InnoTech – San Antonio’s Technology & Innovation Conference & Expo

04-innotechPresented by Presidio

Wednesday, May 11, 2016
Henry B. Gonzalez Convention Center

The 9th annual InnoTech San Antonio returns to the Henry B. Gonzalez Convention Center on May 11. Join over 1,300 technology and IT professionals for a full day of conference sessions, networking and tech demos. InnoTech San Antonio will host 30+ conference sessions presented by a number of national and local speakers. All speakers and topics are available at www.innotechsan.com.

The North Chamber is giving away COMPLIMENTARY PASSES to the first 30 IT professionals interested in attending. Please register at WWW.INNOTECHSAN.COM. Type NCHAMBER6 in the Discount Code field for complimentary admission. (Passes are not for vendors, consultants or recruiters and does NOT include Emerging Medical Summit or North Chamber CIO Luncheon. Separate registration fee is required for these special events).

What are the highlights this year?

  • Release of the San Antonio IT Economic Impact Report
  • North San Antonio Chamber CIO Luncheon Panel
  • Over 1,200 business and technology professionals to network with
  • IT Security in San Antonio featured a full day of security-related topics and experts
    • Anatomy of Cyber Attacks
    • The CyberSecurity Lifecycle, from Vision to Verify
    • Defining Your Cloud Strategy While Mitigating Cloud Security Risk
  • 30+ educational conference sessions focused on Mobile, Data & Analytics, Cloud, Security and more
  • More than 70 exhibit opportunities (including technology products and service providers from regional and national companies)
  • Prizes and Giveaways from exhibitors and sponsors
  • InnoTech Happy 45-Minutes Networking Reception — 3:45pm – 4:30pm
  • And much more

Emerging Medical Technology Symposium @ InnoTech

May 10, 2016
Henry B. Gonzalez Conference Center
11:00am – 5:30pm – www.emergingmedtechsat.com for details and registration

For additional information, speaker information and registration: Registration for the 6th Annual Emerging Medical Technology Symposium is $54.00 and includes lunch, EMT presentations and access to InnoTech (on May 11). Visit www.innotechsan.com for more details. We look forward to seeing you there!

The Needs of the Small Business

04-smallbizFor the past eight years we have served small businesses as an outsourced IT provider. We have learned how they operate and how they view their IT needs. These businesses are too small to need or pay for an in-house IT employee so they look to an outside source to service them. So what is it that they need?

The needs of the small business are simple yet varied. The basic needs include troubleshooting error messages, programs not working right, upgrades, and data backup to name a few. Their needs can be more involved and complex at times depending on their willingness to venture into the cloud. The cloud can either simplify or complicate things for the small (and medium) businesses if the move to the cloud is not well thought out and planned in its purpose as well as its execution.

The small business customer typically relies on the outsourced IT company to know what products are out there, their costs (both up front and down the road), and their impact on the customer’s production, efficiency, and workforce. Law firms have court dates and deadlines to deal with and the courts do not simply let them off with an “I’m sorry to hear that. Let’s reschedule the court date for that case for you” if your server is down and you didn’t get to finish your court documents in time for this court date. The dog ate your homework doesn’t fly in the court world nor should it. Medical offices do not want to have to reschedule their patients because their server is down. One question is whether they need a server and if not (if the cloud will work well for them) why are they still on a server?

If you are a medical office you are required to be HIPAA compliant. The federal government does not suggest or recommend that you be. They require it or you can be fined out of existence. Each occurrence of a HIPAA violation is a $25,000 fine. Notice I did not say that each employee who commits a Violation but each individual occurrence is a $25,000 fine. You should not trust your IT and HIPAA compliance to a company that is not a HIPAA certified professional company.

There are questions that need to be asked by both the business and the IT company to make sure the business is using the right tools, programs, email service, etc. Here are just a few of those questions (many more to follow in a discussion with the business itself):

  1. Is the cloud right for you (either in a pure or hybrid environment)?
  2. Do you have people in the field who need to access company data and resources? How are they doing that now? Does it seem inefficient?
  3. Are you subject to HIPAA or any other regulatory compliance standards?
  4. Are you using pop3 email (there are still too many companies using this)?
  5. Should you have desktops, laptops, tablets, etc?

Those are just a few of the questions that may be asked.

While each business needs technology to run efficiently those needs can be different from business to business. For your company’s best interest, remember to take time to interview at least two providers and talk to their referrals.

Scam of the Week: Phish with Hidden Sting

04-phishingThere is a particular type of Phishing attack which research teams see more and more often. This attack plays out as follows:

  1. Employees receive an email with an attachment — usually PDF or DOC.
  2. The body of the email contains no malicious links and consists only of a social engineering ruse to open the attached doc.
  3. The attached doc is itself not malicious — i.e., no exploits or malicious macros/scripts. What’s visible to the user is a second ruse to click an embedded link in the document.
  4. The link embedded in the doc leads to either an exploit site/page or a fake login page for a recognized service (your bank or payroll service).
  5. These phishes are slipping past anti-virus (AVs) and email security apps/appliances because the email body contains nothing obviously malicious and the attachment itself is not malicious in and of itself. AV and email security apps are not scanning the links in the attached docs.

Be watchful for this new tactic. Warn your associates about this. Never open attachments you did not request. When you get an attachment, verify if that person sent it to you actually did send it to you and why. When in doubt, throw it out. Always Think Before You Click.

The Importance of Conducting Due Diligence on 3rd Party Providers

04-duediligenceWe’ve entered into an age where network security breaches aren’t just common – they’re alarmingly more common than you think. According to the 2015 Cyberthreat Defense Report, an incredible 70% of all organized were compromised by a successful computer security breach at some point during the previous year. Hackers and other people with malicious intentions are targeting large corporations, small businesses and everyone in between. It’s up to you to ensure that you’re properly prepared. But what do you do when you are tasked to provide a certain amount of control over your data to a third party vendor?

Are third parties putting you, your customers and ultimately your business at the risk of a breach?

The answer, unfortunately, is “probably.”

The Facts
Two of the biggest (and most successful) data breaches over the last few years struck Target and Home Depot, respectively. Each attack cost victims millions of dollars in damages and negatively affected the reputations of two of the most recognized brands in the marketplace. Both data breaches were the result of vulnerabilities at third party vendors that the companies were working with.

According to a recent study that was conducted by the Ponemon Institute, Target and Home Depot aren’t alone. An alarming 53% of all surveyed organizations felt that the negligent actions of third parties like vendors, outsourcers and more were putting their own businesses at risk for similar attacks.

Two Ways Third Parties Are Putting You At Risk

  1. Weak Password Security Policies
    Your organization could institute the strongest possible password policy but if your third party vendor still uses “1234” as the password on their firewall, you’ll ultimately be the one to pay the consequences.
  2. Risk Management (or Lack Thereof)
    Many people don’t realize that your third party vendors often have third party vendors that they themselves are working with. This essentially puts them in a similar situation to the one that your business finds itself in – a breach at a third party vendor three levels removed from your company can eventually find its way back to your virtual doorstep.

Tips & Best Practices

  1. Always make sure that your vendors all have proper governance policies and that they’re strictly adhering to local and federal rules and regulations regarding which departments have access to what types of information, what those employees can do about it and more.
  2. You should always inquire into their password policies to make sure that they’re making sure that their own users are including things like special characters and are periodically changing passwords to help prevent network security breaches in the first place.
  3. Make sure that you’re always aware of exactly who is handling your business sensitive data and be vigilant at all levels. This includes overseeing people like data encrypters, cloud security providers, data backup organizations, point-of-sale maintainers and more – not just the regular IT professionals that you actually see and interact with daily.

Sometimes the people you DON’T see on a regular basis are the ones that you need to be paying the most attention to.

5 Steps To Protect Your Business From Cyber Crime

04-cybercrimeA Seattle company was recently broken into and a stash of old laptops was stolen. Just a typical everyday crime by typical everyday thieves. These laptops weren’t even being used by anyone in the company. The crime turned out to be anything but ordinary when those same thieves (cyber-criminals) used data from the laptops to obtain information and siphon money out of the company via fraudulent payroll transactions. On top of stealing money, they also managed to steal employee identities.

Another small company was hacked by another “company” that shared the same high-rise office building with them. Management only became aware of the theft once they started seeing unusual financial transactions in their bank accounts. Even then, they didn’t know if there was internal embezzlement or external cybertheft. It turned out to be cybertheft. The thief in this case drove a Mercedes and wore a Rolex watch… and looked like anyone else walking in and out of their building. Welcome to the age of cybercrime.

You Are Their Favorite Target

One of the biggest issues facing small businesses in the fight against cybercrime is the lack of a cyber-security plan. While 83% lack a formal plan, over 69% lack even an informal one. Half of small business owners believe that cybercrime will never affect them. In fact, small businesses are a cybercriminal’s favorite target! Why? Small businesses are not prepared and they make it easier on criminals.

The result? Cyber-attacks cost SMBs an average of $188,242 each incident and nearly two-thirds of the businesses affected are out of business within 6 months (2011 Symantec/NCSA Study). A separate study by Verizon showed that over 80% of small business cybercrime victims were due to insufficient network security (wireless and password issues ranked highest). With insecure networks and no formal plan to combat them, we make it easy on the criminals.

How They Attack

The #1 money-generating technique these “bad guys” use is to infect your systems with malware so that whenever you (or your employees) visit a web site and enter a password (Facebook, bank, payroll, etc.) the malware programs harvest that data and send it off to the bad guys to do their evil stuff.

They can get to you through physical office break-ins, “wardriving” (compromising defenseless wireless networks) or e-mail phishing scams and harmful web sites. Cyber-criminals are relentless in their efforts, and no one is immune to their tricks.

5 Steps To Protect Your Business

  1. Get Educated. Find out the risks and educate your staff.
  2. Do A Threat Assessment. Examine your firewall, anti-virus protection and anything connected to your network. What data is sensitive or subject to data-breach laws?
  3. Create A Cyber-Security Action Plan. Your plan should include both education and a “fire drill.”
  4. Monitor Consistently. Security is never a one-time activity. Monitoring 24/7 is critical.
  5. Re-Assess Regularly. New threats emerge all the time and are always changing. You can only win by staying ahead!