JMARK – Life Gets Messy

Life gets messy, and your I.T. is no different.

Without the right I.T. service provider, your I.T can become a complicated mess.

Keep your I.T. clean and organized with JMARK Business Solutions.

Your Law Firm Is a Target for Hackers: 5 Ways to Protect Yourself

Cybercrime, network intrusions, and data breaches are hot topics in today’s news cycles. The stories that are shared can seem sensational and hard to believe. The types of major infractions that are reported can also seem like the type of trouble that could never occur to a small law firm with clients contained to a single region. Yet if you thought that cybercriminals are focusing their efforts solely on governments and large corporations, you could not be further from the truth. Hackers are after sensitive data, no matter who owns it. With the amount of sensitive client data stored on law firm servers, you can be sure that any law firm, regardless of size, is a legitimate target for cyber attacks.

Your clients trust you to protect their rights and interests as if they were your own. For you to do so often requires that they entrust you with sensitive information. This trust puts an obligation on your shoulders to keep that data safe from intrusions. The number of cyber attacks against law firms is on the rise. If you have not recently reevaluated the security of your networks and servers, now is the time to do so. Here are some important things to keep in mind as you assess how best to ensure that the technology you use to do business is optimized to protect your firm and your clients.

What Cybercriminals Can Do to Your Law Firm

Cybercriminals can harm your law firm in many ways. The most common ways to do so include viruses and malware, along with phishing and social engineering attacks. Direct attempts to break into your firm’s network can also occur.

In the past, the endgame of a network breach was usually to obtain specific information or data, perhaps to resell or use for blackmail purposes. In those times, the clients themselves were the targets, and the data stored by a law firm simply the means to the end of hurting the client. Now, with the rise of ransomware, the law firms themselves have become the main target. Regardless of the particular value of a given piece of information obtained from your servers, hackers know that both your reputation and bar credentials would suffer immensely if it were revealed that your networks had suffered an intrusion. Thus, all they have to do is take control of your systems, at which point they can extort you for money in exchange for codes to gain back control of your technology.

The Problem With On-Site I.T. Solutions

When a law firm uses an on-site I.T. solution, it means that all the firm’s computers are connected to a server that is installed on site. Many law firms still prefer this solution, believing they are safer with their technology right where they can see it. Unfortunately, on-site storage can sometimes lead to additional vulnerabilities. With no protective measures between your computers and servers, it would only take one unsuspecting employee opening a malicious email, and the malware will be free to spread to every computer connected to the network.

What Steps Can You Take to Protect Your Firm’s Data?

There are many things you can do to protect your firm and your clients from hackers. However, only taking one or two of these steps is never enough. You need a complete security management and support plan if you want to minimize the risk of being an easy target for cybercrime.

  1. You Should Have the Best Antimalware and Antivirus Software

When it comes to arming your computers with the best protection software, you should not be attempting to save money at the expense of security. Think of it as an investment in your practice. Free or low-cost antivirus programs will give the illusion of protection, but they won’t hold up to the levels of attacks that your systems may sustain. Since they are tempting targets, law firms have to take stronger measures than other people and businesses.

  1. You Should Keep Your System Updated

Cybercriminals know exactly how digital security systems work. They know all their weaknesses and spend all their time inventing ways to get around and through the digital walls businesses erect. That is why security systems need to be updated all the time. Manufacturers spend a lot of time staying abreast of the latest threats and hacking techniques. By keeping your technology updated, you take advantage of the latest additions meant to strengthen security, protecting yourself against newly developed threats.

  1. You Should Run Regular Penetration Tests

Penetration tests are authorized simulated attacks on computers aiming to find all the possible vulnerabilities of the security system. The findings of these tests will let you know about the strengths and weaknesses of your servers, networks, and processes. These tests will tell you exactly where the hackers are likely to strike. Running regular penetration tests will let you manage the risk of attacks as well as maintain updated plans to strengthen your systems.

  1. You Should Have a Cyber Attack Response Plan

Even if you have an amazing I.T. security system, you also need a cyber-attack response plan. Even the best-protected systems can be breached, and having a comprehensive response plan will help you recover more quickly and with less damage. You’ll minimize downtime, and be able to restore your systems and get back to work sooner. Doing those things will help you keep your reputation when the worst happens.

  1. You Should Hire Cybersecurity Experts

Your focus should be on your legal practice. Securing your law firm from cyber attacks is too important to handle without any expert help. In the same way that you know what disasters can happen when people try to represent themselves without qualified legal help, you can imagine the trouble that can arise from attempting to handle cybersecurity without expert assistance. The wisest decision you can make is to outsource your cybersecurity to an I.T. provider that specializes in that area. You’ll gain an ally in the ongoing fight against cybercrime, and with the peace of mind of knowing that your networks are protected, you’ll be able to put your energy into your practice.

For a detailed list of what you should be doing to protect your firm, download our free Cybersecurity Checklist here. To speak with a cybersecurity expert about the specific needs of your law practice, call 844-44-JMARK or visit JMARK.com.

JMARK Flood – A River Runs Through It

A River Runs Through ItIt is funny how things are sometimes pictured in the news and how rumors fly in the public eye, we saw things like:

  • “Flooding causes evacuation of JMARK.” Actually we couldn’t even get in the building until water receded in the late hours of Sunday night.
  • “I am standing here at JMARK in 3 feet of water.” That one was fun, since the water at the most was 3 or so inches inside.
  • “All the cars were destroyed.” Still waiting on the final assessment, but yes a large number of vehicles were destroyed, but not all. That’s OK, employees have cars and 98.2% of our tickets are solved remotely.

There was more, but we cherish and welcome anything we can hear so that we can get in front of it. We know there are concerns, so that is why we are trying to maintain communication with our clients and employees, as well as the media.

Here are a few concerns we heard that we want to address:

  1. Is client data secure? Abso-freaking-utely. SOC, change management, and security is being addressed throughout this recovery process. It is being addresses at beginning and not after. Our security and logging is tight and continues as status quo.
  2. Is JMARK going to have to get a new office? We really don’t know yet until final assessments are made by assessors and clean-up crews. Whether we move temporarily or continue working remotely does not really matter, what matters is that operations continue to function. Today I received so many emails that had absolutely nothing to do with the disaster recovery efforts. This was a sign to me that business as usual is happening.
  3. Is my project going to be delayed? If you have a project that is scheduled with JMARK, we are doing everything we can to make sure things are running as scheduled. This is not an after-thought. The biggest delay will happen if any equipment that was allocated to a project was damaged in the flood. We are working today and tomorrow to determine that with our assessor.
  4. Is service going to be delayed? So far we are not seeing any delays in service. We are working hard from every corner of JMARK to make sure clients are put first, even as recovery efforts are underway.
  5. Is JMARK data about our account damaged or lost? Not a single dot or tittle is lost or in jeopardy. Every core system is operational and working as expected.

We appreciate the well wishes, the patience, and all those supporting us. As a client though, please don’t ever feel like you come second to a disaster, that is just not the case. Let us know how we can serve you and if there are any concerns.

For questions related to the flood, please send an email to JMARK@www.jmark.com with the subject of “Flood.”

Thank you and please let us know if there is anything you want to hear about.

Warmly,
Todd Nielsen
Chief Strategy Officer
tnielsen@www.jmark.com

JMARK Floats on by The Flood

memeIt has been a pretty blessed 24 hours at JMARK. First we had this cool river suddenly appear all around the office. It was like we were in our own little island.

Then water seeped into our island, and ruined most of our furniture. Turns out it was more like a boat with a leak. But it’s like Christmas all over again, we now get new furniture.

Had a few computers get a little water damage, the employees were so sad to hear they would be getting new computers.

We decided that we should do something nice for our employees, so we let them all work from home.

There was so much excitement that we had a “party” at the office all night, the party spread to the people working from home too, how cool is that?

That wasn’t enough, so in the morning we decided to give a gift to our clients, hold time that increased by… zero percent, along with dedicated staff at their beck and call.

You want to know how we turned this lemon into lemonade? We planned for it. JMARK has developed a Backup and Disaster Recovery Plan as part of our SOC II audit, that is updated every 3 to 6 months. In that plan we detail out every scenario, configuration, procedures, people, vendors, contact information, and more… to guide us in any scenario.

Impact to the Operations

Everything is still secure, and our constant focus is still on our clients. We have to replace some equipment and furniture, but our planning and infrastructure make it easy for our employees to work from home, and of course our logging and security is still in place no matter where our employees work, so client security is always a priority.

What Controls are in Place

JMARK has a multitude of policies, processes, procedures, plans and controls in place to ensure that we maintain our business operations. Last night at 9:06 PM I sent an email out to our Executive Team, the Information Technology Steering and Security Committee, as well as a number of individuals that are dictated to be informed of the plan activation. This activation of the DR plan came after certain controls were triggered, which set in motion dozens of people working harmoniously to ensure the continuity of operations.

Anticipated Time Frame to When Normal Operations Resume

Our clients should not experience anything outside of their normal JMARK experience, other than maybe a cat or a dog in the background while on the phone with an employee working from home. I can’t lie and say everything will be perfect, but we are doing everything we can to keep it business as usual. Some clean-up work has to happen at our office and new furniture and other stuff procured. We do not know when this will all happen, but promise to continue to communicate and let everyone know how things are going. Tickets can continue to be put in the same they always have.

We are thankful that 100% of our employees are safe and accounted for. Thank you for the support, and please let us know how we can continue to server you better.

For questions related to the flood, please send an email to JMARK@www.jmark.com with the subject of “Flood.”

Todd Nielsen
Chief Strategy Officer
tnielsen@www.jmark.com

Business Continuity vs. Disaster Recovery – Are You Prepared?

Business Continuity – I.T. Services – Technology

Business Continuity vs. Disaster Recovery – What’s the Difference? Every business venture will eventually have obstacles they encounter that could potentially destroy their business. The question though, is are you going to prepare for them?business continuity

In order to know how to prepare for obstacles and make an informed decision about what is the best option for your company – on any particular problem – you need to understand the different options. In terms of data loss, whether it comes from a natural disaster, fire, theft, or something else; it’s important to understand the differences between business continuity and disaster recovery, and how using either one can affect your investment and productivity when you have a data loss encounter.

The Main Difference Between Recovery and Business Continuity:

In Southern Missouri, one of the things we deal with during the spring and summer months are tornadoes. If you had disaster recovery in place for your data, and a tornado hit your business and destroyed it, then disaster recovery would protect you data. Once your insurance paid for replacement computers and servers, we would be able to restore your data to that hardware.

If you had business continuity in place, even though your business place was destroyed, your data would be almost instantly available to continue operations, albeit possibly at a different location. Think of business continuity as the precautionary measures already set up so that business can continue operating.

The main difference between these methods is that business continuity is a plan of action for any obstacles that could prevent business from continuing, while disaster recovery is just the restoration of data once you have the equipment to access the data.

Business Continuity

The idea of business continuity requires that you have a plan and a set of guidelines to follow, so that when problems inevitably arise, they can be dealt with and production can continue in an orderly fashion.  There are three components to business continuity:

  1.  Resilience: A functioning business structure needs to be resilient in the case of data interruption. This calls for alternate locations and equipment if current equipment is destroyed. Functions and infrastructure should be designed for business to continue operating during disruptions.
  2.  Recovery: In the event that a disaster does happen and information goes missing, there should be a process to recover information, to alternate equipment or to the cloud.
  3.  Contingency: Before production ever starts there must be contingencies in place for varying aspects of business continuation. This might include: temporary staffing, staff working from homes or remotely, Contractors might need to be setup to provide needed services to your customers, and many other things. This is the backup plan and the goal should be for business to resume as soon as possible, potentially within hours, not days.

Disaster Recovery

Disaster recovery can be considered a sub-set of the business continuity plan.  The idea is that after a disaster has occurred, I.T. Services can be depended on to regroup information and restructure the I.T. side of the business.

Disaster Recovery could be thought of as the technical business functionality plan, dealing with hardware and data; while business continuity would be a fully encompassing plan that deals with every aspect of business operations and continuity of people being able to work. In these days. people are reliant on computers, so continuity.

Summary

It’s up to you to prepare your business for success. When it comes to technology, its up to us to help you explain what you need to do. Contact us today to learn more about I.T. Services, Technology how we can help in your business recovery and business continuity preparation.