Posts

Healthcare-Specific Security Threats You Need to Avoid in 2019

The healthcare sector experiences twice as many cyberattacks as any other industry. Still, healthcare professionals invest less than 6% of their budgets in cybersecurity.

What gives?

If you are a medical professional, now’s as good a time as any to beef up your security efforts. As a result, you can safeguard patient data and prevent hackers from stealing sensitive information. Here are some healthcare security threats to look out for in 2019.

Phishing attacks

Phishing attacks are becoming a bigger concern in healthcare. This type of security threats starts when a healthcare clicks on an infected email. Once this malware infiltrates a computer system, it can access valuable files and folders.

“The attacker can then use this software to gain access to the healthcare organization’s financial, administrative and clinical information systems,” says Tech Crunch.

Phishing attacks can have a detrimental impact on a hospital or medical practice. Malware often renders computer systems unusable, which has a significant impact on patient safety. In this scenario, doctors and nurses are unable to access important records. In turn, this can put organizations in big trouble in terms of compliance and liability lawsuits. And, in rare cases, it can even put patients’ lives at risk.

These type of attacks greatly increase the chances of hackers stealing valuable data.

Old legacy systems and networks

Old computers and networks could increase security vulnerabilities. As you may expect, Legacy systems may not function as efficiently as newer ones, and they often lack the latest security patches and updates.

“Healthcare is vulnerable due to historic lack of investment in cybersecurity, vulnerabilities in existing technology and staff behavior,” says Science Direct.

Even if medical organizations lack the money to invest in brand new technology, they should take steps to improve their network security. Installing the latest security software and a firewall, for example, and getting rid of old programs could prevent data from being stolen, increase compliance and increase patient trust.

Staff misuse

Insider misuse makes up 15% of all security breach incidents. Usually, this involves medical employees gaining unauthorized access to sensitive data and sharing it with other people.

“Surprisingly, the reason insider misuse stands out in the healthcare industry is because of the amount of people who get jobs in the industry for the sole purpose of infiltrating the system and gaining access to patient health information,” says the University of Illinois at Chicago.

Encrypting valuable data and setting up access controls — where only certain members of staff can access information. This could help to reduce this problem.

Ransomware

Ransomware is one of the biggest security threats in healthcare right now. In May 2017, a ransomware attack called WannaCry targeted computers running the Microsoft Windows operating system and had an impact on Britain’s National Health Service — the biggest single-payer healthcare system in the world.

A similar ransomware attack on your organization could spell disaster. Once ransomware infects your computer, you will probably be unable to access files and patient records unless you pay cybercriminals a ransom.

These are just some of the security threats you need to avoid if you work in the healthcare sector. However, working with a professional who takes care of your security defense needs will reduce phishing attacks, ransomware, staff misuse and old legacy systems from malfunctioning.

4 end-user security best practices

Cybersecurity is the first line of defense in your organization. Making some simple changes to your security protocols will not only prevent hackers from stealing valuable data, but improve productivity in your workforce.

The result?

Less chances that you’ll experience downtime due to a security threat. Here are 4 end-user security best practices that you need to know about.

1. Think up new password management strategies

Cybercriminals are becoming increasingly savvy when guessing passwords and accessing computer systems. Right now, millions of accounts are at risk because of inherently weak passwords.

Research shows that 25% of employees only change their password at work when the system tells them to do so. It’s statistics like this that should encourage you to improve your password management strategy.

Here are some quick password management tips:

  • Encourage your staff to change their passwords on a regular basis — every three months or so.
  • Password-protect all your devices, including smartphones and tablets.
  • Choose passwords that contain a combination of letters, numbers and special characters.

2. Limit access to your computer systems

Insider threats could result in security vulnerabilities and, even worse, a full-scale data breach. Research shows that insiders make up 75% of all data security incidents. You can prevent this from happening in your own organization by limiting access to sensitive data.

First, encrypt your most valuable documents, files, and folders. (A professional can help you do this.) This will make it harder for insiders to access important information. Second, set up user access controls on your systems. This will prevent the wrong people from accessing important data.

3. Improve staff training

Human error can often lead to cybersecurity risks. This is why you should provide your staff with computer security training. It will help employees understand the biggest cyber threats to your business and ensure that they handle data in the proper way.

“CIOs and CISOs need to ensure that every employee in an organization is aware of the potential threats they could face, whether it’s a phishing email, sharing passwords or using an insecure network,” says Information Age.

Investing in training might sound expensive, but it could pay off in the long run and provide you with a significant return. After training, staff are less likely to make mistakes. As a result, you will spend less money on fixing staff-related security issues and concentrate on other areas of your business.

4. Update your software

Old software and legacy systems can impact network security. This is why it’s a good idea to update old programs with the latest security patches on a regular basis. Although this might be time-consuming, it will provide you with an extra layer of security.

“The truth is it’s easy to skip software updates because they can take up a few minutes of our time, and may not seem that important,” says McAfee. “But this is a mistake that keeps the door open for hackers to access your private information, putting you at risk for identity theft, loss of money, credit, and more.”

These 4 end-user best practices will optimize security management in your workplace and reduce the risk of a cyber attack. Investing in staff training, limiting access, updating old software and creating a new password management strategy will help you safeguard your most valuable data.

 

What Windows 7 End of Life Means for Your Organization

It’s the battle of the operating systems: Windows 7 vs. Windows 10. You probably use one of these operating systems to send emails, communicate with customers and clients and access software.

Windows 7 is more popular than Windows 10 right now, but experts predict that the latter will overtake the former and have more users by December. And here’s another good reason to switch – Microsoft is officially ending support in January of 2020. Without support, Windows 7 will become vulnerable to cyberthreats stemming from a lack of patches. It’ll also provide a feature-limited user experience. 

In short, Windows 7 end of life spells out trouble for outdated PCs. If you still need convincing, here are even more reasons to upgrade to Windows 10.

1. Improve your security credentials

Upgrading to Windows 10 might sound like a big deal, but it’s packed full of features that could provide you with data recovery, network security, compliance, and password management. Case in point: Microsoft Passport. It’s an alternative way to protect your passwords when browsing the web, and it’s only available on Windows 10.

Other brand-spankin’ new security features include Windows Hello, which provides you with the security you need when using your device and data, and cloud access management solution Microsoft Azure Active Directory.

Research shows that Windows 10 is just more secure than Windows 7 — definitely something you should consider if you handle valuable customer data and private business information. One study suggests that Window’s most recent operating system is twice as secure as the older version.

2. Improve your productivity

Windows 10 can streamline productivity in your office and solve many of the problems associated with older operating systems like Windows 7. First off, there’s a brand new web browser. It’s called Microsoft Edge, which and it replaces Internet Explorer. Browsing the internet has never been easier — you can even access Cortana, Microsoft’s voice assistant, from any tab or window.

Other new features include Task View, which allows you to control your desktop by quickly opening and closing programs. Have you been using Windows 7 for a while? you’ll find the start menu on Windows 10 a huge change, too. It features live tiles from your favorite apps — a feature that Microsoft introduced in Windows 8.

If you want to optimize performance in the workplace, Windows 10 can help. There are various apps that help you manage documents and share information with colleagues.

Take PDFs, for example: “There are a ton of new features in Windows 10 that makes opening, editing and creating PDFs easier than ever before,” says Tech Radar. “For instance, in Windows 10 you can create PDFs from, well, anything by using the Microsoft Print to PDF option as a printer.”

3. More support

Microsoft discontinued mainstream support for its Windows 7 operating system back in 2015. Although users can still access extended support, this will end, too. (As mentioned previously, Windows 7 support stops in January 2020.) If you are still using Windows 7, this means Microsoft won’t support your operating system in just over a year.

“Your computer will still work, but you will be vulnerable to exploits and bugs after January 14, 2020,” says Joe Anslinger from Lieberman Technologies. “I would advise you to begin planning your company’s transition to Windows 10 now, well in advance of the 2020 deadline. The sooner you begin these plans the more time you will have to address issues while Windows 7 is still supported.”

You may be comfortable using Windows 7 in your office, but making the switch to Windows 10 could provide you with a heap of benefits. Microsoft’s most recent operating system provides you with full support, more security and threat management and loads of new features that increase productivity and optimize performance.

5 ways companies violate HIPAA compliance (and how to avoid them)

HIPAA compliance can be an Achilles’ heel for the companies who fall under its regulatory umbrella. And rightfully so. After all, the protected health information (PHI) it mandates is among the most sensitive data that businesses in any industry handle.

Failure to comply can lead to large fines and legal penalties. Or even drive companies out of business altogether over time. That’s why it pays to be prepared for the threats. But preparation is a tall order when the threats come from every direction, including external intruders and the very people you trust to access it.

Here are 5 ways that companies violate HIPAA compliance, and how to avoid them.

Malware and hacking

As with any industry, malware and hackers are a real concern for HIPAA-compliant companies. But the risks are even higher when data loss results in fines and legal action, in addition to lost productivity or downtime.

The good news is, there are a number of strategies you can take to keep your network safe and meet compliance mandates. Four of the most direct methods include:

  1. Requiring updated passwords on a minimum quarterly basis.
  2. Making sure your company has adequate firewalls in place to protect your network.
  3. Requiring a base level of password complexity.
  4. Making sure software is updated at all times to shore up security vulnerabilities.

Malicious (or absent-minded) insiders

We’d all like to believe we can trust the people we work with. Unfortunately, this isn’t always the case. Often it’s the very people we allow inside our networks who do the most damage. Sometimes for profit.

However, there are a few solid strategies you can take to minimize exposure:

  1. Practice the principle of least privilege for employee access to PHI.
  2. Use keycard access points to control access to hardware portals. Never provide access to employees who do not require it.
  3. Track and monitor who accesses PHI, and when.

Lost or stolen devices

With the rise of cloud computing, businesses frequently use portable devices such as tablets or laptops. This doesn’t have to lead to a compliance issue should one of these devices be lost or stolen. But it can. Here are two strategies to avoid violating compliance should one of your devices be lost.

  1. Install and maintain remote wipe programs on any devices that can access PHI. This is particularly important if your employees will ever access PHI from public networks (consider a policy against such use). Require automatic logout / session timeouts for sensitive programs.
  2. Require all devices that access your network to be password-protected.

Improper device or records disposal

Does your office use devices such as copy machines? Often these devices save document copies on their hard drives. That means they may retain copies of peoples’ PHI. What do you do with outdated records, and how do you handle document transfer risks? Here are a few tips:

  1. Have a plan to clear temporary files from all devices that handle copies of any files or messages containing PHI.
  2. Always shred discarded hard copies or securely store outdated / old records that are no longer actively used.

Third-party disclosure

The nature of PHI is that this sensitive information often needs to move from office to office or organization to organization during the course of patient care. These transfer points are high-risk areas where you can violate compliance and compromise patients’ data. Try these strategies to make records transfer more secure:

  1. Have a plan in place for transferring records in a secure, encrypted or otherwise protected manner.
  2. Require a business associate agreement with any agency that will exchange information with your organization. This agreement should clearly outline responsibilities, protocols and best practices.

Conclusion

It’s clear that HIPAA compliance is a complex issue. You probably need professional planning and security to prevent data loss and the resulting fallout. It’s highly advisable that you consider reaching out to a Managed Services Provider (MSP) with HIPAA experience who can guide you through the process.

They can also provide strategies and solutions to achieve maximum protection for your unique organizational needs and risks. Given the steep fines and extreme cost of downtime or data loss, this will likely save you money in the long run.

 

5 Foreboding Reasons You Need a Disaster Recovery Plan

Disasters happen. The sheer scope of potential disasters is enough to send any company’s leadership into worrying fits. In spite of this, companies often overlook the importance of developing an extensive, tested disaster recovery plan to prepare for the inevitable.

Waiting until disaster strikes to deal with the fallout generally doesn’t end well. There are countless reasons why developing and implementing a disaster recovery plan before things go wrong is the right move for your company.

Here are our top five.

Mother Nature is Unpredictable

We don’t have to tell you that. Chances are, if you leave your house more than twice a year you’re already aware that Mother Nature does what she wants, when she wants. With so much technological convenience and urban infrastructure around us, it can be tempting to ignore nature’s potential threats.

However, the threats are real, and recent history has shown they can have huge financial impacts on businesses.

Whether winter storms, hurricanes, floods, tornadoes, or any of the multitude of natural disasters that hit every year, Mother Nature brings with her a smorgasbord of ways to bring your business operation to its knees.

By developing a disaster recovery plan that takes into account the multiple regional and natural threats to your business, you instantly limit the amount of potential harm they can cause.

Humans and Machines Malfunction

Humans make mistakes. Machines malfunction. While you probably can’t avoid these mistakes and malfunctions in every scenario, you can develop an organized and specialized approach to dealing with them when they occur.

How will you respond when servers and communications systems go down? What happens if an employee falls victim to a phishing email and unleashes malware or ransomware into your system? A good disaster recovery plan takes these very plausible scenarios into account. It provides a step-by-step process for dealing with them.

In fact, the process of developing a recovery plan can even lead to seeking out new solutions – like cloud services and security management services – to minimize the chance of falling prey to these problems in the first place.

Related: 4 Signs Your Business Needs Managed Services

Poor Response Damages Reputation

Customers notice when you’re not prepared for problems. And, like it or not, many customers expect perfection. Downtime alone can cause a loss of confidence from your client base.

But when a disaster happens and your company is unprepared, it can alienate customers to extreme degrees. Many of these customers may choose not to do business with your company again.  

But it doesn’t have to be that way.

Creating protocols to get your business back online is only a part of good disaster recovery. A thorough disaster recovery plan includes actionable details such as which employees will be responsible for customer communication, and what channels will be used to communicate.

This ensures a smooth response to disasters that gives customers maximum assurance that your company is capable of continuing to meet their needs.

Downtime Destroys Financial Stability

Downtime does more than damage your reputation. It can also destabilize your finances.

Waiting until a disaster event occurs to determine your response extends downtime and increases the costs. The right plan will cover the bases and determine the technologies you need to minimize downtime and minimize losses in the process. It helps get your business back online and back to serving your customers ASAP.

Failing to Plan is Planning to Fail

You probably don’t approach a single aspect of your business without a strategic plan for success. So why would you handle your response to potential disasters – whether man-made, technological, or natural – without a plan to act?

A good disaster recovery plan takes into account as many threats as possible. It then organizes your strategic technological and human responses. This forethought minimizes the potential for damage.

Maybe after reading this you’ve come to realize the importance of a disaster recovery plan for your business, but you aren’t sure where to start. That’s where a qualified managed services provider is like an ace in the hole.

They can provide expert advice that’s crucial to your ongoing business success.

By selecting the right partner to advise, consult, and provide ongoing IT support for your business, you can turn your worry about potential chaos into the assurance that you’ve got the right tools and response to meet any challenge.

Related: The Prescription for a Perfect Managed Services Provider

How to Get an A+ in Network Security for Your School

Schools are responsible for not only the education and well-being of students, but also the protection of private data pertaining to everything from health reports and psychological profiles to social security numbers and contact addresses.

As the guardians of so much information, schools should always focus on superior network security.

We’ve come up with three major network security features you can implement in your school to shore up potential ongoing vulnerabilities.

1.) Powerful Passwords

For many students, creating passwords at school can seem like another exercise in creativity. Do any kind of basic survey and you’ll find ineffective passwords that range from the doomed “Password1234” to the sarcastic “JohnnySucks.”

In addition, many teachers lack the technological prowess to instruct students in proper password complexity.

Think of an inadequate password’s effect on your network security like this: You can have an adequate lock on your front door, but if you’re leaving the key underneath the doormat it doesn’t do much good. It’s too easy.

A lazy password is a hacker’s best friend.

The most basic way to secure your network is to create longer, more complex passwords. Complicated passwords should include a mix of upper and lowercase letters, numbers, symbols, and emoticons.

Business Insider suggests creating a password by using the “full-sentence technique.” Start with a single sentence, like “I bought salmon for $20 at the grocery store.” Then, just use the first letter of every word and add in the symbols.

So, the resulting phrase “Ibsf$20atgs” would be a random password that you can remember just by memorizing one sentence.

The longer the sentence, the better, because hackers and/or hacking programs have to work harder when passwords are longer.

Utilizing a password manager to keep track of your stockade of complex passwords is a great way to combine the ease of accessing your various web services as if you had one password with the security that password complexity and variety provide.

Related: The Best Password Managers of 2018

2.) Additional User Authentication

A school network faces a huge challenge in that it is often in contact with a countless variety of devices. Not only do the students and faculty have access to the network via district-provided hardware, but the continued growth of the BYOD (bring your own device) trend means that students are connecting through personal phones, tablets, and laptops created by different brands, which also run on different operating systems.

To further increase security, we suggest implementing multi-factor authentication (MFA). In a nutshell, MFA is the process of identifying an online user by validating two or more claims presented by the user, each from a different category of factors.

We already use multi-factor authentication in the real world. One example is when you go to apply for a passport. The passport application requires a minimum of two forms of identification, such as a state driver’s license and a birth certificate. MFA for your network works the same way.

Your school network should establish a multi-factor authentication process that involves:

a.) The complex password we mentioned earlier.

b.) Something the user has on hand, like a cell phone or tablet.

c.) Biometrics like a fingerprint or optical or voice recognition software.

 

When the MFA process involves a device on hand, there is an inherent check-and-balance to the system, allowing the network to authenticate the device being used.

When the MFA process involves biometrics, your network can cross-reference requested access with the biometric data on hand.

Whichever way you and your managed service provider choose to utilize multi-factor authentication, it is guaranteed to make it more difficult for intruders to gain access to your network, and to keep your data more secure.

3.) Updated Infrastructure

Many schools have hundreds of computers and other web-accessible devices operating on their networks. And often, the network itself is comprised of legacy equipment such as outdated servers, computers, and other devices.

Often this outdated infrastructure has security flaws. Or else it can no longer stand up to the progressive threats of malware and ransomware. It can also be chock full of bottlenecks and bandwidth issues that slow performance across the network.  But that’s an issue for another post.

Related: Why Traditional Firewalls Can’t Keep up With Modern Trends

For many schools, a migration to the cloud is the best way to shore up vulnerabilities while simultaneously fixing the performance problems plaguing their network.

Rather than making a high capital investment in replacing the vulnerable outdated equipment, switching to cloud computing means taking on a lower monthly cost for superior performance and security.

It can even bring about more powerful web filtering tools that block access to harmful or inappropriate sites across the network.

Report Card Time

Do your school passwords pass the test? Are your students and faculty using multi-factor authentication to ensure the safety of your network? And is that network up to modern security standards? If so, you pass with flying colors. If not, it’s definitely time to chat about how to get your grades up.

 

5 Reasons You Need a Managed Service Provider with Experience in Healthcare Industry

The best way to avoid HIPAA violations in your IT network is to consider your managed service provider the same way your patients consider a medical specialist.

For instance, if your patient catches a bad viral infection, they probably won’t visit their accountant for medical advice The principle is the same for managed service providers. Because many specialize in certain markets, you will want to be sure to work with an MSP that has a proven record in the healthcare industry.

Without the guidance of an experienced MSP, you may find your data breached and your customers walking out the door.

By September 2017, more than 221 major HIPAA breaches were reported to federal authorities, which was a 66% increase from 2016. 84% of these incidents were reported as hacking issues. With that seemingly unstoppable upward trajectory, it’s more important than ever to make sure that your managed service provider (MSP) has experience creating HIPAA-compliant networks.

While HIPAA compliance is a major priority in healthcare systems and medical practices, sometimes the facts are overshadowed by all of the stress of adhering to the rules. The most important fact: HIPAA is designed to protect your patients. Other than the obvious goal of protecting their privacy, there are 5 very important business reasons to shore up your efforts to remain HIPAA-compliant.

1.  The Fines

First, there are hefty fines associated with HIPAA violations, with up to $1.5 million dollars per violation, which can then be multiplied by how long the violation has taken place. Major breaches like the Anthem hacking incident are estimated to cost over $100 million.

 

2. Patient Retention

Second, and just as important, you run a high risk of losing your patients if their data is breached. 31% of consumers surveyed by the Ponemon Institute said they discontinued their relationships with the breached entity following a data breach.

 

 3. Authentication

Human error and insider threats continue to play a huge role in data loss. One recent report showed that 74% of organizations feel vulnerable to insider threats. This is right in line with another industry report, which found that 70% of data center incidents were caused by human error.

Any person in your business that accesses medical records should have a unique user ID. This will ensure that a.) only the right people have access and b.) you can track who has accessed documents. Taking these proactive measures will help minimize human error and/or intentional threats.

 

4. Encryption

Your employees might be doing all the right things, but that may not matter if your data isn’t protected when in transit.

It’s a common activity to send a patient’s medical records to another office, for example. This is a pain point where you can be exploited. Encryption will ensure that data is safe moving across and beyond your network.

 

5. Cloud Solutions

If your MSP works with cloud solutions (as 90% of companies surveyed currently do), it’s important to make sure that the cloud setup meets the same standard as your network compliance. For this reason, RWA suggests working with a cloud-based program that is proven to be HIPAA-compliant.

What’s next?

RWA has a proven track record working with medical and healthcare practices. We offer HIPAA compliance assistance, and we’ve partnered with an excellent company offering a complete and very affordable cloud-based compliance program for large and small practices, including a “BA-Specific” program for their business associates as well.

Looking for more info on securing your network to meet HIPAA standards? Give us a shout and we’d be glad to share more. No strings attached.

Network Security: I’m Sorry, But You’re Not on the List

Often, people are curious about how susceptible their networks might be to cyber attacks and other intrusions. Think of it like this, your network is the biggest New Year’s party of 2018. Everyone wants to see what’s going on inside and they’ll do whatever it takes to get in. To keep the party safe and fun, you’re going to need proper network security.

The alternative is not pretty. Your party crashers can cause astronomically high financial losses (think over $40,000 per cyberattack), and your reputation will go down the drain, too. 31% of customers will leave a healthcare business if their data is compromised, for example.

One way to ensure that the bad element stays out of the network is to apply category-based content filters. These work by analyzing individual websites and placing them in specific categories based on their safety level.

Here are a few of the different categories of sites and content that you can filter out. This will help prevent undesirable people from crashing your network and from inviting others to do the same.

Not Safe For Work (NSFW)

Your business has a lot of leeway in this category. The primary distinction for NSFW is websites or emails that contain either written or visual sexual content, drug use, or gratuitous violence.

The nature of these sites will often put them in direct violation of company sexual harassment and/or morale policies. On top of that, NSFW content is very often riddled with viruses, malware, and other cyber threats.

Social Networks

Social Network filters can be customized to fit your specific business needs. For instance, if you find that your employees are spending far too much time on Facebook or Twitter, you can easily block it from employee access. Social networking isn’t intrinsically dangerous, but the platforms often allow an enormous amount of dangerous content to be featured on their sites.

This has been explored to some depth in studies of the recent impact of falsified news on Facebook. In your business, what it means is that your employees can click into a click-bait website (one designed to peak interest without any actual valuable content) and it might lead to a site filled with phishing links or malware.

Phishing Scams

Phishing is one of the most detrimental web scams. Dangerous phishing emails and sites are designed to look like legitimate pages so that you trust them enough to volunteer sensitive personal and financial information.

A phishing filter will examine all the identifying background code and eliminate these sites to keep your employees from accessing these fake pages.

Malicious URLs

When you access a malicious website, you end up involuntarily downloading ransomware, malware, and other cyber attacks onto your network. Filtering for malicious content helps to spot and track these dangers to prevent your employees from accidentally damaging their hardware and your network.

Peer-to-Peer Sites

If you’ve ever had a friend who talks about owning a movie the day it came out in the theater, he’s probably using a peer-to-peer torrent site. Think of the early days of Napster on this one. These sites operate so that people can share information without regulation. They are horrible for network security.

If someone accesses a peer-to-peer site on your business network, they might download a file thinking it is the new Taylor Swift album and end up with computer virus that wipes out your network and costs you up to $100,000 an hour of downtime while you replace equipment and get things running.

Ready to add filters to your network?

We really want your network to feel the most fantastic party of the year in 2018. If you feel the same, it’s probably a good idea to put together a plan to filter out the unsavory cyber elements. Just give us a call or shoot us an email and we’d be happy to share more about network security filters.

4 Signs Your Business Needs Managed Services

Often you are so busy doing the daily activities that are most important in your business, that it’s easy to under-prioritize IT solutions. The good thing is that managed service providers have the focus and expertise to consult with you and find and anticipate any possible weak spots in your infrastructure and network. Together, you can prevent cyberattacks, monitor possible anomalies, save money, and be prepared for any worst-case-scenario.

If you can relate to any of these 4 warning signs, then it might be time to work with a managed services provider.

1. You don’t know how to prevent cyber attacks.

One of the primary benefits of working with a managed service provider (MSP) is the ability prevent and combat cyber attacks. Cyber attacks come in many forms, including viruses, ransomware, worms and more. The one thing they all have in common – besides everyone thinking it won’t happen to them – is a potentially disastrous effect on businesses.

The proliferation of cyber attacks on businesses is downright alarming. One recent study found that 75.6% of organizations encountered at least one successful cyber attack within the past 12 months. If your business is one of the 3 in 4 that is attacked, you risk suffering an extreme operational, reputational and even financial burden. A report by Data Center Dynamics concludes that cyber attacks cost the victims $40,000 per hour.

When you work with an MSP, you benefit from professionals experienced in and dedicated to preventing and combating cyber attacks on your infrastructure. Your MSP does this by creating a network protection plan with up-to-date security protocols, education for your employees, and monitoring for anomalies and intrusions.

As cyber attacks grow exponentially, creating and maintaining a dependable defense against network intrusions is paramount for staying a step ahead of the threats.

2. You don’t have around-the-clock monitoring.

When your managed services solution includes a help desk or network operations center (NOC), you’ll be able to eliminate downtime and keep your business running smoothly.

In ITIC’s latest survey, 98% of organizations say a single hour of downtime costs over $100,000. 81% of respondents indicated that 60 minutes of downtime costs their business over $300,000. And a record one-third of enterprises report that one hour of downtime costs their firms $1 million to over $5 million.

Good network health demands steadfast observation. Cyberattacks and network incidents don’t follow the same timetable as your business. When employees or customers encounter a problem in your network, it needs to be handled immediately or it could cost you significant losses.

This means you’ll need flexible, expert support.

If you use a network operating center (NOC), you will have dedicated professionals monitoring your network strength and performance. For instance, one sign of a computer worm is a massive network slowdown on as it consumes memory and resources.

At the NOC, your MSP will be able to filter out negative traffic and manage performance to allow the valid activity that keeps your business operating.

Your business could also benefit from a help desk. Whereas the NOC monitors and prevents  network issues, the help desk can directly assist employees and clients with all of their technical and network needs.

3. You’ve yet to fully embrace the cloud.

Cloud services have made a phenomenal impact on businesses in every industry. With reports revealing that 90% of organizations use the cloud in some way and 50% use cloud services as their preferred solution, the chances are that you already use the cloud somehow in your office.

A qualified managed services provider will create a cloud solution for your business that saves you money and streamlines your workflow and processes. Moving to the cloud is beneficial for any company wanting to improve efficiency, flexibility or collaboration.

First of all, cloud services make scalability easier than ever. If you need to set up a new employee to the company, you just add another user to your current roster and extend permissions to the right resources. There’s no installation or licensing to plan for and they can work from any device in the office or on the road with their network credentials.

Another benefit of cloud services is the money saved on hardware. When you rely on a cloud server, you save money on physical components.

Additionally, if your MSP includes a cloud solution, you cut down internal payroll expenses by minimizing the cost of an in-house IT team. Forbes reported in one case study that cloud solutions provide a 37% savings over 3 years when compared to a self-managed, on-premises solution.

4. You have no solid backup and/or disaster recovery plan.

Data backup is an essential, yet often overlooked facet of a healthy infrastructure. Nationwide reports that 75% of businesses have no disaster recovery plan. Whether your data loss occurs due to a cyber attack or a natural disaster, you want to be up and running ASAP.

Managed service providers are experts at providing backup and disaster recovery solutions for your business. The goal is always business continuity.  If you’re closed for business, you will experience financial and reputational losses.

One study shows that 54% of companies report experiencing downtime from a single event, lasting more than 8 hours.

A proper disaster recovery and data backup solution will help you avoid downtime at your business, and keep records safe so you can continue doing business.

We’re here to help.

Here at RWA, we are dedicated to helping you make your business the best it can be. We have experience working with our clients to design and implement technology solutions that achieve their goals and strengthen their operations.

Please give us a call or send us a message to find out  more about managed services for your specific needs.

Virus vs. Worm: How to Identify and Slay Your Network Monsters

The glossary of adversaries to your network security will continue to grow so long as cyberattacks continue to happen, and the various cyber-monsters can be difficult to differentiate. That being said, two of the most prevalent security threats are easy enough to remember when you compare them to legendary monsters. Enter the virus and the worm.

What they have in common…

Viruses and worms are both cyberattacks that are detrimental to your business. They are also both financial blackholes. In 2016, viruses and worms contributed to $450 billion in financial losses due to cybercrime. On an individual level, cyberattacks can cost businesses up to $40,000 per hour.

The end result for both a virus and a worm is to damage your network and cost you money and time. The primary difference is in their approach.

A virus is like a vampire…

One easy way to conceptualize a computer virus is to think of it as a vampire.

If a vampire wants to infect you with vampirism and turn you into a member of the nocturnal undead, it will require some human error. Just like you might encounter a vampire if you take a shortcut down a dark alley, you might catch a computer virus by visiting a harmful URL or downloading software that isn’t secure. There’s always an element of human participation.

And we all know that a vampire can’t come into your house unless it is invited. That’s exactly how a virus works.

Many times, it’s easy to spot a computer virus. It’s just a little bit out of place. Just like when a vampire comes over to your house wearing his best 1970s “date night” outfit. There’s just something that’s a bit off. Viruses are often given away by emails or URLs that don’t look quite official – anything from misspellings to unfamiliar names to complex Web addresses to simply uncomfortable requests to share or exchange information. If it strikes you as strange, it probably is.

If you fail to see the signs and unwittingly invite a vampire into your house, he/she/it will probably give you a bite, infect you, and you’ll soon be investing a lot of money in sunglasses, wide-brimmed hats, and umbrellas.

When you open the door to a computer virus by opening attachments or downloading certain files or programs, it will use that program to overload your system and eat up your random access memory, freeze certain resources or take over certain functionality. This in turn leads to slower computing, crashes, and total destruction of the computer system.

One recent example is the “Bad Rabbit” ransomware virus, which spread from Russia to the USA. Ransomware will famously extort money from users in exchange for data, and the average ransomware attack has risen to $1,077.

Computer viruses act just like the vampire virus. They both require a host to infect their victim, and they both greatly alter the health of their prey.

A worm is like a werewolf…

If a virus is like a vampire, then a worm is like a werewolf.

When werewolves want to attack, they have no intention of waiting for you to invite them inside the house. They enter and they either eat you or they bite you and turn you into a werewolf. This is exactly how a worm works on your network.

Worms are cyberattacks that disrupt your network by exploiting weaknesses and self-replicating. One famous example is the recent WannaCry ransomware attack, which infected more than 300,000 computers in a few days, by using worm techniques to infiltrate Windows and spread across LAN and WAN connections.

Unlike the computer virus, they require no human error. Worms can piggyback in on websites or attachments, and then spread exponentially across your network to other files.

While a virus is dangerous, it is typically isolated to a certain program or system resource. A worm, however, will discover any weaknesses and exploit them.

How to slay your network monster…

The best way to win a fight against a vampire or a werewolf is to a.) avoid inviting them in, and b.) fortify your home against them. Hanging garlic on the windows and carrying a silver sword just in case is always a good idea.

For your business to fight a computer virus or worm, you need to invest in solid preparation and protection for your network. This means having a virus protection plan, training your team and downloading all of the relevant patches on an ongoing basis.

When you work with RWA as your managed service provider, we’ll create a comprehensive solution that will help prevent and combat cyberattacks of all kinds.

Reach out to us to learn more about different cyberattacks and how to stop them.