Viewing entries in
IT Alerts

Everyday Human Error Can Affect Data Protection

Everyday Human Error Can Affect Data Protection

Are you under the impression that data loss is all about putting up firewalls to protect against evil cyber attacks? Some of the biggest sources of data loss include sloppiness, human error, and just plain forgetfulness.

What are some of the unglamorous things that we do every day that leave us vulnerable?

Passwords

Old or easy passwords are a good first example. Employees set up simple passwords that are easy to crack. More importantly, employees may share passwords, and many often fail to create new ones on a frequent basis. Both of these represent critical breakdowns of good data protection practices.

Emails

Another significant problem caused by bad judgement is the tendency of people to open phishing scams. Most everyone now knows about the Nigerian who wants to send money to your bank account, but many new scams come along everyday and people fall for them. This is such a serious source of virus infection that some companies now deliberately send out their own phishing email to teach workers not to open anything from an unknown source. (The employee who opens one of these gets a pop up screen that tells them they've been tricked and then offers guidelines for identifying bad emails.)

Browsing the Web

Bad websites. Yes, everyone has policies about internet use at work, but that doesn't mean people pay attention and don't visit places they shouldn't. Most significantly, a lot of those "sites they shouldn't visit" are far more likely to be infected than CNN, Ebay or Amazon!

Losing Your Belongings

And finally there is just old-fashioned forgetfulness. Phones left on a barstool. Or the bus. Sigh. There isn't much more to be said about this one.

SMB's: It is Hackers v. You - Don't let them score!

SMB's: It is Hackers v. You - Don't let them score!

Selling stolen IDs and other personal data is a lucrative trade for hackers. They are always looking for sources where vital information is stored. As a small to midsize business you store your client's personal information, collected from different sources, on your computers and servers. Your Point-of-sale (PoS) terminal and some website transactions can be completed by use of electronic banking, credit cards or debit cards only. Your customers have to key-in their pins or passwords to make payments. That information has to be saved. Also, depending on the kind of services or products you provide, you may be collecting Social Security numbers, addresses, driver's license numbers and DOBs of your clients. Information that personal is as important as it can get. Any source of that information is like a gold mine for a hacker. All this means only one thing for you: A data security nightmare.

Here are the channels hackers can use to break into your IT infrastructure

  • Your website: Hackers have become very sophisticated in cyber attacks on websites. They can access specific information by targeting websites that have the information they are looking for. For example, if they want only financial information about their victims, they can use tools that will fish for the websites that carry that kind of information. Implementation of web-based applications has made it easier for cyber criminals to connect to your website data base. They are able to find the loopholes and hack into systems. They can then access your customer's personal information, allowing them to steal from your clients by committing credit card and bank fraud. Or they can just sell your client's info on the Internet.
  • Your computers and servers: Your computers and servers are treasure-troves of information. By sending malware into your systems they can steal your admin passwords, and then login to your servers and other network devices. These hardware devices are the ultimate prize for cyber thieves because these devices not only hold important information about your clients, they also have all the information about your business and possibly about your vendors and associates. There is nothing about your business that these hackers don't know. Imagine how devastating this attack can be.
  • Mobile devices used by your employees: If you are one of those entities that allow their employees to use their mobile devices to conduct business, you have another security dimension to worry about. You don't know how secure their mobile phones, iPads, laptops or tablets are. You don't know how hard or easy their passwords are to crack. Breach of security into those devices will lead hackers right into your networks where they can steal data at will.
  • Unsecure Wi-Fi network: Most businesses keep their Wi-Fi networks well protected, but unsecured Wi-Fi is an open invitation to cyber criminals. If your Wi-Fi network is not secure, hackers are one step closer to breaking into your systems without even trying.
  • Your PoS systems: PoS systems are the prime targets for hackers who want to commit financial fraud. Cyber thieves know that PoS systems that come with pre-loaded software can be hacked using an unsecured Wi-Fi network. This fraud has a direct impact on an individual's finances because a hacker can make unauthorized credit card charges quickly and move on before anyone realizes what happened. Ruined credit can take years to mend.
  • Your emails: Email is another venue that hackers use to infect computers with malicious software. They send viruses that replicate themselves in the host computers, performing various tasks such as denial of service to the users of your systems, spamming your contacts and accessing data without authorization.

After reading this article you probably feel like you are in cyber warfare with hackers and your IT infrastructure is the battlefield. You are absolutely right. Hackers are relentless and they are devising new methods all the time to steal from businesses. But this is one fight you can't let them win. Protecting client data is not just a moral obligation. You are legally bound by the privacy laws to protect this information by all means. Breach in data security can ruin your reputation, and the financial liability to meet legal obligations may become too much to sustain.

So how do you fight this war against hackers getting your sensitive data?

Outsource your IT managed services to professionals who will monitor your networks 24/7 from a remote location. Your in-house IT management team may be able to fix problems, but it is important that proactive solutions are in place in case there is data loss as a result of a breach. Managed services can create solid data backup & recovery plans that will have your systems up and running quickly, so you can reduce downtime and protect your revenue.

Get The Best of Both Worlds The benefits of cloud-based IT services + the HIPAA compliance healthcare providers need

Get The Best of Both Worlds The benefits of cloud-based IT services + the HIPAA compliance healthcare providers need

In the healthcare sector, the storing and sharing of sensitive digitized patient data has become a significant undertaking and is a heavy burden on resources. Preparation for a complete conversion from paper medical records to electronic health records (EHR) by 2015 has independent practitioners and small healthcare entities making significant investments in equipment, hardware and software, and tech-savvy personnel.

Rather than focusing on the delivery of core patient care services, they must now worry about IT infrastructure issues, underlying network constraints and data center accessibility as well. This is problematic as very few medical offices or small health service organizations can afford to employ dedicated IT staff.

Recent modifications to the HIPAA Privacy, Security, Enforcement and Breach Rules have made it clearer that data center operators are to be classified as business associates under HIPAA. This means cloud-service providers are required by law to report and respond to data breaches and uphold their obligation to properly protect and secure patient info. These modifications are a game changer because they now assure covered entities such as doctor offices, hospitals, and health insurers that they can remain HIPAA compliant while adopting cloud technology.

Major Benefits of the Cloud for the Healthcare Sector ƒ

Security – Ironically, the biggest concern most healthcare entities have about taking to the cloud is one of its biggest strengths. Recent updates have made CSPs as responsible and liable for HIPAA compliance as the healthcare institutions that hire them. CSPs must ensure that data is encrypted, backed up, easily recoverable, and secured with permission-based access. 

Costs – Reduced costs are an incentive for healthcare entities to take to the cloud. Costs are dramatically cut since the cloud moves everything into a virtual environment, eliminating the need for costly hardware, software, maintenance, data center space, and IT labor. Payas-you-use fees requiring little-to-no capital investment replace these often overwhelming up-front capital expenses. 

Scalability – With the 2015 EHR conversion deadline nearing, and the fact that health service providers are generally required to maintain patient medical records for at least six years, it’s easy to anticipate that managing such a high volume of patient data will inevitably stress any on-site IT infrastructure. But the cloud presents a scalable alternative where additional server or storage capacity is available as needed. 

Mobility - The cloud improves a physician’s ability to remotely access readily available patient information. This enables even the busiest physician to review a patient’s medical records or test results even after they leave the office. 

Sharing – Cloud computing keeps physicians better connected to not just their patients but their colleagues as well. Patients will notice benefits to medical professionals being able to share patient information online – for example, referrals to specialists will be more timely, there will be less paperwork to fill out with each office visit, and no unnecessary repeat diagnostic tests. 

Are You Ready for This Transition?

The transition to cloud computing is underway in the industry. For healthcare service providers, it is no longer a question of if they will transition to the cloud, but when they can start benefiting from its potential savings and all of its capabilities. Healthcare is a heavily regulated industry and cloud computing will continue to evolve to meet the industry’s growing security requirements and regulatory mandates.

Many legitimate CSPs familiar with the healthcare sector already have strict security protocols in place to comply with regulations and will not hesitate to sign a BAA when asked. It is best to choose a CSP cautiously. Avoid any CSP who refuses to sign a BAA and carefully evaluate even those who do to get a feel for their stability, level of service, and delivery on promises. Taking care of people - not your IT infrastructure - is your core service. Why not put the money being spent right now on hardware, software and equipment back into patient care while actually strengthening patient data integrity and security? 

Is That Email a Phishing Scheme?

Is That Email a Phishing Scheme?

Research has revealed that over half of all users end up opening fraudulent emails and often even fall for them. Phishing is done with the aim of gathering personal information about you, generally related to your finances. The most common reason for the large number of people falling for fraudulent emails is that the phishing attempts are often so well-disguised that they escape the eyes of a busy email reader. Here are a few tips that help you identify whether that email really came from your bank or is another attempt at defrauding you…

1. They are asking for personal information – Remember, no bank or financial institution asks you to share your key personal information via email, or even phone. So, if you get an email where they ask for your ATM PIN or your e-banking password, something’s amiss.

2. The links seem to be fake – Phishing emails always contain links that you are asked to click on. You should verify if the links are genuine. Here are a few things to look for when doing that:

  • Disguised URLs – Sometimes, URLs can be disguised…meaning, while they look genuine, they ultimately redirect you to some fraudulent site. You can recognize the actual URL upon a mouse over, or by right clicking on the URL, and selecting the ‘copy hyperlink’ option and pasting the hyperlink on a notepad file. But, NEVER ever, paste the hyperlink directly into your web browser.
  • URLs with ‘@’ signs – If you find a URL that has an ‘@’ sign, steer clear of it even if it seems genuine. Browsers ignore URL information that precedes @ sign. That means, the URL www.bankofamerica.com@mysite.net will take you to mysite.net and not to any Bank of America page.

3. Other tell-tale signs – Apart from identifying fake URLs, there are other tell-tale signs that help you identify fraudulent emails. Some of these include:

  • Emails where the main message is in the form of an image, which, upon opening, takes you to the malicious URL.
  • Another sign is an attachment. Never open attachments from unknown sources as they may contain viruses that can harm your computer and network.
  • The message seems to urge you to do something immediately. Scammers often induce a sense of urgency in their emails and threaten you with consequences if you don’t respond. For example, threat of bank account closure if you don’t verify your ATM PIN or e-banking password.

Finally, get a good anti virus/email protection program installed. It can help you by automatically directing spam and junk mail into spam folders and deactivating malicious attachments.