by Felicien | Apr 26, 2018 | Education
The standard of next-generation telecommunication is no longer the future, but the present. You’re probably not using it, even though you should be, and you may have to wait.
When casual conversations bring up speed, it’s inevitable we hear the clichés about “faster than the speed of sound” or “faster than the speed of light”. Sometimes, if participants are up on pop culture, even “faster than Usain Bolt” is tossed around.
Which travels faster, light or sound? Light travels at about 300,000 kilometers per second, and the speed of sound is usually around 300 meters per second.
What is the fascination with speed? Faster cars, faster jets, faster roller coasters…we are compelled to increase speed and speed capacity – you may even have the speeding ticket to prove it! We’re an impatient bunch – or is it a competitive drive that fuels us further in our quest for the next fastest “thing”?
When conversations turn to tech talk, the topic of speed is generally relative to a generation. No, we don’t mean Baby Boomers versus Millennials. The speed at which data travels wirelessly, whether it’s over an organization’s wireless network or a major wireless provider’s network, puts consumers entirely at the mercy of current technology and our data connection. Have you ever been on a Google Hangout and had your connection interrupted? It’s frustrating, possibly embarrassing, and potentially costly if the Hangout was a sales pitch.
There are currently five generations of wireless communications standards:
1G: The first generation of wireless cellular networks and technology was analog and considered the telecommunications standard since the 1980s.
2G: Wireless data networks go digital! This is the generation that data entered into our wireless world, with the introduction of the text message. There are sub-2G generations, but these didn’t have a noticeable impact on our daily wireless use.
3G: The third generation focused on telecommunication networks that supported faster data transfer speeds, regardless of the type of communication: voice calls, video calls, mobile or fixed wireless Internet. This was the generation that introduced the smartphone. This generation also had sub-generations with advancements to support faster speeds and better performance as a preparation of infrastructure toward 4G technologies.
4G: Fourth-generation technology increased data speeds again and established thresholds for speed to qualify.
5G: The future of wireless technology, implemented in December 2017 and anticipated to be available globally by 2020.
Note that last part: anticipated to be globally available by 2020. Currently, maybe five countries are using it based on wireless providers. Most of the larger providers are testing 5G implantation, including Verizon and AT&T in 2018. The complication is that the U.S. infrastructure doesn’t yet support 5G wireless technology, so even with the “Big Box” mobile service providers testing the technology, consumers won’t get the benefit – yet. But what’s crucial to keep in mind about the future is that 5G is more than faster data speed. The next generation of wireless technology seeks to enable new and incredible insights that drive efficiencies. In other words: faster and smarter! How is wireless technology smart? Glad you asked!
Given the explosion – not literally – of “smart” devices in the market, the Internet of Things reinforced the need for the new generation of wireless. In fact, beyond just wireless, 5G incorporates technologies like computing and the cloud for everything to be smart, and everything to connect – even smart vehicles! Technology is supposed to simplify our lives by finding ways to make things easier. Connectivity and integration further this notion, and underscores the direction of the future is with the Internet of Things.
What is the Internet of Things (IoT)? The IoT is the network of connected devices that have internal components enabling connectivity, like electronic sensors and software, which allow for the exchange of data.
The wireless economy and data standards are experiencing a massive evolution. Consumer appetite is skyrocketing, and the next generation will support an overhaul of the service model that allows wireless service providers to reduce costs to accommodate data needs while simultaneously driving revenue with new services. Adversely, the current generation actually incurs greater costs for data in cases like autonomous vehicles compared to the costs of its fuel. 5G will fundamentally change this service model.
All this talk of evolution doesn’t mean the existing model will disappear. In fact, the next generation – 5G – incorporates many wireless technologies, and improves upon those we already use (4G). 5G is going to change the way we interact, work, and live in general. As full-scale monetization is recognized – the cost to produce smart goods decreases for manufacturers, and the cost to support increasing data needs decreases for service providers, thus passing these reductions on to consumers – we can expect to see ever greater numbers of smart goods. For example, hospitals are migrating to electronic health records in greater numbers due to the simplicity of the centralized patient records and access to complete history at-a-glance, but the ease of submitting prescriptions to external pharmacies has also been increasing with major metropolitan hospital systems. From cars to hospitals, the 5G model will not only support but become critical to data needs in this evolution.
The transition to 5G will require the U.S. infrastructure to transform to cloud-based architectures with a virtualized core, and it’s expected that companies will spend over $300 billion by 2025 to upgrade and become compatible with 5G demands, including new data centers, new network transformation gear, and new modems/IPs.
There aren’t currently any mobile devices supporting 5G capabilities, but we can expect an upcoming surge of announcements with new products flooding the market once 5G is more widely adopted. Hopefully, the United States isn’t late to that particular game!
Excited for the future generation of wireless telecommunications, Qualcomm debuted the first 5G modem in 2016, and in 2017 European leaders established a baseline for next-generation standards. It’s safe to say the world is not just open to 5G, but embracing the changes in technology this next generation is ushering in.
by Felicien | Apr 26, 2018 | Education
If you’re the owner or CEO of a small business, then you’re probably already functioning as the Chief Information Officer (CIO) as well. Most small businesses can’t justify paying for both. This means you have to take time from your priorities to manage your technology, ensure that it’s secure and decide what IT solutions to use. It’s not as easy to do this as it was in years past, simply because of the fast-evolving nature of technology, and the increasing incidence of hacking and data breaches.
But, did you know that you can “hire” a Virtual CIO (vCIO) at a fraction of the cost of hiring a CIO?
What is a vCIO?
A virtual CIO is a technology service provider who serves as your CIO. They help you develop an IT Strategic Plan, with up-to-date resources to ensure security, productivity, and efficiency. Rather than hiring your vCIO, you pay for the service on an on-demand basis.
This frees you from the daily worry about technology and whether it will run as it should. It also frees up your limited internal resources and allows your employees to concentrate on their core responsibilities.
A vCIO Will:
Gain an understanding of both your business and your technology infrastructure and make sure your IT is aligned with your business goals.
Help you with IT budgeting and cost control strategies to achieve your priorities and avoid unnecessary costs.
Analyze any inefficiencies in your existing IT infrastructure and centralize/consolidate resources and operations to promote considerable financial savings.
Advise on Organizational IT Design and replace outmoded processes so you can pursue market opportunities and overcome business challenges through updated, value-based technologies.
Effectively incorporate technology into your operational processes and ensure security at all times.
Develop and IT Strategic Plans that aligns with your budget.
Learn about your competition, and what new IT solutions they are using.
Interface with your managers and users to ensure that you meet your IT goals.
Identify and evaluate the impacts of your technology decisions.
Conduct ongoing evaluations to assess your IT needs and provide service performance metrics.
Manage technology needs for specific projects, whether they are new ones or ongoing.
Deliver monthly updates to your management, provide Quarterly IT Summaries that reveal the condition of each component of your network, and prepare other reports as required.
Provide procurement assistance to ensure you get the best prices on hardware and software.
Your Virtual CIO Will Help Your Achieve These 10 Technology Priorities for 2018.
Cybersecurity
Security is an essential factor for any organization, and small businesses like yours are the biggest target for hackers today. Risk assessment, data protection, training awareness, and third-party security practices are necessary to ensure maximum security and protection. Continuous diagnostic monitoring is required to view your network, identify risks, quantify attacks and/or breaches, and mitigate them. Digital forensic tools are especially important for companies that require regulatory compliance and incident management. Identity and access management is a security practice that enables only authorized individuals to access resources to comply with security and compliance requirements. These are crucial elements for any business. Your vCIO will manage all these and other cybersecurity requirements for your business.
Disaster Recovery and Business Continuity
Disaster recovery and business continuity refer to your organization’s ability to recover data after a disaster occurs and when IT services are shut down or compromised. Both practices involve the process of backing up data and preparing policies and procedures to implement in the event of a disaster. Your vCIO will confirm your business can stay up and running no matter the IT disaster, manmade or natural.
Mobile Workforce Technologies and Solutions
With the BYOD (bring your own device) trend, organizations are using mobile devices more than ever. Your business is competing in a mobile, technology-driven economy, and you must rely on your mobile workforce to ensure customer satisfaction and product/service innovation. The right mobility solutions ensure secure and simple access to data, tools, and applications from any location. Your vCIO will help you consider applications, support, ownership, security, and communication issues and policies that will ensure your mobile workforce is always productive, and your data is secure.
Cloud Computing, Software as a Service (SaaS) and Virtualization
Software as a Service utilizes a cloud-computing infrastructure to deliver a single application to your employees no matter their location. This is opposed to relying on the traditional one application per desktop. Cloud services are available to your employees via the Internet from a cloud provider’s servers and used instead of your company’s own on-premises servers. Virtualization refers to the creation of virtual servers, desktops, storage devices, applications, and computer network resources. You can virtualize your entire IT infrastructure or just specific aspects of it. Cloud services and virtualization provide easy, quick, scalable access to resources, applications, and services, and simplifies your overall IT infrastructure to promote efficiency.
Enterprise Resource Planning (ERP)
Enterprise Resource Planning involves the use of business management software that combines a variety of integrated applications to store and manage data for all aspects of your business operations. It includes product planning, manufacturing, marketing, inventory management, shipping, invoicing, accounts receivables and payables, and more. Software as a Service Enterprise Resource Planning (SaaS ERP) supports remote hosting of business IT services. It’s also known as Cloud Enterprise Resource Planning (Cloud ERP).
Strategic IT Planning
Strategic IT planning focuses on your organization’s specific needs and how to best use technology to meet them. IT is a strategic capability to be used and integrated into planning and projections with consideration of future IT innovations and business growth. Your vCIO will work with you to determine how technology will help you achieve your business priorities and prepare guidelines and policies that support your vision with the right IT solutions.
Networking: Data and Voice Communications
Data communications refer to the electronic transmission of information for storage and processing, while voice communications refer to systems such as mobile devices and VoIP systems. Your vCIO will help you implement the best communication solutions to keep your organization connected and up and running.
Legacy Application Modernization/Renovation
Legacy application modernization is the process of refactoring, re-purposing, or consolidating legacy software programs to align with a company’s current needs. This enables you to benefit from the advantages of new development without the risk and cost of replacing legacy systems.
Business Intelligence and Analytics for Big Data
Business intelligence, or BI, is a term that refers to a variety of software applications used to analyze an organization’s raw and big data (massive amounts of data). Business analytics is the process of exploring and investigating an organization’s data with emphasis on statistical analysis. This is becoming more important for even small businesses today. They are relying on software solutions like Microsoft Power BI (Business Intelligence) to transform data and create interactive reports to help them analyze data to reach their goals.
Shared Services
Many parts of an organization use the same services and resources. Shared services involve the consolidation of business services and resources used by multiple parts of an organization. For example, with service portfolio management, organizations can define and manage services and resources. By incorporating automation, virtualization, advanced analytics, and other digital technologies into your operations, you can streamline processes. These technologies also may enable you to make better decisions and improve the quality of customer interactions.
By taking advantage of the services a virtual CIO provides, you’ll enjoy all the benefits of a CIO without the added costs. Your vCIO will protect your important data, help you get the most from your technology budget, provide customized reports and recommendations, and ensure you meet the technology challenges of 2018 and beyond.
by Felicien | Apr 25, 2018 | Education
Dangerous cyberattacks have been released by a group of hackers known as The Shadow Brokers. These exploits will lock up your data for good – no ransom, no return.
But this isn’t all they do – they’ll also leave behind a parasite that lets them “hang out” inside your computer, infect others, and re-enter through a backdoor.
What’s really scary is that these attacks are getting past traditional next-generation security measures. In 99 percent of the cases, security researchers found that these threats bypassed security tools.
EternalBlue (the worst-ever recorded ransomware strike): In February 2018 EternalBlue was ported to all Windows operating systems. By exploiting a vulnerability in Microsoft’s Server Message Block (SMB) protocol, EternalBlue allowed the dangerous ransomware virus WannaCry to propagate and infect 230,000 computers.
EternalChampion and EternalRomance are two other exploits that were also reported at the same time EternalBlue was.
And then there’s EternalRocks, also known as MicroBotMassiveNet, which is a computer worm that infects Microsoft Windows. It uses seven exploits that were developed by the NSA and unknowingly leaked to hackers. As a comparison for you, the WannaCry ransomware program only uses two NSA exploits. Experts tell us that EternalRocks is much more dangerous.
EternalRocks installs the Tor anonymous network to conceal Internet activity. Your server then downloads EternalRocks to your computers. To avoid detection, it calls itself WannaCry. But unlike WannaCry there’s no kill switch.
EternalBlue and these other exploits use a backdoor implant tool to infect your systems. Plus, EternalRocks is self-replicating worm and leaves the back door open via DoublePulsar so that other hackers can load malware on your computer.
Backdoors leave you exposed to a multitude of cyber threats.
A backdoor is a port or malicious application that provides access to a server or network. It provides hackers with unauthorized remote access to your network by exploiting security procedures and authentication. Backdoors can be used for cybercriminals to gain remote access to your computers.
Backdoors work in the background and are hidden. They are much like other malware viruses and, therefore, difficult to detect.
A backdoor is one of the most dangerous types of computer parasites. It gives a criminal the ability to perform any possible actions on your computer.
The attacker can:
Spy on what you do,
Take over your files a user,
Install additional software or malicious threats,
Control your organizations’ entire PC system,
Implement keystroke logging and screenshot captures,
Infect files,
Encrypt your data, and
Attack other hosts on your network.
Plus, the parasite can work automatically on its own and do what the hacker wants.
A backdoor not only allows the hacker to access your computer and network, but it also lets them come back and enter your system again and again.
Backdoors are complicated for system administrators to deal with. In most of the cases, it’s very difficult to find out who is controlling the parasite. In fact, all backdoors are really hard to detect.
Before they can find out how hard it will be to block the hacker’s access, system administrators have to figure out the methods hackers will use. There are so many exploits now that makes this a very difficult, if not impossible task.
Plus, some of these backdoors can’t be detected because of the way they’re designed.
Even if your admin changes passwords when an attack is discovered, backdoor utilities can be programmed to give the hacker repeat access to your system.
They do this via computers on your IT system that don’t log on to the network very often. Because it appears that no one is using the machine, your system administrator doesn’t detect that a hacker is actually using it.
There’s another kind of backdoor utility that lets the hacker return to the network within a short period of time. This way they don’t have to find a vulnerability to exploit in order to gain access. But if your system administrator does detect them, they’ll just take the time to look for another vulnerability. As you can see, this can be a constant battle.
Password cracking is the most-used method of backdoor hacking to breach network security.
The hacker locates your accounts that use weak passwords. These are accounts that aren’t used often. The hacker creates an access point by changing the password. When the system administrator searches for the fragile accounts, the ones that have weak passwords, the passwords have already been changed won’t be visible.
Backdoors can degrade your Internet connection speed and system performance. They prevent you from removing them by hiding in files. Plus, there are no uninstall features to delete them.
There are 5 ways backdoor threats can get in:
You can accidentally install them on your computers. Sometimes they come attached to phishing emails or file-sharing programs. They look safe and can trick you into opening and executing them.
They get installed by viruses like spyware or Trojans without your knowledge. Then they infect each profile for those who use that compromised computer.
They can be manually installed by malicious insiders who are authorized to install software on your computers. Then the backdoors can spread by exploiting remote systems with security vulnerabilities.
Some backdoors come with applications, including legitimate ones. Once the hacker gains access to a computer and access to the software installed on it, they have the authorization to take control and infect the software.
Backdoors can infect a computer by exploiting software vulnerabilities. They work just like computer worms and automatically spread without you knowing it. You won’t be alerted by warnings, setup wizards or dialog boxes when this happens.
What can you do to protect your business from backdoor threats?
Backdoor parasites are extremely dangerous and must be removed from the system. It’s essential that you contact your Technology Solutions Provider so they can do the following:
Block external access to all Server Message Block ports on the public internet.
Patch all Server Message Block vulnerabilities.
Block access to C&C servers (ubgdgno5eswkhmpy.onion) and
Install a DoublePulsar detection script.
Make sure to use an up-to-date analytics tool to monitor for insider threats.
Monitor your system for any newly added scheduled tasks.
Contact our cybersecurity experts. We can “shut your backdoors.”
by Felicien | Apr 25, 2018 | Education
NIST has recently released a quick start guide that outlines the procedures used to place test data on a mobile device by forensics experts during an investigation. In many criminal cases, the authorities can gain valuable information by examining smartphones, computers, and tablets belonging to those involved. The NIST guide provides important directions, guidance, and techniques for setting up a device for use with mobile forensic tools.
Criminal Investigations and Legal Trials
Recovering data from digital devices has become an important part of many criminal investigations. The information found on a phone can prove helpful in providing clues as to the whereabouts and activities of suspects. This data is often used during trials and should be as accurate as possible since a legal verdict could be determined based upon what is found on the suspect’s computer, cell phone and/or tablet.
Even the best forensic investigators admit that data extraction from mobile devices can be tedious. This is due to the many differences in the types of data and formats used from one device to the next. Testing can be performed by anyone in the law enforcement community, but the official Federated Testing software must be utilized.
Tools for Law Enforcement
For years, law enforcement and forensic experts have used the data found on mobile phones and computers during the course of their investigations. As this science has moved forward and evolved, it has become necessary to create guidelines for populating mobile test devices. This eliminates much of the guesswork and helps a forensics team to be consistent with their testing procedures. This, in turn, helps to guarantee more reliable results. Consistency and reliability are key aspects of the type of data that can be used during a legal trial.
The two basic strategies for populating a mobile phone, computer or tablet with testing tools are:
Place test data on a new or sanitized device
Place test data on a user device and adjust as needed
Mobile forensic tools are primarily used with Federated Testing, but can be used with other test methods. By undergoing these forensics tool tests, investigators can ensure greater accuracy and easy sharing of their results with others in the forensics community.
Contents of the NIST Guide
The NIST Guide begins by describing the primary types of data found on a mobile device or computer, including, but not limited to:
Text messages
Photos
Emails
Social media posts and information
Call logs
Contact lists
A mobile device may contain hundreds of data elements that could be helpful to investigators. In many cases, it’s best to narrow down the search to data that seems to be most relevant to the specific case. This can prevent investigators from wasting valuable time on unimportant information. As the case progresses, investigators may determine that other data could also be helpful to uncover. Testing can be performed as necessary on those.
Divided Sections
The NIST document is separated into sections and appendices that describe the various methods of populating and documenting data found on a mobile device including the SIM/UICC. These are outlined below:
Section 2: Document Device Data
Section 3: Personal Information Management (PIM) Data: Contacts, Calendar & Memos
Section 4: Stand-alone Data Files
Section 5: Call Logs
Section 6: Text Messages
Section 7: MMS Messages
Section 8: Location Data
Section 9: Browser/Email Data
Section 10: Social Media Data 214
Section 11: Other Applications of Interest
Section 12: SIM/UICC Card
How to Begin
The guide provides step-by-step instructions for populating and documenting a device. The guide recommends performing these steps for each mobile device tested.
Begin by choosing the most relevant data types that seem pertinent to your inquiry or investigation. If this data does not result in the information hoped for, testers can always go back and perform these steps on other types of data found on the form.
Appendix A-Acronyms
Appendix A explains all acronyms used in these testing procedures. It is necessary to assign an acronym to each item to reduce the amount of writing or typing. These can be confusing since some are so similar. Therefore, it is recommended that testers keep Appendix A handy to make sure they’re using the right terms when filling out their paperwork.
Appendix B-Mobile Device Documentation
Next, fill out the template found in Appendix B for each device to be tested. This template will ask common questions about the type of equipment including the name of the subscriber, device make, and model, IMEI for the phone and other identifying info. The IMEI can be found by going to Settings, then choosing About and scrolling down to where the IMEI is shown. Enter the number with no spaces or dashes on the form found in Appendix B. In this area, there are many other identifying numbers required on the form.
Appendix C-Mobile Device Data Example
This example form has been filled out for one “Stevie Ray Vaughn”. Though it is somewhat humorous, it shows the types of data to be placed in each portion of the form. His full name, address, email address and birth date are shown. If a photo of the phone’s owner is available, that should also be included. Calendar data can be important because it shows the daily routine, meetings, and people that a suspect might be associated with. It can help investigators create a timeline for the last few days of a person’s life.
Appendix C is quite lengthy due to the fact that SMS and EMS messages are recorded here along with call logs. Many people exchange dozens of text messages with friends each day. Include information about who sent the message and its contents. Make separate entries for unread messages and voicemails. Deleted messages and calls should also be recorded.
Federated Testing Project
The Federated Testing project at NIST is an extension of the Computer Forensics Tool Testing (CFTT) Program. This program has been successful in helping laboratories and forensic experts accurately uncover important information from mobile devices and computers. It enables consistent reporting and sharing of results across various labs and law enforcement agencies found across the United States.
by Felicien | Apr 24, 2018 | Education
The term, “meta description” may seem foreign to some but we all see these descriptions each time we search for something online. The meta description can contain up to 320 characters and should be an interesting summary of what your website is all about. It shows up in the search results as those first few words/lines that explain the essence of your website or post.
How Meta Descriptions Work
Each time we type a search term in the browser, a number of results will come up. For each one, there’s a 320 character description of the site or page. People usually decide which site to click on based on what these meta descriptions say. That means it has to be snappy and fresh. The wording needs to grab your attention. It has to sound enticing. Think of it as a short, but powerful sales pitch. Potential customers are far more likely to visit a site that sounds unique, interesting or entertaining than one that sounds boring.
Though search engines make it clear that there’s no direct advantage from writing good meta descriptions, there is a very strong indirect benefit. If you’ve written a good meta description, then this will improve your click-through-rate (CTR). As visitors click-through to your site, the search engine uses that information as a way of determining that your site was aptly and well described. This will improve your position in the search results.
It is important to point out here that Google will not always show your unique meta description. Sometimes they generate their own description of your business based on factors like the search term and type of business it is. This is where keywords come into play. Most business owners now understand at least the basics of keywords and how they work. If your content is well-optimized, then it should reflect that by serving as a great meta description.
Google changes the way their search engine works at times and this can certainly throw a wrench in all your good plans. However, that should not stop business owners from doing sound keyword research and creating unique content with those keywords. It goes without saying that keyword stuffing is bad and should be avoided at all costs. Always observe the current standards for keyword density in a page of text, which usually runs around 2 to 2.5 percent.
Yoast Free or Premium?
Yoast offers a free and a premium SEO service. With the free service, you get one keyword for each page of content. The premium service allows five keywords for each page. The premium service also does a readability check using the Flesch Kincaid test which measures the grade level of your writing. Since the world wide web is filled with people from all backgrounds and educations, Flesch Kincaid usually recommends writing copy that would be easy reading for a third to fifth grader.
Use short concise sentences. Avoid big words that are not readily understood unless you are writing technical information for a specific audience, like IT experts. Try to use action verbs instead of passive verbs. Use subheadings and catchy taglines. Whatever you can do to make your site more attractive, unique and fun, will help. You can count on getting more traffic and higher conversion rates.
How to Use Yoast SEO to Write Meta Descriptions
If you don’t write a unique meta description, Yoast will produce one. Usually, it simply takes the first three lines of content on your page or post and uses that. If you’d like to edit that, then click on the “edit snippet” button. This opens the snippet editor. There are fields there to edit the SEO title, slug and meta description. As you type, your new meta description will show up. You can make changes until you feel it’s just right. The snippet editor has an orange bar at the bottom that will become green once you’ve typed enough information.
Many site owners use the first few lines of content on their page or post as the meta description. If your site has good, professionally written content on it, then there’s nothing wrong with that. However, if you feel you could improve the text, then, by all means, do so. If you can get the hang of this and really write powerful meta descriptions, it can greatly improve your click-through rates.
How to Write a Superb Meta Description
Once you’ve decided that this is something worthwhile that could improve your bottom line, it’s important to put your best foot forward. In order to write effective meta descriptions, you may need the help of a good copywriter. Copywriting is all about utilizing words to persuade searchers to click on your page. With only 320 characters or about two to three lines of text, it’s important to make every word count. Below are two writing examples to show you the difference between professionally written text and that of an amateur.
Good Meta Description:
Apple
https://www.apple.com/
Discover the innovative world of Apple and shop everything iPhone, iPad, Apple Watch, Mac, and AppleTV, plus explore accessories, entertainment, and expert device support.
The above meta description from Apple does contain some good keywords but it doesn’t feel awkward or forced. It’s informative. It’s also important to note that this meta description was written using the older rules where 155 characters were the rule. Today, we’re seeing longer snippets that contain more information to help searchers decide what to click on.
Bad Meta Description:
Mary’s Bakery
https://www.marysbakery.com/
Get some good donuts and cakes at Mary’s Bakery located in downtown Minneapolis. We cater and deliver. Our baked goods are tasty and made with quality ingredients.
Though the above meta description does contain some valuable information, it’s boring. The shop owner wastes valuable space here to tell consumers where they’re located. This is something that many searchers will not care about in their initial search. Use this space to talk about delicious pastries, cakes, and donuts. Talk about your award-winning cupcakes with buttercream icing. This is how you get people to visit your site and look around.
Caution!
Be sure that your meta description accurately describes your page or post. Yes, the wording can be flowery, powerful, strangely attractive, etc. But it should also be truthful. If you make promises you can’t keep, then searchers will quickly hit the “back” button. This can cause your site to fall in the search listings.
As mentioned above, avoid keyword stuffing. Just about all web visitors today understand what keyword stuffing is and most don’t like it. The reason? Keyword stuffing makes a section of text read awkwardly. It is typically not well-written content and it doesn’t make sense to your human visitors. Remember to write your meta description for humans, not for search engines.
Instead, focus on writing interesting descriptions and unique content for your human visitors. In the end, search engines will not be purchasing your products and services. Humans will, so cater to their needs, wants, desires, whims—and you’ll be rewarded with higher click-through rates and stronger sales.
by Felicien | Apr 24, 2018 | Education
According to SC Media:
In January 2018, a Long Island, N.Y., medical practice left an exposed port normally used for remote synchronization open, exposing at least 42,000 medical records.
UpGuard Director of Cyber Risk Research Chris Vickery found that port 873, normally used for remote synchronization and moving data between devices (on a server belonging to the medical practice of Cohen Bergman Klepper Romano Mds PC), was open and configured for global access allowing anyone who knew the server’s IP address to find the data. A secure server would only allow access from select IP addresses, UpGuard wrote:
The flaw allowed the patient names, Social Security numbers, ethnicity, insurance information, dates of birth, phone numbers and insurance information of the Huntington, N.Y. practice to be exposed. In addition, physician’s personal information to include Social Security numbers and more than three million of the doctor’s notes on their patients along with emails were also left unprotected, UpGuard said.
The unsecured server was found on January 25, 2018, and finally secured on March 19.
“Beyond the obvious sensitivity of any exposure of an individual’s medical background, the leak of patient – and doctor – Social Security numbers, in association with personal details like home address, insurance information, and date of birth, provide ample ammunition for fraudsters. Armed with the contact information for patients, and the knowledge of which doctor’s office they go to, malicious actors could also socially engineer exposed individuals, posing as a representative of the physicians to further extract sensitive information,” UpGuard reported.
This is a warning to patients who have visited the Huntington, New York practice, along with doctors’ offices and healthcare organizations across the country.
Part of the problem is that the Health Insurance Portability and Accountability
Act is so complicated that most organizations hire specialists to handle all their compliance needs. This at odds with the original intent of HIPAA. It was supposed to improve patient privacy by simplifying administrative procedures, reducing costs and upgrading the level of security throughout the healthcare industry. HIPAA seems to have accomplished just the opposite on all fronts.
Under HIPAA, any organization that deals with patient information must comply with their regulations. This includes anyone who retains, accesses, stores, modifies or destroys protected healthcare information. In order to fully comply, it’s necessary to create a solid audit trail of any disclosures, whether past, present or future.
An organization must be diligent to protect any information that might identify the patient. Although the HIPAA Privacy rule deals more with any type of protected health information (PHI), the HIPAA Security Rule focuses more on the electronic side of things.
Healthcare professionals should become familiar with the two sides of HIPAA regulations:
The privacy of patients. HIPAA maintains strict rules for protecting the health information of an individual. PHI refers to demographic information, medical history, test and laboratory results, insurance information and other data that a healthcare professional needs to identify an individual and determine appropriate care.
Key identifiers such as phone numbers, patient ID numbers, social security numbers, insurance ID numbers, electronic mail addresses and even some vehicle ID numbers. In fact, there are 18 different types of information that might reveal the identity of a patient. These must all be protected from intruders.
With so many hacking and cyber-theft events occurring each year, it has become even more challenging to protect the personal health information of every individual.
The process is even more complicated by the fact that personal data can be stored in a number of different devices. You may have electronic protected health information (ePHI) stored in your email server, voice mail, fax machine, computer, cell phones, tablets, medical devices and other places. In any area that is considered within the purview of the organization, there are serious financial penalties for breaches. The fines range from $100 to $1.5 million.
Did you know that healthcare hacking is the leading cause of data breaches?
Here are a few more examples:
The prominent Washington University School of Medicine learned about a phishing incident on January 24, 2017, when an employee responded to a phishing attack on December 2, 2016. The Office of Civil Rights (OCR) said that 80,270 individuals might have been affected.
“This phishing scam allowed some of Washington University School of Medicine’s patient data to potentially be accessed, the school reported on its website. The accessed employee email accounts may have included names, birth dates, medical record numbers, diagnosis and treatment information, other clinical information, and Social Security numbers in some cases.”
Texas-based Urology Austin, PLLC in Texas revealed that they experienced a ransomware attack on January 22, 2017. Within minutes of the attack, they shut down their computer network. However, OCR reported that 279,663 individuals’ private data might have been affected.
They immediately took steps to restore the impacted data and their operations. A Urology Austin representative told local news that they didn’t pay the ransom and that they were able to restore the patient information from a backup.
The odds that a data breach can happen at your healthcare organization
have greatly increased. This is because healthcare workers generally lack cybersecurity awareness.
Some alarming statistics:
24% of healthcare workers lack awareness about phishing emails as compared to 8% in non-healthcare sectors
Only 18% of healthcare employees were able to recognize phishing emails. Physicians were 3 times worse at it.
88% of healthcare workers opened phishing emails.
50% of doctors were in the “risk” category, making them disposed to commit a serious data breach.
Healthcare employees exhibited less knowledge about cybersecurity than did the larger population.
24% of physicians couldn’t identify the common signs of malware.
30% of healthcare workers took risks that put the safety of patient records at risk.
23% failed to recognize forms of malware.
18% chose the wrong actions when they were given scenarios to respond to. Many thought it was okay to share patient data via their personal email accounts or over insecure cloud platforms.
Healthcare hacking and IT incidents accounted for the majority of large-scale incidents in 2017.
According to the 2017 Cost of a Data Breach Study: Global Overview, healthcare data breach costs are the highest for the seventh straight year. Data breaches from healthcare organizations cost $380 per record. This is greater than 2.5 times the global average in other industries.
Beyond ensuring that your ePHI and other confidential data is secure and protected at all times, you must provide cybersecurity awareness training that’s conducted by a professional who understands ePHI and what healthcare employees need to know.
It’s obvious from this data that healthcare entities are not properly educated and prepared to defend themselves against sophisticated hacking attempts today. From these statistics, you can see that these organizations are at risk of HIPAA noncompliance.
Your first layer of defense is your employees. They require professional security awareness training that includes both privacy awareness and demonstrations on how to recognize phishing attempts and what to do if they receive one.
It’s only through ongoing Cybersecurity Awareness Training that you can keep your healthcare employees apprised of the latest sophisticated threats, how to mitigate them and what to do protect your organization from severe, negative consequences.
According to the US Department of Health and Human Services, employee cybersecurity awareness training should meet the following 4 objectives:
Develop and demonstrate foundational-level knowledge of cybersecurity.
Employ best practices to protect privacy and safeguard Controlled Unclassified Information (CUI).
Recognize cyber threats to information systems.
Identify and report potential cybersecurity and privacy incidents promptly.
5 More Tips:
Regular and Recurring Security Training Is Essential.
Hackers are constantly developing new, sophisticated methods to trick your employees into clicking on malicious links and downloading dangerous software. For this reason, it’s critical that your employees stay up to date on the very latest security threats and how to avoid them. Additionally, refresher training will keep them on their toes and save you a lot of worries.
KISS (Keep It Simple and Secure)
If the security measures you teach are complicated and difficult to follow, your employees won’t remember them. Instruction should be clear and concise with ways for employees to easily remember your policies and rules. This is another reason why it’s always best to defer to IT professionals to train your staff.
Your Employees Need to Know How to Respond to Security Incidents.
Along with teaching your staff how to avoid security incidents, they should be aware of how to appropriately respond to them. What should they do if they come across a malicious attachment or link? What should they do if they accidentally click on one? Make sure they know what to do and who to contact.
Teach Your Employees about Cybersecurity for Their Personal Use.
It’s also important to teach your healthcare staff about network security for their personal purposes, such as when purchasing items online or what to do if they receive phishing emails on their personal accounts. They should also know how to protect their personal information on your organization’s network.
Make Sure Security Support is Easily Accessible.
Ensure your staff knows where to go if they have security questions or concerns. Your Technology Service Provider (TSP) will have a 24/7 Help Desk for support and assistance with these concerns or anything regarding technology. Plus, if an employee does come across a ransomware attempt, your TSP can intervene remotely to remove any malware and ensure your ePHI and confidential data remains secure.
Don’t become another statistic. Keep your healthcare organization off the Wall of Shame. Contact our HIPAA Cybersecurity Experts for assistance.
