Category: Uncategorized

You may have an EHR system, decision support systems, purchasing, payroll, laboratory, pharmacy, personnel, finance, planning, and a myriad of other systems running on hardware that’s getting very long in the tooth.

Many PCs are still running some older version of Windows. These issues can be a constant source of security headaches for the IT staff of today’s healthcare organization. From causing security breaches to all-out system failures, this type of trouble can cost your health organization money. In addition, your staff will not have the modern tools they need to do their jobs.

The cloud vendors see your suffering, and, as they are kind, they offer to take this all off your hands and move all your IT operations to the cloud. “For how much?” you ask. “Between $35 and $165 per seat per month,” they reply. You are taken aback. $35 per seat per month is about what you’re paying for Microsoft Office Enterprise, which, you dimly recall, sort of runs in the cloud, or at least it can. What a deal! Where do you sign?

What Was That You Said About Cost Again?

The first thing you realize is that cost is the actual cost of cloud operations once the migration has been completed. Nothing was said (yet) about the cost of moving to the cloud. Digging deeper, you note that the amount charged will vary by processor load, storage used, and “egress” – the cost of moving your data out of the cloud vendor’s data centers down to your PCs, smartphones, and tablets. You quickly discover that if all you want to do is store your data, the cloud is an incredible bargain. If you want to use your data, on the other hand, then this is a whole different story.

There are two choices when it comes to the Cloud: the private and the public cloud. In addition, there are two big vendors: Amazon Web Services (AWS) and Microsoft’s Azure.

So many choices to make and it’s important to make the right ones in order to get exactly what your healthcare organization needs without paying too much.

If your hospital is located in a rural area with practices spread far and wide, then your healthcare facility will need many different services than if you are a single large hospital in a big city. Keeping all of this info on a yellow legal pad may not be ideal. With so many different choices to make, it can be beneficial to work with a trusted IT consultant instead.

There are so many decisions to make and it’s important to find the right IT provider who will oversee everything from start to finish. If you run a busy healthcare facility, you probably don’t have the time or the skills to do all this work yourself. Once you find the right IT service provider, work very closely with them to develop a migration plan, an infrastructure plan, a schedule for moving services, backup storage, and security services.

So, What Are The Real Cloud Advantages?

Moving your operations to the cloud has four substantial advantages:

1. You no longer have to worry about back-end hardware. All that goes away, except for the servers that interface with the cloud.
2. You no longer have to worry about capacity, in terms of processor load, memory, or storage. Whatever you need, the cloud provides.
3. Your security worries will be, not eliminated, but drastically reduced.
4. You will be able to reduce your in-house IT staff, possibly substantially.

These benefits are arguably worth a tidy sum to most healthcare organizations. AWS, Azure, and a private cloud can provide all of them. So how do you choose?

How Do I Choose The Vendor?

The first thing you need to realize is that you will need a redundant, “failover” site that automatically comes online if the cloud provider’s main site for your applications is down. This does happen – Amazon ran into this issue with its own site on Prime Day 2018.

The cost of this is not automatically included, and it can be substantial. The second thing is that private clouds, where the vendor can treat you as a sole client, are much more configurable than the public cloud (AWS or Azure), which has to be configured to support all comers. Of course, if the situation demands it, you can run part of your operations in a private cloud, and the rest in the public cloud; setting up communication between them is relatively easy.

Should I Wade In Or Jump In?

McKinsey, the renowned consulting firm, has studied both failed and successful cloud migrations and recommends a phased approach. Of course, no solution is one-size-fits-all, but there is a good deal of thought and expertise behind their recommendations. In other words, they say wade in, don’t jump in.

Wading rather than jumping allows you to:

• Test the feasibility of cloud migrations
• Orient your IT staff to cloud operations
• Distribute costs over time
• End the project gracefully if it is proving infeasible

Wading will also give you a much more realistic appreciation of the costs and the benefits that are involved.

So, What’s The Bottom Live?

Unless the IT gods are smiling at your organization, you will not be running all your IT operations in the cloud for the $35 you pay for Microsoft Office Enterprise. When site redundancy, egress costs, and processor surge demands are considered, your total costs per seat per month are likely to be higher than this.

When you consider that cost versus a realistic assessment of your current costs (including hardware, software, staff costs, network costs, electricity, cooling, backup, and security), moving to the cloud may still be a bargain. It totally depends on your organization’s needs and the way it handles data. With most healthcare organizations growing by leaps and bounds and considering the high demands that doctors and patients place on the healthcare system, there’s every reason to believe that you will eventually have to make the switch.

What is CVE-2018-6177?

Today’s new releases of browser software are supposed to be improvements over past versions in terms of functionality, helpful features, security, and the speed of overall operation. However, these changes often involve new vulnerabilities which hackers can target and exploit. A recent release of Google Chrome is a good example. A vulnerability allowed hackers to access user information stored in major web platforms such as Facebook and Google. This vulnerability was identified as CVE-2018-6177. It was only recently addressed with the release of a patch known as Chrome 68.

How Have People Been Affected?

The Chrome vulnerability has caused people to hesitate about upgrading to the most current version of the browser. The previous release’s vulnerability has allowed hackers to have increased access to data stored on online databases, including Google and Facebook, leaving a full range of personal information exposed.

The vulnerability exploits a weakness in audio and video HTML tags used in the engine. It has been listed in the Common Vulnerabilities and Exposures database, a dot.org website dedicated to such issues. The National Vulnerability Database (NVD), a US government establishment also dedicated to this cause notes an entry about these issues that is incomplete.

The most severe attacks that a user can experience include identity theft, resources theft, and system damage through the execution of arbitrary code. Users could also experience common side effects of hacker attacks, including being locked out of their accounts, or having to address unauthorized messages or postings. Users may also be redirected to sites that could involve phishing attempts or some other damaging hacking effort. Denial-of-service and authorized network accounts are also possible for organizations or individuals becoming victims to hackers exploiting the vulnerability.

The Center for Internet Security reported that the most recent release of the browser will show unsecure designations on websites using HTTP rather than HTTPS (standard hyper-text transfer protocol rather than secured protocol of this type). This may make users assume that state, local, tribal, or territorial (SLTT) government websites are not secure. While users are recommended to follow federal and developer organization guidelines for security, the risk of the vulnerability remaining in the software is classified as high for multiple user types. More specifically, the range of vulnerability levels for user types are reported as being:

• ‘High’ for large and medium government and business entities
• ‘Medium’ for small government and business entities
• ‘Low’ for home or individual users

The vulnerability is also referred to as a cross-origin information leak specific to the internal Blink Engine, or web browsing database used as a foundational operating platform for the browser. The Center for Internet Security recommends that users:

• Apply the stable channel update available through Google
• Run software as a non-privileged or non-administrative user (to minimize impacts of successful attacks)
• Ensure non-trusted links are not browsed
• Inform all users of the vulnerability and its demands
• Apply a Principle of Least Privilege (maximizing security and minimizing accessibility amid organizational requirements) to all systems, users, and services

Reporting on potential instances of successful hacks through this vulnerability, The Hacker News described a scenario where a user with a Facebook account could potentially have their personal information accessed and misused.

A researcher with this source made several Facebook posts, using different combinations of audiences to categorize potential victim types by personal traits categorized by the service, and confirmed the nature of the vulnerability. When a website embeds multiple Facebook posts of this type on a webpage, it loads and displays only some of them, based on matching to individual profile information.

The vulnerability allows hackers to gain access to the personal information of visitors to such pages, and regardless of their privacy settings. The browser version does not have a direct way for administrators to determine if embedded posts were loaded for specific visitors, creating a security demand to check and address this.

Users can attempt to rely on Cross-Origin Resource Sharing (CORS), a security feature within the browser that blocks websites from reading content from other sites without authorization. However, as the aforementioned audio and video HTML tags do not validate the types of content retrieved from other sources or block responses with invalid Multipurpose Internet Mail Extensions (MIMEs), hackers are able to use multiple hidden tags on websites to request Facebook post information.

While the approach does not generate Facebook posts, hackers can exploit the vulnerability while using JavaScript to gauge request numbers and read the sizes of cross-origin resources to determine which posts and information sets they can get from users. Since several scripts run simultaneously, hackers can effectively data mine once they are able to generate these responses.

Hackers can potentially design sites to return different response sizes dependent on the traits of the logged-in users, and then record information from all people observed through the connections.

The vulnerability is similar to another recent browser issue, a related difficulty involved in cross-origin requests that allowed hackers to read Gmail and Facebook messages. The previous issue was patched in June, and although the current issue was addressed in a patch included with Chrome 68, unpatched users remain vulnerable to the described exploitations.

What’s The Bottom Line?

• Chrome releases have been subject to audio and video HTML tag vulnerabilities.
• Facebook and Google messages, along with personal information are vulnerable.
• Chrome 68 has addressed the issue; users are recommended to replace their older version with the patched version immediately.

What’s smart about a smart home? Well, you can talk to it. You can tell your phone to tell the oven to turn itself down to 200 degrees. You can tell your thermostat to drop the nighttime temperature to 68. You can start the car from the upstairs guest bathroom. And so on.

What you may not realize is that the technology behind these simple tasks is staggering. All of them wholly or partially involve the transmission of data from the oven, the thermostat, and the car across the internet, and anything involving voice recognition is likely to invoke a mainframe running in the cloud to do the voice processing. All of that takes place in an amount of time short enough for you not to notice any lag between the command and the execution.

If that’s what a smart home looks like, what does a smart healthcare organization look like?

The answer to that question involves noting that we are moving from the first generation of cloud services into the second, while most healthcare organizations are only making partial use of the first generation. And we need to take note of what the renowned consulting firm McKinsey calls the “data culture,” one which most healthcare organizations have yet to adopt.

Is Your Hospital As Smart As Your Thermostat?

The Nest Learning Thermostat is capable of learning the temperature control patterns you use and going through them even when you are away. In addition, you can control it from anywhere in the world with your phone. Simply memorizing a pattern is not very advanced. What is advanced is discovering patterns that no human suspected were even there.

A famous example was Walmart’s discovery, made by an AI system, that there was a surge in sales of strawberry Pop-Tarts whenever a hurricane was forecast in South Florida. Not cinnamon and brown sugar Pop-Tarts. Not green apple Pop-Tarts. Strawberry Pop-Tarts. Hurricanes were forecast, so the Walmart trucks loaded up with strawberry Pop-Tarts and rolled towards South Florida. Walmart’s profits inched up a little bit. Of such small fragments are large corporate incomes made.

What Does The Strawberry Pop-Tarts Story Tell Us?

To make that profit-making discovery, Walmart’s systems needed to have data available – detailed sales records, broken down by ZIP code, inventory records are broken down by store, and weather data, all available to the same system. This is the first lesson. Data can no longer be siloed. If patterns are to be found, the data in which they exist must at least appear as one data set.

The second lesson is like the first: For analysis, old(er) data is fine. For action, data must be real-time. It does no good if the Nest thermostat is adjusting the in-home temperature based on the outside temperature readings from six months ago.

The third lesson, somewhat less obvious than the other two, is this: To be effective, the actions taken must make a difference. The difference here was in profit. In a health care organization, it might be patient load, room occupancy, revenue stream, patient satisfaction, physician satisfaction, nurse retention, or cost reduction.

The key is linking action to some parameter that is important. Analysis for the sake of analysis is likely to be fruitless, and organizations that engage in it will be disappointed and decide that AI is not for them. And if they decide that, they are almost certain to reduce their future competitiveness, and perhaps their very survival.

How Is Cloud Evolution Affecting AI?

The cloud is rapidly evolving from a place where data is simply stored to a place where the vast majority of an organization’s data is used to create a bigger bottom line.

The advantages of a cloud for health care organizations are increased security, decreased hardware and software expenses, decreased IT staff expenses, and lack of worries about capacity in terms of processors, memory, or storage.

The big worry for healthcare organizations is the loss of control. Cloud providers are becoming more sensitive to this issue and devoting more resources to collaborating with clients in health care to increase their comfort level.

Cloud providers are also very aware that their clients are interested in using AI and are moving to capture that market. One piece of advice is not to combine a migration to the cloud with a major rollout of AI unless you know the pitfalls in advance and have made contingency plans for when things don’t work. Having competent consultants can make the difference between success and failure.

What Is Needed For AI Success?

McKinsey refers to the part of organizational culture that thinks about and uses data as the “data culture.” Its research has discovered that there are wide differences in the data culture of organizations.

Key elements are:

• General employee awareness of data and its benefits
• An integrating of data into the organization’s day-to-day operations (as opposed to “cool stuff” that gets developed and never used)
• Executive and board buy-in
• The linkage of data with affirmative actions

This latter does not mean that you know what you will do with the results that AI produces before they happen. It does mean that the organization is “reality-based” and is committed to taking the actions that AI reveals as possibilities, provided they are linked to parameters that are important to the organization.

What Are The Key AI-Enabled Technologies Of Cloud 2.0?

Advanced analysis, deep learning, voice recognition, virtual agents (software that acts like humans for specific tasks), robotics, machine learning, image recognition and analysis, natural language programming, and more are all available today.

The key question is what hospitals can use them for. One obvious application is voice recognition and virtual agents for patients able to communicate, replacing the call bell in a hospital room. Instead of having an aide go to the room to answer the bell, then come back and tell the nurse what is needed, just put an Amazon Echo Dot in each room.

The hospital saves time and money while patient satisfaction improves. This is just one of a vast number of ways hospitals could use today’s advanced AI technologies to improve healthcare. The question is whether they’re ready to move into 21^st century technology.

Improvements in technology have led to increased connectivity with improvements in security, but have also involved unique vulnerabilities and potential for hackers to access a wide range of information. Particularly problematic to businesses is the potential for a phisher to represent a part of the organization, or a supplier with a business connection to it, as they request organizational information or even funding.

What Are Current Major Risks?

Business managers and employees run the risk of being phished from their work accounts while seemingly doing normal business, only to find that they inadvertently provided company funds or information that could be used to damage the company’s systems or even their reputation. This creates new demand for organizational and network security processes and defenses, with phishing, internet-of-things (IoT) security, and general WPA2 hacking being among the greatest current threats to major organizations, small businesses, and individuals alike.

Phishing internally can lead to thousands or even millions of dollars accidentally provided or outright stolen after the critical information is inadvertently provided. An individual can create an email using some phishing technique to hide, mask, or otherwise misrepresent their actual identity while claiming to be an active member, supplier, or some other legitimate affiliate of the organization. The recipient may receive a SharePoint document link that is hyperlinked to malware capable of hacking or damaging system software, and while being directed to a login screen or invoice to request funds or sensitive information to be further misused.

Hackers have the potential to work around even the most advanced anti-phishing filters, using tactics such as reducing the triggering text to a font size of zero to avoid detection. This allows them to pass the filters with how the data is read while displaying apparently legitimate communications and requests to an organizational manager or employee.

According to the Business Owner’s Guide to Technology, these instances have been common. The reporters cited two recent instances of tens of thousands of dollars being accidentally sent amid a phishing campaign. This campaign went beyond the fake login screen to record credentials in attempts to involve phony invoices as well. There have been cases where millions of dollars were lost through a similar approach.

Another major risk that organizations have, amid a false sense of security, is the size of their network in their maintained IoT. While it has become common for tablet devices, personal laptops, mobile phones, and other devices to be used within a business network for increased internet connectivity and email, it is also becoming more common for hackers to use their own devices to access information. This can potentially be done internally or externally, creating a demand for increased security or upgrading beyond vulnerabilities in the WPA2 security protocol. This issue follows along the lines of phishing potentials in terms of general security vulnerabilities that are the greatest threat to large businesses, small businesses, and individuals alike.

WPA2 hacking, in general, has become more effective, as the protocol itself has been upgraded and developed for security vulnerabilities realized to demand a completely new protocol, WPA3.

Inc. explained that hackers may very well have preferences for businesses, due to the probability that at least some bit of useable information can be recorded from the network. While managers and even network administrators may assume that the most recent mainstream releases of security software and protocol recommendations are enough to protect them, hackers continue to work against these, demanding that upgrades and software that have yet to become mainstream be implemented. This, therefore, demands ongoing research and dedication to optimizing network security.

What Other Specific Recommendations Are There For General Risks?

Beyond general best practices and the issues listed above, experts continue to make recommendations for the optimization of security. To optimize defenses against phishing, a combination of proactive awareness campaigns of recent threats and optimizing the use of available security features is all experts can recommend avoiding inadvertent user cooperation.

To optimize defenses against WPA2 hacking, if transfer to the now-available WPA3 is not possible or deemed sufficiently feasible, minimizing network accessibility to essential job functions or requirements only for all users, while maximizing all relevant security, is recommended. Multi-step user authentications can help against both phishing and hacking attempts.

Other issues are not as commonplace or severe, but are still regarded as important. Network owners are advised to watch out for privilege escalations, which hackers may use in an attempt to gain increasing access to information once they have breached the network to any extent. Maintaining control though rootkit detection is also recommended, as are methods to scan activities and ‘backdoors’ for forms of malware left by hackers who may have been able to remove their event logs before installing their own backdoor access.

As a final measure, taking extra steps to ensure that all employees are actually operating in compliance with security protocols is recommended, as many organizational managers may not even be aware of the extent of shortcuts or vulnerabilities they effectively allow for the sake of convenience. Purple Griffon is one online source that has compiled additional details regarding these potential threats and recommended protective actions.

What’s Most Important?

• Ensuring compliance and best practices against phishing
• Advanced anti-phishing protection (ATP) or related software
• Network security optimization or WPA3 integration
• Remaining current with news, research, and developments

As convenient as our interconnected world has become, it has also made us vulnerable to an attack from hackers wanting to make a quick buck. Internet pirates are targeting defenseless networks with the sole purpose of hijacking our personal devices for use in their criminal activity.

The Internet of Things (IoT) is changing how we live our day-to-day lives both in our personal lives at home and our professional time at work. From a doctor’s visit, installing a home security system, and paying our utility services, we have to adjust to this new way of functioning to make sure our information is safe from attack. A recent Gartner (the world’s leading research and advisory company), survey states that 20 percent of individuals and businesses have had one or more IoT-based attacks in the past three years.

What Exactly is the Internet of Things (IoT)?

The “Internet of things” (IoT) has quickly become a buzzword thrown around in the business world and independent of it. It has the potential to influence how we live at home and also how we operate in the workplace. Because of the complexities that surround the Internet of Things, let’s try to break it down to a simple understanding.

The Internet of Things is the concept of linking a device with the Internet or another device. What this means to you is that the IoT encompasses a lot of the stuff you already use each day: cell phones, TVs, laptops, microwaves, etc. Also, as each day passes by, we are encountering the IoT in the basic gadgets we have relied on for years: coffee makers, washing machines, headphones, and refrigerators. If you are flying on a passenger plane, the jet engine of an airplane is being operated and maintained through the use of the IoT. Gartner claims that by 2020 there will be an estimated 26 billion connected devices in use.

How Does the IoT Impact Me?

With so many devices connected to the internet, it’s easy to understand why the IoT is such a hot topic in our world today. With the IoT, security is an issue that is oftentimes immediately included in the conversation; and rightly so. With all these devices connected together and vulnerable to hackers, what can you do as a consumer to make sure that your information is safe? Will someone actually be able to hack into your microwave and obtain access to your whole network? The IoT also opens up homes and businesses to security threats unimagined even ten years ago.

Can My Smart Appliances Really Give Away My Information?

Kellyane Conway, former Trump spokesperson was quoted in an interview with the Bergen Record in 2017 that microwaves can be used as spy cameras by government agencies. She said this concerning allegations from President Trump that President Obama wiretapped the Trump campaign. Although microwaves don’t seem to have these spying capabilities yet, we do know that televisions do. In CIA documents released by Wikileaks, it came to light that some models of Samsung televisions were hacked by the CIA so that they could eavesdrop on conversations taking place in households the CIA deemed suspicious.

Television companies have also admitted that Smart TVs have the power to spy on the users watching habits as a way to help the manufacturer understand how to better reach their consumer base.

How Can I Protect Myself From Cyberattacks Launched Through The Internet Of Things?

What can you do to protect yourself when using all these new smart devices? Here are some strategies you can implement to keep your family and business safe:

• Do your due diligence in selecting trustworthy vendors when purchasing new smart devices. Purchasing something as simple as a baby monitor with smart technology, means ensuring the device is from a retailer that has a proven reputation. You are more likely to find that they have better security in place.
• When feasible, secure your devices. Also make sure your software is updated, and you are properly using filters and firewalls. Train your family members and employees on good internet habits and how to detect phishing scams on websites and through email. When possible, always use a second layer of password protection.
• Make sure the network you use is designed correctly so as not to send out data without your expressed consent. Keep your passwords protected and diverse to avoid hackers who look for patterns in your network.
• For an extra layer of protection, consider using a virtual private network (VPN) on your router which adds a firewall to inward traffic. A VPN prevent attacks that attempt to permeate your network.
• Employ Network Segregation in both your home and business. Network segregation splits one Network into two local networks (LANs) keeping the unsafe computers in one Network and moving the computers that you want to protect to a separate secured Network. Network segregation can be accomplished by using two Entry Level Cable/DSL Routers.

Air Canada recently confirmed a data breach occurred between August 22 and 24, affecting users of the Air Canada mobile app. The breach is just the latest in a string of cyber-attacks impacting mobile app users.

The Air Canada mobile app has approximately 1.7 million users. It is believed that one percent, or 20,000 users, may have been affected. The company announced they would be contacting potentially affected users directly via e-mail.

Upon notice of the breach, Air Canada says it immediately took action to deter further unauthorized login attempts and implemented additional measures to enhance security. Certain data, like users credit card information, was deemed safe. This is because this type of data is encrypted and required to be stored in compliance and in accordance with the industry’s payment card regulations.

The type of data compromised includes passenger names, telephone numbers, email addresses, birth dates, nationalities, and other data.

Air Canada contacted potentially affected customers by email beginning August 29. The company also released an FAQ section on their website, which provides details regarding specifics of the breach. As a precaution, the company is requiring that Air Canada mobile App users reset their passwords following a new, improved set of password guidelines.

They recommend a more robust password as an added layer of protection against attempts for unauthorized access. In the release, the company also encouraged users to frequently monitor their transactions to ensure there are no unauthorized charges.

A Growing Trend

Data breaches are a growing problem in today’s increasingly digitalized world. In July of this year, Timehop announced a “network intrusion” that led to a possible breach of personal user data, affecting more than 21 million users. The incident was disclosed in a blog post on the company’s website. About 3.3 million users had information like their name, phone, email, and date of birth compromised.

In February, the data of approximately 150 million users of the MyFitnessPal app was compromised in a data breach. The app’s parent company, Under Armour, said in a press release in March that usernames, hashed passwords and email addresses may have been exposed. Sensitive information such as credit card information was not compromised.

How To Protect Your Data

There are several precautionary steps mobile app users can take to reduce the risk of a data breach within their device. These can include:

• Make sure to update when new versions are released
• Reduce the use of public Wi-Fi
• Clean up apps not in use
• Use Two-Factor Authentication (2FA) when possible
• Always use unique, strong passwords for apps

Minimize the Use Of Public Wi-Fi

Free Wi-Fi may seem like a good idea, but using it too much can leave you open to a data hack, especially if you’re not careful. Using free, public Wi-Fi for things like web surfing, streaming movies and shows and reading the news is typically safe.

Where you begin to enter dangerous waters with public Wi-Fi is when you enter personal data like credit card information. Unsecured networks can be dangerous if you’re not protected, and in this case, protection can come in the form of a virtual private network (VPN). This software encrypts your wireless session while using a public network. Some devices even have a built-in VPN for your convenience. If you don’t have one, you can easily purchase one for as little as $5 per month.

Update Your Operating System

Updating your operating system when prompted offers more than cool new features like emojis. These system updates often include security improvements, which can include fixes for security flaws in the previous version. Failing to update your operating systems can leave you susceptible to hackers. Make a habit of updating your OS as soon as the newest version becomes available.

Evaluate Your App Usage

You may think there’s no harm in keeping dozens of apps on your phone, but if you’re not utilizing them, they can do more damage than good. Too many apps leaves the potential for security holes, which can be used by hackers to access your personal data.

Evaluating your apps and deleting those you no longer use on a regular basis can be a good line of defense against a hack. And for the apps, you do use regularly, be sure they’re updated accordingly. You can do this by adjusting your settings to automatically download app updates. It is also a good rule of thumb to download apps only from legitimate sources, like iTunes or the Google Play store.

Lock Your Phone

The auto-lock function on your phone is an important one if you’re hoping to elude the prying eyes of hackers. A strong password is also a necessity. In addition to a passcode, set up a biometric security measure, such as a swipe, finger tap, or fingerprint. This will make it much more difficult for hackers to invade your device.

One general rule of thumb? The longer the password, the more secure it is. Consider custom numeric codes rather than important dates. If you’re running apps with personal information, be sure those are password protected, too.

The need for strong cybersecurity measures is now at an all-time high. Air Canada is just the latest to be affected, but if current trends are any indication, there will be plenty more attacks in the future. Solidifying and implementing a strong cybersecurity plan can help you minimize the chances of your data being stolen. Don’t help thieves steal from you!

Hurricane Florence is spinning up to be a Category 4 Hurricane. It’s predicted to make landfall between North Carolina and Georgia this week.  Virginia may be impacted when Florence comes ashore at the end of this week.

Virginia announces a state of emergency ahead of Hurricane Florence.

Preparing For A Major Hurricane or Tropical Storm

When a hurricane is 36 hours from arriving

• Turn on your TV or radio in order to get the latest weather updates and emergency instructions.
• Restock your emergency preparedness kit. Include food and water sufficient for at least three days, medications, a flashlight, batteries, cash, and first aid supplies.
• Plan how to communicate with family members if you lose power. For example, you can call, text, email or use social media. Remember that during disasters, sending text messages is usually reliable and faster than making phone calls because phone lines are often overloaded.
• Review your evacuation zone, evacuation route and shelter locations. Plan with your family. You may have to leave quickly so plan ahead.
• Keep your car in good working condition, and keep the gas tank full; stock your vehicle with emergency supplies and a change of clothes.

When a hurricane is 18-36 hours from arriving

• Bookmark your city or county website for quick access to storm updates and emergency instructions.
• Bring loose, lightweight objects inside that could become projectiles in high winds (e.g., patio furniture, garbage cans); anchor objects that would be unsafe to bring inside (e.g., propane tanks); and trim or remove trees close enough to fall on the building.
• Cover all of your home’s windows. Permanent storm shutters offer the best protection for windows. A second option is to board up windows with 5/8” exterior grade or marine plywood, cut to fit and ready to install.

When a hurricane is 6-18 hours from arriving

• Turn on your TV/radio, or check your city/county website every 30 minutes in order to get the latest weather updates and emergency instructions.
• Charge your cell phone now so you will have a full battery in case you lose power.

When a hurricane is 6 hours from arriving

• If you’re not in an area that is recommended for evacuation, plan to stay at home or where you are and let friends and family know where you are.
• Close storm shutters, and stay away from windows. Flying glass from broken windows could injure you.
• Turn your refrigerator or freezer to the coldest setting and open only when necessary. If you lose power, food will last longer. Keep a thermometer in the refrigerator to be able to check the food temperature when the power is restored.
• Turn on your TV/radio, or check your city/county website every 30 minutes in order to get the latest weather updates and emergency instructions.

Survive DURING

• If told to evacuate, do so immediately. Do not drive around barricades.
• If sheltering during high winds, go to a FEMA safe room, ICC 500 storm shelter, or a small, interior, windowless room or hallway on the lowest floor that is not subject to flooding.
• If trapped in a building by flooding, go to the highest level of the building. Do not climb into a closed attic. You may become trapped by rising flood water.
• Listen for current emergency information and instructions.
• Use a generator or other gasoline-powered machinery outdoors ONLY and away from windows.
• Do not walk, swim, or drive through flood waters. Turn Around. Don’t Drown! Just six inches of fast-moving water can knock you down, and one foot of moving water can sweep your vehicle away.
• Stay off of bridges over fast-moving water.

Be Safe AFTER

• Listen to authorities for information and special instructions.
• Be careful during clean-up. Wear protective clothing and work with someone else.
• Do not touch electrical equipment if it is wet or if you are standing in water. If it is safe to do so, turn off electricity at the main breaker or fuse box to prevent electric shock.
• Avoid wading in flood water, which can contain dangerous debris. Underground or downed power lines can also electrically charge the water.
• Save phone calls for emergencies. Phone systems are often down or busy after a disaster. Use text messages or social media to communicate with family and friends.
• Document any property damage with photographs. Contact your insurance company for assistance.

Is Your IT Infrastructure Backed Up And Quickly Recoverable?

Many businesses aren’t prepared as they should be.

Yes, you’ve backed up your data to a storage device in the office, but won’t help if your building’s roof comes off. Your office will flood and your server, backup device, and computers will be left floating in Florence’s wake.

This may sound extreme, but it happens.

Unless your IT service company backs up your data to an enterprise-based cloud backup solution, you could lose all the information you’ve worked so hard to attain.

Better yet, ask your IT professional to virtualize your entire network. This means all of your data and software. If you lose your onsite data and applications, everything will be quickly recoverable within a few hours.

A cloud backup, on the other hand, can take days to recover, and you won’t have access to your software applications.

But you have to do this now. You only have a few days left.

Above all, be safe everyone.

Resources:

• https://www.ready.gov/hurricane-toolkit
• Hurricane Seasonal Preparedness Social Media Toolkit
• Hurricane Information Sheet (PDF)
• Six Things to Know Before a Disaster
• National Hurricane Center
• National Weather Service Hurricane Safety
• When the Waves Swell – Hurricane Animated (Video)
• How to Prepare for a Hurricane
• Hurricane Playbook
• Prepare Your Organization for a Hurricane Playbook
• Communication Tools
• Hurricane Creative Materials
• National Creative Resources
• https://www.ready.gov/hurricanes

When companies fail at or are not prepared for a catastrophe, it’s often because they neglect to think that the unexpected is possible.

They often fall into one of two categories:

• They assume disasters are unpredictable, so why prepare for them?
• They fall into the allusion that their plans are fail proof (nobody can sink the Titanic).

Most disaster situations are simply due to a service outage or user error. But a catastrophe could wreak havoc on your business when you least expect it. Think about the thousands of companies in Houston that were shut down for weeks due to Hurricane Harvey in 2017. Nobody expected it, but it happened and many people were caught completely off guard.

Companies that take the time to be proactive are more likely to persist, despite a disaster. It requires a higher level of preparation than many businesses currently have. There are too many depending on a simple cloud backup service to save the day, but is that enough?

What is The Condition of Your Cloud Disaster Management Plan?

Current statistics show that more companies are taking inventory and calculating the risks of an attack on their IT infrastructure. However, there are still quite a few who are ill-informed and not doing enough.

Recently, a Forrester Research and Disaster Recovery report showed that up to 40% of companies currently have an official enterprise risk management program that is held accountable by a board or upper management. While the number of companies that are taking cloud disaster management seriously are improving, it’s obvious that not all companies are on board.

The difficulty with cloud disaster management, as with all disaster recovery programs, is that it’s never important until unexpectedly, it is. When a major disaster event occurs, it can take a company down in the blink of an eye.

Could This Happen to You?

HawkSoft, an Insurance Agency Management platform, was just hit with a ransomware attack. Their business had to shut down until they could deal with hackers. Are you ready for a ransomware attack? Does your team know what to do? More importantly, your employees should be well-trained so that they recognize suspicious emails and attachments and do not click on them to begin with.

Recently, Ticketfly was the victim of a data breach. Over 26 million customers who use Ticketfly to purchase concert tickets were affected. Ticketfly’s parent company, Eventbrite, revealed that customer names, addresses, emails, and phone numbers were stolen by hackers. The breach damaged the company’s reputation and left millions of customers looking for a new place to buy their tickets.

The company had rave reviews from its customers. They most likely had a very sophisticated security system. So what went wrong?

When it comes to disaster recovery, it’s vital to choose an IT services provider that consistently tests their disaster management procedures. They need the best security resources money can buy, but they also need a well-qualified team of pros who understands what’s at stake.

Your IT services company should do more than just provide dependable hosting. They must stay on top of new hacking schemes. They should be running simulations on a regular basis that test disaster preparedness. They should be doing this internally and for their clients.

How Can You Manage Cloud Disaster Recovery Solutions?

A good disaster recovery plan includes the core IT services and infrastructure that your company depends on. These assets should be fully protected with today’s most effective security solutions. You need a qualified team of people who know what to do in case there is a breach. Acting quickly always limits the damage and makes your company look better in the media. Your shareholders and investors should be fully involved.

What Does Your Company Need to Survive a Disaster?

Did you know that service outages are the most common disasters that companies encounter when it comes to IT issues? However, even though possessing a strong data center solution is essential, there are many other situations that can wreak havoc, such as earthquakes, fires, floods, and severe storms. Your team should have a thorough plan to address events like these. That means backing up your data both onsite and offsite using a reliable cloud solution.

Do You Have a Complete Disaster Management Program?

No one ever thinks about what would happen if heavy rain caused the roof of your data center to cave in. What if your offices were flooded in a big rainstorm? How long would it take to get things back up and running again? You could lose several weeks’ worth of work.

Cloud disaster management isn’t something you should figure out on your own. You need a partner with the information, experience, and resources to know what could happen and how to respond. Sometimes you don’t get a second chance.

You need a business leader in cloud disaster recovery, with proficiency that guards every part of an IT system, from application management, to cloud hosting. All your software programs and data should be backed up regularly so that everything can be restored quickly.

Disasters Are Expensive

Each day that your company is shut down costs you money. Many small businesses in Houston never recovered after Hurricane Harvey. They had to close their doors. They learned the hard way how important disaster recovery is, but you don’t have to.

Look for experts in cloud disaster recovery who will get to know your business and develop a unique plan that addresses all the areas that are important to your business, from applications to servers. Make sure they have a good track record and can deliver on their promises. Working with a proactive IT services provider can ensure that your company survives no matter what.