508-909-5961 [email protected]

Not that long ago, VoIP services were a new and revolutionary concept. Nowadays, internet-based voice communication is commonplace among SMBs, which means it’s time to turn our attention toward improving their security. Without a thorough understanding of what is needed to protect your VoIP systems, you could be vulnerable to cyberattacks. Let’s take a closer […]

2016May23_VoIP_BNot that long ago, VoIP services were a new and revolutionary concept. Nowadays, internet-based voice communication is commonplace among SMBs, which means it’s time to turn our attention toward improving their security. Without a thorough understanding of what is needed to protect your VoIP systems, you could be vulnerable to cyberattacks. Let’s take a closer look at 5 important tips for protecting your web-based communication devices and services.

Types of threats

The majority of VoIP services involve live communications, which often seem far more innocuous than stored data. Unfortunately, your business has just as much valuable information moving across VoIP networks as it does hosted on company servers. Internet-based calls are far more vulnerable to fraud compared to more traditional telephony services and face threats from identity theft, eavesdropping, intentional disruption of service and even financial loss.

24/7 monitoring

A recent study by Nettitude reported that 88 percent of VoIP security breaches take place outside of normal operating hours. This could be attackers trying to make phone calls using your account or gain access to call records that contain confidential information. This can be avoided by contracting outsourced IT vendors to monitor network traffic for any abnormalities or spikes in suspicious activity.

VoIP firewalls

Every VoIP vendor should provide a firewall specially designed for IP-based telephony. These protocols will curb the types of traffic that are allowed, ensure the connection is properly terminated at the end of a session and identify suspicious calling patterns. Consult with your VoIP or IT services provider about which of these features are available and currently in use at your organization.

Encryption tools

One of the reasons that eavesdropping is so common is because a lack of encryption. Inexperienced attackers can easily download and deploy tools to intercept and listen to your calls. Although some services claim built-in encryption, be sure to investigate how effective they really are. Many of these protocols require the same VoIP client on the receiving end of the call -- something that’s much harder to control. Encryption should be compatible with as many other software clients as possible to effectively prevent anyone from undermining the privacy of your calls.

Virtual private network

Virtual private networks (VPNs) create a secure connection between two points as if they were both occupying the same, closed network. It’s like building a tunnel between you and the call receiver. In addition to adding another layer of encryption, establishing a VPN can also overcome complications involving Session Initiation Protocol trunking, a recommended VoIP feature.

Password protection

Usually password protection refers to requiring password authentication to access sensitive information. However, in this case it actually means protecting the passwords themselves. Eavesdropping is one of the easiest, and most common, cyber attacks against VoIP networks and even with all of the protocols above, employees should be instructed to never give out any compromising information during a VoIP call.

VoIP is as important as any of your other network security considerations. It requires a unique combination of protection measures, and we’d love to give you advice on implementing any of these protections or managing your VoIP services. Give us a call today to get started.

Published with permission from TechAdvisory.org. Source.

Read More

A recent initiative to give healthcare patients access to the notes their doctor or clinician writes about their visit is continuing its meteoric rise across the country. OpenNotes began a few years ago by researching the benefits of allowing patients to have access to their doctor’s notes. Since that initial study, the number of healthcare […]

2016May18_HealthcareArticles_AA recent initiative to give healthcare patients access to the notes their doctor or clinician writes about their visit is continuing its meteoric rise across the country. OpenNotes began a few years ago by researching the benefits of allowing patients to have access to their doctor’s notes. Since that initial study, the number of healthcare providers who have agreed to sign on has steadily risen. What is this service and how does it work? Let’s find out.

What is OpenNotes?

OpenNotes allows patients to view their nurse’s and doctor’s notes via online portals that can be accessed from home computers, tablets, or smart phones. Patients receive notifications whenever their doctor adds or modifies a note, a prescription refill is needed, or a follow up appointment is requested. Under the initial study performed by OpenNotes, 99 percent of patients opted to continue using the service, and 100 percent of doctors agreed to continue providing their notes to the patients.

Advocates believe that increasing communication, in this case electronically, results in patients who are “active partners in their care”. Over the years, reaching outside of the doctor’s office and into a patient’s smartphone or computer has resulted in improved medication adherence and reduced the number of note errors. Currently the service claims 7 million patients are in their network.

Is it secure?

All of that sounds great, but how safe is the information that’s being sent back and forth? A recent study by Carestream about patient perceptions of online portals found that, of the respondents who reported an aversion to using the service, the biggest concern (by a very large margin) was security and privacy. The OpenNotes website and press releases try to assuage these concerns by pledging their support during onboarding, but unfortunately threats come in all shapes and sizes nowadays. Often software that requires a lot of security is only as good as the hardware and the protocols you assign to it, and those may be outside of the scope of OpenNotes support staff. Additionally, there is a push for multiple providers to share a single online portal so patients only need one login. With all of this in mind, and the recent string of ransomware attacks on healthcare data, the possibility of an attack is greater than ever before.

Should your practice adopt OpenNotes?

Currently, that decision still depends on the dynamics specific to your practice. However, with more and more providers signing on to OpenNotes, and the government inching toward mandating healthcare information sharing, your network needs to be ready for integration. The healthcare sector has been at the forefront of data collection, and implementing online patient portals of any kind, OpenNotes or otherwise, means a massive increase in online exposure.

OpenNotes has stated that their goal is for 50 million patients to be a part of their network within the next three years. Regardless of whether your practice decides to help them reach that goal, or not, protecting your data needs to be a top priority. For questions and concerns about data security and implementing online patient portals, give us a call.

Published with permission from TechAdvisory.org. Source.

Read More

Unfortunately, we’re confronted with new web security threats every day, and today is no different. Experts have exposed a flaw in ImageMagick, one of the internet’s most commonly used image processors, that could put your site in harm’s way. By learning more about this vulnerability you’ll take the first step toward better protecting your content. […]

2016May17_Security_BUnfortunately, we’re confronted with new web security threats every day, and today is no different. Experts have exposed a flaw in ImageMagick, one of the internet’s most commonly used image processors, that could put your site in harm’s way. By learning more about this vulnerability you’ll take the first step toward better protecting your content.

What is ImageMagick?

ImageMagick is a tool that allows sites to easily crop, resize, and store images uploaded by third parties. Vendors continue to improve user interfaces and experiences by consolidating functions into all-in-one packages, which means administrators are becoming increasingly unaware of what specific services they are actually utilizing. ImageMagick is deeply integrated into countless web services and many webmasters may not even be aware they are using this unsafe software.

How can an image make my site vulnerable?

Recently, it was discovered that images can be uploaded that force ImageMagick into executing commands and permitting attackers to remotely insert harmful code into vulnerable sites. Images are actually made up of complex code that is translated into photos, icons, etc. Different file extensions use what are called “Magic Numbers” to define their file types. Manipulating these numbers allows attackers to exploit a flaw in ImageMagick. The service scans the uploaded file, and attempts to decode the source information whenever it detects the file is not what it claims to be. Scanning that code and attempting to rectify the file misappropriation can then trigger whatever was hidden inside the image and result in remote command of your site.

How should I protect my site?

ImageMagick has admitted knowledge of the security flaw and promised to release a patch very soon. Until then, experts advise implementing multiple workarounds to keep your systems safe. However, if you're not well acquainted with your web server and its code, then it's wise to consult an expert instead of attempting these changes on your own.

For those who are familiar, follow these steps. The first is to temporarily incorporate lines of code that preemptively block attackers from exploiting these holes. Those lines of code, and where to insert them, can be found here.

The next step is double checking that any image files utilizing the ImageMagick service aren’t hiding any harmful information. This can be accomplished by opening an image file with a text editor, and checking for a specific set of letters and numbers at the beginning of the text that define what type it is. The list of these “Magic Numbers” can be found here, and will reveal if an image is hiding its true purpose.

Ideally, administrators will halt all image processing via ImageMagick until a patch is released from the developers.

Data security is one of the most crucial aspects of any SMB, however, keeping up with the constant flow of security exploits and patches can be overwhelming for administrators of any ability level. Why not contact us to learn more about keeping your network secure and protected from exploits like this one?

Published with permission from TechAdvisory.org. Source.

Read More

Hackers come in all shapes and sizes. From kids trying to gain notoriety on the Internet to political groups trying to send a message, the motives for a cyber attack vary widely. So how can you protect yourself? It all starts with getting to know your enemy a little better. Here’s a profile of four […]

2016Apr28_Security_BHackers come in all shapes and sizes. From kids trying to gain notoriety on the Internet to political groups trying to send a message, the motives for a cyber attack vary widely. So how can you protect yourself? It all starts with getting to know your enemy a little better. Here’s a profile of four different types of hackers.

Script Kiddies

When it comes to skill level, Script Kiddies are at the bottom of the totem pole and often use scripts or other automated tools they did not write themselves - hence the name. With only an elementary level of technical knowhow, Script Kiddies usually don’t cause much damage...usually. The Script Kiddy virus known as the Love Bug which sent out an email with the subject-line “I LOVE YOU” fooled millions of people, including some in the Pentagon, in the early 2000’s. The virus reportedly caused around 10 billion in lost productivity and digital damage.

So who is a Script Kiddie? Most of the time they’re simply bored youth looking for a thrill or notoriety. Many never evolve into a full-time hacker, and instead just use their skills as a hobby. Oddly enough, many Script Kiddies find a career later on working in the security industry.

Hacktivist

If you’ve heard of Anonymous, LulzSec or AntiSec, then you’re familiar with Hacktivists. These groups are made up of members of varying skill levels, all the way from Script Kiddies to some of the most talented hackers in the world. Their mission is largely politically motivated as they aim to embarrass their targets or disrupt their operations, whether that be a business or government body. Two of the most common ways they attack their target are by stealing sensitive information and exposing it or denial of service (DDoS) where a server is overloaded till it finally crashes.

As a small or medium-sized business owner you are not necessarily immune to Hacktivist disruption. If your business or a company you’re associated/partnered with participates or provides services that can be seen as unethical, such as Ashley Madison (who fell victim of a major Hacktivist attack last year), then you too may be targeted by Hacktivists.

Cyber Criminals

Often talked about in the media and well-known by most SMBs, cyber criminals are after one thing: money. Their targets run the gamut, including everyone from individuals to small businesses to large enterprises and banks. But what do these targets usually have in common? They either have a very valuable resource to steal or their security is easy to exploit...or a combination of both of these. Cyber criminals can attack in a number of ways including using social engineering to trick users into providing sensitive information, infecting an organization/individual with ransomware or another form or malware, or exploiting weaknesses in a network.

Insiders

Perhaps the scariest type of hackers are the ones that lurk within your own organization. Insiders are made up of disgruntled employees, whistleblowers or contractors. Oftentimes their mission is payback; they want to right a wrong they believe a company has perpetrated toward them, so they’ll steal sensitive documents or try to disrupt the organization somehow. Edward Snowden is a prime example of an insider who hacked his own organization - the US government.

Now that you know what motivates your enemy, you’ll hopefully have a bit of an idea as to whether or not you’re a target. To learn more about how to secure your business from these types of hackers, get in touch with our experts today.

Published with permission from TechAdvisory.org. Source.

Read More