promote ongoing learning and system familiarity for your teams. No one wants to have to rebuild your infrastructure or business systems from the ground up, but running testing procedures over time can help promote a higher level of comfort within teams and vendor partners if the unthinkable does occur.

3 Reasons to Regularly Test Business Systems