by Felicien | Sep 15, 2017 | Education
Make sure you are!
OCR’s new enforcement head is watching you more closely, and changes are coming in 2018!
Federal HIPAA administrators are ready for action: they’re on the lookout for organizations that aren’t staying up to date with changing regulations. Learn what it takes to stay safe and compliant.
Have you ever had a teacher or boss who went out of their way to make an example of someone? –Catching them in the act of something what was wrong or against the rules?
That’s exactly what the new head of the Office of Civil Rights is doing in his search for a “big, juicy, egregious” breach case. He’s out to make an example of one unlucky organization! This means it’s incredibly important for you to review your HIPAA compliance procedures.
The Increasing Complexity of HIPAA Regulations
Healthcare entities are always focused on patient-centered care, but now they’re increasingly distracted by ever-changing HIPAA regulations and compliance.
The life-saving treatment of patients is being helped with new technologies, but with a renewed focus on keeping patient data private, healthcare providers are more overwhelmed than ever. And, it’s the smaller practices that are staggering under the administrative burden of rules and regulations imposed by the federal government.
Costly and complicated IT systems are required to keep pace with the HIPAA information requirements, and interoperability of data standards continue to be serious barriers to full compliance.
The Continually Changing Requirements
Even though the Health Insurance Portability and Accountability Act was enacted on August 21, 1996, there continue to be changed to the requirements added on a regular basis. Major regulatory changes are coming in 2018 that will fundamentally change the way you can record a patient’s medical condition. This will likely lead to many incorrect filings and compliance issues.
There’s been a 700% increase in the number of codes that must be used to record and report medical procedures, and it’s causing a spike in compliance issues as doctors attempt to make sense of the new conditions. The sheer volume of rules and regulations now exceeds the IRS codes, and are many times more complicated.
The Importance of HIPAA Compliance
All that said, HIPAA is an important part of keeping patient data secure, including PHI (Protected Health Information). Handling of this personally-identifiable information is dictated by a HIPAA rule that allows for release of relevant information to health care professionals tasked with the patient care, while providing higher level of security, data integrity and confidentiality.
Standards are applied to three different types of entities under HIPAA: health care providers, health plans and health care clearinghouses. Protected health information can be in writing, oral or electronic format – All three data types are covered under compliance guidelines.
If HIPAA standards and guidelines aren’t followed, there’s a strong possibility that your healthcare practice or organization will be found in default of government policies and required to pay a stiff fine and could incur additional penalties.
Evolving Threats
The Office of Civil Rights (OCR) is the enforcement agency for HIPAA compliance, and Roger Severino was named director of the regulatory agency in March 2017.
Severino has stated publicly that he is focused on finding new ways to safeguard patient health information that could be released via leaks such as ransomware, physical security breaches or cybersecurity lapses. He’s not being forthcoming about where his search for an egregious error will begin, simply that he will be reviewing all avenues where problems could occur.
With enforcement actions in 2017 exceeding $2.5 million to date due to a stolen laptop computer, it’s unlikely that he will have to look very far or very hard to find a case of sufficient magnitude for his needs.
Organizational Impact
Data breaches themselves can be incredibly expensive due to the requirements for notification of affected individuals. When you add in any damage to consumer trust, the cost of creating a remedy for the breach and compliance costs, the impact can be significant on any size organization.
The OCR is not simply looking for large offenders, they are also actively targeting smaller businesses and practices that may not have the benefit of support from a large technology or office staff to maintain compliance.
The growing threats in the cybersecurity landscape have caused enforcement agencies to continuously look for ways to encourage compliance.
If you have concerns about whether your organization is fully compliant with HIPAA standards, contact {company} at {phone} or via email to {email}. We specialize in creating standardized practices and procedures that will help you maintain conformity with federal guidelines such as HIPAA.
by Felicien | Sep 15, 2017 | Education
The Aftermath of the Equifax Hack
Do you have a credit report in the US? Then there’s a good chance your private information is now in the hands of hackers. Find out what you need to do now!
Almost everyone in the US with a credit score is now at risk for identity theft. Hackers gained access to the sensitive information of at least 143 million people, including names, social security numbers, birthdays, and driver’s license numbers. Plus, they have credit card numbers for over 209,000 Equifax customers.
This hack, the fifth largest data breach in history, occurred sometime during mid-May to June 2017. Equifax realized the breach occurred on July 29, but waited until September 7 to release a statement to its customers—that there was a good chance their sensitive information was compromised.
The backlash from the press was quick and harsh, as well as from the public—especially when three Equifax executives admitted to unloading company stock just days after the discovery of the breach. Top company officials promised that they would do everything in their power to correct the situation, but instead of taking full blame, they deflected much of it onto the software the company they use, Apache STRUTS a free, open-source framework for developing Java applications.
As Equifax struggles through its PR nightmare, I suggest that all my clients take action now to minimize the risk of identity theft resulting in a financial nightmare of their own.
First Things First: What You Need to Do Now.
This data breach is too large to just sit there and hope it won’t affect you. Now is the time to get out in front of this thing and to take action to help protect yourself. But what can you do?
First, don’t panic and try to relax. Yes, this is a serious situation, and customers have every right to feel frustrated, but writing an angry email or calling to scream at a customer representative at Equifax won’t solve anything or help stop criminals from stealing your identity.
When you can once again breathe normally, consider freezing your credit report. A credit freeze is one of the most powerful weapons against identity theft. A credit freeze prevents anyone, including yourself, from accessing your credit report without the use of a special pin number to “thaw” the report. This helps to stop criminals from using your credit information to apply for a loan or credit cards.
There are three credit reporting companies in the US. When you freeze your credit at one of them, it won’t do any good unless you freeze the others as well. Equifax is currently offering everyone in the US the ability to freeze their credit report for free, but it’s important to know that the company won’t charge fees when you use the thawing option. The two other credit reporting companies, Experian and Transunion, are currently charging fees to both freeze and thaw credit reports, but it’s worth the small expense for more peace of mind.
After freezing your credit, it is time to find out what personal information hackers may have stolen about you. While Equifax is making promises to inform every customer whose credit card information the breach affected, it may be weeks or more before you hear anything. You can speed up the process by checking online to learn if hackers may have your information. To handle the large volume of additional calls, the company set up a hotline at 1-866-447-7559. This hotline is open every day from 7 AM to 1 AM Eastern.
Finally, if you don’t already have credit monitoring, make sure you enroll in a program now. Equifax is offering free credit monitoring through a partnership for one year. However, there are many other credit monitoring services that may be more appropriate for your needs. It’s a mistake to sign up for a free year with Equifax and think you can cancel the service after 12 months. The fact is the threat won’t end after only one year. Protecting your credit report from fraud is your lifelong responsibility. Whether you choose to hire a company to help protect your credit report through automatic monitoring, or if you prefer to keep watch on it by yourself, it is a modern-day necessity.
Moving Forward
The Equifax data breach is likely to continue to cause repercussions for months, and even years down the road. Hopefully, this breach is the wake-up call everyone needs to take to modernize the way the US financial industry handles credit. It’s a good sign that the US government is promising an extensive investigation into the Equifax hack and cover up. As a response to the outrage of the voters, Senators are already reintroducing the Stop Errors in Credit Use and Reporting (SECURE) Act, which would give people more control over their credit reports. The Act would give consumers many additional rights, including the ability to view the same reports the credit-reporting companies send to lenders, to freeze the credit reports of minors, and to sue companies that violate any credit-reporting rules.
Senator Brian Schatz said that the SECURE Act is only the first of several actions the US Senate is planning to implement to prevent something like the Equifax hack from having devastating impacts in the future.
If you have any questions about how the Equifax hack could further affect your or your business, contact {company} at {phone} or {email}. We’re always here to help.
by Felicien | Sep 14, 2017 | Education
Your Kids Are in Danger from The Online Predators You Don’t Know About.
You wouldn’t let your child walk down the middle of a busy highway, would you? Most would consider this child endangerment. So, why aren’t you strictly monitoring their online activities? Why aren’t you educating them about the predators and other dangers? It’s time to stop doing what you are right now, and think about this.
Education about data safety is more important than ever.
Keeping children safe online is a goal everyone must get behind – parents, relatives, teachers and organizational leaders, etc. If you don’t understand the online threats your children face, it’s time you got educated, and educate your children.
Take a look at the latest online dangers targeting your kids and teens.
Child-Specific Phishing Schemes
Email and text message phishing schemes are growing. And the criminals behind them are targeting groups with the highest success rates –your children and teens.
While your children may be technologically savvy, they don’t always have the real-world experience to recognize phishing schemes.
Plus, most kids tend to rush headlong into things without thinking about the consequences—This could mean that they’re sharing information they shouldn’t. Online predators know this and are urging them on.
Train your children about the dangers of phishing messages. Teach them how to recognize these schemes, and above all, not to share any personal information online.
Malware App Downloads
This is a big problem, especially for kids and teens who have their own phones. Apps are incredibly easy to download, and frequently free or priced at only a few dollars. As a result, kids like to download and try them out.
The problem is when malware apps target kids. They promote free video games and software, but, instead, deliver a virus to their phones, tablets or computers. It’s critical that you install security software on their devices so they can’t download whatever apps they want.
Teach kids not to download apps without your authorization first.
Compromised Networks
When kids want internet access to keep up with their friends, they want it badly – And that usually means using any available Wi-Fi network, as long as it works. This is a problem because Wi-Fi networks have varying levels of security – or no security at all—making it easy for “man-in-the-middle” data theft and other wireless hacking.
Teach your children not to use random Wi-Fi service, especially those without any sort of authentication.
Cyberbullying
Cyberbullying has become an overused term these days, and it’s sometimes difficult to identify in the world of digital communication. Are these comments jokes, or are they truly intended to harm?
For example, once children reach a certain age, they may have already been called terrible things during online gaming or while chatting with friends.
But with the power of anonymity, cyberbullying can get much darker. This includes spreading lies on social media, stealing account information, assuming different identities to hurt people, and more.
It’s important to teach young users not to hurt each other, and make sure that they are neither recipients nor instigators of this sort of bullying. Digital interactions should not be immune to accountability at any level.
Entering the Dark Web
A lot of teens try to access the dark web in search of illicit information, or just out of curiosity. The problem is that they don’t really know what they’re doing.
It’s easy to download some Tor software and try to open an encrypted channel to various black-market websites. But that’s only part of a complicated process: Jumping into the dark web can be quite dangerous. Rules of civility rarely apply, and many links are deceptive and lead to malware, or outright illegal activities.
Tell your teens that even if they just “try out” the dark web, they’re still opening their device to identity theft and hacking.
Sexual Predators
These days, there’s no forum or site your child should join outside of carefully monitored education/safety zones. There are thousands of different, specialized subreddits, tumblrs, and social groups—And, who knows what sexual predators are lurking behind innocent-looking identities? These predators represent a serious danger, especially to kids who haven’t learned much about online anonymity yet.
It’s very important to teach kids as early as possible about the dangers of talking to strangers online, or believing what people say (this works well as a phishing lesson, too). Additionally – and on an obvious note – keep kids off any forums related to sexual matters, regardless of their purpose.
Trading Information
This happens a lot in more peer-related online conversations. Someone will say, “Sure I can help you with this, but I need ______.” This could be a PayPal address, gamer handle, or other contact information.
The problem is that kids don’t see the harm in providing information like this to a “friend” or someone who appears to be their age.
Teach your children to be cautious when participating in any online conversations, and not to trade information—even in peer-related groups.
Drug Rings
Illegal drugs are everywhere—even in “small-town” America. It can be surprisingly simple for young teens to get involved in illegal drug-related activities via online services (even if they aren’t on the dark web).
Teens are especially at risk because:
They rarely know the details of drug-related laws, and what counts as a felony or misdemeanor, and
They don’t usually care anyway, because they don’t truly understand the full consequences of getting caught, or addicted to drugs.
When teaching your children about online safety, it’s important to underline the legal dangers of asking for drugs, or drug-making instructions, as well as the health and safety dangers of using them.
Groupthink
There’s an interesting article about the incredibly stupid things Harvard students have done online. These actions are now preserved in time forever and could ruin their professional hopes in years to come.
Why does this happen to even the best and brightest? Because it’s extremely easy to fall into groupthink patterns online—where you believe that what you’re doing is acceptable. Or it’s totally fine because it’s “just a joke” or they’re just “having fun” with friends. This kind of thinking can be very dangerous.
It’s important to remind growing teens that their online selves aren’t separate from who they are in the real world. Everything is connected and has consequences.
For help keeping your children safe online, contact {company} in {city}. We can hold an in-service at your place of business to teach you and your staff about the dangers, so you can teach and protect your children. {phone} {email}
by Felicien | Sep 14, 2017 | Education
Everyday hackers are among the most pressing threat your business faces today. Are your protections in place?
The current cybersecurity situation plaguing businesses worldwide is a lot more dangerous than we previously realized. Since 2013, an incredible nine billion data records were lost or stolen due to breaches.
To make matters worse, only 4% of those breaches were “secure breaches,” meaning that some or all of the data that was stolen was encrypted by hackers, and ultimately rendered useless.
When you break down these statistics, the situation looks dire. It’s estimated that:
2 million records are lost to hackers every day,
219,000 per hour,
3,600 records a minute, and
61 records per second.
By the time you get to the end of this sentence, approximately 305 sensitive documents have been compromised online.
How’s that for putting things into perspective?
This is all from the work of everyday hackers—And, not sophisticated criminal organizations like something out of a James Bond film. The truth is rarely that “sexy” regardless of how much we want it to be.
The Curse of the Everyday Hacker
Thanks largely to feature films and television shows that glorify hacking, a wide range of myths prevail around the people who are online daily trying to do you harm. These aren’t creepy criminals who operate from some secret, underground fortress – Most of them are working out of their homes or offices. They may even be in your neighborhood!
These everyday hackers aren’t trying to break into the computer systems of world governments. They’re just trying to figure out your credit card PIN numbers.
They also don’t spend months targeting any one victim, pouring over key details until they identify exactly the right piece of info they need to get the results they want. Sadly, they’re far more opportunistic than that—They usually try anything and everything, “throwing it all at the wall to see what sticks.” Unfortunately, more often than not, this is much easier than it even sounds.
Enterprise and business users must realize that these everyday hackers are the true threats to must protect against. It’s everyday people who are working hard to get into your business.
Worst of all, many businesses don’t prioritize cyber security efforts. This is just like handing over the keys to your safe.
Educate Your Employees About Using Strong Passwords.
One of the most common methods everyday hackers exploit are weak passwords. Your employees are probably using some right now. This sounds incredibly basic, but it’s also frustratingly true—Employee education must be a top priority. Teach them the difference between a strong password and a weak one. And make sure they understand the very real consequences that come from the latter.
Update Your Outdated Systems.
Outdated systems are another favorite of everyday hackers. Take Windows XP for example. For a while, it was one of the most widely used operating systems in history—Your own company probably spent years using XP.
Even if you still love it, and it does what you need, it’s imperative that you upgrade to something more modern like Windows 7 or (better yet) Windows 10.
Outdated operating systems like Windows XP are no longer supported, which means that as soon as a new vulnerability is identified your entire system could be easily compromised. Plus, Microsoft will no longer be releasing security updates to fix these problems.
Ransomware is a favorite of everyday hackers in large part because of its simplicity and effectiveness. Viruses may seem complex, but in reality, they’re not. Ransomware is easy to write and even easier to execute–All you have to do is trick someone with the right security credentials into downloading and installing a file on their computer.
Once the file is executed on their machine, the hacker has literally every kilobyte of data at his or her disposal – and they can ask for whatever they want to give it back (or not).
The old saying, “crime doesn’t pay” proves false when it comes to everyday hackers. These are the people you need to be worried about—the ones your security policies should be designed to keep out.
Cybersecurity is one of the most pressing issues of the common era—The best thing we can do is to learn as much as we can about the dangers we’re up against. If you think that “super hackers” or sophisticated people with unparalleled skill are the only ones you need to worry about, think again. Everyday hackers are just as dangerous, if not more, so because they’re right here among us, and much more difficult to detect.
If your business is in {city} and you’d like to learn more about this or other cybersecurity and IT-related topics, please don’t delay. Contact {company} at {phone} or {email}. We’re ready and waiting to do whatever we can to help.
by Felicien | Sep 14, 2017 | Education
Some terrific new features are about to arrive for Microsoft’s SharePoint Online and OneDrive solutions. They’re sure to take your productivity to a bold new level.
To say that technology has changed the way businesses operate is something of an understatement, even if they weren’t “techie” businesses to begin with.
SharePoint Online makes it easier to store, share and manage digital information.
OneDrive for Business is a similar option, and allows you to store, sync and share work files from anywhere, on any device, at any time.
Both use a collection of cloud and web-based resources that would have seemed like something out of a science fiction film even a decade ago!
Thanks to solutions like these and others, suddenly “productivity” and “geography” are no longer as closely tied together as they once were. If you’re in the middle of an important product launch, but also happen to be halfway around the world, you no longer have to wait until you’re back in the office to get things done. You can be just as productive while sitting in an airport lounge waiting for your flight to take off as you can at your desk in the office.
The best part of all is that because these options are cloud-based, they’re being updated all the time to become even more valuable than they already were. For example, in just a few short weeks, Microsoft is going to begin adding support for special characters like “#” and %” to both SharePoint Online and OneDrive for Business that enterprise users in particular will no doubt be thrilled about.
The Addition of “#” and “%”—What’s the Story?
Early in 2017, Microsoft announced that they were adding support for special characters like “#” and “%” for file and folder names across the document libraries that you’re already creating in SharePoint Online and OneDrive for Business. This is something that we’ve long been clamoring for, and will begin rolling out in October.
This will give you the ability to create, store and sync files containing these special characters with greater ease than ever before – regardless of whether they’re used as a prefix or suffix in a particular file or folder name.
This is a small but essential change, as it gives you a greater level of control over how files and folders are created in line with your own in-house organizational practices. Other solutions and even other operating systems have long supported characters like “#” and “%” in this way, so their addition to SharePoint Online and OneDrive for Business is a welcome addition.
Savvy users are no doubt already aware that this feature has actually been available in an “opt-in” capacity since earlier in 2017. Starting in October, this feature will be turned on by default for those already using these solutions. The total global rollout is expected to be completed around March of 2018, along with Office 365 Roadmap ID 14656.
Do You Need More Time to Prepare?
Because this feature will be enabled by default in just a few short weeks’ time, some may need more time to prepare their in-house methods for the adjustment. Thankfully, this feature also has administrative controls that allow you to disable it at will, and enable again.
If you and your team need additional time to prepare for the change, go into the administration panel on your deployment and configure the feature to be “off by default” by the end of September 2017. Then, when the global rollout completes, you can go back in and enable it whenever you’re ready.
Guest Compatibility
Another new feature that’s slowly making its debut involves guest compatibility for Teams, something that affects not only SharePoint Online and OneDrive for Business, but all the apps in the Office 365 productivity suite. Now you can add guest accounts for your pre-configured Teams at will so they can work under the same policies and protections as regular members.
This is perfect for people who want to bring a client or a new employee into the fold on a temporary basis, giving them access to certain resources in a limited capacity without making them a full-fledged member. Teams was originally launched in March of 2017 as Microsoft’s alternative to other workplace communication applications, with Slack being perhaps the most prominent example.
With the already robust feature set and support for options like special characters, and more being added all the time, it’s easy to see why SharePoint Online and OneDrive are widely used by businesses and other professionals all over the world.
If your business in {city} needs assistance with SharePoint Online, OneDrive, or other Microsoft solutions, please don’t delay. Contact {company} today at {phone} or {email}. We can help you accomplish your goals with the right IT solutions.
by Felicien | Sep 13, 2017 | Education
Employees don’t mean to unwittingly release trade secrets or respond to phishing attacks, but when they do, it can be incredibly damaging to your company. Help your employees spot the warning signs and stay safe online.
Your employees are both your biggest asset and your weakest link — at least when it comes to preventing a cyberattack. Criminals today launch sophisticated attacks that are undistinguishable from advertising, push notifications or special offers. How can you prevent employees from laying out a virtual “welcome mat” for cybercriminals by clicking somewhere that they shouldn’t, or setting passwords that are easy to hack?
The Dangers of BYOD
Work is more mobile than ever, and the trend of using BYOD (Bring Your Own Device) makes the job of information security professionals very challenging. Technology teams are scrambling to patch software and system vulnerabilities to keep email spam-free. But, this can be an uphill battle if your employees aren’t trained to recognize cybercrime.
As much control as you have over your office computers, that’s how little control you have over personal electronic devices -many of which now have access to the same business-critical information that’s on your business network. While offering this easy access is critical to your operations, it opens your IT systems to exposure from criminal elements.
Employees working remotely from a coffee shop or on shared devices could easily forget to log out, leaving open access to your network for anyone who “wanders by and decides to take a look.” Losses of laptops alone cause IT directors to hyperventilate, as many users have passwords that are easily hacked or discovered, providing the lawbreaker with the proverbial “keys to the kingdom” in terms of business data.
Malicious Leaks
It’s difficult to believe, but there are people on your staff who don’t have the best interests of your business at heart. These individuals may be looking for a way to get back at the boss for a real, or imagined slight, get a better job by offering confidential intel to a competitor, or simply be angry and want to cause damage wherever possible.
The best way to limit this possibility is to ensure that your employees only have access to the information that they need to do their job. For instance, while your customer service employees may need to view customers’ purchase details, do they really need to see their credit card numbers, expiration dates and other personal details? Probably not.
It’s also important to appropriately handle HR situations when an employee is being removed from their position, or when a supervisor recommends limited access to information. Quickly removing access may be enough to stop a situation from getting worse. It also puts all employees on notice that stealing information from your business is considered a crime and will be treated accordingly.
Accidentally Sharing Data
Whether an employee is on a job interview with a competitor and coerced into reluctantly sharing information, or sends the wrong attachment to a contact, accidents happen. Today’s fast-paced business world guarantees that workers who are continually distracted and multi-tasking – will make mistakes and accidentally share confidential data.
Train your employees to double-check email addresses and contact lists before hitting the “Send” button— And have them practice file-naming standards that may make it more difficult to grab the wrong document by mistake.
Alternatively, employees may not realize that the information they’re sharing is truly confidential, and could be damaging if leaked.
Cybersecurity Training is Essential
By far, the most likely scenario is where one or more of your employees are the target of a cyberattack (such as phishing when hackers try to entice them to click a specific link that leads to the installation of malware or ransomware, or provides direct access to your network).
Training is an essential part of any cybersecurity effort. However, this means more than sending a simple email with directions to your employees. If your technology team can’t find the time to train them, hire an outside managed service provider to do so.
Maintaining Secure Operations and Communication
Email is by far the most-used method of communication in today’s business world. But, is your email secure enough? If your emails aren’t encrypted, then you have a large hole in your security that cybercriminals will be happy to take advantage of.
If your business is one of the 60 percent that don’t encrypt daily emails, it can easily cost you thousands of dollars in the event of a significant data breach (and in notification costs alone!).
The same is true of software tools that are difficult to use. If your employees find that a required platform limits their functionality or slows them down, there’s a high possibility that they may attempt to download random software from the Internet that may not be secure.
The majority of cybersecurity precautions are common sense: maintain excellent password security, don’t click on unknown links, optimize systems and operations, encrypt emails and train your employees to recognize cyber threats. However, for them to work, they must be implemented.
Need help training your employees to identify cyber threats, or protecting your organization from data breaches? Contact {company} in {city} at {phone} or {email}. We’ll work with you to define the level of protection that you need!
