Month: June 2019

Categories
Blog

Who Has the Best Tech Support for Businesses in Frisco, Texas?

Managing your business is difficult, but it can get a lot harder if your information technology support and infrastructure aren’t up to snuff. That includes everything from your productivity software to your telephone systems — any of which can easily derail your staff for an afternoon if something goes wrong. While your in-house IT help desk may be familiar with the details of your business, have you considered the many benefits of outsourcing your tech support to a team of Frisco, Texas specialists?

What Type of Desktop Support is Provided?

Is your internal technology team spending a great deal of time resetting passwords, finding lost files and granting access to software platforms? That time could be better spent helping move your organization into the future! Working with an outsourced information technology support team, you can supplement your excellent internal resources in a way that helps improve the quality of life for your business professionals and technology support team alike. If your business is constantly being distracted by these nuisance requests, you’re not able to push forward into the future in a way that will help your business remain competitive in a fast-moving marketplace.

How Much Does Information Technology Support in Frisco, TX Cost?

While there is no easy answer, your information technology support professionals should be able to dive into your business and determine the level of support that you will need both now and in the future. That could include everything from managing your Microsoft Office suite licenses and Windows licenses to providing break-fix support for a specific number of servers and desktop computers. You might also include WiFi and telephony-managed services in your IT support. The variable needs of businesses make it challenging to provide a simple estimate, but a trusted service provider will be able to get relatively close after their initial consultation with your team.

How Can Tech Support Help With Business Software?

There are a variety of ways that your technical support team can help with business software: from integrations of new platforms to helping write Requests for Proposals (RFPs) for new systems. IT consultants see a wide range of different software platforms, from the familiar Microsoft Office to business-specific applications. External consultants are able to leverage this knowledge to provide you with a highly-qualified opinion on moving forward quickly and effectively with your platform of choice.

Will the Technology Jargon Be Over My Head?

Our team is comfortable speaking with individuals at all levels of your organization, providing them with the trusted and timely technology support that they deserve. At Data Magic Computer Services, we pride ourselves on offering information technology support in clear, understandable language. From proactive monitoring solutions to finding and eliminating problems with your process, our technicians are adept at resolving problems before they have a chance to escalate and damage your business reputation. When there’s a shared understanding of the needs of the business, there’s no reason for technical professionals to speak over the head of individuals without that background.

These are only a few of the many benefits of working with a dedicated and trusted information technology services partner. You’ll appreciate the solid business advice, the approachable language and the ability of the Data Magic Computer Services team to make your information technology “simply work”. Contact our team today at 469-635-5500 to learn more about the services we offer for your business or request your free initial consultation online.

Categories
Blog

Important Warning From The FBI

https fbi warning

Hackers Now Using HTTPS To Trick Victims Via Phishing Scams

Everything you’ve heard about the safety of https sites is now in question. According to a recent FBI public service announcement, hackers are incorporating website certificates (third-party verification that a site is secure) when sending potential victims phishing emails that imitate trustworthy companies or email contacts.

These phishing schemes are used to acquire sensitive logins or other information by luring people to a malicious website that looks secure.

Can You Still Count On HTTPS?

The “s” in the https along with a lock icon is supposed to give us an indication that a website is secure. And your employees may have heard this in their Security Awareness Training. All training will now need to be updated to include this latest criminal tactic.

What Should You Do?

Be Suspicious of Email Names and Content

The FBI recommends that users not only be wary of the name on an email but be suspicious of https links in emails. They could be fake and lead you to a virus-laden website. Users should always question email content to ensure authenticity.

  • Look for misspellings or the wrong domain, such as an address that ends in “com” when it should be “org.” And, unfortunately, you can no longer simply trust that a website with “https” and a lock icon is secure.
  • If you receive a suspicious email that contains a link from a known contact, call the sender or reply to the email to ensure that the content is legitimate.
  • If you don’t know the sender of the email, the FBI warns that you shouldn’t respond to it.
  • Don’t click links in any emails from unknown senders.

If You Run A Business Ask Your IT Service Company About New-School Security Awareness Training For Your Employees

This will give your staff the latest information about cyber threats and exploits. They’ll learn what they need to know to avoid being victimized by phishing and other scams.

Why Use New-School Security Awareness Training?

Your employees are the weakest link when it comes to cybersecurity. You need current and frequent cybersecurity training, along with random Phishing Security Tests that provide a number of remedial options if an employee falls for a simulated phishing attack.

New-School Security Awareness Training provides both pre-and post-training phishing security tests that show who is or isn’t completing prescribed training. And you’ll know the percentage of employees who are phish-prone.

New-School Security Awareness Training…

  • Sends Phishing Security Tests to your employees to take on a regular basis.
  • Trains your users with the world’s largest library of security awareness training content, including interactive modules, videos, games, posters and newsletters, and automated training campaigns with scheduled reminder emails.
  • Phishes your users with best-in-class, fully automated simulated phishing attacks, and thousands of templates with unlimited usage, and community phishing templates.
  • Offers Training Access Levels: I, II, and III with an “always-fresh” content library. You’ll get web-based, on-demand, engaging training that addresses the needs of your organization whether you have 50, 500 or 5,000 users.
  • Provides automated follow-up emails to get them to complete their training. If they fail, they’re automatically enrolled in follow-up training.
  • Uses Advanced Reporting to monitor your users’ training progress, and provide your phish-prone percentage so you can see it reduce as your employees learn what they need to know.  It shows stats and graphs for both training and phishing, ready for your management to review.

Your employees will get new learning experiences that are engaging, fun and effective. It includes “gamification” training, so they can compete against their peers while learning how to keep your organization safe from cyber attacks.

Add New-School Security Awareness Training To Your Current Employee Training

The use of https is just the latest trick that hackers are using to fool victims into falling for malicious emails. Hackers have many more “up their sleeves.” This is why regular, up-to-date New School Security Awareness Training is so important for any organization.

Categories
Blog

Why Do You Need to Back Up Your Data? Top Five Reasons

We’re all used to the system of “backups.” We make backups of our important documents. We all have a spare tire in our car’s trunk. If you have kids, you take extra clothing for a day’s outing because you know that whatever they’re wearing will be covered in ice cream or ketchup before long.

Oddly, very few people have a backup of their entire database. Maybe it’s because we think that some of our documents are not that important. For businesses, every document is important. And even if it isn’t, who’s going to go through all those docs each day and decide? It’s just easier to create a backup of everything.

Now the next question is about how often a business owner should make those backups. Think about how much your data changes each day. How many records do you add to your data in a day’s time? How many emails? For some businesses, it is necessary to make multiple backups throughout the day. If you lost just one day’s worth of orders, it could equate to thousands of dollars.

With that in mind, let’s go over the top 5 reasons why business owners should perform data backups each day.

1. Errors

Nobody’s perfect. Everyone makes mistakes. What if a new IT employee accidentally deletes thousands of records? Some employee at a workstation could get busy and delete an important contract. One thing for sure about business is that it takes people to get the work done and anytime there are people involved, there WILL be mistakes.

2. Viruses and Ransomware

Here’s that careless employee again. This time, he opens an email that’s infected with malware. Suddenly it spreads to 10 computers. What will you do? Can you fully recover all the information that was lost? Only if you make frequent daily backups of your data. With ransomware now the number one cause of lost data, you must protect your company. You’ve worked too hard to just lose everything to some hacker on the other side of the world.

3. Audits and Taxes

Many businesses are required to maintain copies of their records for a period of time. This is especially true for those in the legal, medical and financial industries. If you don’t properly adhere to the rules, you could be heavily fined by organizations like HIPAA. Businesses usually undergo audits on an annual basis. Every file is important. What if you made a $10,000 equipment purchase but no one can find the receipt? What if you donated $20,000 to a charity that has since gone out of business? Can you support those expenses with the proper documentation? Audits are stressful enough, but when you have data backups of all those records, you can answer those tough questions for the auditors.

4. Natural and Manmade Disasters

According to the EM-DAT, the total number of natural disasters has been steadily increasing. In 1970, there were only 78 reported natural disasters but in 2004, there were 348 disasters including hurricanes, tsunamis, tornadoes, and wild fires. No one will ever forget Hurricane Katrina in 2005, which nearly wiped out the city of New Orleans. But just recently in southeast Texas, a tornado tore a 44-mile path of destruction from Rusk County to Houston and Cherokee Counties. It was so big that it could be observed from the space station. From fires to hurricanes, disasters are increasing so the only thing we can do is be prepared. And that includes regular data backups.

5. Business Continuity

Sometimes unexplained and terrible things do happen and for business owners it can spell financial disaster. One of the biggest issues for business owners is getting back up and running after some type of tragedy such as a theft or the roof being blown off your building. The longer it takes you to recover, the greater your financial losses. If you can rent temporary space, restore all your files and get back to your regular routine within 2 weeks, you can usually save your company. But often business owners don’t have a strong contingency plan. They just tell themselves that bad things only happen to bad people, so they don’t prepare. Business continuity is about being able to recover in the shortest amount of time, so your business barely suffers loss.

You Can Beat The Odds!

As you can see, there are probably more reasons to back up your data than you ever thought. And these are real things that could and do happen every day across America. Good planning can save you though. And good planning starts with good data backups.

A study from the University of Texas shows that 43 percent of all companies that suffer a major data loss will never be able to recover. They just can’t get back on their feet in a timely manner, so they have to close the doors. It’s a heartbreaking reality but you can do something about it. When you have good, strong backups of your data, you can rent another space somewhere and get back to work within a week or so. And that’s the difference between surviving and going bankrupt.

If you work with a good managed IT provider, they’ll even help you set up your new space so that employees can come in and do their jobs each day with good internet and reliable computers. Downtime is expensive for most companies. But it is something you can remediate with the right business continuity plan. And that includes reliable daily backups of your database.

Categories
Blog

How to Create a Strong Password You’ll Remember

Nearly every site or service we use online requires a username and password. Remembering hundreds of unique passwords is just about impossible, and reusing passwords across multiple sites can be dangerous. If one account is compromised in a data breach (and this is likely: check out IdentityForce’s list of all the breaches so far this year), any other account using that same password is now at risk.

Password Changes

Today’s username and password convention is a difficult system to manage well, but it remains important to create strong, unique passwords for your various accounts. We’re here to help today by sharing a few ways to create unique passwords that are strong and memorable.

Base Your Password on a Familiar Phrase

One way to make a password easier to remember is to base it on a phrase or term that’s familiar to you. Notice we didn’t say to use a term that’s familiar to you: “ilovesarah”, “sparky”, and “gocowboys” are all terrible passwords because they’re easy to guess. Anyone who knows that your wife’s name is Sarah, that your dog’s name is Sparky, or that you love the Cowboys might guess these easily.

Instead, come up with something creative, but that still has a connection to something you won’t forget. Something like “R3dsk1nsRool!” would be hard to guess since it runs counter to your actual interests, and it would be hard to crack due to the character variations. You’ll have an easier time remembering it, though, since it connects to one of your true passions.

Another variation on this theme is to take a poem or song lyric that’s meaningful to you and turn it into an acronym. “Row, row, row your boat gently down the stream” could turn into “RrrybGdtS”, for example. Easy to remember; hard to guess.

Use Long Passwords

Long passwords are hard to guess, but they’re even harder to crack using hacker tools. Use a memorable phrase in its entirety, or choose a series of seemingly unrelated words that mean something to you. You’ll create a password that’s easier to remember than the previous method and that’s even harder for a computer to crack. Check out this Xkcd comic, which illustrates this principle with an added dose of humor.

Use Two-Factor Authentication Wherever Possible

You should enable two-factor authentication (2FA) on any site that offers it. 2FA adds a second method of authenticating that you’re who you say you are. Most 2FA methods involve sending a numeric or alphanumeric code to the account owner (that’s you). This code can be sent via email, text message, or even be displayed on a physical key fob. The code is only good for a short window (usually 1, 2, or 5 minutes). After supplying your username and password, you’ll be asked for this code.

Most consumer applications of 2FA involve sending the code via text message. Unless a hacker has stolen or cloned your phone, he or she won’t be able to view this code and thus won’t be able to log in to your accounts—even with your username and password.

Change Your Password Frequently

Changing your password frequently is another way to stay ahead of information thieves. A stolen password is only useful until you change that password to something else. It’s good practice to change your passwords frequently, such as every 3 to 6 months. We realize that can be a lot of work. Changing only your most sensitive passwords (financial, social, and email) is better than changing none.

Use a Password Manager

All this sounds like a lot of work, and it is. Thankfully, there’s a better way. Using a password manager, you can create long, unique, complex passwords for each account — but you don’t have to worry about remembering them! All your passwords are stored in the password manager. All you need to remember is the strong master password you create for this utility.

Categories
Blog

What Technology Should Small Law Firms Choose

It is questionable whether there is any industry today that has not been forced to adopt new technology to remain competitive. But for small law firms, the need to utilize technology appropriately is necessary for more than just competitiveness—it is actually being increasingly pushed by jurisdiction. In just the past few years, the ABA Model Rule 1.1 went through revisions so that the rule now states that attorneys need to maintain a certain level of competence with technology, and 36 states have adopted the revised comment to Rule 1.1.

Lawyers Looking At A Computer

With technology competency becoming a standard for practicing attorneys, it is clear that every law firm needs to do what it can to incorporate technology into their practice. What this adoption will mean may vary somewhat from firm to firm, but the general push should be to meet the standards of the industry in all possible areas. For many firms, that will mean making some changes.

Technology for Small Law Firms—What You Need to Know

Where you and your firm sit on the technology spectrum may be far different from another attorney or another firm. You may have already taken significant steps to incorporate technology tools into your operation. You may have been doing things the same way for decades and only be interested in making the minimal changes to comply with changing professional expectations. Or, you may be somewhere in the middle. The following tips are meant to serve as a starting point on how to identify where changes need to be made and to make those changes as efficiently as possible.

Set aside time for research and the adoption of new technology.

For most lawyers, time is at a premium. Between courting new clients, keeping up with legal changes, researching cases, preparing and filing documents, traveling and doing all the other things required for you to run your firm, you are probably quite pressed for free time. However, you are also adept at measuring the workload of new projects and making time for those projects—which means you have the ability and aptitude to make technical changes to your firm. You just need to remain aware of what you are getting into and set a pace that fits with your circumstances.

If you do not want to do all of the work yourself, you can also delegate or outsource it. Whether you assign duties to employees, hire an IT services company familiar known for servicing law firms, or both, you can accomplish a lot when you share the workload.

Learn what it means to be technically proficient as a law firm.

You may already have clear ideas about the changes you need to make. But if you aren’t, consider doing some research on legal tech today. There are books available that discuss legal tech for small firms and there are plenty of websites that do the same. Educate yourself on what a technologically savvy firm looks like today so you can see where your firm is lacking and where you should aim to be moving forward.

Areas to research include:

  • Document management
  • Time and billing software
  • Legal practice management software
  • Collaboration tools
  • Security technology
  • Mobile technology
  • Potential technology certifications available

Conduct an assessment of the technology your firm uses.

Once you have an idea of what the expectations for legal technology use are in today’s environment, you can conduct an assessment of your firm to see where you are and what changes you need to make. Identify what technology you currently use for various tasks, determine what changes need to be made, if any, and then make a plan to facilitate those changes.

Prioritize technology adoption.

Ideally, you could make all the changes you need to make simultaneously. But if you do not have the time, resources, or assistance to make all those changes possible right now, you will need to prioritize which are most important. Your priorities will be based on the specific goals of your firm. For example, e-filing is becoming an industry standard for law firms. If you are still using mostly paper, moving into an e-filing system will probably be a big priority. That may mean purchasing a scanner to digitize your existing documents, as well as implementing an e-filing system for your firm to use moving forward.

Consider Partnering With A Managed IT Services Company.

Most small firms do not have the resources to employ a dedicated IT department. Managed IT services offer a way to take advantage of technical proficiency and skill sets as you need them—like when you need to do a technology overhaul on your firm. You can get the assistance you need from professionals so you can focus on running your firm.

If you would like more information about managed IT services for your solo practice or small law firm, please contact us.

Categories
Blog

Was Your Photo and License Plate Number Breached?

 CBD Reports 100,000 Photo and License Plate Breach

The U.S. Customs and Border Protection (CBP) reported today that nearly 100,000 travelers’ photos and license plate data were breached. If you’ve driven in or out of the country within the six-week period where the data was exposed, you could have been victimized.

CBP License Plate Breach

The department said on June 10th that the breach stemmed from an attack on a federal subcontractor. CBP learned of the breach on May 31st.

CBP report:

“Initial reports indicate that the traveler images involved fewer than 100,000 people; photographs were taken of travelers in vehicles entering and exiting the United States through a few specific lanes at a single land border Port of Entry over a 1.5 month period.”

CBP hasn’t reported when this 6-week period was.

Who Was The Subcontractor That Was Affected By The Breach?

CBP hasn’t said who the subcontractor was either. But the Register reports that the vehicle license plate reader company Perceptics based in Tennessee was hacked. And, these files have been posted online.

Additionally, the Washington Post reports that an emailed statement was delivered to reporters with the title: “CBP Perceptics Public Statement.”

Perceptics’ technology is used for border security, electronic toll collection, and commercial vehicle security. They collect data from images on license plates, including the number, plate type, state, time stamps and driver images.

Where Were The License Plate Readers Installed?

Perceptics license plate readers were installed at 43 U.S. Border Patrol checkpoint lanes in Texas, New Mexico, Arizona, and California.

CBP reports that “No passport or other travel document photographs were compromised and no images of airline passengers from the air entry/exit process were involved.”

CBP uses cameras and video recordings at land border crossings and airports. The images they capture are used as part of a growing agency facial-recognition program designed to track the identity of people entering and exiting the U.S.

Do We Know Whose Data Was Exposed?

No, we don’t. And to date, CBP hasn’t said if this data will be released. If we hear differently, we’ll be sure to report any updates, so keep watching this space.

Is Facial-Recognition A Security Threat?

Facial-recognition is a hot topic right now. The American Civil Liberties Union states:

“This incident further underscores the need to put the brakes on these efforts and for Congress to investigate the agency’s data practices. The best way to avoid breaches of sensitive personal data is not to collect and retain such data in the first place.”

Congressional lawmakers have questioned whether the government’s expanded surveillance with facial recognition could threaten constitutional rights and open millions to identity theft.

Today’s technology can recognize and track us without our knowledge or an option to prevent it. It’s inevitable that a new battle between surveillance and privacy will be taking place as more breaches occur.

Categories
Blog

How to Find Someone’s Email Address

Email Marketing

Email is a great system when it works well, but it has some frustrating limitations. You have to know someone’s email address to be able to reach them via email, and there’s no central database for finding email addresses. You can often use the internet to find people’s mailing addresses via directory searches, but not such parallel exists for email. If you need to get in touch with someone but don’t have their email address, here are a few tips for finding someone’s email address.

Within Your Organization

If you’re looking for someone within your organization, you can use Outlook to find the person. Simply create a new email, then click the button next to the “To:” field. This will bring up an address book search. Try searching last name first.

You can also use a keyboard shortcut: click in the “To:” field, then start typing the person’s last name. Press ctrl + K, and Outlook will narrow your list. Click the right one, and you’re done.

Outside Your Organization

It gets a little tougher outside your organization. Here are a few tips.

Google It

You can always try a good old-fashioned internet search. Search for the person’s name and the word “email”. Maybe include the person’s job title as well. For all examples below we’ll be searching for Frank Johnson, accountant at Awesome Accounting, Inc.

Get creative with your Googling. Other search ideas include searching [“Frank Johnson” “contact me” “Awesome Accounting”] or [“Frank Johnson” “Accountant”]. If you’re looking for a personal account, you could also search for [“Frank Johnson” AND “@gmail.com”]. Keep trying other popular email services.

Mine Social Media

Many people have an email address associated with their Facebook or LinkedIn accounts, and sometimes they make this public. Be sure to search social media for the person you’re trying to contact. Even if you can’t find an email address, you will likely find a way to contact the person. If it’s a personal contact, a Facebook message might be most appropriate. If it’s a business connection, stick to LinkedIn.

Check for a Website

Does the person you’re looking for have a website? If so, there is likely a “contact me” page there. These often route directly to an email inbox. You don’t get to see the address unless the person replies, but it’s a place to start. Some people also include an email address directly on their websites. This is less common, but it’s worth checking.

Use a Search Tool Like Pipl

There is no universal directory for email addresses, but services like Pipl are doing what they can. Pipl maintains a database of known contact information for many people, and it’s free to use. If your other methods don’t yield results, check here.

Categories
Blog

LabCorp Data Breach: What We Know

Labcorp Data Breach

Are You One Of Many Affected By The LabCorp Data Breach?

Financial & Personal Information of 7.7 Million Exposed

Just yesterday we wrote about the Quest Diagnostics’ breach affecting nearly 12 million. Today we’re writing to tell you about a LabCorp breach affecting 7.7 million people. Both of these breaches were caused by a third-party; the American Medical Collection Agency (AMCA). AMCA provides billing collection services to both LabCorp and Quest Diagnostics.

AMCA has informed LabCorp that it is in the process of sending notices to approximately 200,000 LabCorp consumers whose credit card or bank account information may have been accessed. AMCA has not yet provided LabCorp with a list of the affected LabCorp consumers or more specific information about them.

In a filing with the U.S. Securities and Exchange Commission, LabCorp said the breach happened between August 1, 2018, and March 30, 2019.

A section of the filing reads:

“AMCA’s affected system also included credit card or bank account information that was provided by the consumer to AMCA for those who sought to pay their balance. LabCorp provided no ordered test, laboratory results, or diagnostic information to AMCA. AMCA has advised LabCorp that Social Security Numbers and insurance identification information are not stored or maintained for LabCorp consumers.”

The information included in the breached system includes:

  • Bank account information,
  • Credit card information,
  • First and last name,
  • Date of birth,
  • Address and phone,
  • Date of service and provider, and
  • Balance information.

Forensic experts are investigating the breach. It’s possible that the AMCA breach could impact other companies and millions of more consumers.

What Should You Do?

Anyone who was affected by the data breach should freeze their credit report to prevent criminals from opening credit card accounts in their name. They should also be concerned that their Social Security numbers were exposed.

If you believe that your information has been leaked, you can contact LabCorp customer service on their contact page.

Categories
Blog

Watch Out: File Hijacking and Malware Possible Through Slack Bug

Software Bug Slack

On May 17, 2019, security firm Tenable announced that one of its researchers, David Wells, had discovered a Slack bug affecting Slack’s Windows desktop client. The bug affects version 3.3.7 of the Slack desktop app, which was just last week the most current version. Read on to learn more about this bug: how it was discovered, what it can do, and how to protect yourself.

Discovery and Reporting

Wells discovered the Slack vulnerability and reported it via HackerOne’s bug bounty program. This program allows white hat hackers to receive financial compensation for disclosing previously unknown vulnerabilities so that companies can address them before serious damage is done.

Under the terms of this program, the bug was not disclosed publicly until Slack had the opportunity to release a fix. Slack has since released that fix, but the segment of its 10 million active users that haven’t yet updated may remain vulnerable.

What the Bug Can Do

Wells discovered that slack’s protocol handler, “slack://”, can do quite a bit. It even has the ability to modify sensitive application settings. Attackers could abuse this protocol by creating a “slack://” link that reroutes the user’s download location. The powerful “slack://” protocol even allowed rerouting to an attacker-owned location.

The result of that action would be that files downloaded from Slack would actually be saved to the attacker’s server. The attacker would even be able to modify those files before the reviewer had a chance to open them.

The attack can also be hidden fairly well. Slack’s “Attachment” feature allows users to change the text that displays with a hyperlink, meaning the malicious link could be disguised as “Account Report 004.docx” or any number of realistic-looking files.

Lastly, an attacker with sufficient skill could inject malware into an Office file (like a Word document or Excel spreadsheet) using this exploit. This is a real danger, because Office files are tossed around as attachments all the time. Office warns users that downloaded files can be unsafe, but users will nearly always ignore this warning when they think they’ve downloaded a document from a trusted colleague.

The Danger Level

A bad actor gaining access to all downloaded documents isn’t good, of course, but how dangerous is this bug, actually? Tenable reports that it has scores 5.5 on the CVSSv2 scale, which is a medium score. We see two reasons the bug doesn’t score higher.

One, exploiting this vulnerability requires user involvement. If you don’t click the link, the attacker gets nothing.

Two, exploiting this vulnerability in a convincing way requires compromising the credentials of a Slack group member. It’s difficult if not impossible to send a message to just anyone using Slack. You have to first be a member of the same channel. This means that this exploit is more or less limited to disgruntled channel members and attackers who’ve hacked or stolen a channel member’s credentials.

How to Protect Yourself

The good news on this vulnerability is that Slack has already patched it. All you need to do to protect yourself and your organization is ensure that anyone using Slack for Windows has updated to version 3.4.0 or later. You can check yours by looking at the “About” window in the program. If you don’t have the access needed to update your application, contact IT right away.

IT Administrators looking to update a Microsoft Install deployment should check out these instructions provided by the Slack team.

More Good News: No Real-World Impact, Yet

There’s more good news about this bug and associated exploit. Because Tenable reported the bug to Slack through HackerOne, Slack was able to address the vulnerability before it became publicly known. According to the company’s reporting on its own research, they find no evidence that the vulnerability has been exploited in the real world yet.

Conclusion

Exploits like these are discovered every day. Are you protected? If you’re not sure, give us a call. We stay up to date and we keep our clients safe.

Categories
Blog

Quest Diagnostics Breach: Latest News

Are You One Of Many Affected By The Quest Diagnostics Breach?

Financial & Medical Information of 12 Million Exposed

Quest Data Breach

Quest Diagnostics reports that almost 12 million people could have been affected by a data breach.

On Monday, June 3, 2019, Quest Diagnostics said that American Medical Collection Agency (AMCA), a billing collections provider they work with, informed them that an unauthorized user had managed to obtain access to AMCA systems.

Quest Diagnostics is one of the largest blood-testing providers in the U.S.

Anyone who has ever been a patient at a Quest Diagnostics medical lab could be affected by the breach.

AMCA provides billing collection services to Optum360, which is a Quest contractor. AMCA first notified Quest about the breach on May 14th. Quest reports said that they are no longer using AMCA and that they are notifying affected patients about the data exposure.

The information included in the breached system includes:

  • Bank account information
  • Medical information
  • Credit card information
  • Social Security Numbers
  • Other personal information

In its filing, Quest reported:

“Quest Diagnostics takes this matter very seriously and is committed to the privacy and security of patients’ personal, medical and financial information.”

What Should You Do?

Anyone who was affected by the data leak should freeze their credit report to prevent criminals from opening credit card accounts in their name. They should also be concerned that their Social Security numbers were exposed.

If you believe that your information has been leaked, you can contact Quest Diagnostics’ customer service at 1 (866) 697-8378 or on their contact page.

Skip to content