Viewing entries in
Cybersecurity

Understand How Data Losses Happen – In Order to Prevent Them!

Understand How Data Losses Happen – In Order to Prevent Them!

Small business owners are often worried about data loss. Rightly so, because data loss has the potential to wipe out a business. We have identified the most common forms of data loss so you can see how they fit into your business and assess the risks related to each of these pitfalls.

1. Human Error – Human error – by way of unintentional data deletion, modification, and overwrites – has become much more prevalent in recent years. Much of this is the result of carelessly managed virtualization technology. While virtualization and cloud computing have enabled improved business continuity planning for many businesses and organizations, humans must still instruct this technology how to perform. The complexity of these systems often presents a learning curve that can involve quite a bit of trial and error. For instance, a support engineer may accidentally overwrite the backup when they forget to power off the replication software prior to formatting volumes on the primary site. They will be sure to never do that ever again, but preventing it from happening in the first place would be more ideal.

2. File Corruption – Unintended changes to data can occur during writing, reading, storage, transmission and processing – making the data within the file inaccessible. Software failure is a leading cause of data loss and is typically the result of bugs in the code. Viruses and malware can also lead to individual data files being deleted and hard drive partitions being damaged or erased.

3. Hardware Failure – Storage devices may be at risk due to age, or they may fall victim to irreparable hard-disk failure. Viruses and hackers can also potentially shut down a hard drive by inserting undeletable malicious code and huge files via open, unprotected ports. If these malicious programs cannot be deleted, the entire hard drive may have to be reformatted, wiping out all the data.

4. Catastrophic Events/Theft – The threat of catastrophic events such as fire, flooding, lightning and power failure is always a concern. Such events can wipe out data in a millisecond with no warning. Theft is also a data loss risk that companies must address. While advances in technology like anytime/anywhere connectivity, portability and the communication/information sharing capabilities of social media and crowdsourcing have revolutionized business – the risk for theft is even greater due to this increased accessibility. More people are doing daily business on their laptop, iPad and mobile phones. They are also carrying around portable media like thumb drives, USB sticks and CDs. Physical theft of any of these devices can spell big trouble.

Data loss is as unique as the various sources from which it comes. The key is to identify the areas in which your business is weak and work towards a mitigation plan for each one of them. An MSP can act as a trusted partner in such cases, holding your hand through the process of safeguarding your data.

Everyday Human Error Can Affect Data Protection

Everyday Human Error Can Affect Data Protection

Are you under the impression that data loss is all about putting up firewalls to protect against evil cyber attacks? Some of the biggest sources of data loss include sloppiness, human error, and just plain forgetfulness.

What are some of the unglamorous things that we do every day that leave us vulnerable?

Passwords

Old or easy passwords are a good first example. Employees set up simple passwords that are easy to crack. More importantly, employees may share passwords, and many often fail to create new ones on a frequent basis. Both of these represent critical breakdowns of good data protection practices.

Emails

Another significant problem caused by bad judgement is the tendency of people to open phishing scams. Most everyone now knows about the Nigerian who wants to send money to your bank account, but many new scams come along everyday and people fall for them. This is such a serious source of virus infection that some companies now deliberately send out their own phishing email to teach workers not to open anything from an unknown source. (The employee who opens one of these gets a pop up screen that tells them they've been tricked and then offers guidelines for identifying bad emails.)

Browsing the Web

Bad websites. Yes, everyone has policies about internet use at work, but that doesn't mean people pay attention and don't visit places they shouldn't. Most significantly, a lot of those "sites they shouldn't visit" are far more likely to be infected than CNN, Ebay or Amazon!

Losing Your Belongings

And finally there is just old-fashioned forgetfulness. Phones left on a barstool. Or the bus. Sigh. There isn't much more to be said about this one.

SMB's: It is Hackers v. You - Don't let them score!

SMB's: It is Hackers v. You - Don't let them score!

Selling stolen IDs and other personal data is a lucrative trade for hackers. They are always looking for sources where vital information is stored. As a small to midsize business you store your client's personal information, collected from different sources, on your computers and servers. Your Point-of-sale (PoS) terminal and some website transactions can be completed by use of electronic banking, credit cards or debit cards only. Your customers have to key-in their pins or passwords to make payments. That information has to be saved. Also, depending on the kind of services or products you provide, you may be collecting Social Security numbers, addresses, driver's license numbers and DOBs of your clients. Information that personal is as important as it can get. Any source of that information is like a gold mine for a hacker. All this means only one thing for you: A data security nightmare.

Here are the channels hackers can use to break into your IT infrastructure

  • Your website: Hackers have become very sophisticated in cyber attacks on websites. They can access specific information by targeting websites that have the information they are looking for. For example, if they want only financial information about their victims, they can use tools that will fish for the websites that carry that kind of information. Implementation of web-based applications has made it easier for cyber criminals to connect to your website data base. They are able to find the loopholes and hack into systems. They can then access your customer's personal information, allowing them to steal from your clients by committing credit card and bank fraud. Or they can just sell your client's info on the Internet.
  • Your computers and servers: Your computers and servers are treasure-troves of information. By sending malware into your systems they can steal your admin passwords, and then login to your servers and other network devices. These hardware devices are the ultimate prize for cyber thieves because these devices not only hold important information about your clients, they also have all the information about your business and possibly about your vendors and associates. There is nothing about your business that these hackers don't know. Imagine how devastating this attack can be.
  • Mobile devices used by your employees: If you are one of those entities that allow their employees to use their mobile devices to conduct business, you have another security dimension to worry about. You don't know how secure their mobile phones, iPads, laptops or tablets are. You don't know how hard or easy their passwords are to crack. Breach of security into those devices will lead hackers right into your networks where they can steal data at will.
  • Unsecure Wi-Fi network: Most businesses keep their Wi-Fi networks well protected, but unsecured Wi-Fi is an open invitation to cyber criminals. If your Wi-Fi network is not secure, hackers are one step closer to breaking into your systems without even trying.
  • Your PoS systems: PoS systems are the prime targets for hackers who want to commit financial fraud. Cyber thieves know that PoS systems that come with pre-loaded software can be hacked using an unsecured Wi-Fi network. This fraud has a direct impact on an individual's finances because a hacker can make unauthorized credit card charges quickly and move on before anyone realizes what happened. Ruined credit can take years to mend.
  • Your emails: Email is another venue that hackers use to infect computers with malicious software. They send viruses that replicate themselves in the host computers, performing various tasks such as denial of service to the users of your systems, spamming your contacts and accessing data without authorization.

After reading this article you probably feel like you are in cyber warfare with hackers and your IT infrastructure is the battlefield. You are absolutely right. Hackers are relentless and they are devising new methods all the time to steal from businesses. But this is one fight you can't let them win. Protecting client data is not just a moral obligation. You are legally bound by the privacy laws to protect this information by all means. Breach in data security can ruin your reputation, and the financial liability to meet legal obligations may become too much to sustain.

So how do you fight this war against hackers getting your sensitive data?

Outsource your IT managed services to professionals who will monitor your networks 24/7 from a remote location. Your in-house IT management team may be able to fix problems, but it is important that proactive solutions are in place in case there is data loss as a result of a breach. Managed services can create solid data backup & recovery plans that will have your systems up and running quickly, so you can reduce downtime and protect your revenue.

Get The Best of Both Worlds The benefits of cloud-based IT services + the HIPAA compliance healthcare providers need

Get The Best of Both Worlds The benefits of cloud-based IT services + the HIPAA compliance healthcare providers need

In the healthcare sector, the storing and sharing of sensitive digitized patient data has become a significant undertaking and is a heavy burden on resources. Preparation for a complete conversion from paper medical records to electronic health records (EHR) by 2015 has independent practitioners and small healthcare entities making significant investments in equipment, hardware and software, and tech-savvy personnel.

Rather than focusing on the delivery of core patient care services, they must now worry about IT infrastructure issues, underlying network constraints and data center accessibility as well. This is problematic as very few medical offices or small health service organizations can afford to employ dedicated IT staff.

Recent modifications to the HIPAA Privacy, Security, Enforcement and Breach Rules have made it clearer that data center operators are to be classified as business associates under HIPAA. This means cloud-service providers are required by law to report and respond to data breaches and uphold their obligation to properly protect and secure patient info. These modifications are a game changer because they now assure covered entities such as doctor offices, hospitals, and health insurers that they can remain HIPAA compliant while adopting cloud technology.

Major Benefits of the Cloud for the Healthcare Sector ƒ

Security – Ironically, the biggest concern most healthcare entities have about taking to the cloud is one of its biggest strengths. Recent updates have made CSPs as responsible and liable for HIPAA compliance as the healthcare institutions that hire them. CSPs must ensure that data is encrypted, backed up, easily recoverable, and secured with permission-based access. 

Costs – Reduced costs are an incentive for healthcare entities to take to the cloud. Costs are dramatically cut since the cloud moves everything into a virtual environment, eliminating the need for costly hardware, software, maintenance, data center space, and IT labor. Payas-you-use fees requiring little-to-no capital investment replace these often overwhelming up-front capital expenses. 

Scalability – With the 2015 EHR conversion deadline nearing, and the fact that health service providers are generally required to maintain patient medical records for at least six years, it’s easy to anticipate that managing such a high volume of patient data will inevitably stress any on-site IT infrastructure. But the cloud presents a scalable alternative where additional server or storage capacity is available as needed. 

Mobility - The cloud improves a physician’s ability to remotely access readily available patient information. This enables even the busiest physician to review a patient’s medical records or test results even after they leave the office. 

Sharing – Cloud computing keeps physicians better connected to not just their patients but their colleagues as well. Patients will notice benefits to medical professionals being able to share patient information online – for example, referrals to specialists will be more timely, there will be less paperwork to fill out with each office visit, and no unnecessary repeat diagnostic tests. 

Are You Ready for This Transition?

The transition to cloud computing is underway in the industry. For healthcare service providers, it is no longer a question of if they will transition to the cloud, but when they can start benefiting from its potential savings and all of its capabilities. Healthcare is a heavily regulated industry and cloud computing will continue to evolve to meet the industry’s growing security requirements and regulatory mandates.

Many legitimate CSPs familiar with the healthcare sector already have strict security protocols in place to comply with regulations and will not hesitate to sign a BAA when asked. It is best to choose a CSP cautiously. Avoid any CSP who refuses to sign a BAA and carefully evaluate even those who do to get a feel for their stability, level of service, and delivery on promises. Taking care of people - not your IT infrastructure - is your core service. Why not put the money being spent right now on hardware, software and equipment back into patient care while actually strengthening patient data integrity and security?