Tuesday, January 31, 2017

Spearphishing - A Corporate Path to Financial Ruin

If all of your company's files suddenly became encrypted and inaccessible due to ransomware wasn't enough, now sophisticated scammers are carefully plotting their next schemes through spearphishing.

Spearphishing is as the name implies a form of Phishing. As most of you know, Phishing is where you get a random email from your bank, your credit card company, or even the Government requesting you enter in personal information into a legitimate looking web site. The scammer is "phishing" for your information. However that innocent looking website is connected to a scammer and before you know it your bank accounts are cleaned out and your personal information is compromised. Spearphishing is a focused attack vector where scammers send targeted emails to a company's employees with a forged header that makes the email appear to originate from a person of importance, such as a V-Level or C-Level executive. Unlike your traditional email virus or worm, anti-virus software is of little help with respect to phishing or spearphishing. Anti-spam filtering can help but many times spam filters are set to allow an organization's emails through without checking.

In more organizations than not, the culture is based upon employee fear so nobody ever questions an executive request. When an executive says "Jump!" everyone is expected to just jump. Its this type of dangerous corporate culture which breeds the spearphish and allows it to be successful so often. A spearphish is accomplished by a scammer emailing an employee of a firm, usually someone known to be in the accounting or middle management areas that has spending and purchase order processing capability. The scammer uses the email address and name of a known C-Level or V-Level executive as the "From:" field, and the text of the email usually requests financial information being sent to a third party in order to satisfy an invoice, pay an outstanding bill, send a wire transfer, or issue a purchase order to a "new vendor". The employee then, without checking with the executive who "wrote" the email because after all nobody questions the CEO, sends the requested information to the scammer. The scammer then has whatever financial information needed to either collect on a large invoice, or withdraw funds through a forged wire transfer.

Recently, a local restaurant chain was hit by a spearphish impersonating the CEO and a payroll specialist sent the IRS W-2 tax records complete with names, social security numbers, and income information for all employees to a scammer.

Spearphishing is becoming more sophisticated as scammers can access corporate records and registrations though Secretary of State databases, social media such as LinkedIn, and unscrupulous access to corporate credit sources such as Dun & Bradstreet. Piecing together data from such sources one can gain knowledge of the corporate structure and determine who to target in a spearphish email.

Defending your company against the spearphish requires due diligence when receiving an email from a V-Level or C-Level requesting/demanding actions that could involve financial transactions. Employees should never be afraid to ask a V or C-Level for personal verification of such emails in person or via voice phone no matter how legitimate the email might appear. A skilled spearphisher can be quite convincing, it's no longer the badly broken English that was common with the known Nigerian 419 scams.

There are a couple methods - one technical one not so technical - that can be implemented to prevent spearphishing. One is implementation of digital certificates to "sign" emails. It's rather clumsy to implement in Outlook and it depends upon employees receiving emails to check the digital certificate when accepting and reading the email. Implementing email certificates on a mobile device is kludgy at best right now.

Another method is essentially a form of the "sign/countersign" seen in a lot of old spy movies and on the 1960's TV show "Get Smart". The executive would establish a "phrase" with the employees that have fiduciary responsibility. The employees would understand that financial actions would require that phrase being included within the email. The employee would then confirm with the executive with an agreed upon counterphrase.

Of course, a corporate culture and environment where employees can converse with V- and C-Levels without fear of retribution when questioned about a task or request goes a long way in preventing spearphishing. Going to the CEO with a printout of the email or replying to the CEO with a simple "Are you sure about this? It looks suspicious" can prevent situations such as the local restaurant chain who now is facing all sorts of liability and possible legal actions by employees whose personal data is now in the hands of thieves.

And yes, IDSolutions sees multiple emails claiming to be from our CEO asking for wire transfers, bank routing information, payroll information, and other sensitive information. Thankfully, nobody from our teams have fallen for their tricks yet.

Wednesday, December 28, 2016

Getting ready for Telemedicine growth in 2017!

2017 is quickly approaching.

In the Telemedicine world we are starting to look forward at what will happen in the new year!

"New investments will be made in technologies that reach into the home and enhance care team communication. 2016 saw an acceleration of telemedicine/telehealth. 2017 will see exponential growth."

"Telemedicine is hard to define. It could be real-time video teleconferencing between clinicians (a consult), between a patient and clincian (a visit), or group to group (tumor board discussion). It could be the transmission of a static photograph, such as the poisonous mushroom/plant teleconsultation I do 900 times per year. It could be secure texting to coordinate patient care." Said Dr. John D. Halamka on MedCityNews.

I think right now with all of the cloud based solutions we are seeing a huge growth that will only get better with time. Technology is something that will continue to grow and with that growth, Telemedicine will come out on top!

To read more about this go to:
Source- http://medcitynews.com/2016/07/exponential-growth-telemedicine-2017/?rf=1

The Importance of Eco-System Partners - Making all of the Pieces Fit Perfectly

     In any sector of the economy, the need to have strategic business partners is crucial. Every company has core competencies that vary somewhat from one business to the next. One company might make the best drill bit for oil drilling and another company might make the best engine to drive that bit. If the two companies partner to provide a comprehensive drilling system they will be able to bring to market a much more comprehensive drilling solution.

     The first area of partnership is channel partners for hardware in particular. In the world of visual communications and communications in general it takes many manufactures and partners to bring a custom tailored solution to market that capitalizes on each company’s strengths. For example at my company, IDSolutions, we are a vendor agnostic value added reseller. What that means is although we do not manufacture hardware, we have channel partnerships with more than 50 communication industry partners that we can leverage and select from to use a comprehensive set of applications to put together a fantastic project that capitalizes on each company’s strength. One project may use a world class CODEC from one company, HD monitors from another, best in class mics from another, and a custom control system to tie everything together. In that way we become the glue that holds the solution together through engineering, installation, and back end support at the interactive help desk level which allows us to cover every possible facet of a project from pre-sales design to post-implementation support.

     The next area of partnership is through eco-system partners. In the healthcare vertical for example one company might want to sell their high-end examination cameras and nothing else. Another might want to sell their language translation module and software and that’s it. Through our hardware partnerships we may want to sell the video connectivity and installation/support services that ties everything together for a true telehealth/telemedicine experience. That allows each company to focus on what their areas of expertise are and receive a share of the sale while the end result is a best in breed deployment along with the best possible end user experience.

     The final area of partnerships is in the government vertical related to contracting. The government, especially at the federal level, employs an array of procurement vehicles related to contracting. These run the gamut from GSA to NETCENTS for The Department of the Airforce, to NASA SEWP and Army CHESS, as well as all of the small business certifications such as 8(a) Veteran Owned, Woman Owned, and so on. Contracting law typically allows partnerships and a contractor/subcontractor relationship where multiple companies can partner together and offer a more comprehensive suite of applications to put together a comprehensive offering. For example, IDSolutions could provide the video conferencing equipment, peripheral components, and related services as a subcontractor to a 8(a) certified small business that is an expert in networks and wireless hotspots.

     All in all, going alone does not promote as many sales or offer as comprehensive solution to a customer’s request as it would having partnerships. Partnerships should be based on relationships and trust and in complimentary products and services. In that way, both companies or several companies benefit and most importantly the customer has a more comprehensive and complete solution with better functionality and value.

The Importance of a Network Operations Center / Help Desk Support

     A VAR or Value Added Reseller typically has a NOC or Network Operations Center as part of the post-implementation support. A NOC is a key part of the full solution and assists in ensuring a customer’s equipment is properly configured and is operating at its maximum efficiency and uptime. A NOC should start with knowledgeable technicians and engineers that are industry certified for training, good with people, detail oriented, organized, and able to think quickly on their feet. When a customer has an issue often they are facing a pending meeting where nothing is working and the boss is about to walk in. A good NOC and helpdesk—while never able to totally eliminate those types of calls, can work with the customer to provide proactive software updates and upgrades along with test calls to ensure connectivity and proper configuration. A good NOC will have a trouble-ticketing system that tracks open issues through the resolution process to ensure timely action a follow-ups towards ticket closure.

     This process ensures that a customer’s investment is protected and well understood through ensuring maximum system up-time and through prompt issue resolution. Time is money and increased system uptime ensures more productive meetings and provides for a better ROI. Increased uptime further drives user adoption and utilization rates further increasing the ROI and most importantly assisting in the end user experience. After all a system that is properly configured and easy to understand is the most important thing for productive meetings.

Why all the verticals are taking advantage of Live Streaming

     From corporate to education to healthcare to government, taking advantage of live streaming is something each segment of the marketplace has in common. The latest technological advances have made it possible to stream live events from anyone anywhere in the world from virtually any device. This makes it possible to stream live events from an iOS, Windows or Android device to any of these same devices for playback. In all market sectors from education to corporate to government, there is no longer a need for high end and costly equipment to stream live morning announcements, lecture capture, professional development, sporting events, graduation, town hall meetings, CEO broadcasts or remote field trips to name a few. Many of these events can be done with a simple laptop and webcam. What's even better is that these events can all be recorded for later playback on-demand to further add to a positive end-user experience.

     There are many benefits to taking advantage of live streaming, such as:
  • Allows one to  reach a much larger audience, with virtually no limit
  • Better exposure, allows one to promote an event to a much wider range of people
  • No restriction on user base interaction, you define the parameters
  • Viewer interaction and engagement via interactive tools, such as chat, moderated Q&A, polls, and surveys allowing increased interaction and real-time feedback
  • Event template customization allows your organization to create a unique, branded, meeting experience, tailored to your specific requirements
  • Webcasts can be automatically archived and stored in a secure video portal along with other multimedia content for future on-demand playback
  • Assets are viewable on virtually any device
  • Analytics tracking ensures that a message is getting through to its intended audience and ones that are not anticipated
  • Affordability, streaming live events is budget friendly
  • Eliminate or greatly reduce travel expenses for meetings, costs of reserving conference facilities, and the need to invest in expensive conference bridges
  • Stored content can be later viewed on-demand with / or without viewer access privileges
In summary, streaming live events has become one of the biggest trends in organizational communication giving it the ability to educate its target audience, broadcast an event, or hold a question and answer session. In addition, an organization can broadcast news about your business or institution at any giving moment from the office or in the car. Mobile streaming services will make explaining a product or relaying any relevant news to pertinent or particular information easy and productive.

Is There a Difference Between Telehealth, Telemedicine and Telecare?

There are many medical terms being used today that most people may not fully understand. A common misunderstanding is that the terms telehealth, telemedicine and telecare are interchangeable. Each of these terms refers to a different way of administering health care via technology.  There is a distinction between these terms.


The term telehealth includes a broad range of technologies and services to provide patient care and improve the healthcare delivery system as a whole. It refers to a broader scope of remote healthcare services. Telehealth refers to non-clinical services, such as provider training, administrative meetings, and continuing medical education, in addition to clinical services. 


Telemedicine is a subset of telehealth that refers solely to clinical health care services. Telemedicine involves the use of electronic communications and software to provide clinical services to patients without an in-person visit. Telemedicine technology is frequently used for follow-up visits, management of chronic conditions, medication management, specialist consultation and many other services that can be provided remotely via video conferencing.

Telecare is support and assistance provided at a distance using information and communication technology.  It is the continuous, automatic and remote monitoring of users by means of sensors to enable them to continue living in their own home, while minimizing risks such as a fall, gas and flood detection and relate to other real time emergencies and remotely monitor risks or early warning signs of health conditions. 

Whether you call it telehealth, telemedicine or telecare, the healthcare industry is evolving by connecting patients with physicians, no matter the time of day or location.

Monday, October 3, 2016

How to Find Purpose in your Sales Role

  1.       Have a good team

-     These people will be your family. You’ll depend on them in tough situations, you’ll need their advice with seemingly unsolvable problems. We all come across times where we can’t stand on our own and we need the support of others. Finding purpose in your sales role can be heavily influenced in finding community within your network. After all, the bottom line isn’t always the most rewarding factor of selling. 

2.       Be excited by new innovations

-      Keeping on top of your field is a given if you want to be successful in your role, but what drives you to pursue this knowledge gain? Is it that bottom line? The commissions? A competitive edge? Above all, passion about the products will produce the most sustainable source of motivation for keeping on top of your game. If you’re excited about what the company implements, how they implement it, or how it’s bettering the lives of the end user, you’re more inclined to be hunting down new technologies in order to better any one of those three applications. 

3.      Have fun

-       The reason to enjoy yourself has so many benefits I’d need to write a novel on it. Fun can help dissipate stress, laughter alleviates tension, joking around helps to cultivate comradery. Having fun can help you have an external reason for enjoying what it is that you do. Of course you need self-discipline and force of will to pursue the game, but you also need to let yourself enjoy the journey to that end goal. Otherwise you’ll burn yourself out. And no one, least of all you, wants that.