Tag: HIPAA-compliancy

The BYOD Scenario

The BYOD Scenario

BYOD - Bring Your Own DeviceBYOD (Bring Your Own Device) is a movement that has gained great speed within the last four years. With employees that sync accounts from PC to tablet to cell phone, information and data is readily available at any given moment.
Our goal here is to educate you on the potential security issues & risks. If BYOD is right for you, you will want to make sure it is done securely to avoid the most common disasters.

BYOD Disasters & Traps

  1. Out of Compliance
    When employees access data on personal devices, businesses have no guarantee that the devices are compliant with the company’s data & privacy policies or mandated HIPAA regulations.
    Failure to comply with federal regulations can result in consequences from expensive fines to criminal penalties.
  2. From Your Network to Their Cloud
    Having an employee with their own device means the potential for access to individual cloud services such as OneDrive or Dropbox.
    Employees can easily snap photos or copy confidential data into their personal cloud for access away from your network without IT even being aware.
  3. Rogue Apps & Security
    Speaking of personal clouds, having a device on the network with access to personal cloud services, also means that without the proper security policies in place, your network can be threatened with viruses and ransomware in the form of rogue files. The more access these devices have to your network, the more damage the infection can cause.
  4. The Productivity Problem
    When BYOD began gaining popularity in 2012, it promised to make your employees happier and more productive. Staff could choose from a number of apps and tools to accomplish their work, using tools that they are more comfortable with. It wasn’t long after that companies began finding their employees on social media during work hours or worse, playing games or streaming movies.
  5. Lost or Stolen Devices
    Having a device lost or stolen can be a costly mistake. Employees are naturally more free when it comes to using a personal device versus a company-owned device. Regardless, having a device with critical company data, including customer information, lost or stolen from a restaurant or your car’s back seat can cost you heavy fines or the loss of a valued customer.

Adopting the BYOD Policy

If you decide that BYOD is for you, it is best to adopt a company-wide policy that will protect both you and your employees. Specify what devices are permitted and who is responsible for servicing the devices for maintenance. Also clearly state who owns what apps and data, and what apps will or will not be allowed.

Place proper security within your network to protect yourself from malware and viruses. If your business is held to government standards due to HIPAA-compliancy or other federal regulations, make sure that your employees are included in this as well.

Lastly, develop an exit strategy. When an employee leaves your company, what will happen to the data on that device? Are you simply relying on changing passwords?

There are many other questions that you may have, so always feel free to contact a professional to discuss your options and responsibilities. The suggestions here are merely the tip of the iceberg to make you aware of the details involved when incorporating BYOD into your network.

The Importance of Password Security

The Importance of Password Security

Passwords are everywhere.  From your Windows login to your banking software, to the online store where you purchase your “can’t put down” books from; everyone wants you to log in with your special login.

But how “special” is your login?

It’s simple.  We are busy people with lots to do; so to remember long, secure passwords may not be high on our priority list.  And if we have to have a different one for every site or device that requires one, then we are really in trouble.  After all, we aren’t just speaking of websites, but phone apps, computer logins, email accounts, and well…you understand.  The list can be endless.

So how can we make things easier for ourselves and harder for the criminals? Let’s break it down into 5 easy steps.

First, Don’t Share Your Login.

As simple as it sounds, it’s a very common problem. It could be a matter of you giving your login to a best friend, or it could also be a case of 8 employees all logging into a network using the same username and password. Either way, you’re setting yourself up for disaster.

Next, Make Your Password Secure

Believe it or not, password is still one of the most commonly used passwords. It actually was the second most common password for 2014, preceded only by 123456 that came in at #1. Others include 12345, qwerty, and letmein. For a complete list, visit gizmodo.com.

Best password practice would recommend that your passwords are 8-12 characters long and include alpha, numeric and special characters. Using both upper and lowercase is also good practice. A perfect example might be: h*3Dxy8vM.

Worried about remembering your password? There are multiple sources available for password keepers. Just always look for one that is secure and from a reputable publisher.

Our Next Recommendation is Locking Your Desktop

This may be the easiest of them all. If you’re walking away from your desk, “Just Lock It”.

In the “good ole days” when security wasn’t an issue, we would leave our desktops unlocked and leave. When we returned, we would have strange replies to emails that were sent from our account. We always knew who the usual suspects were and it was all in fun & humor, but now, leaving your computer available for anyone’s access is just not safe. Information is more critical than ever and customer data is everywhere. It’s our job to protect both our company and our customers.

Let’s Not Use the Same Password for Every Account

If someone steals your only username & password, they could access everything you own. Many of us are guilty of using one login for everything. When you add that to the simplicity of our passwords, we have just done a major portion of the legwork for the criminals. Use different credentials for different sites.

Finally, Don’t Use Your Username as Your Password

Again, this is done as a time-saver and for ease, but you are only making it easy for the password stealers. Your password should be unique, only used as a password and nothing else, and only by you.

Unfortunately, we are in a time where malware and viruses are accessible everywhere as little bots do nothing but infect networks and break passwords all day. And the sad truth is that, for some, creating these infections is a full-time job.

If you are concern about your network or how to determine where your network stands on security, contact a local IT provider, such as CMS IP Technologies in Beaumont and set up an appointment for a no-obligation network evaluation.

Why Employing Strong Firewall Policies is Critical

So, you think your network is safe? I think a large store chain felt the same way until their network was compromised along with thousands of their customer’s credit card information. The truth is you can never be too safe when it comes to protecting one of the most valuable assets your company owns – its data!

Has your server or PC ever been compromised? If you answered no, how do you know? Has your home PC ever had a virus? Yea….how long do you think that virus was on there before you actually realized it?  Maybe someone snuck in, decided there was nothing important in there and then snuck out without you even knowing. Or perhaps they managed to get their hands on your Quicken file and you don’t even know it yet – but you will at some point.

There are many other examples of network and data compromise but you get the point. It’s critical to do all you can to keep the bad stuff away from your network. We had a situation once that our server was painfully slow and we simply did not see any bread crumbs to nail down the problem. We would reboot it and it would stabilize for a day or so then go right back to super slow mode. We finally found the culprit. Someone overseas (from what we could tell) compromised our server and loaded it up with foreign movie trailers and they were streaming them from our server.

Protection with Border Control

We use the term Border Control to characterize the role of a firewall. It’s important to follow best practices with configuration and even down to the type of appliance that you purchase. Sorry, but a $65 Netgear will not do the trick. You need a robust device that offers more than NAT routing and port forwarding. Protecting your network is a multilevel approach and Border Control is just part of it, so keep that in mind. But today we are focusing on the border…your firewall.

Below are some best practices to consider for controlling your border.A quality device from a reputable manufacturer is the best place to start. A business class router from Cisco, Meraki or SonicWall is what we recommend. They offer various models that will fit just about any small business budget as well as large corporations with huge budgets. Throughput, speed, number of users etc. all come into play and need to be considered when determining the proper firewall for your network. A quality sales rep from a reputable company should be your trusted advisor and can help you make that determination.

Options such as security services are very important features of quality firewalls. These security services include Antivirus, Content filtering, intrusion detection / prevention and more.  Remember my note about border control being part of a multilevel solution? Antivirus at the firewall is the first line of defense for viruses entering the work place. This does not replace AV on the desktop! AV at the border will help to mitigate virus and malware issues.

Content filtering is a very important component to protect your network from improper web habits of your employees. It also adds that peace of mind that you’re going to a safe site even though it looks like a legitimate business class website. This at times can be an unpopular policy among employees but unfortunately it is something that needs strong consideration.

We recommend putting a statement in your handbook that outlines company policies and expectations of use for company technology. Ask your employees if they would mind paying the hourly rate of the tech that has to clean their PC or the network from viruses at $100 plus per hour. That may open their eyes.

Finally, intrusion detection and prevention is something that should be considered. The preferred method is to use a service that does 24 hour monitoring for the absolute best protection. However that can be pricey. If that is not an option, the ID/PS on the firewall is an important component. It blocks and filters opportunistic bots and hackers and keeps them from entering your network. It’s important to monitor this and the reports to know who’s trying to get in.

So there you have it. This should give you some things to consider when protecting your network. Nothing can guarantee that you will not be compromised but we certainly don’t want to make it easy. The easy ones are the ones that the bad people are looking for!

The New IT Challenge: “Medical Industry vs. Technology”

The New IT Challenge: “Medical Industry vs. Technology”

As technology has grown by leaps and bounds, so has the threat of compromised data. Imagine your medical records at your doctor’s office…they contain all your personal information including your date of birth, your social security number and address, not to mention every medical condition that you may have had. Patient records are the “all you can eat buffet” of cybercriminals.

So Why Not Work With Technology

Using technology in a smart way can be your greatest ally. Properly controlled firewalls and anti-virus software can help prevent a majority of unwanted programs from installing on workstations. Firewalls with security policies in place can limit your staff from visiting website unrelated to the work environment, which is one of the leading causes of malware & viruses. A professional IT staff can work with you to create policies that provide both access and security.

Managing your network security must include your server. Your server is the hub of your network, but where is it located? Is it accessible to just anyone walking by? The same can be asked about your computers. When your staff walks away from their station, is the screen locked, requiring a password?

And that leads to the Ultimate Question, “How secure is your password?”

According to SplashData, a California-based security-app producer, the most common password for 2013 was ‘123456’. This entry moved up a spot, replacing the previous number one password, which is simply ‘password’. Others in the top 25 included ‘12345678’, ‘qwerty’, ‘abc123’, ‘123456789’, ‘111111’ and well… you get the idea.

A simple rule, the easier the password, the less work that needs to be done to gain access.

So what’s the Solution?

Using a managed services provider such as CMS IP Technologies can take a big load off your worries. You want an IT provider that is a HIPAA compliant business associate. They will know what is expected of your network security, how to manage the details, and can assist in educating your users in best practices.