Posts

Healthcare-Specific Security Threats You Need to Avoid in 2019

The healthcare sector experiences twice as many cyberattacks as any other industry. Still, healthcare professionals invest less than 6% of their budgets in cybersecurity.

What gives?

If you are a medical professional, now’s as good a time as any to beef up your security efforts. As a result, you can safeguard patient data and prevent hackers from stealing sensitive information. Here are some healthcare security threats to look out for in 2019.

Phishing attacks

Phishing attacks are becoming a bigger concern in healthcare. This type of security threats starts when a healthcare clicks on an infected email. Once this malware infiltrates a computer system, it can access valuable files and folders.

“The attacker can then use this software to gain access to the healthcare organization’s financial, administrative and clinical information systems,” says Tech Crunch.

Phishing attacks can have a detrimental impact on a hospital or medical practice. Malware often renders computer systems unusable, which has a significant impact on patient safety. In this scenario, doctors and nurses are unable to access important records. In turn, this can put organizations in big trouble in terms of compliance and liability lawsuits. And, in rare cases, it can even put patients’ lives at risk.

These type of attacks greatly increase the chances of hackers stealing valuable data.

Old legacy systems and networks

Old computers and networks could increase security vulnerabilities. As you may expect, Legacy systems may not function as efficiently as newer ones, and they often lack the latest security patches and updates.

“Healthcare is vulnerable due to historic lack of investment in cybersecurity, vulnerabilities in existing technology and staff behavior,” says Science Direct.

Even if medical organizations lack the money to invest in brand new technology, they should take steps to improve their network security. Installing the latest security software and a firewall, for example, and getting rid of old programs could prevent data from being stolen, increase compliance and increase patient trust.

Staff misuse

Insider misuse makes up 15% of all security breach incidents. Usually, this involves medical employees gaining unauthorized access to sensitive data and sharing it with other people.

“Surprisingly, the reason insider misuse stands out in the healthcare industry is because of the amount of people who get jobs in the industry for the sole purpose of infiltrating the system and gaining access to patient health information,” says the University of Illinois at Chicago.

Encrypting valuable data and setting up access controls — where only certain members of staff can access information. This could help to reduce this problem.

Ransomware

Ransomware is one of the biggest security threats in healthcare right now. In May 2017, a ransomware attack called WannaCry targeted computers running the Microsoft Windows operating system and had an impact on Britain’s National Health Service — the biggest single-payer healthcare system in the world.

A similar ransomware attack on your organization could spell disaster. Once ransomware infects your computer, you will probably be unable to access files and patient records unless you pay cybercriminals a ransom.

These are just some of the security threats you need to avoid if you work in the healthcare sector. However, working with a professional who takes care of your security defense needs will reduce phishing attacks, ransomware, staff misuse and old legacy systems from malfunctioning.

4 end-user security best practices

Cybersecurity is the first line of defense in your organization. Making some simple changes to your security protocols will not only prevent hackers from stealing valuable data, but improve productivity in your workforce.

The result?

Less chances that you’ll experience downtime due to a security threat. Here are 4 end-user security best practices that you need to know about.

1. Think up new password management strategies

Cybercriminals are becoming increasingly savvy when guessing passwords and accessing computer systems. Right now, millions of accounts are at risk because of inherently weak passwords.

Research shows that 25% of employees only change their password at work when the system tells them to do so. It’s statistics like this that should encourage you to improve your password management strategy.

Here are some quick password management tips:

  • Encourage your staff to change their passwords on a regular basis — every three months or so.
  • Password-protect all your devices, including smartphones and tablets.
  • Choose passwords that contain a combination of letters, numbers and special characters.

2. Limit access to your computer systems

Insider threats could result in security vulnerabilities and, even worse, a full-scale data breach. Research shows that insiders make up 75% of all data security incidents. You can prevent this from happening in your own organization by limiting access to sensitive data.

First, encrypt your most valuable documents, files, and folders. (A professional can help you do this.) This will make it harder for insiders to access important information. Second, set up user access controls on your systems. This will prevent the wrong people from accessing important data.

3. Improve staff training

Human error can often lead to cybersecurity risks. This is why you should provide your staff with computer security training. It will help employees understand the biggest cyber threats to your business and ensure that they handle data in the proper way.

“CIOs and CISOs need to ensure that every employee in an organization is aware of the potential threats they could face, whether it’s a phishing email, sharing passwords or using an insecure network,” says Information Age.

Investing in training might sound expensive, but it could pay off in the long run and provide you with a significant return. After training, staff are less likely to make mistakes. As a result, you will spend less money on fixing staff-related security issues and concentrate on other areas of your business.

4. Update your software

Old software and legacy systems can impact network security. This is why it’s a good idea to update old programs with the latest security patches on a regular basis. Although this might be time-consuming, it will provide you with an extra layer of security.

“The truth is it’s easy to skip software updates because they can take up a few minutes of our time, and may not seem that important,” says McAfee. “But this is a mistake that keeps the door open for hackers to access your private information, putting you at risk for identity theft, loss of money, credit, and more.”

These 4 end-user best practices will optimize security management in your workplace and reduce the risk of a cyber attack. Investing in staff training, limiting access, updating old software and creating a new password management strategy will help you safeguard your most valuable data.

 

3 Business Problems That an IT Consultant Can Solve

An IT consultant wears many hats. They monitor your network performance, ensure your compliance, and evaluate your hardware infrastructure. But how do these services actually benefit your business?

Here’s something that might surprise you: An IT consultant could save you cash AND prevent hackers from stealing your customers’ credit card details.

Here are 3 business problems an IT consultant can solve.

Problem #1: Hackers are trying to steal your personal information

As you know, cybersecurity is a huge concern for almost every business owner. With more data breaches making the news, you’re probably concerned about the personal data you keep on your hard drives and servers.

43% of cyber attacks target small businesses, and 62% of companies have been victims of social engineering and phishing scams. These are sobering statistics if you own a small business.

The solution:

A good IT consultant can monitor your network performance and create network health reports so you have the peace of mind you need when it comes to computer security. A professional can also evaluate your infrastructure and suggest any necessary upgrades and adjustments that will improve network security in your workplace.

This way, you know that all the data stored on your hardware is safe and secure.

Problem #2: You’re spending way too much cash on IT

The average company spends 5.2% of their total budget exclusively on IT. For some big brands, this means spending millions of dollars on the latest hardware and software that optimizes performance and increases productivity. Many small businesses, however, just don’t have these budgets. They feel like they are spending way too much cash on IT as it is.

How can they cut costs?

The solution:

An experienced IT consultant can evaluate your current IT budget. Based on their evaluations, they can make suggestions that will save you money in the long-run. They might advise you to get rid of hardware that costs too much money to maintain, for example. They might simly deploy software that saves you cash. You can then optimize your income and expenditure and use all the money you have saved to invest in other areas of your business.

Problem #3: You’re struggling with compliance

If you own a small business, there are various laws and regulations that you need to adhere to, especially when it comes to data protection. If you don’t, the authorities could fine you or, worse, you could go out of business. It can be difficult to keep track of all these rules, though. Sometimes, you need a helping hand — someone who can improve compliance in your business and make sure you don’t get into trouble.

The solution:

The right IT consultant will ensure you adhere to all the relevant data protection procedures in your sector and prevent you from being fined. If you operate in the healthcare industry, for example, an IT consultant can make sure you are HIPAA-compliant. As a result, you can safeguard patients’ personal information at all times.

These are just 3 business problems an IT consultant can solve. If you are spending too much money on IT, want to boost your security credentials and improve compliance, investing in managed services could provide you with a decent return on your investment.

What Windows 7 End of Life Means for Your Organization

It’s the battle of the operating systems: Windows 7 vs. Windows 10. You probably use one of these operating systems to send emails, communicate with customers and clients and access software.

Windows 7 is more popular than Windows 10 right now, but experts predict that the latter will overtake the former and have more users by December. And here’s another good reason to switch – Microsoft is officially ending support in January of 2020. Without support, Windows 7 will become vulnerable to cyberthreats stemming from a lack of patches. It’ll also provide a feature-limited user experience. 

In short, Windows 7 end of life spells out trouble for outdated PCs. If you still need convincing, here are even more reasons to upgrade to Windows 10.

1. Improve your security credentials

Upgrading to Windows 10 might sound like a big deal, but it’s packed full of features that could provide you with data recovery, network security, compliance, and password management. Case in point: Microsoft Passport. It’s an alternative way to protect your passwords when browsing the web, and it’s only available on Windows 10.

Other brand-spankin’ new security features include Windows Hello, which provides you with the security you need when using your device and data, and cloud access management solution Microsoft Azure Active Directory.

Research shows that Windows 10 is just more secure than Windows 7 — definitely something you should consider if you handle valuable customer data and private business information. One study suggests that Window’s most recent operating system is twice as secure as the older version.

2. Improve your productivity

Windows 10 can streamline productivity in your office and solve many of the problems associated with older operating systems like Windows 7. First off, there’s a brand new web browser. It’s called Microsoft Edge, which and it replaces Internet Explorer. Browsing the internet has never been easier — you can even access Cortana, Microsoft’s voice assistant, from any tab or window.

Other new features include Task View, which allows you to control your desktop by quickly opening and closing programs. Have you been using Windows 7 for a while? you’ll find the start menu on Windows 10 a huge change, too. It features live tiles from your favorite apps — a feature that Microsoft introduced in Windows 8.

If you want to optimize performance in the workplace, Windows 10 can help. There are various apps that help you manage documents and share information with colleagues.

Take PDFs, for example: “There are a ton of new features in Windows 10 that makes opening, editing and creating PDFs easier than ever before,” says Tech Radar. “For instance, in Windows 10 you can create PDFs from, well, anything by using the Microsoft Print to PDF option as a printer.”

3. More support

Microsoft discontinued mainstream support for its Windows 7 operating system back in 2015. Although users can still access extended support, this will end, too. (As mentioned previously, Windows 7 support stops in January 2020.) If you are still using Windows 7, this means Microsoft won’t support your operating system in just over a year.

“Your computer will still work, but you will be vulnerable to exploits and bugs after January 14, 2020,” says Joe Anslinger from Lieberman Technologies. “I would advise you to begin planning your company’s transition to Windows 10 now, well in advance of the 2020 deadline. The sooner you begin these plans the more time you will have to address issues while Windows 7 is still supported.”

You may be comfortable using Windows 7 in your office, but making the switch to Windows 10 could provide you with a heap of benefits. Microsoft’s most recent operating system provides you with full support, more security and threat management and loads of new features that increase productivity and optimize performance.

Managed Services: Your ticket to a growing and productive business

Running a business is no easy feat. Succeeding involves overseeing many initiatives and facing many challenges on many fronts. In short: you have a lot going on. When it comes to the overall health of your business, managing your IT network should never be the straw that broke the camel’s back. Unfortunately, that’s exactly how it can feel for a lot of business owners and employees. Managing your IT network is a full-time job (sometimes many) and you already have a full-time job. In this eBook, we will illuminate the many reasons for foregoing self-management of your IT network in favor of partnering with a managed services provider to meet your technology goals.

There’s a lot for you to manage. Try managed services.

Surgeons perform surgery, accountants handle our taxes, and pediatricians take care of our children. No matter what kind of business you have, chances are that you’d rather focus on your actual business than the intricacies of running a modern IT network. So, who do you turn to when it comes to properly running your network? That would be a managed services provider (MSP). A managed services provider is any company that performs a contract service associated with your network or your infrastructure. While the specific services offered will vary from provider to provider, there are a few that we believe are most valuable, including:

Cybersecurity

Cybersecurity

One of the most essential managed services offerings is a full-scale and, most importantly, ongoing cybersecurity plan. The best cybersecurity solutions will address all the modern threats to your network, including cyberattacks, insider threats, and user error, as well as helping you keep up with the frequent changes and advances in network technology and malware.

Backup

Backup

In the USA, approximately 140,000 hard drives fail every week. If your personal computer or main server stopped working today, how much of your data would survive? If your machine crashes, or if you are hit by a cyberattack that compromises your data, you want to make sure that everything you’ve worked on can be retrieved from a secure location. To do this, make sure to speak with your MSP about a data backup plan.

Disaster Recovery

Disaster Recovery

If disaster strikes, you need to have a plan in place to not only survive but continue to thrive. A recent example is the onslaught of hurricanes that impacted the Gulf Coast in 2017. Many businesses went under because they were unprepared to continue business in the face of a natural disaster. A disaster recovery plan is something you and your MSP design together to function as a guide for recovering your data and network systems to continue working outside of your normal operations.

Helpdesk

Helpdesk

No matter how reliably or smoothly your network runs even in normal working conditions, issues will still pop up from time to time. Your employees can be more productive when they are able to quickly solve IT issues. For this reason, we suggest utilizing a 24/7/365 helpdesk. The helpdesk is particularly beneficial when you consider that many industries and key roles are becoming increasingly mobile, working extended office hours from a variety of devices and locations. Working with a dedicated helpdesk means you can benefit from a larger pool of expertise and assistance at any time.

Network Monitoring

Network Monitoring

The pinnacle of managed services for your business involves a hybrid of network monitoring and remote services. While the help desk ensures that your employees can quickly solve problems on their end, network monitoring provides a 24/7/365 overview of your network from the inside out. With network monitoring, technicians on your MSP’s team can not only maintain a real-time view of any possible intrusions, threats, or other network anomalies but also complete steps to mitigate and resolve issues as they arise.

Which managed services do you need?

The secret to choosing the right MSP for your business is in identifying the areas that need improvement and finding an MSP that provides a managed services package that fits those needs.

Guard your business with managed cybersecurity.

A cookie-cutter virus protection program just won’t suffice in a world where cybercrime is projected to cost $6 trillion annually by 2021. The attacks are coming. When they find your network, you want to be ready. $6,000,000,000,000,000 is an astronomical number and it can be hard to picture what that means to the average business. Let’s zoom in.

Cybersecurity is one of the most important services provided by MSPs. Rather than a one-size-fits-all approach, an experienced MSP’s approach to cybersecurity involves analyzing your strengths and weaknesses and maintaining complete and constant oversight of your network security. From creating best practices for your employees to implementing important software and maintaining patches and updates, your network is never safer than under the watchful eye of a managed services provider. The best cybersecurity solutions should address all types of threats. Here are the ones we find most common:

1. Sneak attacks

Your business should maintain a constant defense against cyberattacks. Modern cyberattacks are increasingly clever, relentless and evolving, and cybercriminals exercise an unprecedented lack of prejudice – they target anyone and everyone.

There’s sometimes no escaping the attacks, but there can still be preparation and fortification to minimize the effect. With so many types of sneaky cyberattacks, here are two you can recognize and avoid:

Phishing

You’ve probably had this happen before… You type in the URL for a website and the site opens but looks slightly different than the homepage you access most other days. The resulting page is asking not just for your username and password but also for other personal information like your credit card number or social security number to “verify your account.” If you’re a real quick-draw, you’ll wonder about the extra requests, check the URL and notice that you entered the wrong address. This cyberattack called phishing involves intruders pretending to be a trusted entity in an attempt to steal your personal information. They rely on their victims to be in a hurry, unobservant and willing to share far too much.

Malware

Downloading malware is as simple as opening an unknown attachment from an unfamiliar or questionable email. Something as simple as “You’ve won a free coffee, download certificate here” can turn anticipation and excitement into a compromised network. Malware can release unwanted code into your network, consuming your computer’s processing power and causing programs, or even the entire system, to crash. This is why we stress user education and training. It’s not enough to say never open an attachment from an email address you don’t recognize. Even a seemingly familiar sender can turn out to be a phony. Helping users become more vigilant is the key – including watching for suspiciously named attachments or URLs, plus emails using bad grammar, misspellings, incorrect personal references, or even incorrect information in the company footer or signoff.

2. Ransomware

Think of how this scenario would ruin your morning: You open your browser or desktop program and a message pops up: “Pay us $1,077 or we will delete the information on your computer/server.” $1,077 is the average amount of money lost per ransom attack. And these attacks are very common.

Avoiding ransomware is tricky. This type of malware can be delivered through emails, fake ads and malicious websites. It leaves behind code that blocks user access to the machine and demands payment to restore control and release data. Besides training your team to recognize the risky situations, extra tools can help with filtering and monitoring network and email traffic and unsafe URLs. It’s critical to remain aware of new and more convincing approaches emerging all the time. Ask your MSP to detail a plan for analyzing and safeguarding your network against cyberattack vulnerabilities.

3. Insider threats

You might be asking, “Where do all of these attacks come from?” Well, some are from malicious outsiders seeking to cause financial harm to your business and make an easy buck. Others are from within your own ranks.

Of that number, three-quarters were intentional and only one-quarter were accidental – meaning 45% of all cyberattacks are perpetrated by malicious employees. Your MSP should be able to work with your team to minimize insider threats with network checks and balances that involve access control, device registration, network monitoring, and assigning roles and permissions only to valid individuals.

Why Cybersecurity as a managed service?

With attacks coming in more variety and greater frequency, cybersecurity as a managed service is more important than ever for protecting your mission-critical business network. Partnering with professionals ensures your team gets the consistent, comprehensive and expert attention and protection to unify your cybersecurity efforts across channels, devices, users and systems.

Plan your backup to weather the unexpected storms.

With professional network monitoring and a solid cybersecurity plan that evolves with the times, your MSP will help you drastically reduce the chance of significant setbacks for your network. Even so, disasters do happen – and usually without much warning. The secret to surviving the unexpected or worst-case scenario is a backup and disaster recovery plan. A backup and disaster recovery (BDR) plan is a practical guide to maintaining the integrity of your network and restoring its operation in the face of critical failures. The ideal BDR plan will include a hybrid of preventative measures and practices that will secure and replicate your key systems and data, along with action points to focus on at the time of the disaster. Of course, your first questions might be, “Why bother? What are the chances that I will really need this?”

Data loss dangers

A recent industry report found that only 51% of business users back up their data to on-premises computers or external drives, and only 35% back up their data to the cloud. Almost a third of organizations surveyed don’t perform daily backups of their data. And worse, more than two-thirds don’t back up critical customer data. Ignoring the risk of data loss is dangerously negligent for business. A study by Verizon found that a small data breach where only 100 records are lost would most likely cost an organization between $18,120 and $35,730 – but as much as $555,660. Besides the potentially fatal financial loss for businesses, data loss creates a breach of trust that can also contribute to the loss of client relationships.

You get the point: Data loss is bad news. So, what causes data loss? Usually, data loss happens because of one of the following reasons:

Hardware failure

Computers aren’t built to last forever. They will all eventually break down. And that’s okay. As long as you don’t lose data when your computer shuffles off to the ethernet in the sky. Working to regularly copy your data to redundant physical servers, cloud servers will give you peace of mind that you can meet customer demands and regulatory standards like HIPAA standards.

Human error

If you haven’t had one of those “Did I just completely destroy my computer?” moments, consider yourself very fortunate.

Human error – a mistake as simple as spilling coffee on a server, clicking the wrong setting, or dropping a laptop down a flight of stairs (it happens!) – accounts for a massive amount of data loss. So, it pays to be prepared for the show to go on.

Natural disasters

Hurricanes, tornadoes, earthquakes, and related electrical storms, floods and fires, can all have a catastrophic impact on your business. If you don’t back up your data, you’ll lose more than just your physical property, you’ll lose vital customer information, operational files, and the ability to serve your customers. The truth is, data backup not only saves you from unwanted downtime, it keeps you running. Ultimately, you can think of BDR as a parachute. You wouldn’t jump out of a plane without making sure you have one, would you?

About Disaster Recovery

Once you have a plan to make sure all the right data is backed up for a rainy (or coffee-covered) day, you want to deal with the network operation issues surrounding a disaster. That’s when a disaster recovery plan becomes priceless. The recovery aspect of BDR will cover everything from the steps to relocating your network to accessing your data offsite backups to activating the services you will need from vendors supporting you in the continuation of IT operations. To survive and thrive after any disaster, you need to be able to get back to business as soon as possible. The disaster recovery plan will contain delegation of key IT recovery functions, a mandatory checklist, and security protocols to guarantee your employee and customer data is safe. Just like data backup, your recovery plan will have to adhere to both your professional standards and industry standards. Make sure to trust an MSP that has knowledge of your industry.

Your helpdesk keeps your network healthy.

The ideal goal of managed services is to create a network that minimizes the occurrence of significant IT incidents. Since we’ve established that many IT incidents are due to user error, addressing user IT issues is critical to maintain a functional network for your business. So, the best reason for having a helpdesk is explained by Murphy’s Law: Anything that can go wrong will go wrong. And that’s okay. The important thing is to have procedures and experts in place to handle issues as they arise. Notice that the key words there are as they arise. Your business operates in real time. Which means every minute, hour and day that an issue isn’t resolved is just more time that your employees can’t complete their work. A helpdesk will take care of those issues on the spot. What types of user support can a helpdesk provide?

Weekend Access

Example 1:  Weekend access

Dr. Rivera is a general physician working from a secondary office over the weekend. While attempting to access patient records for an upcoming appointment, he notices that the network has locked out his laptop and he doesn’t have the correct network password. Solution:  Dr. Rivera contacts their 24/7/365 helpdesk and they are able to securely verify his identity and reset his password. His preparation is completed, and the appointment goes on as scheduled.

Bandwidth barriers

Example 2:  Bandwidth barriers

Kit Harlowe is home health provider. She is completing a regular patient visit with updates to their charts and treatment plan, when the internet speed suddenly slows to a crawl. Solution:  Kit contacts her managed helpdesk and they are able to walk her through the settings to run a network diagnostic. Through remote services, the helpdesk technician realizes she has downloaded a computer worm that’s sending an overflow of traffic to the network. They filter out the false traffic, which gets the network running faster and keeps Kit working.

In both examples, we address some of the most common reasons businesses choose to incorporate a helpdesk into their managed services

Flexible

Incidents and errors don’t clock in at 8 a.m. and leave at 5 p.m. They show up all the time, anytime, killing your team’s productivity. The only way to help your employees handle issues during their working hours is to have a knowledgeable team on hand.

Mobile-friendly

For many businesses, it has become imperative for employers to accommodate a workforce that has become both more mobile and more reliant on a variety of devices.

When your team is working on their own devices, they need someone who not only knows their network but has knowledge of these individual platforms.

Experienced and knowledgeable

When you have an entire helpdesk team working for you, you benefit from the combined knowledge of multiple technicians. Now consider all the other services we have spoken about. Who could possibly understand the intricacies of your network better than the team who builds them every day? Whether your team is facing normal issues in day-to-day operations or the more complicated incidents that crop up in the evolving mobile workplace, you can count on a helpdesk to provide superior and timely solutions.

We really enjoy chatting about ways to improve your network.

With expertise and experience in all of the above-managed services, RWA will work to build a custom solution that fits your specifics business needs. Contact us at your earliest convenience and we’ll share as much info about the above-managed services as you’d like.