Even as businesses across the country go completely digital, and the entirety of their precious assets are stored on servers, the quality of many IT services providers has plummeted. In a misguided attempt to cut costs and save money, some shortsighted businesses are unable to see the utility of accurately priced IT options, so they opt for lower-tier, “break-fix” firms to keep their network afloat. Instead of paying monthly fees for managed services, they call up an IT professional only after something has broken down and pay them by the hour.

You’ve probably received notifications about the new General Data Protection Regulation (GDPR) going into effect in the European Union (EU).   As of May 2018, rules will be put into effect for organizations that do business with, and have data on, EU entities, which could be compromised or abused.  GDPR seeks to establish one set of rules that all countries within the EU can apply to its members, as well as organizations outside the EU that touch this data.

(As published in the November/December 2018 issue of MediNews)

Over the past several years, I’ve spent considerable time with clients working to develop better IT policies when it comes to things like Acceptable Use, Privacy, Security, and Incident Response.  These policies are all important and necessary, because if you don’t properly equip your staff with rules and guidance on the expectations for their handling of technology and by extension sensitive data, you can’t expect them to act responsibly.

Phishing is becoming a major threat vector for organizations all around the world.

Phishing is the exercise of sending illegitimate emails designed to elicit a response from the end user, whether that’s clicking on a link that infects them with malware or tricking the user into volunteering information that they normally would not provide like a password or some other information that is useful to the attacker.

Frighteningly, all signs are pointing to the fact that phishing attacks are becoming more prevalent by the day. According to Webroot, nearly 1.5 million new phishing landing pages are being created monthly.

So why is phishing so popular? I can think of a few reasons.

In light of the headline-making news regarding the major flaw on WiFi networks, dubbed “KRACK”, which stand for Key Reinstallation Attack, we wanted to take a moment and communicate a few important facts to keep in mind regarding this specific flaw.

One of the early steps in establishing a culture of risk management with your staff is creating a suitable Acceptable Use Policy. Before I get into how to approach this policy, let’s review how this policy is defined.

As someone who has worked in the Managed Network Services space for over a decade, there are certain behaviors I notice when it comes to security planning. Every so often, a major security incident occurs that makes headlines, and the media cycle begins. Decision makers at organizations, who are typically business experts and not technology experts, often react with questions about what they are doing to fight this specific threat. Are they doing the right thing? What else could they be doing? How exposed are they?

WE ALL AGREE THAT it is essential to the operations of modern medical practices,
but I find that often these investments in technology are reactionary.
Ten to 15 years ago a major push for moving to Electronic Medical Records
(EMR) inspired a number of practices to make significant investments in
IT infrastructure that most of them had never considered before. It was a
brave new world for most practices, and decision making was often done in
a spur of the moment fashion. Even more disconcerting was the fact that
many of the investments from these early adopting practices ended up being
overhauled for a variety of reasons, many of which had to do with not
“right sizing” the solution in the first place. Needless to say, this was not a
pleasant experience to be a part of, either internally or as a service provider
like I have been. The costs were out of control, unpredictable, and stressful
to deal with.

Chances are if you are reading this article, you have already moved some, or perhaps most, of your IT infrastructure to the cloud. While most organizations spend lots of time, energy and money developing strategies for integrating their important data and workflow to the cloud, they usually don’t worry about security and risk management strategies until after the migration. In fact, many organizations assume that it’s okay to maintain their existing strategy they were using before the move.

EVERYONE WHO MANAGES staff in a medical environment immediately becomes
a key decision maker when it comes to HIPAA compliance, whether
they realize it or not. Many data breaches do not occur because of technical
failures that come from a conscious attack on security systems, but by the
failures of personnel to properly control the access to patient health information.
Practice managers hand the keys to the vault of patient data to staff
members every day. Just like money in your bank account, sensitive data has
a real value, and anyone with access to it holds a serious responsibility.