Is your data safe in the cloud?

cloud computingThe answer is “maybe.”  While top-tier services such as OneDrive, Dropbox, and Google Drive all have some strict HIPAA-level or higher security options, using these providers does not automatically make your data safe. The problem is that most cloud and data hosting providers offer various levels of security. Configuring these services can be complex.

The key to “data security” is to first understand fully your compliance requirements. Then, you must accurately configure the tool or hosting services to those requirements. In the case with Google, you must notify them that you are storing private health information (PHI) and sign their business associate agreement (BAA) before they even activate HIPAA-level protections.

We often hear prospects say, “I’ve got Google so we’re HIPAA compliant, right?”  Our next question is: “Did you sign the Business Associate Agreement? Often the prospect says, “No. We didn’t realize that was required. We assumed that by signing up for services, we were all set.” Upon a closer technical look, we often find that their services are not adequately configured to provide the protection they need.

Securing your most valuable asset – your data – does not occur in a vacuum and it’s only as strong as the weakest link. So to ensure your cloud-based data is safe, we recommend using this checklist as a starting point to evaluate your security status:

  • Where does your data travel to? Specifically – which devices store it after or during access? Are these devices secure? Do they require encryption? Does your data leave the country and is that legal in your particular industry?
  • Are the entry points into your network or data access properly controlled, secured and defined? Remember to consider all entry points including your company Wi-Fi, mobile devices and remote workers’ home PCs.
  • Who has authorization to access your data? Are they trained on your data security policies? For example, are they allowed to store data on sites like Dropbox without your knowledge?
  • Is data sharing activated and if so to which devices, users or networks? Are those networks secured at the same level that you require?
  • Do you require data and user access logging to prove your due diligence in protecting sensitive information such as PHI?

The best approach to cloud security is first to ensure that your data footprint is as small as possible, map out where data goes and then use a layered security approach at entry or transit points. If you have questions about your data security or are considering moving systems to the cloud or cloud-based applications, talk to your IT security professional or give us a call. We’d be happy to help you navigate through the options, pitfalls and choices to help keep your data protected and secure.

Cloud Computing for Attorneys – What’s the Verdict?

41537557 - illustration of a cloud icon with a justice weight scale sign

There’s no doubt you’ve heard about the benefits of cloud technology and how it can help you run a more efficient practice. It allows you and your team to work on-the-go on multiple devices – your information is easily accessible from home, the courthouse, your office, wherever you may be. It allows for seamless communication and collaboration among members of your staff, which leads to improved productivity. It’s cost-effective, eliminating the need for expensive servers and dedicated office space. Cloud capabilities can easily be expanded as your practice grows. With the undeniable benefits, why has your practice not moved to the cloud?

Could it be that just a cursory search of cloud options sent you straight down the rabbit’s hole? SaaS. IaaS. PaaS. Private cloud. Public cloud. Hybrid cloud. It’s mind-boggling and confusing. There are a lot of moving parts. And you’re busy. Besides, you didn’t hang out your shingle to become your firm’s computer whiz. You’ve got lawyering to do!

But the fact remains – we live in an age where business is performed and information is shared online. So, to compete in today’s market, you need to take a serious look at how cloud computing can help you grow your practice.

In layman’s terms, cloud computing is a service or software that is accessed through the Internet, rather than installed directly on your computer’s hard drive or on a server in your office. Your data is stored at the provider’s secure data center.

Chances are you’re familiar with public cloud applications such as Dropbox or Google Drive. But are these public cloud solutions right for a legal firm? Will your clients’ information be protected? Perhaps a private or hybrid cloud is a better option. How do you know? Who do you trust? Your seat at the Mad Hatter’s tea party is waiting!

Cloud computing is not a one-size-fits-all proposition. It takes a certified IT professional who understands the nuances of the legal field to help you navigate the complexities of cloud technology. This is definitely an area you should trust to an expert.

Security is perhaps the biggest hurdle attorneys face when considering moving to the cloud. You deal with a lot of confidential client information – more than the average business owner. So protecting that data (and your livelihood) deserves special consideration. Because the legal profession is one of the most highly regulated industries, a breach in security would not only damage your reputation, but it will most likely land you in front of the state bar’s ethics committee. Nobody wants that.

Aside from the confidentiality issue, you need to be sure your data is protected from destruction via system failure, or natural/manmade disaster. The good news is that a reputable provider already has advanced security measures in place to protect your files.

In fact, having your data stored at a remote location is arguably safer than your computer’s hard drive or your server. Cloud providers typically employ elaborate security measures and multiple backups in their data center.

So what’s the verdict? Are you ready to explore cloud options for your legal practice? We can help you determine if you’re ready for the cloud with our Cloud Readiness Assessment, where we will conduct a high-level evaluation of your firm’s network and provide you with the information you need to make an educated decision. To learn more about how our Greenlight Cloud solution can help support and grow your practice, please call (678)745-5109.



With new reports of security breaches and cyberattacks making headlines almost daily, business owners are beginning to understand the importance of secure passwords. Employees, however, are still choosing lame passwords – like 12345 or password – that could easily be cracked with a password cracking program. Those programs, by the way, know all the popular passwords and can crack up to 100 billion a second. Adding numbers to the end of your password – password123 – or using special characters – like the ones in the headline of this article – may not be enough to prevent a hack.

Nonetheless, it’s still a best practice to make it hard to guess your password. Think of it this way: your business is the castle, and a password is the key to that castle. It really doesn’t matter how strong the walls are if the bad guys can easily pick the lock and help themselves to your sensitive data. Here are some Dos and Don’ts in creating stronger passwords:

  1. Do make it as long as possible, preferably 14 characters or more. Be sure to use upper and lowercase letters, numbers and special characters.
  2. Don’t use personal information such as your name, birthday, pets’ or children’s names, your phone number, etc.
  3. Don’t use adjacent keys on a keyboard such as zxcvb or 12345.
  4. Do intentionally misspell words such as krazee or happi.
  5. Do consider making up a sentence such as “My third year of college was more fun than it should have been!” and using the first letter of each word to create the password – M3yocwmftishb!.
  6. Do change major passwords at least twice a year.

Of course, you could always consider using password management software to help you create, store and keep track of all your passwords. Just remember to create a password that’s easy to remember for the password manager itself. LastPass 4.0 and LogMeOnce Password Management Suite Premium have both gotten excellent reviews in PC magazine.

16 Tips to Prevent Bank Fraud

With cybercrime and banking fraud on the rise, one of the best things you can do is to ensure that you review your banking processes and access controls. bank fraud

Here are 16 Tips to help protect your business:

-Cancel your debit cards; If you require deposits, get a deposit only card for employees.

-Have separate accounts for separate functions – i.e. sales tax account.

-Have a dedicated PC for online banking and DON’T use that PC for accessing any other web sites, e-mail access, social media sites or for downloading files and applications

-Sign up for Electronic Bill Pay – avoid checks

-Sign up for e-mail alerts from your bank whenever a withdrawal over $100 happens.

-Require YOUR signature for any wire transfers.

-Have your money spread out in multiple accounts to minimize the risk.

-Review your banking alerts and authorized users on a regular basis; recommend quarterly

         A) Review alert notifications

         B) Set limits on transfers or daily withdrawals

         C) Separation of duties – view only, move deposits only, authorized bill pay account

-Consider Positive Pay or ACH Fraud Filter Services

-Request Employee credit cards with embedded chip

-Check account balances daily and report unusual activity

-Set daily limits on Point of Sale transactions for employee credit cards

-Go paperless on bank statements

-Review ACH Account settings

-Employee Training (ongoing is best):

        A) Don’t email bank statements, copies of checks, credit card statements, to banks, outsourced finance/CFOs, CPA firms

        B) Verify unusual transactions or amounts

        C) Call and verify (not number in email); call main banker

        D) Banks don’t request personal information via email or text

-Review transactions daily


If you have not sat down and reviewed your online banking controls and authorizations, we recommend you have a meeting with your banker to review and ensure that you are protected.

If you have any questions or if we can help, please give Jennifer a call at 678-745-5109 or email

7 Tips for Creating a Secure Password

You’ve got one for every site and every application you use–e-mail, online banking, social media sites, and your CRM system, just to name a few. With so many password protected sites to keep track of, the inclination is to always use the same password for every site or to make it so easy you can’t possibly forget it (like using Password123). Unfortunately, this compromises all of your data and makes it easy for cyber-attackers to steal sensitive, confidential password

Studies have shown that password security is still the weakest link in keeping data safe. There are some simple things you can remember when creating a password that can help protect your information.

Here are 7 tips to consider:

  1. Use special characters and numbers.
  2. Mix up upper case and lower case letters.
  3. Make sure your password is a minimum of 10 characters.
  4. Be sure it’s not something that can be guessed easily (zip code, phone number, birthdate, your name).
  5. Randomly replace letters with numbers, e.g. shake becomes $h@ke.
  6. Pick a sentence or phrase, and reduce it to first letters of each word only, e.g. “A Golden Key Can Open Any Door” becomes AGKCOAD.
  7. Reverse the spelling of a word, e.g. partnership becomes pihsrentrap.


Not all cyber-attacks can be avoided, but don’t make it too easy for them. Be proactive and update all of your passwords so they meet the above criteria.


Cybercriminals Now Have A Bull’s-Eye On Small Business… Is Your Company’s Data At Risk?

In a December 2014 survey by the National Small Business Association, 61% of small businesses reported being victims of a cybercrime within the past 12 months.

The average cost to recover from a cyber-attack skyrocketed from $8,699 per attack in 2013 to $20,752 per attack in 2014. And, of the businesses targeted, 68% said they’d been hacked more than once.

Experts agree, as cybercrooks become ever more sophisticated, the threat to small businesses is going to get worse before it gets better…cyber attacks

So what can you do to beat the bad guys?

Here are three common ploys used by hackers – and how you can fend them off:

Phishing – A really legitimate-looking e-mail urges you to click a link or open a file that triggers a malware installation on your computer. Best Defense: Don’t let anyone in your company open files or click links in an e-mail unless they’re certain who it came from.

Cracking Your Password – Hackers can run programs 24/7 testing password combinations. The easier your password is to guess, the more likely it is they’ll crack it. Best Defense: Consider using a password manager that generates and stores tough-to-crack passwords. For extra security, use unique passphrases for financial accounts in case the manager gets hacked.

Drive-By Download – You visit what appears to be an innocent site; yet when you click, your device gets hacked – and you may never know it, until it’s too late. Best Defense: Make sure your browser is up-to-date, or use one that updates automatically, such as Firefox or Chrome. Internet Explorer users have been found to be most vulnerable to these attacks.

Unfortunately, these three examples are just a small sampling of the dozens of ever more ingenious ways cybercriminals are breaking down the doors and destroying unprepared businesses.

Let us help! Through Oct. 15, call our office  to receive a FREE 27 Point Cyber-Security Audit to uncover gaps in your company’s online security.

Our highly trained team of IT pros will come to your office and conduct this comprehensive audit. We’ll then prepare a customized “Report Of Findings” that reveals specific vulnerabilities and a Prioritized Plan Of Attack for getting any problems addressed fast.

To take advantage of this limited-time offer, call our office at 678-745-5109 or visit to schedule yours today.

Webinar: How Cloud Computing Can Cut Your IT Costs, Provide Automatic Disaster Recovery And Free You To Work From Anywhere On Any Device

When: Thursday, Nov 12, 2015data center

Start Time: 11:00 am EST

End Time: 12:00pm EST

OR until all questions are answered, whichever comes first.

On this webinar, you will learn: What is cloud computing in simple, non-geek speak language, FAQs about security, what does it cost, what happens if the Internet goes down, and top reasons companies are considering moving to the cloud. To register, call Becky or Kary at 678-745-5109, email or register at .  After registering, you will receive a confirmation email containing Information about joining the webinar.

Space is limited and Registration is required.


How To Make Yourself “Invisible” To Hackers

There’s an old joke about two men hiking in the woods when they come across a big, grumpy black bear. Scared silly, one of the guys starts to run but notices his buddy stopped, bent-over, changing his shoes. He shouts to him, “Dude! What are you doing?!?! Why aren’t you running?” to which his friend replies, “I’m changing my shoes because I don’t need to outrun the bear – I only need to outrun YOU.”

  network locked This is a perfect analogy for what’s going on in small businesses: the “slow,” easy targets are getting nailed by fast-growing cybercrime rings that are getting more sophisticated and aggressive in attacking small businesses. Last year, the average cyber-attack cost a small business $20,752, a substantial increase from 2013, when the average was $8,699. That’s because most small businesses don’t have the security protocols in place or the manpower and budget to implement sophisticated security systems. While there’s absolutely no way to completely protect yourself other than disconnecting entirely from the Internet, there are several things you can do to avoid being easy pickings. Here’s how:

  1. Lock your network. While WIRED networks make you invisible to WiFi snoops because you have to access them by plugging into physical outlets or hacking modem ports, you can create a hidden or cloaked network on a wireless network. Simply disable the service set identifier (SSID) broadcasting function on the wireless router, and only users with the exact network name will have access. Small businesses like coffeehouses can also do this—just periodically change the network’s information and place a small sign near the register with the current network name and passcode.
  2. Encrypt your data. On your desktops, turn on the full-disk encryption tools that come standard on most operating systems: BitLocker on Windows-based PCs and FileVault on Macs. There is no noticeable performance lag; however, the encryption only applies when users are logged out of the system. So setting computers to automatically log out after 15 minutes without use is a good idea. And for mobile devices, use a VPN (virtual private network) to encrypt data traveling to and from your mobile devices and limit your employees’ access to only the company data that they must have to do their jobs.
  3. Install firewall and anti-malware applications on all of your equipment, including mobile devices.
  4. Disable features that automatically connect your mobile devices to any available network.
  5. Disable printer and file-sharing options on mobile devices before connecting to a hotspot.
  6. Check before connecting to hotspots. If there is an unusual variation in the logo or name on the login page, beware…this could mean it’s a fake hotspot designed to steal your data.

   Can you guarantee that the person across the hotel lobby isn’t looking at your data? Not really, but the chances of them being able to do that are greatly reduced if you take precautions to protect your business.

For More Information, Contact Us at 678-745-5109


3 “Gotchas” Most IT Pros Won’t Tell You When Selling You Their Cloud Solution

Are you using any cloud applications to store data? Then listen up! There are a few “gotchas” you need to know about 3rd-party cloud apps that most sales reps will NEVER tell you.

  1. They aren’t responsible for keeping a backup of your data. If you read the small print of your contract, you’ll see that in every way possible, your cloud provider is NOT responsible for data loss or backups – even if it’s their fault. In fact, Office 365 will only keep 3 days’ backup of your data; so if you delete or overwrite a file and don’t notice it until 4-5 days later, it’s GONE. If your data is important, you need to implement a backup solution that works with cloud
  2. What you see may NOT be what you get. There’s nothing more frustrating than an incredibly slow application when you’re trying to work; and the salesperson demo’ing the application or platform is going to make sure you only see the BEST-case scenarios for performance. But there are a lot of things that can determine how fast your cloud applications run, such as the file size you’re working on, CPUs and RAM and storage, time of day, day of the week, your Internet connection and the number of users accessing the application. Make sure you get some verification of the speed in YOUR specific environment before spending a lot of money, time and aggravation moving to a new cloud application.
  3. What if they cancel you? Here’s a scary situation: what if your cloud provider decides to shut down your account because they go out of business or simply decide not to service you anymore? Or what if YOU want out? Make sure you have in writing what happens if YOU cancel your contract AND what your cloud provider can and cannot do if they go out of business, cancel your account or have any other issues that would cause service interruption. Moving a network from a cloud platform is NOT a simple task and you need to make sure you can get your data and that you’ll be given sufficient time to make the transition.

Need help interpreting any of these scenarios? Give us a call at 678-745-5109 and we’ll help you put in place a solid “Plan B” for any of the above issues.

IT Consulting Tip 8 – Two Factor Authentication

ServicesAllowing access to private business data is a difficult thing for business owners to do. You want to make sure that every piece of valuable information is protected against any form of theft or loss. One great way to protect your data is to establish a two factor authentication system.

A two factor authentication system is one in which you are asked for a secondary layer of information before you are able to access private information. For example, if you log into your company’s administrative portal, you will most definitely be asked for a password. Then, you would be asked for a secondary code or a piece of information that only you would know.

This, of course, makes your documentation more secure and makes it more difficult for someone to hack into your account. However, you should be very selective in regards to your password and the secondary code so that no one would be able to guess your answer.

As you spend time with employees over the years, they begin to learn things about you because you talk about your families and interests together. If you are someone who owns a boat, for example, and boating is your most favorite thing to do, your employees might know that about you. If your password is the name of your boat, that might be a little too easy for your employees to guess if they were trying to access your data. In addition, if your secondary authentication is your mother’s maiden name, your employees might know that too. Make sure all of your passwords and questions are things that only you would know for optimum security and protection for your data.