Your session has expired.

Your authenticated session has expired due to inactivity. You can close this message and continue as a guest or log in again before proceeding.

NEXT GENERATION COMMUNICATIONS


    Specified user is not valid
    Publish
     
      • How Communication Can Help Address Hospital Violence

        Published Dec 09 2016, 9:06 PM by Ross Venhuizen
        • Healthcare

        services-camden-sc-ems-tablet-frank-lawlor-CZ4U9956Most patients would never imagine that the professionals who tend to their maladies are at great risk of injury themselves. From 2012-2014 alone, violent crimes in hospitals rose 40%, and more than 10,000 of those incidents directly targeted hospital employees. In response to the rise in hospital violence, hospital security guards are increasingly adopting firearms as a method of protection. In 2011, 15% of hospitals in a Health Facilities Management survey stated their security officer carried a firearm. By 2014, that number had risen to 52%.

        Despite deploying more weapons to security teams, violence in the hospital environment continues to escalate, demanding alternate solutions.

        When nurses and doctors have no path of communication with security guards, a bad situation can quickly turn ugly. By the time security arrives, the patient is often already agitated and a bad situation can become worse. By allowing staff members to communicate effortlessly, security can arrive prepared. They can have a better understanding of the situation at hand and be able to address violence before it occurs. Fortunately, hospitals can now enable their employees to communicate throughout their organization to speed security team response and possibly defuse violent situations.

        WAVE Work Group Communications is a push-to-talk (PTT) solution that connects users on any device - radio, smartphone, tablet, desktop or telephone - to secure talkgroups. WAVE makes it easy for doctors, nurses, hospital and facilities staff, and security guards to communicate on a secure PTT channel using the same devices they are already carrying - they no longer need a radio to connect to radio users. WAVE's simple display allows an entire staff to easily stay connected on a secure network.

        WAVE’s desktop and browser-based console applications enhance communications among teams, whether in their office or on-the-go. Providing hospital employees with the opportunity to communicate with each other immediately - regardless of location - enables them to contact security guards or staff on the scene who can in turn react more swiftly. Improved security and patient and provider safety is only a push away.

        Visit www.motorolasolutions.com/wave to learn more about how WAVE can help get every device, every network and every team to connect like never before.

        Ross Venhuizen is the WAVE Global Marketing Specialist for Motorola Solutions.

         

      • Understanding, Preventing, and Detecting Business Email Compromise Scams

        Published Dec 09 2016, 9:06 PM by Lesley Carhart

        It’s 6 AM. Your organization’s finance director gets an urgent email purportedly from the CEO, requesting he wire transfer $600,000 to an overseas account to make an overdue payment. The CEO hardly ever emails him directly, and she’s counting on him to fix a bad situation. He blearily responds and completes the transfer. Three hours later, he discovers the transfer was a scam, and the money might not be recoverable…

        If this were your organization, you would be only one of thousands of organizations to fall victim to this type of scam. By April 2016, the FBI had already tracked $2.3 billion USD of reported losses to Business Email Compromise (B.E.C.) scams. How do these scams work? What do they look like? And more importantly, how can you detect and prevent them as an organization?

        Scammers need to choose a target in a position of authority sufficient to move money or sensitive tax records, yet still capable of being intimidated by a higher level executive like a CEO or CFO. Unfortunately for companies, these victims are often easily found because they chose to list their employer, position, and responsibilities on social media sites like LinkedIn. Corporate websites that contain leadership bios can also be a goldmine for bad guys. An ideal target is a finance or HR manager - people who might be able to authorize a large transaction or access personnel files outside of business hours without any oversight.

        Once the scammers have chosen a target, they choose a high level executive in the company who they will “spoof”, or pretend to be. They will need to send an email pretending to be this person to a victim, and attempt to strong-arm him or her into providing money or data through intimidation and a sense of urgency. Once again, it’s fairly trivial for scammers to locate data about an organization’s CEO, CFO, or Director. The more data that is freely available on the internet, the easier it is for scammers to make a fake email look authentic. If they find a signature block for the person, or their real contact information, the email can be made to look quite real.

        The scammers then craft a phishing email. The messages tend to be short and to the point – they address the target by name, state that it is of utmost urgency that he or she respond immediately, and may include a brief story describing why the request must be done quietly. All of these factors pressure the target into completing the transaction without informing management or following proper procedures. In certain instances, the “executive” may specify a go-between who will contact the target on their behalf. Often, the go-between is an attorney whose name and contact information has been appropriated for the purpose of the scam.

        The scammers ensure the phishing email appears to come from the selected executive. There are three common methods in which they do this: The first is changing the “from” address in the message to the executive’s real email, while leaving a hidden “reply-to” field as the scammer’s mailbox. In many email clients, message details must be manually viewed to catch this trick. The second is registering a domain name a letter or two off from the organization’s, which looks correct unless it is read very carefully. The third and least common is actually gaining access to the executive’s mailbox via hacking or malware.

        An example message might read like this:

        From: Tony Jackson – CFO (tony.jackson@example.com)
        To: Emily Lee- Accounting (emily.lee@example.com)
        Reply-To: (tonyjacksoncfo@webmail.example)
        Subject: Request

        Emily,
        I’ve got something important I need you to work on promptly. Over the next few days we will be completing an acquisition I have been working on for the last couple of months. We are required to make a deposit payment ASAP please. It’s important you understand this acquisition needs to remain private. I will brief you more about this later. What details will be needed to process the payment?

        Regards,
        Tony Jackson
        CFO
        (212) 555 0235
        Sent from iphone

        Notice that unlike traditional phishing emails, there are few red flags in this message. It looks pretty authentic. Unless Emily (or her IT team) tells her email client to show the “reply-to” address, she will likely never see that the message was not truly sent from her CFO. Additionally, if Emily rarely gets messages directly from an executive, she could be really intimidated.

        Here are 10 suggestions from Motorola Solutions Managed Security Services for preventing and detecting B.E.C. phishing:

        1. Train and encourage your employees to report suspicious messages to somebody who can review them and respond in a timely manner.
        2. Establish a social media policy for employees, and monitor what organizational data is publicly posted on the internet.
        3. Ensure that employees in sensitive positions are aware of B.E.C. campaigns.
        4. Have your IT department label all emails which come from outside your organization as “EXTERNAL”. Most mail servers support this, and the label can be added to the subject line or message body.
        5. Have your IT department deploy email digital signatures if possible.
        6. Ensure there is always a set, non-email procedure completed every time a large money or sensitive data transfer is completed.
        7. Have your IT department enable two-factor authentication to protect web mail accounts.
        8. If possible, have your IT department quarantine all emails which spoof your domain name.
        9. Use humans and technical controls to monitor for unusual emails (does your U.S.-based executive ever close a message “Regards”? Does he or she send emails to Finance at 2AM?) B.E.C. emails are more sophisticated than an average phish, so small anomalies can be important to notice.
        10. Use a brand monitoring service to alert your IT team if look-alike or “typo squatting” domains close to your organization’s are registered.


        The FBI advises the following if you believe your organization has been the victim of a B.E.C. scam:

        • Contact your financial institution immediately
        • Request that they contact the financial institution where the fraudulent transfer was sent
        • File a complaint—regardless of dollar loss—with the IC3.

        Lesley Carhart is Incident Response Lead, Security Operations Center at Motorola Solutions