508-909-5961 [email protected]

21st century challenges to patient privacy

A few generations ago, healthcare workers had far fewer opportunities to gossip about patients. But with social media and instant messaging, healthcare employees have plenty of opportunities to breach information before realizing what they’ve done.

The post 21st century challenges to patient privacy appeared first on Complete Technology Resources, Inc..

01 May, 2017 / by Complete Technology Resources / in category
21st century challenges to patient privacy

A few generations ago, healthcare workers had far fewer opportunities to gossip about patients. But with social media and instant messaging, healthcare employees have plenty of opportunities to breach information before realizing what they’ve done. Consider some of these IT solutions to avoid a breach at your practice.

Celebrity hospital visits

Under HIPAA’s privacy rule, a breach has occurred whenever patient information is accessed and shared by an employee unauthorized to access it and/or has no job-related reason to do so. So in addition to the hundreds of computer-based data security policies you need to design and implement, you also have to prevent employees from snooping on files inappropriately.

Most of the time there aren’t many reasons for an employee to go looking through medical files. But a great example of what these types of breaches look like involves Kanye West’s recent stay at the UCLA Medical Center. As an international superstar, more information on why Mr. West was admitted to the facility was in high demand.

Several employees ended up sneaking a look at his medical history and talking about it on social media, forcing the medical center to launch a breach investigation and eventually fire a number of individuals. It’s a great example of how HIPAA can affect our everyday lives, but what impact does it have on the average small- or medium-sized business?

Smalltown disclosures

Just mentioning someone has been admitted is enough to constitute a breach. For a more likely scenario, imagine you ran a clinic in a small town. You employed a high school senior as your receptionist and he or she helped a former teacher schedule a doctor’s appointment.

If the receptionist were to post about it on social media -- or even just text a couple of his or her friends -- that would constitute a data breach. Think about it, if that teacher’s appointment was for something embarrassing, students and fellow faculty knowing about it could result in quite a bit of “harm” to him.

IT solutions to avoid breaches

In addition to conducting multiple employee trainings per year, any HIPAA-compliant office should also implement:

  • Exhaustive URL filtering to keep employees with company-provided workstations from accessing social media sites, messaging platforms, and anything that could lead to a breach.
    Thorough mobile device management solutions to keep employees from using their phones to disclose protected information while at work.

As HIPAA experts, we know the most efficient route to reliable compliance. HHS audits are on the rise, and you need an IT consultant that leaves you feeling confident in your ability to weather whatever comes your way. For more information about our compliance services, call us today.

Published with permission from TechAdvisory.org. Source.

The post 21st century challenges to patient privacy appeared first on Complete Technology Resources, Inc..

Read More

How virtualization roots out malware

Every IT solution in your organization will encounter malware at some point or another. Some solutions are malware liabilities, others are assets. When it comes to virtualization, there are several cyber security benefits for improving your malware readiness.

The post How virtualization roots out malware appeared first on Complete Technology Resources, Inc..

28 Apr, 2017 / by Complete Technology Resources / in category
How virtualization roots out malware

Every IT solution in your organization will encounter malware at some point or another. Some solutions are malware liabilities, others are assets. When it comes to virtualization, there are several cyber security benefits for improving your malware readiness. One of our favorites is called sandboxing, and it’s a good one for you to know about.

What is sandboxing?

Sandboxing is one of the rare concepts in virtualization that the average person can usually grasp in just a couple short sentences. Essentially, sandboxing is the practice of tricking an application or program into thinking it is running on a regular computer, and observing how it performs. This is especially useful for testing whether unknown applications are hiding malware.

Obviously, it gets far more complicated once you delve into the details of how you implement a sandboxing technique, but the short answer is that it almost always involves virtualized computers. The program you want to test thinks it’s been opened on a full-fledged workstation of server and can act normally, but it’s actually inside of a tightly controlled virtual space that forbids it from copying itself or deleting files outside of what is included in the sandbox.

An effective way to quarantine

Virtualization is no simple task, but the benefits of sandboxing definitely make the effort worth it. For example, virtualized workstations can essentially be created and destroyed with the flip of a switch. That means:

  1. You aren’t required to manage permanent resources to utilize a sandbox. Turn it on when you need it, and when you’re done the resources necessary to run it are reset and returned to your server’s available capacity.
  2. When malware is exposed inside a sandbox, removing it is as simple as destroying the virtual machine. Compare that to running a physical workstation dedicated solely to sandboxing. Formatting and reinstalling the machine would take several hours.
  3. Variables such as which operating system the sandbox runs, which permissions quarantined applications are granted, and minimum testing times can be employed and altered in extremely short periods of time.

This strategy has been around for nearly two decades, and some cybersecurity experts have spent their entire careers working toward the perfect virtual sandbox.

Containers: the next step in this evolution

Recently, the virtualization industry has been almost totally consumed by the topic of “containers.” Instead of creating entire virtual workstations to run suspicious applications in, containers are virtual spaces with exactly enough hardware and software resources to run whatever the container was designed to do.

Think of the metaphor literally: Older sandboxes came in a uniform size, which was almost always significantly larger than whatever you were placing into them. Containers let you design the size and shape of the sandbox based on your exact specifications.

Quarantined virtual spaces fit nicely into the sandbox metaphor, but actually implementing them is impossible without trained help. Whether you’re looking for enhanced security protocols or increased efficiency with your hardware resources, our virtualization services can help. Call us today.

Published with permission from TechAdvisory.org. Source.

The post How virtualization roots out malware appeared first on Complete Technology Resources, Inc..

Read More

Avoid VoIP eavesdropping with these tricks

As of late, eavesdropping has been making the headlines due to the surge in frequency. Making it an ideal time to review how well your Voice-over-Internet-Protocol (VoIP) phone systems are protected. However, this isn’t entirely new to VoIP, Vomit and Peskyspy are just some of the prolific VoIP eavesdropping attacks that have gained infamy since 2007. Spare your business from VoIP eavesdropping with these tips:

Never deploy with default configurations
Everyone wants to get things rolling as quickly as possible, but this often results in VoIP phones being deployed with their default configurations.

The post Avoid VoIP eavesdropping with these tricks appeared first on Complete Technology Resources, Inc..

27 Apr, 2017 / by Complete Technology Resources / in VoIP category
Avoid VoIP eavesdropping with these tricks

As of late, eavesdropping has been making the headlines due to the surge in frequency. Making it an ideal time to review how well your Voice-over-Internet-Protocol (VoIP) phone systems are protected. However, this isn’t entirely new to VoIP, Vomit and Peskyspy are just some of the prolific VoIP eavesdropping attacks that have gained infamy since 2007. Spare your business from VoIP eavesdropping with these tips:

Never deploy with default configurations
Everyone wants to get things rolling as quickly as possible, but this often results in VoIP phones being deployed with their default configurations. You don’t want to do this because it allows the bad guy to search vendor documentation. Depending on your VoIP solution, you should have the option of changing default handset configurations. Otherwise, you’ll need to come up with a manual process to change phone defaults when you roll handsets out to your employees.

Listen to your handset vendors
An ideal example of VoIP handset vulnerabilities happened in 2015, when Cisco detected vulnerabilities in IP phones which enabled an unauthorized attacker to listen in on phone conversations. If it weren't for those security alerts, several companies could have found themselves victims of VoIP eavesdropping. The lesson learned here is you must regularly monitor advisories from your hardware vendor. Without proper monitoring, you won’t know how susceptible your corporate VoIP phones are to being eavesdropped.

Update session border controllers
Another tactic to combat VoIP eavesdropping is to constantly update your session border controllers (SBCs). By doing so, you’ll be updating your VoIP’s antivirus software; because cyber threats are constantly evolving, your security products should as well. Routine SBC updates are essential for secure SIP trunking as well as responding to new threats.

Encrypt VoIP calls
Many cloud VoIP providers offer call encryption guidelines, and some even offer it as a premium service. If you work in a regulated industry like healthcare or finance, encrypting VoIP calls are essential to staying compliant. Work with your VoIP provider and auditors to determine the best encryption options for your communications infrastructure.

Build a hardened VoIP network
Another method to fend off VoIP eavesdropping is to build a hardened VoIP network that includes:

  • IP private branch exchange (PBX) using minimal services so that the hardware can only power the PBX software
  • Firewalls with access control lists set to include call control information
  • Lightweight Directory Access Protocol lookup, and signaling and management protocol
  • Reinforced end point security with authentication at the endpoint level

In order to effectively combat VoIP eavesdropping, businesses need to take a holistic approach. This includes policies, deployment, as well as security practices to ensure malicious agents are unable to tap into your calls. Feel free to contact us for further information on how to protect your business.

Published with permission from TechAdvisory.org. Source.

The post Avoid VoIP eavesdropping with these tricks appeared first on Complete Technology Resources, Inc..

Read More

Watch out for this Microsoft Word bug

Feature updates can come and go, but when Microsoft releases a security update, you need to install it as soon as possible. This is because hackers are constantly looking for software bugs to exploit, and in Microsoft’s case, cybercriminals have found a serious vulnerability in Word.

The post Watch out for this Microsoft Word bug appeared first on Complete Technology Resources, Inc..

26 Apr, 2017 / by Complete Technology Resources / in Office, Security category
Watch out for this Microsoft Word bug

Feature updates can come and go, but when Microsoft releases a security update, you need to install it as soon as possible. This is because hackers are constantly looking for software bugs to exploit, and in Microsoft’s case, cybercriminals have found a serious vulnerability in Word.

The attack
On April 10, cybersecurity firm Proofpoint discovered scammers running email campaigns to trick people into clicking malware-ridden Word attachments. The fraudulent emails, simply titled “Scan Data,” included attached documents that were named “Scan,” followed by randomized digits.

Although the emails seem harmless, clicking on the documents triggers a download for Dridex malware, a Trojan virus designed to give hackers direct access to your banking information. From there, they can simply log in to your online account and make unauthorized transactions under your name.

In 2015, the distribution of Dridex allowed cybercriminals to steal approximately $25 million from European accounts. And if your business fell victim to this malware, there’s a possibility your company might not be able to recover from the loss.

The solution
Fortunately, two days after the discovery of the bug, Microsoft released a security update to disable the dangerous documents, urging users to install the patch as soon as possible. But even though Dridex was inoculated relatively quickly, employees continue to be the biggest problem.

Like most malware attacks, Dridex was distributed via phishing campaigns that preyed on a victim’s trust and curiosity. Hackers added barely any text to the email, yet people were still fooled into clicking on dangerous links.

To make sure Dridex never reaches your company, you must provide comprehensive security awareness training. In your sessions, encourage employees to practice safe computing habits, which include being cautious of online links, setting strong passwords, and avoiding downloads from untrusted and unknown sources.

Much like updating your software, keeping your staff’s security knowledge up to date on the latest threats is also imperative. Ultimately, your goal is to have employees with a security-focused mindset when browsing the web.

Of course, if security training and cybersecurity solutions are not your company’s specialties, you can always rely on a trusted managed services provider like us to protect your business. We can update and secure your systems regularly, and make sure your staff are actively doing their part to reduce security risks. Contact us today!

Published with permission from TechAdvisory.org. Source.

The post Watch out for this Microsoft Word bug appeared first on Complete Technology Resources, Inc..

Read More