(866) 251-4459 support@compnetsys.com
Cybersecurity Gaps Still Plagued Organizations in Spite of Better Risk Management Protocols

Cybersecurity Gaps Still Plagued Organizations in Spite of Better Risk Management Protocols

A recent cybersecurity survey shows that overall healthcare approaches to cybersecurity have improved in recent years. Most organizations have embraced their need to protect their data from intrusion.

A study conducted by Mountain View, California-based Symantec and HIMSS Analytics[1] found that healthcare organizations are showing improvements in risk management strategies. Although their efforts have still not been satisfactory, they do represent a vast improvement. Most security experts believe there are gaps in most company’s security tools.
The newer cyber risks include medical devices. Hackers can now hack into almost anything including medical devices and appliances due to the expansion of the Internet of Things (IoT). Since so much information is now available in the Cloud, it’s more important than ever to protect this data.
The Symantec and HIMSS Analytics study[2] covers the current position of healthcare organizations as to their investment and efforts to strengthen their security. It accentuates some of the vulnerabilities that many organizations still have. There is one positive finding from the survey showing that healthcare organizations have matured in their understanding of cyber security. In the past, a lack of understanding about hacking, malware, and ransomware has prevented many businesses from taking the threat seriously enough.
In the past, a company viewed cybersecurity as a responsibility of their IT department. They did not get involved in what was done to protect company data. Instead, they relied on their CIO or IT staff to do the right things to protect company information. Today, things have changed. Cybersecurity is discussed on every level, from the mail room to board meetings. According to the report, stronger security measures have been recently taken by eight out of ten organizations. However, about half of them admitted that they know they are vulnerable on some levels.
Another finding indicates that 60 percent of healthcare providers believe that risk assessment, not HIPAA compliance, is a more effective method of securing data against cyber thieves.
This progress has faced a few challenges as discovered in the research conducted by the Symantec and HIMSS Analytics survey. The main challenges faced were the efforts to acquire enough resources to counter the continually evolving threat margin. During 2017, the U.S. Department of Health and Human Services reported that there were 295 data breaches at hospitals and healthcare providers. That number is expected to triple for 2018.[3]
A number of hindrances to improving security programs in the healthcare industry were cited. Not surprisingly, about 73% said that budgetary restrictions were a significant barrier. Staffing came in second with lack of the essential skills a close third.
The survey also discovered that there was a substantial lack of sustained investments in cybersecurity by healthcare providers. According to the respondents, 74% of the providers set aside 6% or less of their IT budget to IT security. Nearly 45% of the health organizations’ respondents allocated only 3% on security. These IT expenditures have remained about the same for three years in a row. In comparison, the financial industry spent an average of 10 to 12 percent of its IT budget on security.[4]
There are a number of steps suggested by the research report in the form of recommendations that all healthcare organizations can take to improve their risk management:

Create greater awareness among employees and conduct regular training across the organizations.
Engage the Board on implications and the risks of failing to allocate adequate resources to invest in better cybersecurity resources and tools.
Employ a comprehensive cyber defense platform that addresses each gateway cyber-thieves use.
Ensure all the stakeholders (IT, Legal, PR and Communications, Clinical Staff, Executives, etc.) are actively involved in Incident Response planning.

According to Alex Wirth, a blogger who analyzed the research report by the two institutions, “Every aspect of a provider’s approach to cybersecurity must be conducted from a business risk perspective”.
His opinion expresses that of many IT security experts. The only way that cybersecurity for the healthcare industry will be given the seriousness it deserves is for everyone involved to realize that this problem will not just go away. It must be addressed and given the time, attention, resources, and money that it requires to stop the spread of cyber theft. In the long run, this is the most sensible and cost-effective approach.
CONCLUSION
All of the security people and resources involved in cyber security for a healthcare organization must work together in order to maximize detection and curb security events. The best way to go about this is to keep the board informed and adopt an effective security framework. A sufficient budget for IT security must be allocated each year. Otherwise, care delivery and patient safety will be highly compromised.
[1] https://www.symantec.com/connect/blogs/new-research-healthcare-organizations-bolstering-cybersecurity-budgets-and-resources-significa
[2] https://resource.elq.symantec.com/LP=2713
[3] http://www.healthcareitnews.com/slideshow/biggest-healthcare-breaches-2017-so-far?page=1
[4] https://www.sans.org/reading-room/whitepapers/analyst/risk-loss-security-spending-financial-sector-survey-34690

Technological Trends in the Public Sector for the Future

Technological Trends in the Public Sector for the Future

This article is an analysis of topics related to technology that topped the charts in 2017 and are still trending in 2018. No doubt, cybersecurity was a priority topic and many positive advancements were made there. The Internet of Things became a much more talked-about issue, mostly due to its vulnerabilities to hacking schemes.

The real world implementation of new technologies used in ‘Smart Cities’ was a hot topic in the public sector. This article will rely on information generated from two top government IT institutions, which are the National Association of State Chief Information Officers (NASCIO) and the Public Technology Institute (PTI). The article will also look at the perspective of private entities on the future of smart technology, cloud technology, and the impact that cybercrimes will have on these.
Government perspective of Important IT Topics
Cyber Security
It is not surprising that this topic created quite a bit of buzz back in 2017 and is still at the top of the list. This year, NASCIO and the PTI teamed up to offer a free webinar called Technology Forecast 2018: What State and Local Government Technology Officials Can Expect. [1]
Of course, security is a top priority and major concern for both the state and local governments. The government has made a resolution to address the growing concerns about cybersecurity that seem to be holding technology back. With so many data breaches occurring each month, private organizations, the government, and businesses of all types and sizes have been hit by cyber thieves. Every organization seems to be vulnerable, so leaders and experts believe that, in order to move forward with greater technological advancements for the future, the issue security must be a top priority.
A recent article on the Government Technology website[2] discusses why businesses need a cybersecurity framework.
Smart Government and Cities
Many cities and towns have embraced technology across their operations and service delivery sectors. This includes migrating data to the cloud, which a big step that can greatly improve a city’s ability to handle larger amounts of data each day. The transportation industry is using an app that tracks city buses so that riders can get accurate bus times. Seemingly small improvements like this can have a big impact on city services. Smart cities will run much smoother. The costs should also be lowered due to the automation of many city services. These services should be available cheaper rates and they should work much better.
Cloud Services
Governments are working to upload all their data to the cloud, where it will be much easier to access and manage. Most government entities are expected to hop on board this year according to a recent MeriTalk Survey. This survey found that 76% of state and local agencies are planning to increase their resources allocation to improve and increase cloud services.[3]
Private entities’ perspective on Government and Technology
A UK company called Deloitte[4] issued a report last year called Kinetic Enterprise. The report revealed many key insights in the trends that are shaping and redefining the role of Information Technology in disruptive technologies.
The report states that cutting-edge establishments are looking beyond implementations in a single domain. Instead, they are opting for projects that can affect a whole array of services, like the delivery of electricity, gas, and water to residents.
They are evaluating the ways disruptive technologies can work in harmony to create innovative tools that can redefine business. The report went on to say that federal and state government leaders could go a long way toward advancing sectors like machine learning, finance, the Internet of Things, blockchain, and others.
An article called, Gartner Top 10 Strategic Technology Trends for 2018[5] named three megatrends that they believe will drive digital business technologies over the next decade:

Artificial Intelligence
Transparently Immersive Experiences
Digital Platforms

In the article, Gartner said it believe that businesses and organizations would lose ground if they did not take advantage of emerging technologies. The article stated that “States are increasingly being asked to referee fights between mobile phone carriers and local governments, as the wireless industry sets out to build the next generation of data networks. 5G Technologies requires a much denser network of 10 to 100 times as many antenna locations….”
On election cybersecurity, the article states: “The 2018 elections could provide an opportunity for states and localities to restore confidence in voting systems that came under scrutiny during the 2016 presidential campaign.”[6]
Conclusion
Technology is definitely having effects on the government and public sector. Many experts see this as a way for the future of mankind to ensure greater progress. For instance, building Smart Cities can cut back on pollution, use sustainable materials, and make life easier for everyone. Many experts believe that the only thing holding progress back is the vast number of security breaches that occur each day around the world. Once we are able to stop those attacks from occurring, the sky’s the limit.
[1] https://www.nascio.org/Publications/ArtMID/485/ArticleID/611/Technology-Forecast-2018-What-State-and-Local-Government-Technology-Officials-Can-Expect-webinar
[2] http://www.govtech.com/blogs/lohrmann-on-cybersecurity/
[3] https://www.meritalk.com/articles/policy-based-automation-key-for-multi-clouds/
[4] https://www2.deloitte.com/us/en/pages/public-sector/articles/government-tech-trends.html
[5] https://www.gartner.com/newsroom/id/3812063
[6] http://www.governing.com/topics/politics/gov-2017-9-issues-to-watch.html

Amazon EFS now a HIPAA-Eligible Service

Amazon EFS now a HIPAA-Eligible Service

Amazon EFS now a HIPAA-Eligible Service

As of march 31st, 2018 amazon added Amazon Elastic File System (Amazon EFS) to thier list of HIPAA Eligible Services.

With this addition, customers that have a Business Associate Agreement (BAA) with AWS can now store healthcare-related file data, including encrypted Protected Health Information (PHI), in an Amazon EFS file system. By providing a secure and encrypted file system, Amazon EFS can now be used as a part of applications that need to store research, genetics, informatics, or imaging data containing PHI.

Amazon EFS provides simple, scalable, elastic file storage for use with the AWS Cloud and on-premises resources via AWS Direct Connect. Amazon EFS is easy to use and offers a simple interface that allows you to quickly create and configure file systems. It provides massively parallel shared access for thousands of Amazon EC2 instances, enabling your applications to achieve high levels of aggregate throughput and IOPS with consistent, low latencies. Amazon EFS is built to elastically scale on demand without disrupting applications, growing and shrinking automatically as you add and remove files, so your applications have the storage they need, when they need it.

Amazon EFS is a regional service designed for high availability and durability supporting a broad spectrum of use cases, including web serving and content management, enterprise applications, media and entertainment processing workflows, home directories, database backups, developer tools, container storage, and big data and analytics applications. Customers can move data securely and quickly from existing on-premises or in-cloud file systems into Amazon EFS with the EFS File Sync feature simplifying migrations and speeding time to production.

Microsoft Launches Surface Pro 4 Replacement Program Due To ‘Screen Flicker’

Microsoft Launches Surface Pro 4 Replacement Program Due To ‘Screen Flicker’

Microsoft introduced the Surface Pro 4 Tablet some time back in 2015. It replaced an older model called the Surface Pro. Soon after the release of the Surface Pro 4, Microsoft’s social media pages were flooded with complaints about a flickering screen. The Redmond Washington-based company responded to these complaints by promising that they would replace some Surface Pro 4 devices with this problem.

Trouble for the tech giant
This is good news especially since the company is making the replacements for free, but for only those devices experiencing the mishap within three years of purchase. In their web page called Surface Pro 4 screen flickers [https://support.microsoft.com/en-us/help/4230448/surface-pro-4-screen-flicker], Microsoft said that their top priority is to create the best products and experiences for their customers. Further, the company noted that they have heard their customer’s complaints and that’s why they have come on board to address these issues. After some investigation, Microsoft determined that some of the affected Surface Pro 4 devices could not be repaired with driver updates or new firmware.
Surface Pro 4 users who are experiencing the flicker are advised to first install the latest Surface and Windows programs to ensure that this is not the cause of the flickering. Surface and Windows updates are designed to keep any device running in an optimal state. If the issue persists, consumers should contact Microsoft Support. Once they verify that the device is certified as one of those that will require a replacement, the exchange process is set in motion.

Getting your Surface Pro 4 replaced or repaired
For those shipping their devices out to Microsoft for repair or replacement, it typically takes about 5-8 business days for the tech giant to get your broken device. The time to repair or replace it can vary depending upon several different factors. Microsoft has also promised to refund the warranty fee to customers who paid for a warranty fee to repair their device. In order to get a refund, customers must contact Customer Support for validation. Microsoft is committed to delivering great products and services to their customers.

Consumer complaints
Information about the flickering screen issue came to the attention of Microsoft after Consumer Reports, a non-profit organization that offers product ratings, said that they could no longer recommend Microsoft Surface products because the device did not perform as expected. As any serious service provider would do, Microsoft did a thorough examination, made their own findings, and came up with a resolution to have the screen replacement performed for free.
Further, Consumer Reports learned about the flickering screen from surveyed electronic owners who said that their Surface Pro had too many problems and that they would not recommend it. Experts have been concerned that the Surface Book Laptop may be more likely to have screen failures as compared to other competing brands. To date, this has not been the case, but it has caused sales of these products to decline.

Mitigating the damages
Microsoft’s decision to replace the flickering screens for free might not be the immediate solution that will stop future damage, but they are hoping to mitigate the harm caused by negative reviews of the Surface Pro devices. Nothing raises the spirits of a devoted customer or consumer than a company that acknowledges fault on their part and gives a remedy with no strings attached.

Many companies, especially those in the business of electronic devices, handle these types of issues poorly. They often spend months denying that anything is wrong. Then, later they make the method of repair and replacement so complicated that users get frustrated. Some warranties are felt to be useless due to these and other problems that people have experienced over the years. Consumers often complain that no one seems to qualify for the free repair services.
However, with the Microsoft Surface Pro 4, the steps were purposely made simple and straightforward. This encouraged those affected to give the company a second chance to do it right. Often, this type of issue can turn off consumers to a product or even an entire brand, but Microsoft has made every attempt to do the right thing.

Future Microsoft designs
The Microsoft design team has taken these problems into consideration when developing new versions of the Surface Pro. For the future, Microsoft products should have very clear and reliable screens that will last for years with no problems. The company seems to have learned an important lesson throughout this ordeal.
Developing brand loyalty

What Microsoft has done by launching the Surface Pro 4 Replacement Program is not only a wise corporate decision, but a show of gratitude and humility to their consumers. This is probably a major reason why Microsoft customers are loyal to this brand. They expect perfection from the company and do not accept anything less.

Stay competitive by making technology your business advantage

With our expertise and cloud services from Microsoft, you can quickly and affordably meet your business goals, whether it’s adapting to a changing competitor landscape, achieving business growth, protecting customer data, or reaching new clients. Let CompNetSys and Microsoft cloud services put you on the fast track to the modern business

Nest, Google’s Smart Home Division, Discovers Leaked Passwords and Contacts Customers

Nest, Google’s Smart Home Division, Discovers Leaked Passwords and Contacts Customers

Nest Labs, a division of Google, recently discovered a list of email addresses and passwords that had been published online. As part of their ongoing commitment to protect their customers from hackers, Nest continuously monitors databases found online of stolen or leaked passwords. When they found that some of their customers’ passwords were listed on a phishing website, they sent out an email to customers.

Consumers remain the weakest link
Security experts all agree that the weakest link when it comes to internet security is the consumer. People click on suspicious links that download a virus or worm onto their device. They also frequently use the same password across multiple accounts. Many users visit sites that are unsafe where they may be exposed to malware. Often, consumers use the same password for years. All these practices make it very easy for hackers to steal passwords then break into various accounts.
Nest takes proactive stance
When Nest found the databases of leaked passwords, they sent out emails to all of their customers that read in part:
“Nest monitors publicly leaked password databases and checks our own databases for matches. We’ve found that your email and password were included in a list of accounts shared online. Common causes of password theft are falling victim to phishing emails or websites, malware, and password reuse on other websites which may have been compromised.”
The letter goes on to give instructions to users about what to do next and this applies to anyone who suspects that their password has been stolen. Instructions are below:

Sign in to your Nest Account (bank account, credit card account, etc.) immediately.
Navigate to the account management screen and find the item that says, “Reset Password.”
Select a new password. Be sure to use numbers, letters, capital letters and symbols. An example of a good password would be: 57Rop*82!@HK. A password like this is much harder for crooks to decipher. An example of a weak password would be: time1234. This password would be easy for hackers to learn.
Click “Save” to save the new password. Be sure to make a note of the password.
You can also go to the log-in screen of any account including Nest and click on “Forgot Password.” This will initiate a procedure where you are sent a code (usually as a text message). Enter that code where prompted, then proceed to create your new password.

Nest reminded its users that unless they did log on and change their password within a set length of time, the company might disable access to their account. Often, users put off changing passwords so the company most likely felt like it was necessary to include this veiled threat to shut down the account until a new password was chosen.
How to change your Nest password using the app
The company also included instructions for changing the password via the Nest app and these are given below for your convenience:

On the Nest app home screen, tap the Menu icon.
Select the Account icon.
Select “Manage account,” then “Account security,” then “Account password.
Enter your current password and your new password, then tap “Save changes.”

How to use Two-Factor Verification (2FA)
Nest also offers the option of 2-step (2-factor) verification, which can add a layer of protection to any account. This is very important to do for financial accounts and other accounts like Nest where your home, family or money might be at risk. The instructions for adding 2-step verification are given below:

On the Nest app’s home screen, select the Menu icon at the top.
Select Account.
Select “Manage account,” then “Account security.”
Select “2-step verification.” Then tap the switch to toggle 2-step verification on.
Follow the prompts to enter your password, phone number, and the unique verification code sent to your phone.

Cyber theft increasing globally
Many experts are now recommending that customers add 2-step verification to all their online accounts. The increase in hacking and phishing schemes worldwide has alarmed many security experts, as well as consumers. It has become commonplace to read that one of your favorite stores or most trusted brands has lost millions of data records to hackers.
This fact has spawned a new generation of security experts and advocacy groups whose purpose is to stem the tide of the growing number of cyber thefts. One of these groups called the Internet Society was the first to discover the Nest breach when they stumbled across an email from Nest to one of its customers. The society forwarded the email to the Online Trust Alliance and they published it as a blog post. Once this occurred, the story made international news.
How Nest learned of the breach
Though Nest has not revealed how they learned about the compromised passwords, it is believed that they regularly check a site called “Have I Been Pwned?” which is run by Troy Hunt, a security researcher. The site can be used to check whether any of your passwords have been stolen or leaked online. It includes half a billion passwords and other credentials stolen from consumers all over the world.
About Nest Labs
Nest Labs, now a division of Google, provides home automation tools that are programmable, sensor-driven and self-learning. Using your home’s Wi-Fi system, Nest products can be controlled either at home or remotely. These products include smoke detectors, thermostats, indoor and outdoor security cameras, security systems, lights, and other common household appliances.
Nest was founded in 2010 by Matt Rogers and Tony Fadell, engineers who formerly worked for Apple. The company grew quickly to 130 employees and within just a few short years, Nest Labs had grown to 280 employees worldwide. In 2014, Google acquired the company for an estimated $3.2 billion. Today, the company has over 1,200 employees. They recently built a state-of-the-art engineering center in Seattle, Washington.