Category: Uncategorized

Now may be a good time to invite in cybersecurity specialists to evaluate your system and recommend ways to avoid cyber threats in 2020.  

Techradar gurus predict that 2020 cyber threats will look a lot like the cast of characters responsible for many of the breaches that have occurred over the past few years. Here’s what to avoid in the coming year:

• Email fraud
• Ransomware attacks
• More attacks on cloud environments

What Email Vulnerabilities Will Be Exploited?

Email remains a major entry point for hackers. Credential theft, business email compromise and malware are likely to thwart the efforts of countless network administrators. Here are the areas that are most vulnerable to attack and what to do about it:

• Credential theft is the most effective way to gain access to secured databases. Targeted and mass-mailed attacks are equally effective. It only takes two or three people falling victim to attacks to pave the way for additional phishing emails disguised as trusted senders. It’s important to find out if your company can identify compromised credentials and block phishing emails.
• Business email compromise is sometimes an advanced form of credential theft, with attackers posing as known senders. Attackers also insert themselves into email conversations from internal or external sources. They can then modify key data, such as bank routing information. Some companies have lost millions this way. To protect your company, offer user training to show employees how to avoid suspicious emails.
• Dropping bots and malware: people still attach documents, such as invoices and shipping notices, to emails. Does your company have controls around email to identify and block malware attachments, disguised as legitimate documents?

Will Ransomware Attacks Continue?

Ransomware incidents account for a third of attacks that have the biggest impact. Ransomware causes considerable disruption from financial losses to systems unavailability. Recovery usually takes 5-10 days, with many weeks of validation and cleanup to follow.

For network admins, ransomware attacks often occur after hours or on weekends. Along with upgrades and patching, you should expect to spend more hours testing solutions that arise, such as firewall updates and advanced security protocols.

What Old Tricks Will Be Targeted at Cloud Environments?

Despite the lightning-fast pace of technology, it seems like old enemies will continue showing up where they’re least wanted. Brute force logins, PowerShell and RDP attacks and credential stuffing are not yet things of the past.

However, the battlefield may well move to the cloud, as more businesses migrate to off-premise data storage and application support. To prepare for this new wave of cyberattacks, ensure that your security team or managed service provider has visibility and control over your SaaS, IaaS and PaaS systems.

With the new year looming, now may be a good time to invite in cybersecurity specialists, who can evaluate your system and recommend ways to improve your network’s security and performance.

Fitbit, a leader in health and technology, has recently introduced a new digital product to help individuals reach their goals faster with a more manageable approach.

Fitbit Care is a combination of the company’s popular fitness tracking devices with a new health coaching platform that addresses everything from wellness and prevention to chronic conditions and complex care management. Designed to promote wellness and improve disease management and prevention with tailored health and wellness services for a more personalized application. This exciting new enterprise attained through the acquisition of Twine Health, a small Boston-based software startup, will continue to support the fitness tracking Fitbit is known for while also addressing services like medication adherence, smoking cessation and managing chronic conditions.

Fitbit Care will be offered via the company’s business-to-business unit, Fitbit Health Solutions. Following in the footsteps of Apple and Amazon as they move into the healthcare system the health coaching platform was designed for integration into organizations with healthcare professionals on staff or businesses that include health plans, workforce health providers, and health systems. The Fitbit Care approach focuses on key tenets of behavioral psychology and learning science as the core principles of the application. By putting people at the center of their own health journey it offers personalized care with more sustainable behavior changes with offers better long-term results. at the core of the experience. Users enrolled in the care plans also have access to health coaches, who will offer personalized fitness and exercise plans along with other wellness advice. The coaching sessions are offered through remote communication and face-to-face meetings. Individuals who are enrolled in the health coaching component of Fitbit will have access to the new Fitbit Plus app, which allows users to track metrics including blood glucose, blood pressure, and medication adherence, both from Fitbit and other third-party connected devices. The social component of connecting through groups also encourages healthy behavior as users keep each other accountable, motivated and encouraged as they exercise together in social groups. This enables an entire team to participate in the health coaching experience.

According to the Fitbit Care website clients have seen dramatic increases in coach panel size, often upwards of 300% in some cases. The main goal is for users to have the ability to connect with their doctors through the Fitbit Care platform. This new premium fitness coaching feature will allow doctors to have the ability to check on a user’s daily metrics and stay up-to-date on the effectiveness of the treatment for specific issues. Essentially, Fitbit wants to be the one place everyone connects over health and supporting patients beyond the walls of the doctor’s office is a big step in this direction by providing accountability, support, guidance and resources that remove some of the most difficult barriers in healthcare outcomes.

Top Ways to Handle the End of Windows 7 in the Healthcare Industry

Microsoft will end its support for Windows 7 soon. Learn how this will affect your healthcare organization and what you can do to prevent security problems.  

Between the years 2009 and 2018, 189,945,874 healthcare records were either stolen or exposed because of cybersecurity breaches.

If that sounds like a lot, that’s because it is. In fact, “it equates to more than 59% of the population of the United States,” according to HIPAA Journal. Obviously, among healthcare organizations, cybersecurity has become a serious concern.

And it’s about to get worse.

In only a few months, the operating system that nearly all healthcare organizations in the United States utilize — Windows 7 — will lose support from its manufacturer, Microsoft.

Microsoft calls this the “end-of-life” for Windows 7, and it’s going to happen on January 14, 2020. The change will affect all businesses and individuals who are currently operating the Windows 7 OS, but healthcare organizations are especially at risk. That’s because this loss of support also means that the majority of Windows 7 medical devices will be running an outdated and unprotected version of Windows.

Fortunately, healthcare organizations can make changes now to avoid serious operating system and security problems in January of 2020 We’ll discuss how to transition to Windows 10 (the most up-to-date Microsoft operating system) in a moment. For now, let’s discuss what it really means that Windows 7 is losing support from Microsoft.

What Do “End-of-Life” and “Loss of Support” Really Mean?

“End-of-life” is the term Microsoft specifically uses to define the period when they will no longer provide software support for a specific application or piece of software. It’s the same as “loss of support.”

Both terms mean that “Microsoft will no longer provide the following:

• Technical support for any issues
• Software updates
• Security updates or fixes”

Why Would Continuing to Use Windows 7 Be Bad?

Most of the precautions surrounding Windows 7’s end-of-life revolve around cybersecurity.

Though you may not have realized it, for the past ten years, Microsoft has been constantly working on the security, efficiency, and fluidity of its Windows 7 operating system. The Microsoft team constantly provides updates and upgrades for Windows 7 users. Moreover, it monitors and troubleshoots possible cybersecurity issues, catching issues and breaches before they start.

Often, these patches and updates are keeping you and your healthcare organization from being breached by cybercriminals who would love to steal your money or get their hands on your data and hold it for ransom.

When Microsoft ends their support, this dam they’ve been maintaining goes away, and the influx of cybersecurity troubles may very well be at your doorstep as soon as the first day of the end of support.

How Can You Maintain Security Within your Healthcare Organization as the End-of-Life Day for Windows 7 Nears?

If your healthcare organization is still using Windows 7, you’re safe for now. But it’s time to start the transition to Windows 10 — Microsoft’s latest OS. You’ll want to start this shift as soon as possible as the change can instigate a sizable change in pace for your business and a considerable amount of expenses as well.

A good place to start is with your managed services provider. The designated IT specialists within your healthcare establishment will be able to help you transition smoothly and seamlessly from Windows 7 to Windows 10.

Safeguarding Your Computer System From Ransomware

These days, ransomware attacks are on the rise, and just one can devastate your business. Discover seven ways you can protect your company from cybercriminals.  

Your business hasn’t been a victim of a ransomware attack yet?

Don’t press your luck. Ransomware poses a real threat.

The number of cases of ransomware attacks against businesses of all sizes has exploded. In fact, the number of incidents has more than doubled during the first quarter of 2019. Cybercriminals are not only targeting hospitals, municipalities, and financial institutions but businesses of all sizes. Seventy-one percent of ransomware attacks are against small businesses since they are the least likely to have adequate back-up systems in place. According to research from Beasly, the average payout cybercriminals demand from small business owners is $116,000.

This terrifying stuff, but it is something that you need to address to protect your business.

There is No Better Time to Focus on Cybersecurity Than Right Now

October is National Cybersecurity Awareness Month. Now is the perfect time for you to address ransomware and work with your staff to find ways to protect your company against this major issue.

So how can you do it at a reasonable cost?

1. Talk about this very real and urgent issue with your employees. Conduct informational and training workshops with your entire staff, so they are aware of the severe nature of the situation. Most importantly, tell them that they are the frontline defenses. Remember to provide them with the tools they need to help prevent ransomware attacks at your company.
2. Install high-quality spam filters and scan all incoming emails for possible threats. The root cause of many ransomware attacks is careless clicking on a link or downloading the wrong file. Make sure your email server is set up to prevent phishing emails and utilize security protocols like Sender Policy Framework or Domain Message Authentication Reporting to stop spoofing emails.
3. Restrict network administrative roles. No one should have access to administrative accounts with the ability to install or update any software unless, and only when, completely necessary. Take a hard look at the permission you grant each of your employees. Unless necessary, limit employee accounts to ‘read-only’ status, and handle all patching and updating through a single dedicated account.
4. Disable Remote Desktop Protocol and lock access to common ransomware disk locations. Remote Desktop Protocol allows a person to take control of your computer off-site. Unless there is a and specific reason you need this feature to be active, deactivate it immediately to prevent nefarious use by cybercriminals from accessing your system and installing ransomware. As an added precaution, enable a Software Restriction Policies to stop your network from executing files in locations where ransomware typical embeds itself like the AppData/LocalAppData folder or the temporary folders associated with browsers.
5. Install and maintain a firewall and limit which applications can run on your servers. Controlling what is allowed into your computer system can significantly reduce the threat of a ransomware attack. While you should set up clear guidelines on which sites your employees can visit through a company computer, a good firewall is invaluable. Consider using technology to create a whitelist of applications and websites your staff can use while blocking everything else.
6. Create a strict Bring Your Own Device policy or forbid the use of personal smartphones and computers. Setting up a strong defense against malicious cyber attacks is useless if you allow unregulated electronics to connect to your network. The small amount of inconvenience is worth it, and your employees will understand once you explain the reasoning behind any new rules.
7. Back-up your data regularly. If the worst happens, and your business suffers a ransomware attack, having a separate off-site back-up is invaluable. Make sure there is no direct connection between your primary computer system and your back-up data to maintain the highest level of security.

This month may be National Cybersecurity Awareness Month, but protecting your company’s network from those who want to co-opt it a 365-day job. If you feel you need additional assistance safeguarding your technology, speak with a cybersecurity expert today.

Cybercrime is on the rise, and every business must have cybersecurity protocols in place. Read on to learn what steps you need to take to keep hackers at bay.  

Cybersecurity is a vital pillar of modern business. Hackers are shifting their attention to smaller enterprises, and data breaches can cost you time, money, and the trust of your customers. Below is a checklist of cybersecurity practices you should employ to minimize your risk of being hacked.

Use a branded email account

A branded email account exudes professionalism and gives you more control and security options than a free email service. Invest in an email provider that has the features you need, and make sure that your employees use only their business email to communicate with team members, customers, and business partners.

Keep software up to date

From operating systems to individual apps, it’s vital to install software updates in a timely manner. Outdated software may contain vulnerabilities that hackers can exploit. Rarely, an OS update may cause issues with certain programs, which brings us to our next tip.

Back up your data

Even the most comprehensive cybersecurity plan has its faults, and you’ll want a way to recover your data if the worst happens. Back up your data on a regular basis to an onsite and/or remote server. Consider investing in cloud storage or automated data backup solutions.

Educate and train employees

To maximize your company’s cybersecurity, you’ll need everyone to be on board and well-versed. Work with your IT team to design a versatile training program that caters to multiple learning styles. For example, you may have a bulleted presentation with concrete examples and a hands-on practice session. The program should teach employees daily security habits, signs of phishing, and what to do if they suspect a data breach.

Monitor all activity on your network

Data breaches can occur externally or internally, 24/7. A managed services provider (MSP) can monitor when devices connect to your network and what files are being accessed. Large data transfers or odd access times may point to a security risk.

Implement layered email security

Phishing is one of the most prolific tactics hackers use to steal data. By pretending to be a co-worker, supplier, or another person of trust, a hacker may send a malicious attachment or link to an infected website. When the victim opens the file or link, the system becomes infected with malware that may log keystrokes or encrypt files with passwords known only by the hacker. Using tools such as DKIM (DomainKeys Identified Mail), DMARC (Domain-Based Message Authentication, Reporting, and Conformance), and SPF (Sender Policy Framework), you can greatly minimize email vulnerabilities.

Manage accessibility and user permissions

It’s important to manage who can access certain files. By setting user permissions, you can grant or deny user access to certain documents. This helps prevent employees from sharing sensitive files with people outside the company or accidentally modifying a report. You’ll want to update these permissions when employees leave the company to prevent remote access.

Set password requirements

Weak passwords are a major vulnerability, especially if a hacker has done research on the account owner. Passwords should be at least eight characters in length and contain a combination of upper and lower case letters, numbers, and symbols. You should also mandate that all employees change their passwords at least

Use multi-factor authentication

Multi-factor authentication (MFA) uses multiple layers of identity verification in conjunction with the traditional username and password requirement. These might include security questions, a retinal or fingerprint scan, randomly generated PIN sent to the user’s mobile device, or a physical token that only the rightful owner of the account would have. The more layers present, the lesser the risk of a hacker getting through.

Just like the technology behind it, cybersecurity is constantly evolving. Whether you have an in-house IT team or an MSP you can trust, it takes teamwork and vigilance to keep your data safe and your customers confident in your business.

October 17 is Get To Know Your Customer Day! Knowing our clients is foundational to everything we do – do you know why?

You may have heard that industry-leading, award-winning, unbeatable IT services come down to one specific thing.

Maybe it’s offering the latest, greatest, fanciest, tech gimmicks (which also tend to be the most expensive). Maybe it’s the lowest possible monthly price (coming, of course, with a long list of addendums, conditions, nickel-and-dime fees, etc.)

But what really matters in IT? People, of course.

Why Is It Important To Know The Customer?

Understand What They Need.

It sounds simple, right? Knowing what the client actually wants out of their IT should be the first step to delivering those services, but often, the opposite is true.

It can be easy to think that whatever services being offered are everything that a client could need. But the truth is that often a given client is really interested in one specific service or solution – an answer to their problem that got them looking for a new IT support provider in the first place.

It seems obvious, but it’s crucially important to good service: once you know what’s needed, you can ensure it’s provided.

Understand How They Communicate.

We’re very careful about the technical jargon that technicians and engineers are prone to use when talking shop. While it’s acceptable around coworkers, that kind of high-level, incomprehensible language won’t be very helpful to the client during a support call.

Also, we make sure not to forget to take into account the medium in which our clients prefer to get in touch. More and more these days, when someone has to get in touch, they do so via text or email instead of over the phone.

Understand Their Goals.

Lastly, for long-term success in service, we need to know where the client is headed – or, at least, where they’re trying to get to.

After all, no business can get stagnant. It’s vital that they continue to grow and improve, and their IT environment is a big part of that.

In our preliminary discussions with the client, we want to be sure to find out what they’re plans are for the next year, five years, and so on, and what role their technology could play in that plan.

Bottom line: the user experience is the single measurement for the quality of any given solution or service, and that includes IT services. That’s why Get To Know Your Customer Day is such special day!

Is HIPAA Compliance Enough for Absolute Security?

HIPAA is designed to help healthcare organizations keep patient information secure, but is it enough? Find out where HIPAA could be lacking and what needs to be done for absolute protection.  

The Health Insurance Portability and Accountability Act (HIPAA) is in place specifically to protect sensitive information in the healthcare operation. With a complex and diverse listing of standards regarding how information can be handled, how systems should function, and how things should be done within an organization, HIPAA does do a lot to protect patient information. While most organizations stick closely to these standards, there is no real way to certify you are actually compliant.

Sadly, the inability to check compliance and the lacking aspects of HIPAA compliance can lead to a cyber-attack or major data breach. Healthcare cyber-attacks cost as much as $1.4 million in recovery, so making sure compliance is where it needs to be and considering whether more needs to be done is important.

Reasons Why HIPAA Compliance Alone May Not Be Enough

Even though HIPAA policies and standards are generated to protect private and sensitive information in the healthcare industry, the truth of the matter is, HIPAA alone does not address every security concern. It is unfortunately not uncommon for a healthcare industry manager to foolheartedly put all of their faith in HIPAA compliance and completely miss that certain security defenses are missing.

In the most basic terms, HIPAA standards are designed to provide the most basic security setup in the healthcare industry. There is nothing stating that following these minimum standards will protect your healthcare business from every single threat there is where information security is concerned. Furthermore, cybersecurity threats evolve and develop so quickly that HIPAA doesn’t catch up fast enough to make much of a difference. Pair this with the fact that many healthcare organizations already struggle to keep up with newly developing security concerns associated with cloud data storage and the Internet of Things (IoT), and you have a lot of looming risk to speak of.

Rely On More Than Just HIPAA Compliance and Amp Up Security Efforts

Of course, HIPAA compliance is important, but it never hurts to up the efforts to make sure every aspect of the digital operation is secure and safe. There are multiple areas where security must be address in a healthcare organization’s digital infrastructure according to Health IT Outcomes, including:

• Controlling access to the system in a way that yields sensitive information only to those who would need to see it within the company
• Maintaining a stable protocol that dictates how risks are identified and handled on a daily basis
• Having an excellent security plan in place that acts as a go-to guideline for proper security practices
• Maintaining assets in a way that carefully documents the existing location of all assets, data, and other components of a system
• Implementing an information security incident management plan
• Controlling the physical hardware and keeping it secure at all times
• Organizing security plans that work for all aspects of the organization

Naturally, handling HIPAA compliance is also part of what is necessary, but as you can see by this detailed list, it is only one part of ensuring network security. It is not the only process to be considered for absolute security.

Final Thoughts On HIPAA Compliance and True Security

Even though HIPAA sets forth decent standards, the process of applying these standards to put them to work within a healthcare operation can vary considerably. Furthermore, some HIPAA compliance standards only cover the basic necessities of having a secure system. Unfortunately, these two facts can leave a healthcare facility with digital security concerns they have no idea exist. It is always a better idea to take things further than even HIPAA recommends to secure the system properly with the help of an IT managed services company and make sure all aspects are covered.

Clever Cybersecurity Threats That Will Make Your Skin Crawl

Do you know these clever cybersecurity threats? Learn their sneaky methods and how to create a comprehensive strategy to manage the risks to your company.  

Norton Security, the online security company, estimates that the average major cybersecurity data breach costs a single US company nearly eight million dollars. Although you’d prefer to invest that eight million in growing your company, you could be spending it to regain access to customer data, reputation management, fines and the like.

Cybersecurity threats are costly. But they’re also sneaky, making protecting yourself seem elusive and out of your control. But the truth is that a business of any size can take comprehensive steps to reduce their risk and it all starts with understanding what those threats are.

The Four Types of Cybersecurity Threats

Cybersecurity experts break threats down into four primary categories. While there is some overlap in these methods, ultimately cybercriminals are trying to find innovative ways to get past your defenses. These four corners must be considered in any cybersecurity strategy.

Ransomware

A cybercriminal gains access to your systems often through a downloaded malware file. They lock down your customer and/or company data with encryption. The only way to unlock it is to pay a ransom to the criminal.

The ransom amount is typically scaled to the size of the business to increase the likelihood you’ll pay them. But paying makes this type of sneaky cyberattack profitable, perpetuating the exploitation of more victims. Cities, health systems, financial institutions, public transit and more have all fallen victim to these attacks.

Malware

Trojan horses, viruses, spyware and worms all fall into this category. This type of threat may be used to steal proprietary, financial, or other private information. In other cases, its role may simply be to disrupt business operations. The latter may seem like an attack from a competitor. But, more often, it’s for no other reason than the power-trip and bragging rights that some people get when they take advantage of others.

Social Engineering

These attacks trick employees into breaking security protocols. Someone may pretend to be your boss’ boss, a government agency, client, student, patient, etc. in an attempt to get your employees to relay private information they can then use to steal identities/money or otherwise wreak havoc.

Phishing

Phishing usually comes in through email but could also be a text or phone call. Similar to social engineering, it makes statements to build trust as it encourages someone to take any action that will compromise security. This may be to something like:

• Download a file (malware)
• Enter login information on a spoofed site
• Send money

The Six Pillars of Cybersecurity

Just like there are four types of threats, there must also be several solutions that target these threats from different angles. Just having virus protection or a firewall is not enough. Let’s look at these six pillars.

1. Operational security – This is a process of identifying protected assets, classifying them, considering who has access to what, evaluating the risks posed to each and then developing an action plan to manage those risks.
2. Application security – This involves deploying software, hardware and protocols to protect your applications from corruption. This might include anti-virus, firewall, rules about use of 3rd party software and similar measures.
3. Information security – These are the steps you take to protect customer and company data. It may include things like encryption, passwords, levels of access and policies on how information is accessed, who can access it, etc.
4. Network security – This is online security, locking down your network so that no one can use it without authorization or intercept information transferred on the network.
5. Disaster recovery/business continuity planning – This comprehensive written plan details how you’ll recover in the event of an attack. It will include things like secure cloud backup as well as an operations plan during and after an event. That event could be virtual or a physical disaster. It’s important to plan for both.
6. Employee education – Cybercriminals are clever and the methods of deceit are ever-changing. These people are professional scammers who know exactly what to say. So all employees must know about these tricks and understand their role in managing security risks.

Cybercriminals deploy many sneaky methods to steal or ransom your data. Because of this, it’s important to tackle security from all angles using a comprehensive strategy.