November 11th is Veterans Day…
A day where we stand united to honor those who are currently serving and those who have served – those who sacrificed for the common good of our country.
And for all they’ve done, we say thank you.
Thank you to those who have and those who continue to place themselves in harrowing situations in the name of protecting our freedom.
However you’re planning on spending the day, remember to take a moment to think about these exceptional men and women.
Do you know where hackers are most likely to gain access to your private data? Discover the favorite entry points and how you can stop them.
It seems like every week that there are reports of another massive data breach hitting the news. The number of users affected is almost unimaginable. Cybercriminals accessed 983 million records at Verifications.Io and 885 million records at First American Financial Corp., alone. Its scary stuff, but what’s even more terrifying is the majority of compromised companies never show up in the papers.
During the first half of 2019, there an average of 30 data breaches per day. So, how are hackers stealing so many records so quickly? They have their ways.
1. Old Websites. The internet is a graveyard of abandoned and unprotected half-built sites which are the favorite hunting grounds for hackers who are on the lookout for easy and virtually risk-free hacking opportunities. Although it is true that most of these sites contain nothing more than a few email addresses and dummy accounts, every so often, a cybercriminal can strike goldmine. On occasion, legacy and demo sites for large businesses are still connected to the company’s servers and provide a nice backdoor to confidential data.
You can protect your business by completely removing old sites from online and limiting which sites have access to your servers.
2. Free Code. Many sites offer free code snippets that you can use for free on your website. All you have to do is download it and you can save hours of time and thousands of dollars. Good deal, right? Well, have you ever heard the Japanese saying, “There is nothing more expensive than something free?” When it comes to the code for your website, it is a motto you should take to heart. Using someone else’s free code for your company’s website could be the most expensive mistake you ever made. While clean, secure codes for free does exist online, the majority of what you will find is usually poorly written, and as solid as a sieve.
Stop hackers from using embedded backdoors in public code by not using it for mission-critical websites.
3. Unsecured Cloud Storage. Everyone is talking about the benefits of cloud computing and cloud storage, and it seems like businesses can’t wait to make the jump to working on the cloud. But before trusting your company’s confidential data to any third-party cloud storage solution, you better make sure the vendor has tight security. Many big-name companies like Facebook and Microsoft forgot to ensure their third-party vendors had the proper security, and the results were embarrassing and costly data breaches.
Carefully choose who you use for outsourcing and take an active role in protecting your data, even if it is hosted on a third-party’s server.
4. Unprotected APIs. Does your business use custom apps that utilize APIs? If the answer is yes, you may be exposing your confidential data to hackers without knowing it. While in-house app developers spend a great amount of time safeguarding your app itself, from exploits, the APIs you are using from an outside developer to power your app may be a gaping hole in your defense.
Review the end-user agreements for the APIs you use and conduct penetration tests to check for vulnerabilities.
In the end, protecting your data and the confidential information of your customers falls on your shoulders. No one can be perfect when it comes to online security, but every single business can do better.
Given how medical providers struggle with ensuring their data is safe, something had to be done to offer guidance. Read this blog about a new cybersecurity plan.
The picture archiving and communication system (PACS) is an ecosystem that stores images that are gathered from medical imaging technology. This ecosystem offers a convenient platform where medical providers can store and access these vital images. However, this ecosystem is vulnerable to cyberattacks.
In order to provide protection for this confidential data, the NIST National Cybersecurity Center of Excellence recently released proposed guidance to assist healthcare delivery organizations with securing their picture archiving and communication systems. In addition, they also released a project aimed at providing an example solution for building stronger security controls.
The guidance material called, Securing Picture Archiving and Communication System, includes aspects that help health organizations design an approach, architecture, and security elements for the PACS ecosystem, including easy-to-follow how-to guidance.
As image-making technologies have taken a gigantic leap over the last decade, now confidential data and vital imaging are uploaded in a digital format by providers across the globe. This adds a huge level of convenience and gives providers the ability to easily store and share this content. The systems that house these images and data are typically stored in image-intensive areas like the radiology department and are also uploaded to each patient’s electronic health record (EHR).
But as this process adds easier accessibility and organization in a digital format, including limiting the time to takes for doctors to make a diagnosis, the technology has also opened the door to more cyber threats. And many medical providers struggle with auditing user accounts and monitoring them properly to suspect any abnormal behavior. Medical providers also struggle with ensuring that data moves safely across the network and also with monitoring access by its users, which can lead to a drop in system performance.
With the project set forth by the NIST National Cybersecurity Center of Excellence, their goals include the following:
The ultimate goal here is to assist provider organizations with reducing the chance of a cyber breach or substantial data loss, while also minimizing any disruptions with their systems. This also puts emphasis on enabling quick access to imaging and important data without this confidential data becoming vulnerable to an attack, which also offers peace of mind for patient privacy.
So what makes these systems so vulnerable? This occurs from the broad capabilities of this technology. The PACS connectivity of the ecosystem works with a variety of different technologies that include medical imaging devices and other systems that help to manage and maintain archives of medical images. The role of PACS is to interact with medical imaging devices, connect with other clinical systems, and allow users from multiple locations to review images that lead to faster and higher quality patient care.
With such a broad spectrum of capabilities involved with the PACS ecosystem, the means a broad landscape for threat.
No matter how secure you may be right now, you could always be doing more. Have you double-checked your cybersecurity lately? Review the best practices below to strengthen your small business cybersecurity.
When everything is going well, the last thing you want to do is think about what will happen when something goes wrong. It’s not necessary to dwell on the potential for a security disaster though – you know that it’s a possibility, so let’s just leave it at that. What’s important about this is that you know to cover your bases.
No need to assume the worst – just plan for it, so you know you’re protected. As that old saying goes, “An ounce of prevention is worth a pound of cure”.
Do what you need to do to “prevent” now, so you don’t have to pay for the “cure” later.
Your firewall is your first line of defense for keeping your information safe.
A firewall is a particular type of solution that maintains the security of your network. It blocks unauthorized users from gaining access to your data. Firewalls are deployed via hardware, software, or a combination of the two.
A firewall inspects and filters incoming and outgoing data in the following ways:
Your staff can have a significant effect on your cybersecurity – either they know enough to keep your assets secure, or they don’t, and therefore present a serious threat to your security.
So, which is it? Do your employees and volunteers have the knowledge they need to spot cybercrime scams, avoid common pitfalls and keep your data secure?
If you’re not sure, then they may need training. Security awareness training helps your employees and volunteers know how to recognize and avoid being victimized by phishing emails and scam websites.
They learn how to handle security incidents when they occur. If your employees and volunteers are informed about what to watch for, how to block attempts and where they can turn for help, this alone is worth the investment.
How Do I Train My Employees For Cyber Security?
A comprehensive cybersecurity training program will teach your staff how to handle a range of potential situations:
Passwords remain a go-to tool for protecting your data, applications, and workstations.
They also remain a common cybersecurity weakness because of the careless way employees go about trying to remember their login information. Weak passwords are easy to compromise, and if that’s all that stands between your data in the cloud and in applications, you could be at serious risk for a catastrophic breach.
That’s why protecting your login processes with an additional layer of security – multi-factor authentication – is recommended. Multi-factor authentication requires the user to utilize two methods to confirm that they are the rightful account owner. It is an available security feature in many popular applications and software suites.
There are three categories of information that can be used in this process:
Implement Mobile Device Management and Bring Your Own Device policies that allow employees to use their own devices in combination with the business’ without compromising your security:
And don’t limit yourself to desktops, laptops, and phones – there’s more out there for you to take advantage of. Have you considered what the Internet of Things and wearable devices can do for workplace efficiency? Now’s the time to get on board – up to 20.4 billion IoT devices will be online by 2020.
This is one of the more basic steps on the list, but no less important. It can’t really be automated or outsourced to any technological aids; it’s just about doing the work. You need to have a carefully implemented process to track the lifecycle of accounts on your network.
Wi-Fi is a necessary part of doing business. Your staff cannot go without it, so it becomes your responsibility to make sure it’s secured, simple as that.
Your cybersecurity measures won’t amount to much if your laptops, tablets, smartphones and other devices are left out in the open for anyone to take.
It’s one thing for a cybercriminal to hack into your system remotely. It can be significantly easier if they’re doing so directly on a business device.
If you accept payment through credit and debit cards, make sure to follow established security policies and practices to mitigate any potential risks.
Financial fraud and access to confidential business data rank among scammers’ reasons for setting up fake profiles in Facebook identity theft schemes.
Right now, hundreds of people could be viewing your photos on Facebook — on an account that doesn’t belong to you. In recent years, Facebook identity theft has become a significant problem, leaving victims struggling to reclaim their rightful identities on the social media platform. What do you need to know, and how can you protect yourself?
Imagine receiving a sudden flurry of messages from friends and family members alerting you that someone is posing as you. After the initial shock, you might wonder why an individual would go to the trouble of setting up a fake profile that uses your name and other identifying details.
As banks and other financial institutions have become better at spotting fake identities, scammers have turned to using the identities of real people for a variety of purposes, including opening lines of credit and draining bank accounts. Setting up a Facebook profile can be one step in establishing ownership of an identity — especially if the scammer can manage to get the real identity owner locked out of their account in the process.
In addition to financial fraud, prospective scammers often have another goal in mind when they target specific individuals: access. Facebook identity thieves may target people in certain jobs — including CEOs, IT directors and human resources managers — because of their valuable access to data, people and financial resources.
By posing as a key executive in an organization, an identity thief may hit the jackpot by gaining access to computer systems that hold confidential customer data, employee Social Security and bank account numbers, or proprietary information. Scammers may set up a fake profile in your name as part of a social-engineering scheme designed to persuade your Facebook contacts to turn over information or access.
To help lock down your Facebook account and prevent identity theft, consider adjusting your privacy settings to control who can view your photos and posts. Allowing everyone — or even friends of your friends — to see your information can make you vulnerable to identity theft.
Avoid accepting friend requests from unfamiliar people, and use caution when posting photos; think twice before posting images that include your driver’s license or other documents with identifying information. In addition, consider setting your profile to unsearchable.
What if someone has stolen your identity on Facebook? If you receive a friend request from someone who already is on your friends list, you may be the victim of identity theft. You should take immediate action by reporting the suspect profile if you discover that someone is using your name, photo or other identifying details. In the event that an impostor reports your account as fraudulent and has you blocked, you may need to ask a friend to report the incident for you.
Happy Halloween!
What better time than now to tell some scary stories?
Ok, so they’re not “scary stories” per se, but facts that will alarm AND spook you.
Take action to protect against cybercrime. Hit the reply button to schedule your free cybersecurity consultation with us.
In the meantime, have fun this year, whether you’re taking the kids out trick-or-treating or heading to a few parties.
Have a great day!
Discover why it’s important that your managed services provider develops a regular communications schedule with each customer and what messages to convey.
Managed services providers (MSPs) know that customer retention is a critical element of business success.
Communicating with your MSP customers is a must. But knowing how, when and what to communicate makes a difference.
The frequency of communication is as much an art as it is a science. There may be some customers, especially those who are new, in the midst of a major project or in the throes of strategic planning, when more frequent contact and communication is necessary.
Face-to-face communication is the most effective means of communication, allowing for both a better give-and-take and a clearer interpretation of body language.
Ideally, you’ll schedule at least monthly in-person communication with your customers, meeting both with principals and other employees to understand what’s working and what could be improved. This communication, which includes a healthy dose of active listening, helps your customers feel heard, valued and respected, even if it’s an informal conversation over coffee and doughnuts.
Your customers look to you as more than a service provider. You’re also a valued advisor. You want your communications to have several elements that can bring value to your customers and how they perceive their relationship with you. These do not need to be a sales pitch, and usually should not be, but rather opportunities to demonstrate your expertise and insights, including:
Value-added conversations that help your customers think in new ways are a powerful way of deepening customer relationships.
One of the greatest outcomes of better customer communication is the opportunity to reinforce high-value and valuable services that are already being used or possible. Your communication should regularly reinforce some of the core values of working with a managed services provider. Driving these points home helps to make renewals, upgrades and the purchase of new services much easier.
Those key points are small reminders of why it makes sense for your customers to work with you, including:
A strategic approach to customer communications pays major dividends with regular, trusted and valued discussions.
Now may be a good time to invite in cybersecurity specialists to evaluate your system and recommend ways to avoid cyber threats in 2020.
Techradar gurus predict that 2020 cyber threats will look a lot like the cast of characters responsible for many of the breaches that have occurred over the past few years. Here’s what to avoid in the coming year:
Email remains a major entry point for hackers. Credential theft, business email compromise and malware are likely to thwart the efforts of countless network administrators. Here are the areas that are most vulnerable to attack and what to do about it:
Ransomware incidents account for a third of attacks that have the biggest impact. Ransomware causes considerable disruption from financial losses to systems unavailability. Recovery usually takes 5-10 days, with many weeks of validation and cleanup to follow.
For network admins, ransomware attacks often occur after hours or on weekends. Along with upgrades and patching, you should expect to spend more hours testing solutions that arise, such as firewall updates and advanced security protocols.
Despite the lightning-fast pace of technology, it seems like old enemies will continue showing up where they’re least wanted. Brute force logins, PowerShell and RDP attacks and credential stuffing are not yet things of the past.
However, the battlefield may well move to the cloud, as more businesses migrate to off-premise data storage and application support. To prepare for this new wave of cyberattacks, ensure that your security team or managed service provider has visibility and control over your SaaS, IaaS and PaaS systems.
With the new year looming, now may be a good time to invite in cybersecurity specialists, who can evaluate your system and recommend ways to improve your network’s security and performance.
Fitbit, a leader in health and technology, has recently introduced a new digital product to help individuals reach their goals faster with a more manageable approach.
Fitbit Care is a combination of the company’s popular fitness tracking devices with a new health coaching platform that addresses everything from wellness and prevention to chronic conditions and complex care management. Designed to promote wellness and improve disease management and prevention with tailored health and wellness services for a more personalized application. This exciting new enterprise attained through the acquisition of Twine Health, a small Boston-based software startup, will continue to support the fitness tracking Fitbit is known for while also addressing services like medication adherence, smoking cessation and managing chronic conditions.
Fitbit Care will be offered via the company’s business-to-business unit, Fitbit Health Solutions. Following in the footsteps of Apple and Amazon as they move into the healthcare system the health coaching platform was designed for integration into organizations with healthcare professionals on staff or businesses that include health plans, workforce health providers, and health systems. The Fitbit Care approach focuses on key tenets of behavioral psychology and learning science as the core principles of the application. By putting people at the center of their own health journey it offers personalized care with more sustainable behavior changes with offers better long-term results. at the core of the experience. Users enrolled in the care plans also have access to health coaches, who will offer personalized fitness and exercise plans along with other wellness advice. The coaching sessions are offered through remote communication and face-to-face meetings. Individuals who are enrolled in the health coaching component of Fitbit will have access to the new Fitbit Plus app, which allows users to track metrics including blood glucose, blood pressure, and medication adherence, both from Fitbit and other third-party connected devices. The social component of connecting through groups also encourages healthy behavior as users keep each other accountable, motivated and encouraged as they exercise together in social groups. This enables an entire team to participate in the health coaching experience.
According to the Fitbit Care website clients have seen dramatic increases in coach panel size, often upwards of 300% in some cases. The main goal is for users to have the ability to connect with their doctors through the Fitbit Care platform. This new premium fitness coaching feature will allow doctors to have the ability to check on a user’s daily metrics and stay up-to-date on the effectiveness of the treatment for specific issues. Essentially, Fitbit wants to be the one place everyone connects over health and supporting patients beyond the walls of the doctor’s office is a big step in this direction by providing accountability, support, guidance and resources that remove some of the most difficult barriers in healthcare outcomes.
Microsoft will end its support for Windows 7 soon. Learn how this will affect your healthcare organization and what you can do to prevent security problems.
Between the years 2009 and 2018, 189,945,874 healthcare records were either stolen or exposed because of cybersecurity breaches.
If that sounds like a lot, that’s because it is. In fact, “it equates to more than 59% of the population of the United States,” according to HIPAA Journal. Obviously, among healthcare organizations, cybersecurity has become a serious concern.
And it’s about to get worse.
In only a few months, the operating system that nearly all healthcare organizations in the United States utilize — Windows 7 — will lose support from its manufacturer, Microsoft.
Microsoft calls this the “end-of-life” for Windows 7, and it’s going to happen on January 14, 2020. The change will affect all businesses and individuals who are currently operating the Windows 7 OS, but healthcare organizations are especially at risk. That’s because this loss of support also means that the majority of Windows 7 medical devices will be running an outdated and unprotected version of Windows.
Fortunately, healthcare organizations can make changes now to avoid serious operating system and security problems in January of 2020 We’ll discuss how to transition to Windows 10 (the most up-to-date Microsoft operating system) in a moment. For now, let’s discuss what it really means that Windows 7 is losing support from Microsoft.
What Do “End-of-Life” and “Loss of Support” Really Mean?
“End-of-life” is the term Microsoft specifically uses to define the period when they will no longer provide software support for a specific application or piece of software. It’s the same as “loss of support.”
Both terms mean that “Microsoft will no longer provide the following:
Why Would Continuing to Use Windows 7 Be Bad?
Most of the precautions surrounding Windows 7’s end-of-life revolve around cybersecurity.
Though you may not have realized it, for the past ten years, Microsoft has been constantly working on the security, efficiency, and fluidity of its Windows 7 operating system. The Microsoft team constantly provides updates and upgrades for Windows 7 users. Moreover, it monitors and troubleshoots possible cybersecurity issues, catching issues and breaches before they start.
Often, these patches and updates are keeping you and your healthcare organization from being breached by cybercriminals who would love to steal your money or get their hands on your data and hold it for ransom.
When Microsoft ends their support, this dam they’ve been maintaining goes away, and the influx of cybersecurity troubles may very well be at your doorstep as soon as the first day of the end of support.
How Can You Maintain Security Within your Healthcare Organization as the End-of-Life Day for Windows 7 Nears?
If your healthcare organization is still using Windows 7, you’re safe for now. But it’s time to start the transition to Windows 10 — Microsoft’s latest OS. You’ll want to start this shift as soon as possible as the change can instigate a sizable change in pace for your business and a considerable amount of expenses as well.
A good place to start is with your managed services provider. The designated IT specialists within your healthcare establishment will be able to help you transition smoothly and seamlessly from Windows 7 to Windows 10.
