(866) 251-4459 support@compnetsys.com
NIST Releases Guidance Solutions for PACS Ecosystem

NIST Releases Guidance Solutions for PACS Ecosystem

Given how medical providers struggle with ensuring their data is safe, something had to be done to offer guidance. Read this blog about a new cybersecurity plan.  

The picture archiving and communication system (PACS) is an ecosystem that stores images that are gathered from medical imaging technology. This ecosystem offers a convenient platform where medical providers can store and access these vital images. However, this ecosystem is vulnerable to cyberattacks.
In order to provide protection for this confidential data, the NIST National Cybersecurity Center of Excellence recently released proposed guidance to assist healthcare delivery organizations with securing their picture archiving and communication systems. In addition, they also released a project aimed at providing an example solution for building stronger security controls.
The guidance material called, Securing Picture Archiving and Communication System, includes aspects that help health organizations design an approach, architecture, and security elements for the PACS ecosystem, including easy-to-follow how-to guidance.
The Evolution of Digital Capabilities
As image-making technologies have taken a gigantic leap over the last decade, now confidential data and vital imaging are uploaded in a digital format by providers across the globe. This adds a huge level of convenience and gives providers the ability to easily store and share this content. The systems that house these images and data are typically stored in image-intensive areas like the radiology department and are also uploaded to each patient’s electronic health record (EHR).
But as this process adds easier accessibility and organization in a digital format, including limiting the time to takes for doctors to make a diagnosis, the technology has also opened the door to more cyber threats. And many medical providers struggle with auditing user accounts and monitoring them properly to suspect any abnormal behavior. Medical providers also struggle with ensuring that data moves safely across the network and also with monitoring access by its users, which can lead to a drop in system performance.
Goals of the Project
With the project set forth by the NIST National Cybersecurity Center of Excellence, their goals include the following:

Identify who uses the PACS systems
Determine the process between the user and system
Perform a risk assessment
Identify appropriate mitigating security tools
Design an example solution

The ultimate goal here is to assist provider organizations with reducing the chance of a cyber breach or substantial data loss, while also minimizing any disruptions with their systems. This also puts emphasis on enabling quick access to imaging and important data without this confidential data becoming vulnerable to an attack, which also offers peace of mind for patient privacy.
Broad Capabilities Equals Broad Threat Landscape
So what makes these systems so vulnerable? This occurs from the broad capabilities of this technology. The PACS connectivity of the ecosystem works with a variety of different technologies that include medical imaging devices and other systems that help to manage and maintain archives of medical images. The role of PACS is to interact with medical imaging devices, connect with other clinical systems, and allow users from multiple locations to review images that lead to faster and higher quality patient care.
With such a broad spectrum of capabilities involved with the PACS ecosystem, the means a broad landscape for threat.

Want To Drastically Enhance Your Small Business Cybersecurity?

Want To Drastically Enhance Your Small Business Cybersecurity?

No matter how secure you may be right now, you could always be doing more. Have you double-checked your cybersecurity lately? Review the best practices below to strengthen your small business cybersecurity.
When everything is going well, the last thing you want to do is think about what will happen when something goes wrong. It’s not necessary to dwell on the potential for a security disaster though – you know that it’s a possibility, so let’s just leave it at that. What’s important about this is that you know to cover your bases.

No need to assume the worst – just plan for it, so you know you’re protected. As that old saying goes, “An ounce of prevention is worth a pound of cure”.
Do what you need to do to “prevent” now, so you don’t have to pay for the “cure” later.
Use A Firewall
Your firewall is your first line of defense for keeping your information safe.
A firewall is a particular type of solution that maintains the security of your network. It blocks unauthorized users from gaining access to your data. Firewalls are deployed via hardware, software, or a combination of the two.
A firewall inspects and filters incoming and outgoing data in the following ways:

With Packet Filtering that filters incoming and outgoing data and accepts or rejects it depending on your predefined rules.
Via an Application Gateway that applies security to applications like Telnet (a software program that can access remote computers and terminals over the Internet, or a TCP/IP computer network) and File Transfer Protocol Servers.
By using a Circuit-Level Gateway when a connection such as a Transmission Control Protocol is made, and small pieces called packets are transported.
With Proxy Servers: Proxy servers mask your true network address and capture every message that enters or leaves your network.
Using Stateful Inspection or Dynamic Packet Filtering to compare a packet’s critical data parts. These are compared to a trusted information database to decide if the information is authorized.

Train Your Staff
Your staff can have a significant effect on your cybersecurity – either they know enough to keep your assets secure, or they don’t, and therefore present a serious threat to your security.
So, which is it? Do your employees and volunteers have the knowledge they need to spot cybercrime scams, avoid common pitfalls and keep your data secure?
If you’re not sure, then they may need training. Security awareness training helps your employees and volunteers know how to recognize and avoid being victimized by phishing emails and scam websites.
They learn how to handle security incidents when they occur. If your employees and volunteers are informed about what to watch for, how to block attempts and where they can turn for help, this alone is worth the investment.
How Do I Train My Employees For Cyber Security?
A comprehensive cybersecurity training program will teach your staff how to handle a range of potential situations:

How to identify and address suspicious emails, phishing attempts, social engineering tactics, and more.
How to use business technology without exposing data and other assets to external threats by accident.
How to respond when you suspect that an attack is occurring or has occurred.

Strengthen Your Passwords
Passwords remain a go-to tool for protecting your data, applications, and workstations.
They also remain a common cybersecurity weakness because of the careless way employees go about trying to remember their login information. Weak passwords are easy to compromise, and if that’s all that stands between your data in the cloud and in applications, you could be at serious risk for a catastrophic breach.
That’s why protecting your login processes with an additional layer of security – multi-factor authentication – is recommended. Multi-factor authentication requires the user to utilize two methods to confirm that they are the rightful account owner. It is an available security feature in many popular applications and software suites.
There are three categories of information that can be used in this process:

Something you have: Includes a mobile phone, app, or generated code
Something you know: A family member’s name, city of birth, pin, or phrase
Something you are: Includes fingerprints and facial recognition

Protect Mobile Devices
Implement Mobile Device Management and Bring Your Own Device policies that allow employees to use their own devices in combination with the business’ without compromising your security:

Require password protection and multi-factor authentication for mobile devices.
Deploy remote access software that allows you to locate lost/stolen devices, and remotely wipe their data if need be.
Develop a whitelist of apps that are approved for business data access.

And don’t limit yourself to desktops, laptops, and phones – there’s more out there for you to take advantage of. Have you considered what the Internet of Things and wearable devices can do for workplace efficiency? Now’s the time to get on board – up to 20.4 billion IoT devices will be online by 2020.
Manage Account Lifecycles And Access
This is one of the more basic steps on the list, but no less important. It can’t really be automated or outsourced to any technological aids; it’s just about doing the work. You need to have a carefully implemented process to track the lifecycle of accounts on your network.

Follow a careful system for how accounts are created for new members, how their security is maintained and verified through their life, and how they are removed when no longer needed.
Implement secure configuration settings (complex passwords, multi-factor authentication, etc.) for all accounts.
Implement controls for login and use, such as lockouts for too many unsuccessful logins, unsuccessful login alerts, and automatic log-off after a period of inactivity

Protect Your Wireless Networks
Wi-Fi is a necessary part of doing business. Your staff cannot go without it, so it becomes your responsibility to make sure it’s secured, simple as that.

Turn off broadcast so that your SSID is not available for others to see.
Use WPA2-Enterprise security, which forces per-user authentication via RADIUS for access.
Double-check your radio broadcast levels at default to make sure they don’t extend outside your building.
Create a Guest Network that’s segmented and has a limited bandwidth so that those visiting your building don’t have any chance of access to your data.
Monitor your network, and log events to track any activity by your employees and other contacts with network access.

Limit Unnecessary Physical Access
Your cybersecurity measures won’t amount to much if your laptops, tablets, smartphones and other devices are left out in the open for anyone to take.
It’s one thing for a cybercriminal to hack into your system remotely. It can be significantly easier if they’re doing so directly on a business device.

Keep business devices under lock and key when not in use.
Maintain a detailed inventory of who has authorized use for specific business devices.
Don’t leave the login information on a sticky note on the keyboard of the device.

Follow Payment Card Best Practices
If you accept payment through credit and debit cards, make sure to follow established security policies and practices to mitigate any potential risks.

Work with banks and other financial industry contacts to make sure you’ve implemented the right cybersecurity tools and anti-fraud services.
Double-check your compliance requirements for FINRA, GLBA, and SOX.
Segment networks involving a point of sales and payment systems from any unnecessary aspects of your IT infrastructure. No unnecessary software or web access should overlap with these systems.

Downtime Is Extremely Expensive – Can You Actually Afford It?

Downtime Is Extremely Expensive – Can You Actually Afford It?

Downtime is bad for business.
Whether you agree or not, it’s a fact – just a couple years ago, small businesses with up to 50 million in annual revenue reported that just a single hour of downtime cost them $8,600.

Why Does Downtime Cost So Much?
The main cost of downtime is not the fix itself, it’s the halt in your business’ productivity. If an IT-related or natural disaster occurs and takes critical systems offline, employees will be unable to complete their tasks, yet your normal business expenses will carry on.
During that time, you incur all the expenses of running a business without the revenue you would usually generate. Even if downtime does not grind everything to a halt, some of your staff will have to divert themselves from their normal work to mitigate the problem – again reducing productivity. Furthermore, while your systems are down, you can’t deliver services or sell products to current and potential new clients.
Not all of the costs associated with downtime have a tangible price tag. The trust of your clients and the reputation of your company are invaluable assets that can erode with prolonged or frequent downtime issues. A diminished reputation can negatively affect your future business opportunities.
Some downtime is inevitable, but much of it can be prevented and mitigated.
What Are The Primary Causes Of Downtime?

Power Outage: If your power source fails, that can lead to a long list of complications like servers going down and lost, unsaved data.
Cybercrime: Cybercrime has increased in recent years and is still on the rise. All it takes is one employee opening a malicious attachment and your business data could be held hostage.
Human Error: Accidentally unplugging key equipment, overloading the system, and improper installations can all cause downtime, but maintaining certain policies and procedures can cut down on human error.
Natural Disasters: Hurricanes, tornadoes, floods, and earthquakes happen. Having a plan for getting back to business if the unthinkable happens is the fastest way to recover.

What’s The Best Way To Prevent Downtime?
…by stopping it in the first place.
The best way to approach downtime prevention is proactively – you need to keep an eye out for system issues that can spiral into total stoppages. You need to implement backup technologies and best practices to prevent outages. You need to enhance your cybersecurity to protect against cybercrime.
Unfortunately, that’s a lot for you to handle on your own, especially when have other work to see to. That’s why a managed IT services company can be so helpful. They’ll provide 24/7 active monitoring of your systems, business continuity best practices and cybersecurity services that will keep costly downtime at a minimum.
 

Microsoft Excel Experts SWEAR By This…

Microsoft Excel Experts SWEAR By This…

Businesses nowadays collect an incredible volume of data from various sources, including online sales, in-store-transactions, social media, and various other places.
So how do you find value in that data? The simple answer: Organizing it properly within worksheets.
Ready to unlock the potential of your data? If you want to analyze and make sense of the information you’re storing, here’s how…
Watch Our Microsoft Excel Tips and Techniques Video
In the video above, we teach you how to link several worksheets together within one workbook AND how to link data across multiple workbooks to:

Reduce errors
Save time
Improve data integrity

Click here to watch online
Questions? Feel free to reach out to us at any time.

Which Cloud Storage is Right For Your Business

Which Cloud Storage is Right For Your Business

Don’t Be Confused When It Comes to Cloud Storage Options
Cloud storage helps your employees share and collaborate like never before. Check out these three popular cloud storage solutions to find the one best for you!  

Businesses are making the switch from physical servers to cloud storage to increase productivity and streamline file-sharing capabilities. This short review looks at three of the most popular cloud storage options, OneDrive, Dropbox, and Google Drive, comparing their storage capacity, file-sharing capabilities, and pricing.
All three of these cloud storage solutions offer various plans for both personal and business use. OneDrive and Google Drive also have options to bundle cloud storage along with access to online versions of standard office applications. In this review, we will look only at the lower-priced standalone cloud storage business solutions available from OneDrive and Dropbox and the Business and Enterprise solutions from Google Drive that do include access to GSuite applications.
OneDrive from Microsoft
OneDrive has two tiers of dedicated cloud storage. Plan 1 costs $60 a year and gives you 1 TB of cloud storage. You can opt for Plan 2 at $120 per year if your business has five or more users, and you need unlimited storage. OneDrive does not offer per month pricing. There is a 15 GB limit per individual file.
When it comes to collaboration, OneDrive shines. It is easy to access stored files directly from the Microsoft ecosystem of products, or use the built-in search and discovery tools to find the files you need. Share individual files securely with a link and set permissions to prevent unauthorized changes. Plan 2 also comes with upgraded security, including data-loss prevention, to help you to monitor and protect your confidential information.
Dropbox
Businesses with three or more users can choose either the Standard or Advanced business plan from Dropbox. The Standard plan comes with 3 TB of cloud storage and costs $150 a year or $15 monthly. The Advanced plan is $240 a year, or $25 monthly. With a file transfer limit of only 2 GB per file, Dropbox’s Standard plan may not fit your needs, but its Advanced plan does allow up to 100 GB transfers.
Many, but not all, popular business applications are already configured to connect with Dropbox. Users have the option to share files through a secure link or to use Dropbox Spaces to allow other employees access. Administrators can create private groups for members to share their work.
Google Drive
Google Drive offers a Business plan for $12 a month and an Enterprise Plan for $25 a month. Both come with only 1 TB of storage unless you maintain five licenses. Then you receive unlimited storage. The maximum size of an individual file is 5 TB.
Both plans let you share files with links, and admins can set security controls to manage file permissions. The Enterprise plan offers data loss protection and improved security options.
For most businesses, OneDrive makes the most sense. It is already optimized to work with the Microsoft applications you probably already use. The only major drawback is the 15 TB limitation on file transfers, but this restriction won’t affect most businesses.