Archive Monthly Archives: November 2018

Marriott 500 Million Person Data Breach (Questions/Answers)

Marriott 500 Million Person Data Breach (Questions/Answers)

Parkway tech


How Marriott Got Caught In A 500-Million Person Data Breach


Were You Affected? (Your Questions Answered)

What Do We Need To Know About The Marriott Breach?

Another big corporation got hooked. This time it was Marriott International. They just revealed that their Starwood reservations database of 500 million customers was hacked and that the personal information of up to 327 million guests was stolen. And, this has been going on since 2014!

How Did This Happen?

  • On September 8, 2018, Marriott was alerted about an attempt to access the Starwood guest reservation database. 
  • They contacted leading security experts to help them determine what occurred. Marriott said that the hacker copied, encrypted and removed their customers’ data. 
  • On November 19, 2018, Marriott was able to decrypt the data and learned that it was from the Starwood guest reservation database.

Marriott acknowledged that the encryption security keys for this data may have fallen into the hands of hackers. This allowed them to access the massive amount of data. Secure systems lock up data and should store the encryption keys in a location that’s separate from the confidential information.

Some good questions to ask here are:

“How did the criminals get Marriott’s encryption keys?

“Why did it take so long for Marriott to reveal the breach?” They learned about it in September which is over two months ago.

And, this was a 4-year long breach! “Why didn’t Marriott know that their customers’ data was being stolen over this long period?”

Maybe we’ll find out the answers to these questions, and perhaps not. What’s for sure is that you are on your own when it comes to protecting your confidential data.

How Do I Know If My Data Was Stolen?

If you are a Starwood Preferred Guest member and your data was stored in the Starwood property’s database (which includes Sheraton, Westin and St. Regis hotels, among others) you need to be on alert.

As mentioned, this data breach goes all the way back to 2014 and includes names, passport numbers, email addresses and payment information for approximately 327 million travelers – a “big catch” for any hacker. Even your date of birth, gender, reservation dates and communication preferences may be included in the breach.

Should I Contact Marriott?

Marriott set up a website and call center for customers who were impacted by the data breach. Email notifications are also being rolled out.

Marriott is also offering affected customers the option to enroll in WebWatcher free of charge for one year. WebWatcher monitors internet sites where personal information is shared and generates an alert if your personal information is found. If you live in the U.S., you’ll also be offered fraud consulting services

What Else Should I Do?

If your data was stolen, you should observe for incidents of identity theft. Also, watch for phishing emails where hackers try to impersonate someone you trust to take information or money from you.

Arrange For Security Awareness Training For Your Employees

If your business data was involved, make sure that you arrange for Security Awareness Training for your employees to train them to recognize phishing attempts. This includes:

  • Baseline Testing to assess the Phish-prone percentage of your employees through a free simulated phishing attack. 
  • Training For Your Users with content that includes interactive modules, videos, games, posters, and newsletters. 
  • Simulated Phishing Attacks that utilize best-in-class, fully automated, simulated phishing attacks, thousands of templates with unlimited usage, and community phishing templates. 
  • Reports with statistics and graphs for both training and phishing for your management to review.

Whether your business was involved in the breach or not, Security Awareness Training for your employees is always a good idea.

Another good idea is to sign up for Dark Web Scanning Services.

Get Dark Web Scanning For Your Confidential Business Data

The Dark Web is a secret internet society that’s only accessible to a select group of criminals. Criminals use it to take stolen data (like the Marriott/Starwood customer information) and dump it on the black market for sale.

Dark Web Scanning is a sophisticated monitoring solution that helps businesses of any size detect cyber threats that expose their stolen business accounts, email addresses, payment information, and other confidential data that’s on the Dark Web. It also does this in real time and detects any of your compromised credentials or information before criminals can use it for profit or other crimes.

Don’t Count On The Marriott’s Of The World To Protect Your Business Data – You Must Do This Yourself

Contact us for information about Data Protection, Security Awareness Training and Dark Web Scanning. We have a Suite of IT Security Solutions to help you keep your business data secure.

law_ebook

Can Your Legal IT Services Firm
Keep Law & Order With Your
Practice's Technology?

Learn how Parkway's Legal IT Services helps firms across North Carolina achieve better results.

Click Here
Download Our Free Report

6 Tips To Ensure Third-Party Security

6 Tips To Ensure Third-Party Security

Parkway tech


Businesses of all types and sizes today must navigate a complex matrix of vendors and partners. In many cases, there is frequent sharing of data, including sensitive and proprietary information, that could be problematic if hacked or stolen.


The advent of new technologies, including the Internet of Things, automation and cloud systems, make for the collection and sharing of information more accessible than ever before. However, the increased volume, accessibility and transfer of data creates problems and added risk for companies. To help companies protect information and minimize the risk of data theft, here are 6 answers to common third-party security questions.

1. How Can I Assess My Company’s Data Security?

The place to start is with an internal audit of your system. Which vendors have access to which data? How are they connecting to your networks and what can they access?

It’s smart to map your third-party partners, understanding who they are, how they access data and what data they can access. Make sure third parties only can reach information that is necessary. Often these audits can detect access that was given long ago to third parties that no longer should or need to have access. 

2. What Can I Do to Assess My Third-Party Partners?

There are basic things you can do to ensure that third parties have the right safeguards in place when using your data. Asking for copies of their data security policies and audit results is an excellent place to start. If there are practices or results of concern, you can ask for more details. Some companies require their vendors to undergo a thorough security audit with detailed questionnaires or independent verification of processes and systems.

The practice is not just good business sense. Many new regulatory mandates, including the European Union’s General Data Protection Regulation (GDPR), require companies to ensure that third-party vendors are also compliant with the appropriate requirements.

3. What Foundation Do I Need to Data Security and Third Parties?

Be sure your organization has clear policies and procedures that govern data access and security related to third parties. Policies should be evaluated regularly to reflect new technologies or practices.

4. Who Is Responsible for Data Security?

Often, risk ownership can be a gray area as companies exchange data, update it and enter it into each other’s systems. A risk assessment matrix should be created that defines and tracks data within your corporate ecosystem. The matrix should include:

  • Vendors, partners, customers and subcontractors throughout your supply chain 
  • Classifications of each third party based on how they interact with the organization 
  • Risk types mapped to each third party 
  • Risk levels assigned to each vendors’ assigned risk types

This exercise allows you to build a comprehensive risk assessment model to inform decisions, policies and access.

5. What Technologies Can I Use to Help With Security?

Ultimately, control rests with your organization. You can control the parties with access, the types of access, and the assets that can be accessed. Here are some tools to deploy to assist with that control:

  • Encryption is effective in protecting data stored in your systems and transmitted to other parties. Encryption need not be applied to everything, but high-risk information merits investment in encryption tools. 
  • Two-factor authentication is another consideration. If you use multi-factor verification tools for internal access, you most certainly should do the same for external access. 
  • Risk-based authentication goes a step further. Rule-based access, such as only allowing access from a particular domain, can be incorporated into your security plan. If an access request does not meet the pre-defined rules, additional authentication layers are applied. 
  • Monitoring networks is a wise move. Monitoring what is accessed and by whom allows for a better understanding of information transfer. Firewalls that inspect data packets and issue alerts when unauthorized data are in play help prevent unwanted extrusion.

6. What Documentation Does My Company Need?

When you’ve determined your guidelines, policies and rules, be sure to put it in writing. Make it a part of your new contracts and insist on amendments to any existing agreements with third parties. Contractual guidelines help to protect companies from litigation as more plaintiffs go after multiple parties in the case of a data breach.

Not all contracts need to be the same when it comes to data access provisions, although it is good practice to establish a baseline of minimum requirements in all applicable third-party agreements.

With the growing threat of cyber attacks, an active approach to data security is a way for organizations to mitigate risk and ensure that data stay in the right hands.

law_ebook

Can Your Legal IT Services Firm
Keep Law & Order With Your
Practice's Technology?

Learn how Parkway's Legal IT Services helps firms across North Carolina achieve better results.

Click Here
Download Our Free Report

Top Data Breaches In The First Half Of November 2018

Top Data Breaches In The First Half Of November 2018

Parkway tech


Data breaches never fail to stay at the top of news headlines, and these are news headlines that should be highly regarded if you are a business owner. According to the ID Theft Center, there were at least 1,579 breaches, which was a 44.7 percent increase from the year before.


A Look at Early November 2018 Data Breaches

The astounding uptick in data breaches is expected to continue as a trend for 2018, and the first half of November 2018 has already shown multiple problems. Take a look at some of the breaches that have occurred already in November for 2018.

Ontario Cannabis Store/Canada Post

The legalization of cannabis across the country in Canada brought about a lot of prickly, unfamiliar situations for consumers and business owners. However, to worsen matters, their new and booming industry took a hard hit because of a massive data breach during the first part of November. The data breach was in the form of a hacker who managed to get into Canada Post’s delivery tracking tool.

Customers who had purchased cannabis for mail delivery from Ontario’s Cannabis Store had their information exposed. This data risk is considered severe because those in the up-and-coming cannabis business in the country could face concerns with consumers about the privacy of their personal information. This data breach affected as many as 4,500 customers.

HSBC Bank USA

Domestically, a significant data breach with one of the top names in banking left financial institutions and consumers alike a bit fearful. HSBC Bank had multiple customer accounts compromised. To date, the number of accounts compromised and customers affected has not been disclosed. Nevertheless, this has been considered a severe data breach because the data taken can be severely damaging to consumers who hold accounts at the institution.

The risk to related businesses because of this kind of breach is pretty massive. Banking customers place money in their accounts because they trust the institution will keep it secure. This kind of data breach with one of the world largest banks does not fare well in the minds of consumers; it only lessens their overall faith in banking systems as a whole. So far this year, financial institutions have taken a hard hit.

Other Data Breach News Around the Globe for November

Pakistan had an epic fail in November with hackers managing to get the account information of at least 8,000 banking customers. This data breach didn’t just affect one bank; it actually affected customers from ten different banks across the country. The stolen data has already shown up on the Dark Web as records for sale for prices between $100 to $160 per record. So far, the cybercrime division in Pakistan has found more than 11,000 records.

Noteworthy Data Breaches So Far in 2018

The new November 2018 data breaches are added to a growing list of breaches that have already occurred for the year. Facebook was perhaps one of the most publicized data breaches for the year. In April of 2018, at least 87 million records were breached, and it’s most probable that there were far more. Orbitz also had a considerable catastrophe when travel booking accounts were hacked, leaving something like 880,000 customers’ payment cards exposed.

Data Breaches in 2017

Numerous businesses in the past have had problems with data being compromised, especially in 2017. There were at least 16 data breaches for major retailers, according to Business Insider, including Macy’s and Adidas, to name a few. Sears even had a data breach in April that affected at least 100,000 customers who had their credit card information compromised. Restaurants were also hit with data breaches in 2017. Sonic and Panera Bread were two of the most noteworthy.

So far this year, the numbers of data breaches have exceeded those in 2017 by a long shot, which just shows how much of a risk data breaches are continuing to be in spite of considerable efforts to stop them. All business owners should amp up their security efforts and keep a close eye on data, so it is rightly protected.

law_ebook

Can Your Legal IT Services Firm
Keep Law & Order With Your
Practice's Technology?

Learn how Parkway's Legal IT Services helps firms across North Carolina achieve better results.

Click Here
Download Our Free Report

14 Ways Small Law Firms Tackle Cyber Threats

14 Ways Small Law Firms Tackle Cyber Threats

Law practices manage volumes of sensitive client information, and they’re attractive targets for hackers. Opportunistic cyber-criminals are especially drawn to smaller and medium-sized law firms and other organizations where they are more likely to find IT systems that are less well protected.

Parkway tech


Law practices manage volumes of sensitive client information, and they’re attractive targets for hackers. Opportunistic cyber-criminals are especially drawn to smaller and medium-sized law firms and other organizations where they are more likely to find IT systems that are less well protected.

Protecting attorneys and their clients, prevention of intrusion by phishing, email hacking, ransomware, spyware, sensitive data leaks, and other security issues is the focus of Managed IT Services for law firms. Below is a list of 14 ways to protect your firm, clients, and employees from cyber-threats, and other essential information to help you improve IT security for your law firm.

14 Tools for Data Protection

Keeping small law practices secure from cyber threats involves taking the necessary measures to reduce risk in some areas of a firm’s information technology. Risks include breaches to data confidentiality, data loss, and downtime due to hacking, virus and other disabling IT network events.

As part of an evaluation of your firm’s current level of cyber-security, an assessment of your methods of storing and transmitting sensitive data should be performed. Essentials include:

  1. Strong passwords that are automatically prohibited from reuse
  2. Multi-factor authentication at all points possible
  3. Hard drive and backup drive encryptions
  4. Password protection on sensitive document 
  5. files Email attachment encryptions 
  6. Avoiding discussing sensitive issues in non-encrypted emails
  7. Secure data storage (either certified GDPR-compliant cloud-based, or on-premises)
  8. Faxing secure documents using a standard fax machine, not e-faxing
  9. Diligently maintaining awareness of whether or not you are using an https site
  10. Routine staff training on identifying phishing and (“spear phishing”) other cyber-threats
  11. Execute routine backups
  12. Retain e-filing receipts from the court and confirmation emails
  13. Keep software updated
  14. Have an independent IT systems threat assessment

The Most Common Ways Cyber-Criminals Penetrate Network Systems of Law Firms

1. Phishing / Email Hacking

Today’s attorneys and staff use email, as well as shared document workspaces like DocuSign and Dropbox, which connect users’ email accounts. Meanwhile, hackers are busy developing their phishing methods to access these and other online accounts of law firms.

  • Example: Hackers have designed their color schemes and graphics to mimic login screens. 
  • Example: A phishing trick at least one hacker has used to gain access is emailing requests for law firm employees to log in to online document storage and view a file. 
  • Example: Hackers have sent fake PDF files that appear to be from a law firm. When the recipients clicked on the documents, they were redirected to the hackers’ phishing site.

After a phishing attack, the first step is to quickly change all passwords for email accounts, and file sharing services or other online tools connecting the firm’s email accounts. Employing a two-factor authentication process adds an extra layer of security.

If clients’ information has probably been compromised, then the firm must inform them.

Law firm employees must be vigilant about identifying fake email requests. Cyber-criminals are becoming more sophisticated all the time in creating them.

2. Ransomware

Hackers using ransomware sometimes succeed in locking down files or computer systems and forcing their owners to pay to regain control of them.

  • Example: A hacker has threatened to use wiper-ware to delete files if money was not paid promptly. 

Law firm employees who receive threats that files will be deleted if money is not received quickly enough should not pay the ransom. Instead, report the incident immediately and work with IT experts in file recovery.

3. Data Leaks

Law firms with weak policies on information security are at increased risk of having sensitive information being made public by hackers.

  • Example: A hacker may acquire law firm client’s or employee’s confidential information and broadcast it, perhaps on Twitter through a folder.

 Artificial intelligence (AI) software may be used to help isolate weaknesses in a law firm’s IT network and identify various user behaviors that can make hacking more likely to occur.

Legal Malpractice Charges Due to Insufficient Computer Security in Law Firms

Law firms have a significant responsibility in keeping their voluminous confidential files secure, whether their information storage is on premises or in the cloud. Allegations of legal malpractice have become a problem for firms found operating without adequate file security measures in place.

  • Example: A firm that had not been hacked was accused of allowing a client’s information to be exposed through vulnerabilities in the network, and received notice to prioritize cybersecurity.

 The ABA’s 2017 Legal Technology Survey revealed that 22% of law firms had either been hacked or had data breaches during that year. That percentage is up from previous years.

Parkway Tech, Winston-Salem NC

Parkway’s team of North Carolina network security experts afford local small to medium-sized law firms state-of-the-art cyber-security to protect data, files, systems, and attorney’s reputations. The centerpiece of Parkway’s Managed IT Services for law firms; our legal IT specialists focus on implementation, monitoring, and management of your network and IT systems security. We apply maximal preventive measures to block existing and ever-emerging and evolving cyber-threats.

For More Information About Cybersecurity For Law Firms

For more information about IT security for legal practices, contact Parkway Tech at (336) 310-9888 any time, to schedule an appointment with a legal IT Managed Services specialist. Ask for a no-obligation systems assessment.

law_ebook

Can Your Legal IT Services Firm
Keep Law & Order With Your
Practice's Technology?

Learn how Parkway's Legal IT Services helps firms across North Carolina achieve better results.

Click Here
Download Our Free Report

What Can You Do When You Don’t Trust Your IT Guy?

What Can You Do When You Don’t Trust Your IT Guy?

Have you ever needed to fire an employee you didn’t trust who had access to your company’s confidential digital information? Yes, this is scary. But when it’s your IT guy, it’s a nightmare!

Parkway tech


Can You Trust Your IT Guy?

Have you ever needed to fire an employee you didn’t trust who had access to your company’s confidential digital information? Yes, this is scary. But when it’s your IT guy, it’s a nightmare!

This is what happened to a law firm in the Triad.

They had to let their onsite tech go. He had been in charge of managing and securing all of their technology, including clients’ confidential data. But the firm’s managers became suspicious about some of the activities the tech was involved in. They no longer trusted him. The only thing they could do was ask him to leave.

Now they were concerned that he would try to retaliate and hack into their system. They needed help and contacted us.

What Did We Do To Keep Him Out Of Their IT System?

As experts in Legal IT, we know how important it is to ensure the security of private data. If the tech hacked into their system he could steal their clients’ data. This would ruin their practice and put them in jeopardy of noncompliance.

We couldn’t let this happen, so we immediately:

  • Technology Planning, 
  • Solutions that align with your budget and increase your operational efficiencies,
  • Business Continuity and Disaster Planning,
  •  Expert Security Planning, 
  • Cloud Solutions that save you money, eliminate storage issues, and can be scaled to meet your specific requirements,
  •  Spam and Email Protection,
  • And more.

Doesn’t it always seem like technology fails you when you need it most? When this happens it’s imperative that you resolve these problems and resume normal business operations as soon as possible—Time is money. It can be precarious to be so dependent on technology, but without it you just can’t compete today.

Few small businesses have either the required skills or the time to maintain and repair computers, networking equipment, or other technology. And, they can’t afford to hire dedicated, full-time employees to deal with IT maintenance. Even if they could, there isn’t enough need for a full-time expert.

So, what do they do? They try to “fix” things themselves. They find the most tech-savvy employee to double up on their duties and deal with hardware procurement, software licensing, and day-to-day IT troubles.

Trying to resolve and keep up with inevitable technology failures is no longer a simple matter. And as your business has grown, you’re probably using computers and network equipment from a variety of dealers. So, getting the support you need is more difficult.

Plus, you have to manage warranties, support contracts, and deal with finger-pointing between vendors when problems occur. Doing this on your own can be like a volcano waiting to explode. Below the surface are IT issues and vulnerabilities that can cause big problems down the road.

Do you rely on your non-IT employees to deal with technology problems? If so, it’s best to let them stay focused on their duties, and enlist the aid of expert IT support. The time and resources dedicated to managing technology problems can negatively impact employees, their stress levels, and ultimately, your customers.

The smart thing to do is to outsource your IT support to a company that makes sure all your technology stays up and running. They should be experienced in maintaining and troubleshooting desktops, laptops, servers, and network hardware. And they should have the knowledge and skills to keep things running smoothly and securely.

Large enterprises address this problem by hiring the right people for the job. They rely on experts for what they need: marketing, accounting, legal services and more. They know to leave the technical responsibilities to the experts.

If you’re worried about the cost, don’t be. The cost of outsourcing IT service and support will pay for itself because your tech issues will be addressed quickly and correctly so you can continue to focus on meeting your customers’ needs and growing your business.

Plus, you can get all your IT support and management for a fixed monthly price. A fully managed program is the best solution for small businesses, and provides the most reliability, security and quality of service. You’ll have 24×7 access to IT assistance from technicians who will provide both remote and on-site support with guaranteed response times to prevent downtime and ensure your business stays up and running.

All aspects of your network will be monitored and maintained: security, data protection applications and hardware. This optimizes your network’s performance, so it will work at peak efficiency to meet the demands of your business.

Your IT expert can also act as your CIO and IT Advisor, and help you with: 

Your time is important. You have more important issues to deal with than IT problems. Outsourcing your IT support and service allows you and your employees to focus on your duties, and grow your business.

Parkway Tech 

Our Fully Managed IT Service is the ideal solution for small businesses like yours in Winston-Salem, High Point, & Greensboro. We know how hard you work to afford your technologies, and we’ll ensure you get the most from them. We’ll offer the value you need, and protect your technology investments.

Just ask our clients: We provide the utmost in network reliability, security and quality service. For a free, no-obligation assessment of your IT needs, call us at 336-310-9888 or email us at: sales@parkwaytech.com

law_ebook

Can Your Legal IT Services Firm
Keep Law & Order With Your
Practice's Technology?

Learn how Parkway's Legal IT Services helps firms across North Carolina achieve better results.

Click Here
Download Our Free Report

Microsoft Search in 365 is Personalized for Your Business

Microsoft Search in 365 is Personalized for Your Business

Parkway tech


If your business uses Microsoft 365, you know how difficult it can be to locate information amongst many different programs and applications on your computer network, your devices, and any other place you may be working from. But what if there was a way to access the information you need as quickly as you needed it? What if there was a way to search across all your different, integrated apps in Microsoft Office 365 and find everything relating to one employee or one project so you could comprehensively view the progress of a project or an employee?


Sounds fantastic, right? It is, it’s new — and it’s called Microsoft Personalized search. Let’s take a look at what Microsoft Personalize search is, how it works, and how it can help your Canadian business reach its goals with less time spent searching.

What is Microsoft Personalized Search?

Microsoft Personalized Search is a cohesive way of searching across different apps in Office 365. Microsoft Search can help you and your employees find, discover, command, and navigate all your business software and cloudware to make business easier and more simplified — saving you time and dollars. Personalized search allows you to search for any application or project in Office 365.

How Does Microsoft Search Work?

Microsoft Personalized Search uses artificial intelligence (AI) technology from Bing, a search engine whose name you may recognize. This IA and Microsoft Graph’s deep insights into personal search usage make searching more effective for organizations. The purpose of the new Personalized Search is to connect your projects and your employees across your business’ data network to make projects easier, more collaborative, and above all, help you find the information you need when you need it.

Hyperlinked pages of results from searches are not what Microsoft or your business is after with its new search algorithm. Here are the differences you may notice right away:

  1. That oft-used “search” box will be visible and available across the apps your business and employees work with every day — it will stay in one place in Outlook, PowerPoint, Word, Excel, Sway, OneNote, Microsoft Teams, and Sharepoint.
  2. As soon as your employees click in the search box, personalized results will begin popping up (names of people you share with most or recent documents); no query is required for suggestions
  3. The search box will command the application you’re working in. Want a quick example? If they begin typing “acc” in Word, employees will get a list of suggested actions they perform often — no more hunting through toolbars and wasting precious business time.
  4. Search results will include results from across your business organization, including a Word document you’ve been working on, the PowerPoint that goes with it, and the Excel spreadsheet that demonstrates the budget for that project. The employees working on the project will also pop up in the search results.
  5. Organizational search will work wherever your employees are working: Bing, Edge, or Windows, as long as employees are signed into Office 365 accounts.

How Can Microsoft Search Help My Business?

The main benefit for your business of Microsoft Personalized Search is saving time. No more precious minutes spent looking through toolbars or trying to hunt down the document or presentation employees were working on. Another intangible benefit that will definitely increase your business bottom line is your oversight ability. With a word and one click on the search icon, you can locate all the information about a particular project and who’s working on it in a millisecond. You can reach out immediately to start a conversation, get an update, or suggest changes. The time and convenience Personalized Search provides is priceless.

law_ebook

Can Your Legal IT Services Firm
Keep Law & Order With Your
Practice's Technology?

Learn how Parkway's Legal IT Services helps firms across North Carolina achieve better results.

Click Here
Download Our Free Report

Lessons Learned From The 2018 Clio Conference In New Orleans

Lessons Learned From The 2018 Clio Conference In New Orleans

I recently attended the Clio Cloud Conference in New Orleans, and I came away with a wealth of information for law practices that want to use the Cloud securely.

Parkway tech


What Do The Best Legal IT Security Experts Advise That You Do To Protect Your Confidential Data? 8 Critical Things

I recently attended the Clio Cloud Conference in New Orleans, and I came away with a wealth of information for law practices that want to use the Cloud securely. Clio’s Director of Information Security, who formerly worked at Apple (among other companies), mentioned some critical steps that legal firms must take to protect their businesses and their clients.

First, let’s look at the legal environment in regards to cybersecurity. Here are five facts that you need to know:

  1. Most breaches aren’t discovered right away. The LinkedIn breach was found a full two years after it happened. The same happened with Yahoo’s breaches.
  2. Only .8% of Clio users are using 2FA! (What is 2FA? We’ll tell you below.*)
  3. 30% of firms from 2-99 lawyers were breached last year.
  4. The majority of hacking uses stolen credentials, usually through phishing – not from someone breaking into a computer or server through brute force or a virus. (What can you do to prevent being victimized by phishing? We’ll tell you below.**)
  5. Most hackers are amateurs and limited in resources. They go for the easiest targets.

What are the eight critical steps that Clio’s Director of Information Security recommends you take to protect your law practice? 

  1. Define your risk. Are you using cloud applications that might expose your confidential data? What would the result of a data breach be for you? Is everyone in your firm using secure passwords? (What are secure passwords? We’ll tell you below.***)
  2. Always use 2FA whenever available. (See below*)
  3.  Use a password manager (Parkway Tech provides this to our clients, but LastPass is a good option, as well.)
  4. Be aware of timely phishing attempts (e.g., IRS around tax season and W-2 scams around the first of the year).
  5. Invest in education. (Ask about our Security Awareness Training for your employees.****)
  6. Be skeptical.
  7. Let others in your firm know about phishing emails. (Security Awareness Training takes care of this.)
  8. For workstations: Get security updates, use strong computer passwords, enable full disk encryption, and make a cloud backup. (Parkway Tech can help with all of these requirements.)

*What Is 2FA?

Two-Factor Authentication (2FA) protects your identity by requiring a second layer of security. It makes it more difficult for cybercriminals to log in to your accounts.

Your credentials must be submitted in two or more different forms. For example, you need your login ID and passcode for authentication to be classified as 2FA.

This prevents criminals from taking over your identity on the platforms you use. Even social media platforms like Facebook have an option where a code is texted to your mobile phone, or generated in your Facebook account that you use before signing in.

Clio advises that you use 2FA wherever it’s provided. Make sure your employees do the same.

** What Is Phishing?

Phishing is the practice of stealing user ID/email addresses and password combinations by masquerading as a reputable or known entity or person in an email, instant message, or another communication channel. Attackers then use the victim’s credentials to carry out attacks on a secondary target.

They enter the credentials into as many websites as possible using automated scripts, often called credential stuffing, or enter the stolen credentials directly into corporate resources gaining unfettered access to your network and data.

How do you protect your law practice from phishing? The best way is through Security Awareness Training**** for your employees.

*** What Are Secure Passwords?

Creating a strong password is an essential step in protecting yourself online. Using long and complex passwords is one of the easiest ways to defend yourself from cybercrime. No law firm is immune to cyber risk, but there are steps you can take to minimize your chances of an incident.

Here are eight things that the Department of Homeland Security suggests you and your employees do when creating passwords:

1. Create passwords with eight characters or more and a combination of letters, numbers, and symbols.

2. Use a passphrase such as a news headline or even the title of the last book you read. Then add in some punctuation and capitalization.

3. Don’t make passwords easy to guess. Don’t include personal information in your passwords such as your name or pets’ names. This information is often accessible to find on social media, making it easier for cybercriminals to hack your accounts.

4. Avoid using common words in your password. Instead, substitute letters with numbers and punctuation marks or symbols. For example, @ can replace the letter “A” and an exclamation point (!) can replace the letters “I” or “L.”

5. Get creative. Use phonetic replacements, such as “PH” instead of “F.” Or make deliberate, but obvious misspellings, such as “enjin” instead of “engine.”

6. Never share your password. Don’t tell anyone your passwords, and watch for attackers trying to trick you into revealing your passwords through email or calls.

7. Use different passwords for different accounts and devices so that if attackers do guess one password, they won’t have access to all of your accounts.

8. Use stronger authentication. Always opt to enable stronger authentication when available, especially for accounts with sensitive information including your email or bank accounts. A stronger authentication helps verify a user has authorized access to an online account. For example, it could be a one-time PIN texted to a mobile device, providing an added layer of security beyond the password and username. Visit www.lockdownyourlogin.com for more information on stronger authentication.

 ****What Is Security Awareness Training?

Security Awareness Training for your employees educates them to be aware of phishing and other IT threats. Services often provide user training videos, send fake phishing attempts to test their knowledge, send automated memo emails on the latest threats, and allow admins to run various reports to monitor your employees’ scoring, and progress.

Cybercrime is a real and present danger to law firms of every size. You can’t afford to risk your confidential data. Contact our IT Security team in Winston Salem NC for help protecting your practice.

In the meantime, check out these and other articles in our Law Blog to stay up-to-date on the latest news and information in IT:

Does My Law Firm In North Carolina Need A Business Continuity Strategy?

Some extreme events can disrupt the regular operations of a legal firm. Natural and man-made disasters such as hurricanes, floods, power failures, earthquakes, arson, robbery, death of a critical law partner, pipe leaks, roof collapse, public unrest, and other unexpected problems can destroy offices, records, or access roads, jeopardize relationships with major clients, or make travel to the law office impossible for employees. Having a Business Continuity Plan for North Carolina Law Firms can prevent significant loss of revenues and clients due to prolonged disruption of law office operations.

Experts Predict Cybercrime Will Climb To An Astonishing $7 Trillion Problem For Business Owners

While you’re busy running and growing your business, working hard to make money, cybercriminals are finding new and more sophisticated ways to steal it. They want to breach your IT system to steal your confidential data so they can hold your data for ransom, or get passwords and IDs to take cash directly from your bank accounts.

What are the Primary Benefits for IT Outsourcing for Law Offices? 

Although many long for the simplicity of yesterday, advancements in technology are quickly taking over every industry. This includes the legal field. Technology provides an ability to streamline resources and improve efficiency. Of course, people are required to manage it.

law_ebook

Can Your Legal IT Services Firm
Keep Law & Order With Your
Practice's Technology?

Learn how Parkway's Legal IT Services helps firms across North Carolina achieve better results.

Click Here
Download Our Free Report

Why is my Windows 10 Pro Deactivating?

Why is my Windows 10 Pro Deactivating?

Parkway tech


If you are experiencing problems with your Windows 10 Pro operating system, you are not alone. Thousands of users from the US, Japan, and South Korea flooded tech message boards late this week with complaints that their legitimately purchased software was deactivating itself.


What Exactly Happened?

Starting on November 8, comments began to appear online from several users expressing frustration over the pop-up messages they received from Microsoft after booting up their computers. These messages included the error codes: 0xC004C003 or 0xC004C003, and incorrectly implied that the users were trying to run illegal copies of the Windows 10 Pro edition on their computers. Those affected by the glitch were then prompted to install the Windows 10 Home edition or to purchase a genuine copy of the Pro edition from the Microsoft store. Anyone who received a deactivation warning was still able to operate the computer using the Windows 10 Pro edition, although distracting watermarks were plastered across the screen.

Microsoft acknowledged that the company was fully aware of the DMR issue within hours of the first messages showing up online. A statement released from the company said it was still trying to determine the reason behind the deactivations to provide a fix, but at the time the exact cause was unknown. Engineers from Microsoft suspected that “some unspecified issue with the Windows Authentication servers” was the cause behind the deactivations.

On Friday, a day after Microsoft first address the deactivations, the company released an update about the bug:

“A limited number of customers experienced an activation issue that our engineers have now addressed. Affected customers will see the resolution over the next 24 hours as the solution is applied automatically. In the meantime, they can continue to use Windows 10 Pro as usual.”

As of Saturday, some users online were still reporting problems with their operating system.

Will This Affect Me?

The good news is that the deactivation problem seems to be affecting only a small portion of the total number of Windows 10 Pro edition users. Of the licenses which were affected, the vast majority of them were digitally updated from an early version of Windows. If you have not already received the warning after restarting your system, there is a good chance that your copy of the operating system is not affected by this bug. But for those who hit with the glitch, you have several options.

What Can I Do About It?

First, don’t panic and assume that you need to repurchase a new license for the Windows 10 Pro edition if you are still receiving a warning as of today. As long as you are using a genuine version of the operating system, there is no need to buy another copy, as the fix will automatically take effect. The best thing to do is just to wait. But if you are unwilling to wait, you can attempt to correct the issue on your own by running the Troubleshoot app. You can access the Troubleshoot app by going to Settings then clicking on Update & Security followed by Activation, and finally to Troubleshoot. This should correct the issue immediately.

law_ebook

Can Your Legal IT Services Firm
Keep Law & Order With Your
Practice's Technology?

Learn how Parkway's Legal IT Services helps firms across North Carolina achieve better results.

Click Here
Download Our Free Report

Legitimate Installs of Windows 10 Being Deactivated But Microsoft Has No Fix For It

Legitimate Installs of Windows 10 Being Deactivated But Microsoft Has No Fix For It

Windows 10 Professional users have been frustrated lately by some type of bug that suddenly, for no reason, just deactivates your operating system. Even if you’re running a properly licensed installation of Windows 10, it could be deactivated.

Parkway tech


Windows 10 Professional users have been frustrated lately by some type of bug that suddenly, for no reason, just deactivates your operating system. Even if you’re running a properly licensed installation of Windows 10, it could be deactivated. Reports of these issues are coming in from the US, UK, Korea and Japan so far.

Microsoft acknowledges there’s a problem, but there’s no fix yet.

Microsoft has said that they know there’s a problem in this area, but they have not been able to determine the cause or develop a patch for it. They simply say that “some unspecified issue with the Windows Authentication servers is causing the problem.”

The Tech Giant has promised that they will create some type of resolution to this issue within a few days. Though most Windows 10 Pro licenses seem to be valid, Microsoft has discovered a few instances where a Windows 10 Home license key is being used with a Windows 10 Pro installation. In this case, the product is recognizing this and then deactivating the operating system until the user can buy the proper license.

Try This Solution!

  • Go to the Settings app 
  • Click Update & Security 
  • Click Activation (left side of the window) 
  • Click Troubleshoot 
  • Click Close, when prompted

For our clients, we have found this method to work quickly on every computer that has had this issue.

Update for November 9, 2018:

Microsoft has issued the following statement:

“A limited number of customers experienced an activation issue that our engineers have now addressed. Affected customers will see the resolution over the next 24 hours as the solution is applied automatically. In the meantime, they can continue to use Windows 10 Pro as usual.”

Other Issues Reported By Users

Some reports from Reddit users say that when they try to open Windows 10 Pro, they’re getting a puzzling notification that their product needs to be activated. On closer inspection, these users have discovered that their Windows 10 Pro was downgraded to Window 10 Home, thus triggering the notification. There’s no explanation thus far about why the software was downgraded. 

In other instances, users are reporting that when they try to upgrade their operating system from Windows 8 or Windows 8.1 to Windows 10, their operating system will suddenly deactivate itself. Some users have posted various fixes online. You will need the 25-character Key to your Windows 10 operating system to proceed:

  • Open your Settings app on Windows 10. 
  • Click on Update and Recovery. 
  • In the side navigation bar on the left, click on Activation. 
  • Click on Enter a Product Key and enter your Product Key in the Popup box. 
  • Proceed as usual with the installation.

Hold Off On Installing The Latest Version of Windows 10

In other Microsoft news, some users have reported that when they go to install the latest version of Windows 10, some files are being randomly deleted. Again, Microsoft has said they’re investigating this issue and hope to have a resolution within a few business days. In the meantime, they’re recommending that users hold off on installing the latest version of the Windows 10 operating system. 

Back Up Your Data Before Installing a New Operating System

IT Professionals remind everyone that it’s a good idea to back up all your data before installing new software of any kind. Things can go wrong but if you have your files backed up, they can simply be reinstalled regardless of what has happened. Some users have reported permanently losing important documents after trying to install the latest version of Windows 10. So the best solution is to simply wait until Microsoft has addressed these issues and announced that it’s safe to download the newest version of Windows 10.

Contact Us

If you’re concerned about any of these problems, please contact Parkway Technology Solutions. We stay on top of all bugs, patches, and issues with Microsoft products. We can also help with backing up your data safely so that you won’t lose a thing even if you do experience a malfunction of the Windows operating system.

Parkway Tech serves the Winston-Salem area with a full suite of managed IT services for law firms.

In the meantime, it’s important for you and your employees to stay up-to-date on technology. We’ve provided some articles on our Law Blog that you should find interesting. Here are a few to get you started:

 URGENT! Google Chrome “HTTPS by Default D-Day” Is Today (July 24, 2018)

How Can I Extend My iPhone’s Battery Life?

4 Tips For Working Securely On Wi-Fi

law_ebook

Can Your Legal IT Services Firm
Keep Law & Order With Your
Practice's Technology?

Learn how Parkway's Legal IT Services helps firms across North Carolina achieve better results.

Click Here
Download Our Free Report

Why Free Cloud Services Are A Risk To North Carolina’s Law Firms

Why Free Cloud Services Are A Risk To North Carolina’s Law Firms

Have you checked your EULAs for any free cloud services you might be using? This is essential to ensure you’re not storing confidential information in a solution that’s not secure.

Parkway tech


Is Your Law Firm In North Carolina Using A Free Cloud-Based Service?

Have you checked your EULAs for any free cloud services you might be using? This is essential to ensure you’re not storing confidential information in a solution that’s not secure.

What Is An EULA?

An EULA is an End-User License Agreement or software license agreement between you (the purchaser) and the licensor (the software company) that defines the ways the software can be used and your rights to use it.

Have You Reviewed EULAs For The Free Cloud-Based Storage Solutions You Use?

Because some of the free storage solutions like DropBox, Google, and others aren’t amenable to your client confidentiality requirements, you shouldn’t use them. Unfortunately, some attorneys still do, and as a result, they’re putting their client data and their law firms at risk.

Why Is The EULA So Important?

As mentioned, you must ensure your end-user license agreement (EULA) for any software you use, (especially free software) is thoroughly checked to make sure confidential information isn’t being stored in the open.

Parkway Technology Solutions recommends that our clients, especially those in the legal field, use cloud-based storage solutions that are paid for (like Microsoft Office 365 or paid versions of G-Suite Services) that state under their terms of service that any mining of data is protected.

Beware Of Free Dropbox For Lawyers

Dropbox for Lawyers has free and paid accounts. Some have signed up for the free service because they get 2.5 gigabytes of space at no cost and an option to get more space if they refer a new account holder. Plus, they can upload and even share files through the free account. This sounds like a good deal, but it’s not if your confidential data is at risk.

Do Your Homework

When looking for a cloud-based solution for your document storage and collaboration needs, make sure that you do your research and consider how the available options will affect your clients’ confidentiality.

While you might think the free version of Dropbox for Lawyers gives you a quick, no-cost solution to upload and store files, it could end up costing you in fines and legal fees when your clients and regulatory authorities find that data was breached.

Plus Dropbox for Lawyers can cause serious issues when it comes to the precise level of document management needed in the legal industry. Between ethics and organization, none of the no-cost solutions should be your law firm’s go-to answer for cloud-based collaboration and storage.

What Should You Look For In A Cloud-Based Solution?

Other than an EULA that guarantees the security of your confidential data, look for a cloud-based solution with law firms in mind. One that:

  • Uses at least 256-bit AES encryption to secure your files. 
  • Provides In-transit encryption, so your files remain encrypted while being uploaded to the Internet or downloaded to your computers. 
  • Uses Zero-knowledge encryption where only you have access to your encryption keys. Your cloud provider shouldn’t have access to them, and the keys shouldn’t be stored on their servers. 
  • Is HIPAA compliant if you work for doctors or healthcare organizations. 
  • Integrates with Microsoft Office so you can save your documents directly to the Cloud. 
  • Provides indexing and search capabilities where you can find names and content in every document, as well as emails. 
  • Has the ability to compare older documents to its newer counterparts. 
  • Lets your employees check-in and check-out of documents to ensure only those authorized can access records, that you know when they do, and that they are working on the most updated versions. 
  • Has a system for document tagging and profiling. 
  • Provides notifications when documents are updated or edited. 
  • Offers document organization and storage that can be arranged by matter. 
  • Has easy-to-use email management and search options. 
  • Comes with an interface that’s intuitive and easy for your staff to use.
  • Is compatible with the other systems you use.
  • Provides customer service that’s readily available.

Can You Use Any Of The Free Software Services?

You can use Google’s free services to write blog posts, create and update website information, and for operations where confidential data isn’t included. There are some great tools in the Google Suite, but using them for anything related to sensitive client data is not recommended.

Questions?

We urge our legal clients (actually all of our clients) who work with or store confidential data to always check the EULAs in the software they use to ensure sensitive data won’t be exposed. If you aren’t sure and need help doing this, contact the team at Parkway Technology Solutions. We’re always happy to help. 

In the meantime, be sure to stay up-to-date on Legal IT issues. Visit our Law Blog. Here are a few examples of what you’ll find: 

Why Should My Company Upgrade to Windows 10? 

IT Issues Winston Salem Lawyers Would Rather Avoid (Problems and Solutions) 

What Should Law Firm IT Services Include? (Questions/Answers)

law_ebook

Can Your Legal IT Services Firm
Keep Law & Order With Your
Practice's Technology?

Learn how Parkway's Legal IT Services helps firms across North Carolina achieve better results.

Click Here
Download Our Free Report