NEED HELP NOW? CALL YOUR LOCAL IT EXPERTS TODAY 908.688.2444 | Request Remote Support

Archive for category: Uncategorized

Transitioning Your Tech When Moving, Upsizing or Downsizing

Transitioning Your Tech When Moving, Upsizing or DownsizingTechnology is often one of the most overlooked aspects when a business is in transition. For our purpose, a transition is a move, upsize or downsize. There are many moving parts that need to be considered and factored into a transition. The top three areas of your technology infrastructure that need to be addressed are networking, internet service provider and telephone communications.

Networking

Your new office will need to be networked in some way, shape or form. Though wireless networks are available, it is best to have your new location physically wired using the latest structured wiring cables, Cat6 or Cat6a. These cables are rated for network speeds up to 10Gbps (10,000Mbps) as opposed to the older Cat5e cables which are rated for network speeds of up to 1Gbps (1,000Mbps). Wireless networks are a supplement to, not a replacement for, your wired network and should be viewed as such. They are often used for laptops, iPads, mobile phones and guest access when you have a visitor.

Internet Service Provider

Having an Internet Service Provider (ISP) ensures that you have a connection to the Internet.  Your choice of providers will be limited by two things:

  1. The providers that are available in your geographic area; and
  2. The providers that are allowed into your commercial space by your landlord, unless you own the space. Believe it or not, there are commercial landlords who refuse to allow certain ISPs in their properties.

Next, you have to assess the needs of your business to determine what level of access and speed you need. A lot of businesses operate on shared Internet connections, such as connections through your local cable provider or fiber connections  However, if a reliable connection is a high priority for your business, you may find a benefit in choosing a dedicated connection to the ISP.  With a dedicated connection to your ISP you are guaranteed the advertised speeds.

Telephone Communications

This is a big one.  Do you go for the traditional phone options or do you utilize a Voice Over IP (VoIP) provider?  The primary factors here are typically capital outlay and feature set.

With on-premises phone systems you have to pay the cost of the system up front.  This may be a deal breaker if you are a newer business, or your financial circumstances do not allow your business to absorb this cost.  From a functionality standpoint you are also limited to the features of the physical system.  For example, if you want e-mail transcription of voicemails but the system you chose does not offer that feature, you are out of luck.  Another pitfall of an on-premises system is that you are limited to the amount of incoming phone lines that you choose to pay your phone carrier for.  This can cause issues with callers getting a busy signal or being routed to voicemail.

Hosted phone systems, often referred to as Voice over IP (VoIP), allow you to circumvent some of the problems that traditional phone systems have.

  1. Providers – You are not limited to a service provider based on geographic availability.
  2. Portability – You are able to simply take your phone with you if you move to a new location without the need to schedule a move with your carrier.
  3. Flexibility – You have the ability to add and remove new phones/extensions as your company grows/contracts.
  4. Features – You have all of the features of an enterprise system without the cost.  As new features are added by your service provider you are able to take advantage of them.

As you can see, technology infrastructure is an important part of any transition to your business.  It is best to consider your technology needs during the planning stages of your transition, rather than as an afterthought, in order to avoid gaps in service and functionality.

Equifax Hack, 143 Million Americans Impacted

equifax hack

Cybercrime is a reality in our world today and we are all affected. It has just been publicly released that Equifax, the consumer credit reporting agency, has had a data breach. These criminal hackers have gained social security numbers, birth dates, home addresses and in some cases driver’s license numbers of 143 million Americans.

According to Equifax, the hack happened somewhere between mid-May through July 2017.

There is not much that you can do from your end except to monitor your reports and activity. We urge you to go to the following website, www.equifaxsecurity2017.com, which has been setup by Equifax to sign up for credit file monitoring and identity theft protection.

3 Tips to Avoid Poor VoIP Quality

poor voip call quality

One of the major issues surrounding Voice Over Internet Protocol (VoIP) technology is the lack of proper information.  Now we know exactly what you are thinking; in this day in age where we are all surrounded by information how could there be a lack of it?  You see it is quite possible and the specific area surrounding VoIP where this gap exits is the way in which you just get the system to work.

Most of the VoIP issues that happen are a direct result of poor communication between the provider and the customer.  The expectations about what the service is supposed to deliver and how it is going to do are often at a mismatch.  Most providers will tell you to just order their service, plug the phone to your network and everything will just work.  That might be true for some but it is not for most.

Your network is a complicated place.  A place where there are servers, computers, wireless devices, printers and many other items that are communicating through its wires.  Now you are planning on adding another item to that network, phones.  You see your phone is probably your most critical item and it needs a nice clean path between it and your provider.  Without taking the right steps before installation VoIP phones you will most certainly experience call quality issues.

Have you ever been on a call with someone only to catch every other word?  Have you ever called someone and they claim to not even have a record of your call?  These are some issues that are associated with VoIP done wrong.

Your voice data is important and there are ways to make sure that it is running smoothly through your network.  Here are some tips.

  1. You need to test your Internet Service Provider’s (ISP’s) network. If your ISP’s network is prone to issues your VoIP traffic will not flow well and you will experience issues.
  2. Testing your internal network is a must. Yes, you need to run tests and diagnostics on the network to make sure that you are in fact equipped to properly handle voice calls/traffic.
  3. Voice traffic should be segregated from your data traffic. Additionally, you want your voice traffic to be prioritized over all other traffic on your network as it is the most sensitive.

Without the proper testing and setup of your network a VoIP solution will be more of a nightmare than it’s worth.  There are many pitfalls and most providers are not making sure that you avoid them.  If you want to avoid the failures of VoIP installs give our experts a call at 908.688.2444 or fill out the contact form to the right and we will be glad to guide you through the process the right way.

 

Unlimited Mobile Data Plans are Back

unlimitedmobilephone_verizon_att_sprint_tmobileThings are moving to the benefit of the consumer once again when it comes to mobile phone providers.  The four major carriers Verizon, AT&T, T-Mobile and Sprint will once again all have unlimited data plans available.  It is currently in your best interest to re-evaluate your current plan with your existing provider to decide if it is worth making the change.

Below is a pricing matrix displaying each provider’s current pricing (excluding taxes and fees) for each of their unlimited plan options.

One Line Two Lines Three Lines Four Lines
Verizon $80 $140 $160 $180
Sprint $60 $100 $130 $160
T-Mobile $70 $100 $140 $160
AT&T $100 $140 $180 $180

 

How you move your data and the type of data that you move is important to note as well.  If you utilize the “Personal/Mobile Hotspot” feature on your phone AT&T will not allow this feature to be used; so you will lose that capability.  The other providers are limiting you to 10GB of Mobile Hotspot data at 4G speeds the rest will be throttled down to 3G speeds.

Also, data throttling or “slowdown” will occur on Verizon & AT&T after 22GB of data utilization.  T-Mobile’s network is after 28GB and Sprint after 23GB.  This will reduce your data moving from 4G speeds down to 3G speeds.

Additionally, video streaming will only be affected on AT&T’s plan.  Instead of streaming what your video content provider provides AT&T will scale this down to 480p which means no high definition streaming on your devices utilizing their unlimited plan.  All other providers will allow streaming up to full 1080p HD video resolution or whatever your content provider can push out.

Hopefully, these new pricing plans can be of benefit to you and help you save money.  It is always in your best interest to re-evaluate your mobile phone plan at least once a year to make sure you are getting the best bang for your buck.

Why Should You Care About the Dyn Cyberattack?

By now, you have probably heard about the cyberattack that crippled Dyn’s Domain Name System (DNS) this past Friday. Some of the websites affected included Netflix, Twitter, Spotify, Reddit, AirBNB, and many others. When you type in a website address (e.g., www.google.com) the request goes through a DNS server which translates that website name to its numerical value (e.g., 8.8.8.8) so your computer can fetch the proper website. This mechanism only exists to make our lives easier, so that we can use names for web addresses and not have to remember numerical values for websites.

Dyn is a major provider of DNS services and what happened on Friday was a distributed denial of service attack (DDoS). The DDoS attack involved millions of devices making requests to Dyn’s servers at the exact same time, resulting in the flooding and overloading of the servers.

Why is this important for you to even know about? The devices that were used in this attack were devices that were plugged directly into the Internet and used the default passwords from the manufacturers. Whether you realize it or not, every device that you connect to the Internet can be used as a weapon for attacks such as these. Your devices can be compromised, malicious software can be added, and they will become part of a digital army without you even knowing it.

Here are some tips to prevent your equipment from being compromised:

  1. 1. Never connect any equipment directly to your Internet connection. You should always have a firewall between your devices and the Internet.
  2. Always change the default username and passwords for any Internet related device that you install.
  3. Apply updates from manufacturers. Updates come out to patch vulnerabilities that a manufacturer discovers in their software which may allow for the device to be compromised.

Security should be a major concern for you. You cannot set it and forget it. New threats are constantly emerging but who is watching your network? Take the first step towards the security of your network. Give us a call at 908.688.2444 to setup your security consultation.

Who Needs a Headphone Jack?

Apple has finally released information on the new iPhone 7.  The phone is expected to be released September 9, 2016.  The biggest upset for many people seem to be the lack of a headphone jack.  But this is not the first time that Apple has made a move to revolutionize the market.

In 2007 Apple was the first smartphone manufacturer to replace the QWERTY keyboard with a touch screen interface.  Now 9 years later the market is dominated by the touch screen.

However, most of us are not ready to give up our 3.5mm headphone jack just yet.  Here are 3 options that you have if you still want to get the functionality of the headphone jack.

  1. Apple’s Lightning to 3.5mm Headphone Jack Adapter
  2. Apple’s iPhone Lightning Dock
  3. Lighting port headphones

As you can see there are a few options here.  Most of us don’t welcome change with open arms.  Some users will be unaffected by this but others may hate it.  Which category will you fit into?

Your Law Firm Is a Gold Mine

gold_mine_fluiddesignsBy: Stanley Louissaint

Your law firm is a gold mine of information and everyone knows it.  Cybercrime and cyber-espionage is at an all-time high and the threats grow greater each day.  As an attorney, you deal with confidential and sensitive information on a daily basis.  While having access to such information during the course of everyday business is normal sometimes people forget that there is an inherit duty to protect that data.

As you already know, there are many different types of law practices.  Each field of law deals with its own type of sensitive information.  For example a personal injury attorney has access to data that can be classified as protected health information (PHI) and/or personal identifiable information (PII).  Business and corporate lawyers have access to an entirely different set of information.  That information can be about the mergers, acquisitions or sellouts of publicly held companies.  Yet the common trait among each dataset is that it can be used by a third party for financial gain.  The ability to make money from that information is exactly what makes it a target for outsiders.

You see, I’m not telling you what you don’t already know, but sometimes we are too close to a situation to realize the value of what we have in front of us.  Yes, there are legal requirements for you to attempt to protect this information but aside from that why should you care?  The reason is because your clients do.  Data breaches, cybercrime, and cyber espionage are all topics that have made their way to the forefront of our lives.  It is even top of mind for the smallest of firms who often ask, “How do we prevent these problems from happening to us?”

Another reason is your firm’s reputation.  In the event that you have a data breach the public’s perception of your firm will change and unfortunately not for the better.   Reality is nobody can truly be 100% hacker proof.  It’s been said that if an attacker wants to really get into your system he/she will.  That holds true these days because there are state-sponsored attacks by certain government entities that sponsor hackers for their own gain.  However, even with this known fact you are not absolved from your obligations to thwart an attack on your firm and its data.

So you are all shaken up now, what are some of the things you can do to curb such problems?

One of the most convenient methods used to communicate between attorneys and clients is e-mail.  It is a staple in our arsenal these days.  We can churn out messages and get a response from the other party almost instantaneously.  But at the same time it is one of the biggest security holes that exist.   E-mails that are considered sensitive should always be encrypted.  Encryption allows your e-mail to be sent through a secure channel and if intercepted it cannot be deciphered.  By default e-mails are not encrypted and should be viewed as a virtual postcard.  If you wouldn’t want everyone reading what you’ve written in public then it shouldn’t be sent without encryption.

One of the most common ways to go about this is to have a system in place where you type in a pre-defined keyword into the subject line and the system will encrypt the e-mail based on spotting that word in the subject.  This works great because it allows for all devices that are linked with your e-mail account to have access to the feature without additional software/apps to be installed.

Another method is to have a firm-wide system that will automatically scan for any sensitive information contained in any outgoing e-mails.  That information can be defined as Social Security Numbers, HIPAA, credit card numbers, bank account information and so forth.   This method can also be used in conjunction with the previous one for added levels.

E-mail accounts are also often tied to mobile devices.  Most firms allow users to “bring your own device” (BYOD).  In that circumstance your BYOD policy should state that users must have passwords on their mobile devices.  This is an important step because if someone loses their phone the intruder would have to know their device password to gain access to any information on that device including e-mail.

The next thing to evaluate is user authentication methods.  Most of us are familiar with a two factor authentication.  This is where you input a username and password to gain access to a system.   A good chunk of users do not have complex passwords.  I hear the complaints all the time, “Come on another password?  Do I have to use a special character?  Do we have to change passwords every 90 days?”  My answers are always “Yes.”  Security is an inconvenience and we cannot lose sight of why we need to be more secure.  Adding in a third layer of security allows for greater protection.  Often times these are either hardware/software tokens or security codes.  These are all one use codes that are used in addition to your username/password to authenticate you onto the network.

Employee education is mandatory.  You see a lot of attacks that are socially engineered to play off of people’s missteps.  You have to educate employees and hold them accountable for things that they may do on the system.  At times you have to protect your employees from themselves through access limitations.  If there is certain access that is not needed to complete a job function, block it.

Enable system wide auditing and monitoring so you know what’s coming in and going out of your system.  But don’t just enable it, actually look at the records.  There have been countless situations where things were happening on a company’s network and because nobody bothered to look at the logs they had no idea.

Backup, backup and backup.  To add insult to injury nothing can be worse than having your data compromised only to realize that your firm did not have an adequate backup of it.  Backups not only have to be done but they have to be tested and verified to be in working order.  In the event that data is lost it is your only way to restore the missing information.

There are many different things that will help in protecting your firm from an outside intruder.  Security is a multi-layered approach and it is a constant.  There is no solution in a box nor can you have a set it and forget it mentality.  As cybercriminals change their methodologies we have to as well.  Your employees are your first line of defense.  Keep them educated, informed and trained on the latest threats.  If they can identify an abnormality it can save you time, money and more importantly your reputation.

Reprinted with permission from the June 6, 2016 issue of the New Jersey Law Journal. © 2016 ALM Media Properties, LLC. Further duplication without permission is prohibited. All rights reserved.

VMWare Professional Solution Provider Status Achieved

fluiddesigns_vmware

Fluid Designs, an New Jersey based IT services provider, has met the competency and certification requirements to become a VMWare Professional Level Solution Provider. We are committed to providing our clients with the highest quality of service this new partnership allows us to serve them better.

“VMWare fits in with our best of breed philosophy. The reliability of the technology has proven itself over time and the versatility of the product line speaks itself. As an IT services provider we are always aiming to improve our offerings to bring complete technical solutions to our clients and this move does just that” said Stanley Louissaint, Principal & Founder.

As a VMWare Professional Level Solution Provider, Fluid Designs will aid clients with product selection, licensing, support contracts, purchasing and installations. VMWare carries solutions that range from the SMB to the Enterprise markets.

About Fluid Designs
Fluid Designs is a full service IT services provider. Fluid focuses on the computer, networking and application needs of small and medium-sized businesses. We specialize in the legal, finance and medical verticals. Through offering a variety of services that include computer/network consulting, planning, design, procurement, implementation, maintenance, management, litigation support, computer forensics and e-discovery services. The cornerstone of Fluid’s approach is providing you with a dedicated team that fully supports all of your needs.

 

Stanley Louissaint featured as a 2016 ChannelPro Visionary

stanleylouissaint_channelpro_visionary_2016

Union, NJ – May 12, 2016 – Stanley Louissaint, Principal & Founder of Fluid Designs, has been featured on the 2016 ChannelPro 20/20 Visionaries list.

“It is an honor to be recognized and featured alongside many trusted colleagues in the industry,” said Stanley Louissaint.  “At Fluid Designs we are always trying to figure out the best way to move the industry forward while meeting the needs of our clients.  They continue to allow us to open up, explore and build technology based solutions that help drive their businesses to the next level.  I want to thank our clients for the continued support and ChannelPro for their constant support of the channel through their many initiatives. ”

To develop the 20/20 Visionaries for 2016, the editors of ChannelPro-SMB turned an eye to the channel players and channel pros they have spoken with, listened to, and sat with face to face over the past year to compile a broad list of possible honorees.

The list and commentary will be found in the May 2016 print edition of ChannelPro-SMB.  Currently, it can be viewed on the ChannelPro Network website at: http://www.channelpronetwork.com/article/introducing-2016-channelpro-2020-visionaries.

About Fluid Designs
Fluid Designs is a full service IT services provider.  Fluid focuses on the computer, networking and application needs of small and medium-sized businesses.  We specialize in the legal, finance and medical verticals.  Through offering a variety of services that include computer/network consulting, planning, design, procurement, implementation, maintenance, management, litigation support and e-discovery services, Fluid is a one-stop shop. The cornerstone of Fluid’s approach is providing each client with a dedicated team that fully supports all of the client’s needs.

About the ChannelPro Network
The ChannelPro SMB 20/20 Visionaries is part of the ChannelPro Network. Our network includes websites, events, awards programs, research, and the monthly magazine ChannelPro-SMB.

The ChannelPro Network provides targeted business and technology information for IT channel partners who serve small and midsize businesses. The network delivers expert opinion, analysis, news, product reviews, and advice vital to a channel partner’s business success.

 

 

Windows 10

Windows 10 Upgrade NJ

Windows 10 is Microsoft’s latest desktop platform.  It is currently a free upgrade for computers that currently have Windows 7/8/8.1 installed.  The primary reason to move forward with this upgrade is that eventually Microsoft will cease to support the other operating systems previously mentioned.

Here are a few tips before you proceed with an upgrade to Windows 10.

  • Make sure that your applications are compatible with Windows 10.  
    Some software vendors still have compatibility issues with Windows 10 and their programs will not function correctly.  It is best to wait for their “OK” before you proceed with this upgrade.
  • Backup your entire system data and state.  
    In case of any errors having a proper backup will allow you to revert back, better safe than sorry.
  • If you currently watch DVD movies on your system you will need to install a 3rd party player after the update.
If you run into an issue performing this upgrade or would prefer that Your Local IT Computer Experts handle it for you, give us a call at 908.688.2444.

3 Data Backup Strategies: Tape, Cloud, Hybrid

computer cloud data backup new jersey

      Your computer networks and company data are your most valuable assets. Without a proper data backup strategy this data is at risk. Data loss can manifest itself in many ways bringing down your servers, computers and ultimately your network. What would you do if your computer systems were offline right now? Having the proper computer backup and recovery strategies are important. Here are three ways in which you can protect your computer and data networks.

    1. Tape and disk
      Using this method your company data is backed up once a day. Often times this requires human interaction. Somebody changes the tape in your server on a daily basis.
      There are shortcomings that come along with this strategy. First, the frequency of data changes very rapidly these days. Backing up once a day means that you can still lose a whole day’s worth of work. Additionally, the time needed to restore from a backup tape is usually the longest of all methods.
    2. Cloud based backup technology
      The next backup method is a cloud based backup technology. This scenario allows you to remove human interaction. It is a fully automated.This method also has some shortcomings. If your hardware suffers from physical damage, you have no equipment on-site which you can restore your data from. That is until you obtain equipment and access to backup servers, your company will remain offline.
    3. Business continuity methodology
      The last method is business continuity. This is more than a backup because it focuses on keeping your company up and running. With this solution we leverage the best parts of all of the backup methods. Your company’s data is continuously backed up to a local device and ten that data ends up being backed up to the cloud. This allows us to have a copy of your company data on-site as well as in the cloud. Your data is protected and is stored in multiple places.

Not sure what your current backup strategy is? Not sure which method you should go with? Give our experts a call 908.688.2444.

5 Tips to Keeping Healthcare Data Safe

healthcare-nj-computer-repairPatient data is constantly moving and the risks of a data breach continue to increase over time.  There is a constant escalation of medical/healthcare data breaches.  According to the FBI the Healthcare industry is not prepared to properly deal with these threats.  Here are five tips to protect your healthcare environment.

  1. Keeping legacy systems secure
    • Are you running legacy environments and need an interim solution for security protection?
  2. Safeguarding patient portals and datacenters
    • Do you have cloud and datacenter environments and how are they secured?
  3. Detecting and preventing breaches
    • Hackers are sophisticated and using targeted attacks to get into networks – how are you protecting your network from breaches?
  4. Protecting PHI in motion and at rest on all endpoints
    • Are you offering the best technology for mobile patient care and how are you securing it today?
  5. Meeting compliance needs
    • Are you trying to meet various compliance regulations that require security?

If you do not have the answers to the questions above then give our experts a call at 908.688.2444.  Our experts can help protect you from both current and future threats.  Call us today and schedule a complimentary assessment.

1 in 5 Employees Would Sell Their Company Passwords

Employee Passwords New Jersey

Employees are a vital part of any company.  They are the backbone to the success of your company.

Unfortunately, your employees can also be the biggest liability when trying to protect your company’s valuable asset, it’s data.

According to a 2016 Market Pulse Survey:

  • 1 in 5 respondents would sell their passwords to an outsider
  • 44% of those individuals would do it for less than $1,000
  • 1 in 3 employees share their passwords with other employees
  • 65% of employees use the same password among all company applications
  • 40% of respondents reported to having access to corporate accounts after leaving their last job
  • 26% of employees admitted to uploading sensitive information to cloud apps with specific intent to share that data outside the company

Have you taken the proper steps to protect your company’s data from your employees?  If not, your only exposing your company to greater liabilities.

Give us a call today at 908.688.2444 for a complimentary assessment and let our experts help you protect your most valuable asset, your company data.

Malicious Software: Ransomware It Will Cost You

Malicious Software NJ New Jersey

Malicious software is a daily threat that has proven to be costly.  One type of malicious software is Ransomware which uses encryption technologies to encrypt all of your data and holds it hostage.

At this very moment, Hollywood Presbyterian Medical Center in Los Angeles is experiencing this hostage situation.  All of the hospital’s patient data files and databases have been locked up and encrypted by Ransomware.  The organizations entire computer network has been offline for approximately over a week and patients have been redirected to other area hospitals to be served.  For a measly payout of $3.6 million all the data will be released from captivity.

According to the Cyber Threat Alliance, CryptoLocker 3.0, the leading ransomware package brought in an estimated $325 million in revenues for 2015.  The number of attacks doubled over the previous year.  So what do you think is in store for 2016?

Ask yourself, if malicious software made its way into your network:

  • Can you guarantee protection of your client information, files and data?
  • Can you fully recover your data without paying the ransom?
  • Can you minimize downtime and lost revenue?

If you cannot answer YES to all of the above then our Business Continuity Solution is for you.

With our Business Continuity Solution the answer to all of the questions above is YES.

Give us a call today at 908.688.2444 and let our experts protect your network from the detrimental effects of malicious software.

When Does e-Discovery Start?

e-Discovery Start

By: Stanley Louissaint

A common misconception is that e-discovery begins when a suit is filed and a litigation hold is received. This could not be further from the truth. Data preservation and retention procedures are something that your clients need to have in place long before a suit even happens. The huge burden that e-discovery is known to place on a client is often due to the lack of instituting proper policies and procedures around data retention. Admitting that we live in a litigious society may be an understatement. Since we are aware of that from the onset, there are ways in which we can best equip our clients to protect themselves in the event that a suit arises.

One of the most frustrating things for counsel is the lack of information provided by a client. Knowing that a piece of information had existed and your client is no longer in possession of it to help prove his/her position is everything short of satisfying. I have witnessed many attorneys scour the earth to try to retrieve a small piece of information that they knew was pivotal to changing the outcome of their case. Aside from putting out the fires that your clients create, you, as an attorney, also have a duty to help provide your client with proactive and preventative solutions.

Every organization should have a basic electronic data retention policy in place. This is applicable to any and all electronic media. Everything ranging from Microsoft Word documents, PDFs, emails, text messages, and even internal instant messages. Some organizations are bound by regulatory and compliance bodies that force their hand into this, but many are not. Through my work as a consultant, I see that a lot of people haven’t given any thought to data retention policies, nor do they have any idea where to even start.

Before we move on, I want to be clear about one point. I am not advocating that companies retain all data for an infinite amount of time. But simply that they create and build a retention policy that is to be designed for a client’s individual business needs and legal considerations. When that predetermined period of time is exhausted, the data will be removed in the ordinary course of business. Of course, there is still the chance that, even if you destroy data according to your policies, you may still need it to defend yourself, so delete with caution.

This is an area where legal and tech have no choice but to intersect. As the attorney, it is important for you to understand the technologies that exist to help facilitate these data retention policies. The first question to ask is whether the client plans on storing their data on-premise or in the cloud. On-premise means that they will have servers in their office locations and everything will originate from there. Storing data in the cloud means that their data will reside in a third-party datacenter off-premise.

More often than not, your client will not own the hardware that their data is stored on when utilizing the cloud. This poses an interesting situation because not all cloud-based solutions offer the ability to create a customizable policy to properly retain data. So, depending on what the needs of the company are, not all cloud solutions are viable. This is a primary reason why some companies have chosen to shy away from implementing cloud-based solutions. Still, if your client chooses to implement cloud-based solutions that don’t meet the data retention requirements that are needed, they are not absolved of their responsibility. These are the times in which clients tend to act on their own behalf and it’s your job to fully advise them of the ramifications for doing so.

Now we have to find the data. That’s right—most organizations have no idea what data they are in possession of and where that data is even stored. Data can be stored everywhere, from the servers to user’s workstations, laptops and even mobile devices. Your technical experts should have the tools to seek out all the data that and where it exists within the organization. If your client doesn’t know what they have, then they don’t know what needs to be protected.

Rely on software vendors with a proven track record. Software vendors have built applications that allow us to create archives and store them in data vaults. In the technical world, archiving has been a term widely associated with emails.
As an on-premise system, let’s take a look at the Microsoft Exchange email platform. Exchange is still the most widely used on-premise email solution in business environments. Initially, the application did not have the built-in capabilities to globally archive emails, and you needed third-party tools to do that. As e-discovery and legal requirements have become a larger concern to the masses, Microsoft has integrated archiving features as standard into its platform. This helps to cut down the costs, as there is no need to purchase an additional archiving program.

Another feature that Microsoft added with its latest email platform is the ability to save a copy of all incoming/outgoing text messages to the user’s email box. The minute that data hits the email server, you are able to record and archive that data in accordance with the policies you have in place, just as you do with other emails.
For a cloud-based system, let’s look at the popular Google Apps email platform. Google has added the option of Google Vault, which adds archiving and e-discovery to the platform where all organizational emails can be stored for a certain period of time. Recently, I was involved in a case where there was a litigation hold in place, and the client utilized Google Apps but did not subscribe to the Google Vault service. This seemingly minor oversight created a situation where the client was not in compliance with the litigation hold, since there was no email archiving solution in place to preserve emails.

Next, make sure that there is an e-discovery component built in to the software of your choice, which allows for rapid searches and extraction of relevant information.

Being that a litigation hold means that you cannot delete your old data, you need to be able to place a hold your data retention policies. During the period of time that your hold is in effect, you cannot delete any of the data in accordance with the policies that you’ve created.

We focused on some of the options available to archive emails, but solutions exist for all types of data. The reality is that everything needs to be properly archived and retained according to a retention policy. Counsel and technical experts have to work together to craft policies that fit our individual clients’ goals and objectives. By working together and taking a more proactive approach, we can help to limit the costs of e-discovery should our clients become involved in litigation.

Reprinted with permission from the October 6, 2015 issue of the New Jersey Law Journal. © 2015 ALM Media Properties, LLC. Further duplication without permission is prohibited. All rights reserved.

Who has the keys to your network?

lockdoorchain
There are two types of companies, those who have been breached and those who do not know that they’ve been breached.

October is cybersecurity awareness month.  We want to share a few tips to help you protect your company from the every so growing security threats to keep your keys safe.

1. Have a multi-layered security approach.  The most widely used authentication method is two-factor authentication. This combination typically consists of a username and password.  However, did you know that you can add another layer that?

2. Complex Passwords.  Your passwords should be a minimum of eight (8) characters consisting of numbers, lowercase/uppercase letters and symbols.

3. Force Password Changes.  Do enforce a password change policy on the company network. Anywhere from 60-90 days. This will force the users on your network to be compliant and change their passwords when they expire.

4. Lockout Policies.  Do not allow unlimited password attempts on your network. After three (3) invalid password attempts the user account should be locked.

Need help with your network security policies?  Give us a call today at 908.688.2444 and let our experts protect your keys.

Why Are Lawyers Still Afraid of E-Discovery?

whyarelawyersafraid

By: Stanley Louissaint

We often fear what we do not understand, and lawyers are not exempt from this theory. E-discovery is still one of those items often dreaded by law firms … and sometimes for good reason. There is a dark cloud of mystery around e-discovery and at times it is hard to see through it. Some questions that often arise include: How is e-discovery supposed to be used? What are the real benefits? Why can’t we go around it?

When e-discovery first appeared, it was perceived as a mysterious thing that computer/technical people created. Actually, that is only partially true. As soon as the ability to store electronic data became available, e-discovery began to play an integral role in legal matters. In my daily work, I often find that the mystery surrounding e-discovery is still prevalent in many of today’s law firms.

One of the larger hurdles surrounding e-discovery is those parties who have the job of educating others about it and its various uses. More often than not, individuals who are technical in nature are in charge of spearheading this initiative. Frequently, these individuals have a hard time properly conveying their message to the attorneys. Before we even begin any e-discovery-related tasks, the first thing I do is educate those who are working on the matter about what we are doing and why. This allows for all parties to fully understand what the mission is and how e-discovery will impact the current case. The education of all who will be involved is an integral part of the process; without it, difficulties arise while working through the e-discovery process.

Please note: You cannot survive in today’s litigation climate without the use of e-discovery. I mean, you can try but you will not be successful. We are constantly creating data in this new data-intensive world and reinforcing the need for e-discovery. There are emails, text messages, Web pages, word processing documents, paperless offices, digital client files and the list goes on. Standard sized file cabinets have turned into hard drives/USB flash drives and other types of storage devices. Digital data cannot be avoided, and it’s here to stay. The creation and use of electronic media impacts each and every one of us, whether we want it to or not.

Resources are another major challenge that firms face today, for they often lack the adequate manpower needed to get through the newfound burdens that e-discovery can place. This issue always appears during the review stage. The ability to dedicate different teams of people who are available to constantly review the influx of data that continues to come in is a resource that most firms do not have. A way to combat this problem is to first properly draft your e-discovery demand. This can be challenging, as attorneys like to cast a wide net during this process to avoid missing some vital piece of information. The wider the net, the more data you will receive from your adversary. With more data comes more time to process, cull and review that data. Also, widening your request can create this negative effect of exponentially increasing your data collection or putting an undue burden on the other parties involved.

However, properly drafting your discovery demand means asking the right question for your request. Some of the questions you will answer are: What are the search terms? Who are the custodians? What’s the date range that needs to be searched? Are these searches to be performed on the entire network? Or just portions of it, such as just the email server or file server? Certain businesses have proprietary software that runs their business; do you know if this exists? If so, how will you read this data once it’s received by your team? Is the data hosted on-site, in the cloud or is it a hybrid solution? There are many questions that need to be answered before you can properly move forward.

To help alleviate this burden, a firm can partner with a vendor who specializes in this area instead of attempting to handle it in-house. Being able to call on a resource on an as-needed basis proves valuable on many levels, but the cost savings factor is a major one. There are many issues that arise, and inexperience is a sure way to increase the costs surrounding e-discovery.
What file format will be provided by or to adversaries? It is mutually beneficial for both parties to agree on which file format the discovery will be produced in during the discovery demand phase. This is an area where a lot of resources will get spent if this phase is not done properly. Files can be provided in native form, single-page TIFFs, multi-page TIFFs, single-page PDFs, multi-page PDFs or searchable formats. Native form is searchable, and anything that is not searchable can be run through the optical character recognition (OCR) process. It can get costly if time has to be spent converting and matching up files that were not produced properly. Of course, there are exceptions to the rule where you cannot help but to get certain things in their native form because of special file types; but having an agreement between both sides before production begins allows there to be a predictable outcome when the data is imported for review.

You have now received the data requested from your adversary. Your next step is preprocessing the data to make sure it is what you’ve asked for. Is this from the requested custodians? Does the date range match what you asked for? Are there duplicates? With this step you can further cull out unnecessary data for the review process and prepare it for import into your review platform. The review platform is where you will perform document coding, sorting, tagging, searches and the final review of the data in question.

During the review step, you will look for the data that will support your position. As important as it is, this too is where many attorneys get bogged down. Because of the potential for massive amounts of data collections, it becomes an intensive and laborious process to sift through the data to find what you’re looking for. I’ve been part of review processes that have contained millions of documents that felt as if you were looking for a needle in a haystack. But this is the job that attorneys are hired by their clients to do—find that needle. Having the proper e-discovery review tool and the people who know how to use it gets you through this monumental task. You have to ask yourself, what is the alternative? In reality, the alternative is printing every sheet of paper out and reading it line by line. This, by far, does not sound either efficient or cost-effective.

The old way of dealing with discovery is gone. E-discovery has arrived and it is here to stay. Instead of attempting to avoid it, you have to embrace e-discovery entirely. Over time the way in which we currently use it will undoubtedly change. Tools will improve, and counsel will ultimately accept this method as part of the new standard operating protocol. Partnering up with the proper vendor to help facilitate these needs will spare you the costly mistakes that can happen when entering this unfamiliar territory. E-discovery is another tool in the toolbox which lawyers can use to zealously assert their clients’ position while simultaneously elevating their skill set.

Reprinted with permission from the June 22, 2015 issue of the New Jersey Law Journal. © 2015 ALM Media Properties, LLC. Further duplication without permission is prohibited. All rights reserved.

Retail Data Or Healthcare Data: Which Is More Secure?

By: Stanley Louissaint

Data breaches are one of the biggest threats and concerns today for an individual. There are two industries where these threats have impacted individuals the most — healthcare and retail. Does either one of these industries pose a greater threat than the other? I think so.

Retailers have a history of being lax in their security protocols as it pertains to protecting customer information. The primary objective of a retailer is to sell more goods to the consumer. A method used to facilitate that goal is by offering customers as many payment options as possible. For a majority of stores these payment options include utilizing a major brand credit card, a store card, check, and/or cash.

The primary data target of breaches, as it pertains to retailers, is typically not customer information but their major brand credit card information. The value lies in the ability to make purchases before the credit card company has a chance to figure out what’s going on.

After the credit card information is stolen from a retailer things often move rapidly. Cybercriminals proceed to sell this information to other criminals who will then make physical credit cards out of this information and go on a buying spree with your money. Once the threat is detected, usually by the credit card company, all the affected accounts are deactivated. The customers are then issued new credit cards to replace the compromised ones and they are offered some sort of free identity protection service.

In addition, there have been instances where customer information, such as email addresses, has also been stolen. The purpose behind this is that phishing attacks can be carried out, for the senders can disguise their email to be from a retailer that you have previously done business with. This type of breach requires more effort to cultivate the data and get the customer to willingly give up the information by being fooled. Well is there an easier way? Yes, healthcare.

Healthcare poses the biggest data breach threat. The value of the target is higher in healthcare organizations as a patient record is a treasure trove of information that contains highly sensitive data about an individual. Patient records include things such as name, address, date of birth, social security number, health insurance billing information, employer data, health history, credit card numbers, and even a photograph in some instances.

The underground cybercriminal exchanges can fetch between 10 to 20 times more money for patient data than consumers credit card information. Unfortunately, there is also another added benefit for cybercriminals which is that there is typically a long delay in the detection of the fraud. It is up to the patient, the provider and/or health insurance company to realize that there is a problem.

But what else can be done with this information? A data breach that occurs within a healthcare organization poses far greater risks because of the single fact that the cybercriminal has all the pertinent information to actually pose as that individual.

A criminal can actually utilize your benefits as if it was their own and bill your health insurance carrier for procedures that you never had done. Criminal networks run deep and reach many elements of life and because of that, some providers will knowingly bill these accounts for services that were never provided. There have even been instances where diseases or illness that people have never had, show up in their medical records which can affect the patient care you receive.

Even more alarming is the ability to pretend to be you, and open up credit accounts in your name. We all know the importance of credit in this country and having patient data stolen is another way in which identity theft can occur.

While both retail and healthcare industries remain vulnerable, one remains to stand out as the biggest data breach threat, healthcare. As retailers struggle to fix their issues and secure their systems, the credit card companies already have systems in place to protect the consumer from fraudulent card activity. Soon after they are alerted your credit account is deactivated and a new card is sent out to you, minimizing the impact. But when it comes to patient data the information that is contained within a medical providers database cannot be so easily changed. You will not get a new name, social security number, date of birth or health history. This information can be used to target an individual over and over again with little to no recourse. For those of us who work in either of these verticals it is important that we remember that our job is not only to protect our client but to protect each and every customer or patient that conducts business with them.

Originally published on Business Solutions Magazine

5 Warnings About Jurisdiction & Cloud Storage

ipadclouds
By: Stanley Louissaint

Technology and law are two things that can never seem to get on the same page. Technology moves at such a rapid pace that the law can never seem to catch up. Now, mix in the advent of cloud storage and the complexities begin to mount. Cloud storage has spurned a global phenomenon where your client’s data can be housed anywhere in the world. Without even knowing it, your client’s data stored in the cloud can be subject to local, national, and even international laws.

Having a number of law firms as clients I have been privy to some pertinent information regarding cloud and jurisdiction. There are ways to tip the legal scale to your benefit, but as with anything it starts with asking the right questions from your cloud service provider. If you never ask, you will never know.

Finding out the answers to the following questions will give you a clear view on your cloud provider and how jurisdiction may affect your clients:

  1. What is the content of the cloud data? Depending on the nature of the data that you are storing, there could be a legal obligation that takes precedence and immediately forces your cloud data to be part of your local jurisdiction. Two industries where this applies are healthcare and finance. These industries are heavily regulated and it is your job to make sure that the cloud provider that you use can comply with the regulations in place.
  2. Are there any mutual legal assistance treaties (MLATs) in place? An MLAT is an agreement between two countries that creates international legal obligations to assist each other in prosecutions. Depending on the location of the physical servers where you are storing your client’s data, that country may be legally obligated to hand over data if requested.
  3. In which country is the cloud provider based? The location of the headquarters of the cloud provider can play an even bigger role than where their servers are located. In the United States there is an ongoing battle between a major corporation and the U.S. Government. The issue is that the government has requested specific data stored in the cloud provider’s data center on servers located in Ireland. Handing over this data would cause the cloud provider to violate the data privacy laws in Ireland and not providing it will cause them to be in contempt of court of a U.S. court ruling.
  4. How many data centers are there and where are they? Cloud providers tend to replicate data across multiple data centers in different geographical locations. If your provider is offering this “feature” you are potentially exposing yourself to multiple jurisdictions, each with their own set of laws.
  5. What happens if there is a data breach? If there were to be a data breach, what law applies? Would it be the law where the customer, cloud provider or server is located? The standard practice in the U.S. is to notify all customers of a data breach. If your cloud provider is located elsewhere are they legally obligated to notify you?

Being in technology we accept the fact that there are inherent risks that cannot be avoided. But you have the ability to mitigate some of them to the benefit of your clients. Jurisdiction as it pertains to cloud computing is still “cloudy” to say the least, but by asking the right questions you can get a clearer picture. Data that may be secure in one jurisdiction may not be secure in another. Always be aware of your client’s individuals needs when it comes to what they need out of a cloud provider, but also be mindful of the local laws that still govern them, even while utilizing cloud providers.

Originally published on Business Solutions Magazine

Call Us Now at 908.688.2444 and Receive a Complimentary Consultation!