Posts

HIPAA and the Cloud – Moving Toward 2015

/in /by

29In the healthcare sector, the storing and sharing of sensitive digitized patient data has become a significant undertaking and is a heavy burden on resources. Preparation for a complete conversion from paper medical records to electronic health records (EHR) by 2015 has independent practitioners and small healthcare entities making significant investments in equipment, hardware and software, and tech-savvy personnel. Rather than focusing on the delivery of core patient care services, they must now worry about IT infrastructure issues, underlying network constraints and data center accessibility as well. This is problematic as very few medical offices or small health service organizations can afford to employ dedicated IT staff.

In this context, it is obvious that cloud-based solutions, which consolidate and outsource computing resources to external entities, would provide substantial relief to healthcare service providers. Data stored in the cloud is available on-demand and requires no expensive equipment, physical home or hired staff to manage and maintain it.

But while other business sectors have fully embraced the cloud for cheaper, more flexible, scalable and secure computing, many in the healthcare sector have yet to entertain putting patient data into the cloud. HIPAA-driven security and privacy concerns have been a serious deterrent.

This is about to change. Recent modifications to the HIPAA Privacy, Security, Enforcement and Breach Rules have made it clearer that data center operators are to be classified as business associates under HIPAA. This means cloud-service providers are required by law to report and respond to data breaches and uphold their obligation to properly protect and secure patient info.

These modifications are a game changer because they now assure covered entities such as doctor offices, hospitals, and health insurers that they can remain HIPAA compliant while adopting cloud technology.

Cloud Computing in Healthcare Sector Projected to Grow

According to recent report by the research firm Markets and Markets, although the healthcare sector has been notoriously slow when it comes to adopting new technology trends, the cloud computing market in this sector is projected to grow to $5.4 billion by 2017.

Breaking Down HIPAA and the Cloud

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) was upgraded in 2009 with the Health Information Technology for Economic and Clinical Health (HITECH) ruling addressing the growing use of digitized medical records. HITECH was introduced to provide federal funding to deploy HER and establish a protocol for protecting the electronic storage and transmission of Protected Health Information (PHI). [PHI is defined as any information obtained, used or disclosed in the course of providing a healthcare service–treatment, payment, operations or medical records–that can be used to identify an individual.]

Compliance with HIPAA requires the reporting of any potential unauthorized PHI access. Because any impermissible access, use, or disclosure of PHI can severely damage an organization’s reputation, as well as levy penalties varying from $100 to $50,000 for first time offenders, it is understandable that many in the healthcare industry have chosen to avoid migrating patient data to the cloud unless they’re absolutely certain that a cloud-service provider (CSP) is HIPAA compliant.

Cloud-Service Providers as HIPAA Business Associates

Over the past five years, there has been much confusion whether cloud-service providers were classified as business associates (BAs) under HIPAA. The Department of Health and Human Services holds BAs accountable for certain required privacy and security obligations to protect PHI data, upholding them to a signed Business Associate Agreement (BAA). If confidential health data is compromised, the Associate is liable for responsibilities on their end.

The HIPAA privacy rule defines a BA as “a person or entity that performs certain functions or activities that involve the use or disclosure of protected health information on behalf of, or provides services to, a covered entity.”

Since most CSPs “maintain” PHI on behalf of either the covered entity or another BA that subcontracts them, one would assume they’d be deemed a BA themselves. But that hasn’t always been the case due to some ambiguous language that originally accompanied the regulation, language that was only just recently modified to expand the scope of BAs as defined by HIPAA.Capture4

As you can see, this language easily leaves “access on a routine basis” up to interpretation. For instance, although it states that HIPAA requires those accessing PHI data on a routine basis be treated as BAs, some CSPs felt they were mere “conduits” of protected data – not very different than courier services or postal services, having only random or infrequent access to public health information as they transport/share it with others. These CSPs would often argue that a signed BAA wasn’t necessary, thus avoiding the added due diligence or security control requirements and liability.

Take a high-volume Platform-as-a-Service (PaaS) for example. Here the CSPs primary role is to provide storage services that enable the covered healthcare entity’s staff, such as a doctor’s office, to routinely look at data stored remotely. While the CSP providing the PaaS bears responsibility for maintenance and upgrades to the hardware, software and the operating system, they don’t touch the actual PHI data all that much. Therefore, a CSP offering PaaS doesn’t necessarily have the same level of PHI access as a cloud provider using Software-as-a-Service (SaaS) who must grant their personnel daily access to PHI.

A similar argument could be made for a CSP who maintains encrypted PHI for a covered healthcare entity but doesn’t hold the encryption key.

This uncertainty was the reason for much of the healthcare sector’s reluctance to take to the cloud. If a cloud-service provider (CSP) didn’t feel the need to sign a BAA, and the patient info they managed was breached, the covered healthcare entity, not the CSP, would be fined.Capture5

The new HIPAA Omnibus Rule further clarifies that BAs and subcontractors of BAs are directly liable for compliance with certain HIPAA Privacy and Security Requirements. This has calmed skeptics, resulting in a healthcare industry now actively looking to cloud-based solutions.

Protecting personal information and cloud security are a must by 2015. CLICK HERE for a free network assessment and choose Cognoscape for your HIPAA compliant managed IT services.

8 Cold Hard Truths for SMBs Not Worried About Disaster Recovery and Business Continuity

/in , /by

27The foundation of any successful business continuity solution is the ability to retrieve data from any point in time from anywhere. When the topic of data recovery and business continuity comes up, you get the feeling that many decision makers at smaller businesses and organizations wish they could channel their inner six year old, simply cover their ears, and sing “La, la, la. I Can’t Hear You. I’m Not Listening.” Everybody things bad things only happen to other people. Just because we hear about a fatal car accident on the morning news, doesn’t mean we fixate on that news when we ourselves get into a car and drive to work. So no matter how many times the owner or CIO of a small to midsize business (SMB) hears of other small businesses being crippled by hurricanes, tornados, fires, or flooding, they aren’t necessarily overcome with fear to the point that they feel an urgency to take action. Sure, they may think about backup and data recovery solutions a little more that day, but not enough to initiate immediate change or reverse a lenient approach to their processes. If you fall into this category, here are eight cold hard truths to consider

  1. It isn’t natural disasters or catastrophic losses like fires that take down small businesses but something far more sinister – malware. Cyber attacks through malware have grown exponentially in the past four years. Malware is hitting everything from PCs to Macs to mobile devices and it’s inflicting damage.
  2. Over half of the small businesses in the U.S. have experienced disruptions in day-to-day business operations. 81% of these incidents have led to downtime that has lasted anywhere from one to three days.
  3. According to data compiled by the Hughes Marketing Group, 90% of companies employing less than 100 people spend fewer than eight hours a month on their business continuity plan.
  4. 80% of businesses that have experienced a major disaster are out of business within three years. Meanwhile, 40% of businesses impacted by critical IT failure cease operations within one year. 44% of businesses ravaged by a fire fail to ever reopen, and only 33% of those that do reopen survive any longer than three years.
  5. Disaster recovery solution providers estimate that 60% to 70% of all business disruptions originate internally – most likely due to hardware or software failure or human error.
  6. 93% of businesses unable to access their data center for ten or more days filed for bankruptcy within twelve months of the incident.
  7. In the United States alone, there are over 140,000 hard drive crashes each week.
  8. 34% of SMBs never test their backup and recovery solutions – of those who do, over 75% found holes and failures in their strategies.

It’s critical that small businesses review their backup and disaster recovery processes and take business continuity seriously. Given the vulnerabilities associated with the cloud and workforce mobility, the risk of critical data loss today is quite serious and firms must be truly prepared for the unexpected.

CLICK HERE for a free network assessment.

5 Ways SMBs Can Save Money on Security

/in /by

26Small-to-medium sized businesses and large enterprises may seem worlds apart, but they face many of the same cyber-security threats. In fact, in recent years, cyber-criminals have increasingly targeted SMBs. This is because it’s widely known that SMBs have a smaller budget, and less in-house expertise, to devote to protection. Thankfully, there are several things SMBs can do today to get more from even the most limited security budget. And, no, we aren’t talking about cutting corners. Far too often, SMBs cut the wrong corners and it ends up costing them more money in the long run. It’s a matter of taking a smarter approach to security. Here are five smart approaches to take

  1. Prioritize – Every business has specific areas or assets critical to its core operations. Seek the input of valued staff and team members to determine what these are. Is there certain data that would be catastrophic if it was lost or stolen? If hackers compromise a network, or prevent access to certain applications, how disruptive would it be to daily business operations? What kind of potential threats or vulnerabilities pose the greatest risk to the company or your customers/clients? Focus on the most likely risks, not theoretical risks that “could happen.” Asking such questions gives you a clearer more complete perspective as to where to focus available security resources.
  2. Develop and Enforce Policies – Every SMB needs to implement a security policy to direct employees on appropriate and inappropriate workplace behaviors relative to network, systems, and data security. Merely drafting this document isn’t enough. Employees must be held accountable if they fail to adhere to policy. Such policies should be updated regularly to reflect new technology and cultural shifts. For example, a document written before social media took off, or before the BYOD (Bring-Your-Own-Device) movement, doesn’t necessarily apply today.
  3. Education – Ongoing end user training must be provided. Many security breaches happen because employees fail to recognize phishing schemes, open emails from unknown sources, create poor passwords that are seldom changed, and don’t take proper precautions when using public Wi-Fi connections on personal mobile devices also used for work.
  4. Take to the Cloud – Running applications and servers in-house is a costly endeavor. Leveraging the cloud today allows SMBs to cut costs while also strengthening their security. Cloud operators typically have built-in security features, alleviating SMBs of the burden of maintaining security themselves. Today, not only can SMBs shift much of the burden of IT to the cloud, but they can also outsource much of their security by taking advantage of the remote monitoring, maintenance, and security tools provided by Managed Service Providers (MSPs).
  5. Don’t Aim for Perfection – There is no such thing as perfect security. Striving for perfection is expensive and can prove to be more costly in the end. Improving protection and response would be a more ideal allocation of funds. It can take a hacker several months to figure out your systems and do real damage. Having the ability to quickly detect their presence, and mitigate any potential damage they may cause, is a more realistic and less expensive approach than thinking you can completely remove any probability whatsoever of a hacker breaching your system

CLICK HERE for a free network assessment and maintain security in the cloud.

Stay Secure My Friend… More Hackers Targeting SMBs

/in , , /by

Many SMBs don’t realize it, but the path to some grand cybercrime score of a lifetime may go right through their backdoor.  SMBs are commonly vendors, suppliers, or service providers who work with much larger enterprises. Unfortunately, they may be unaware that this makes them a prime target for hackers. Worse yet, this may be costing them new business.

Larger companies likely have their security game in check, making it difficult for hackers to crack their data. They have both the financial resources and staffing power to stay on top of security practices. But smaller firms continue to lag when it comes to security. In many cases, the gateway to accessing a large company’s info and data is through the smaller company working with them. Exposed vulnerabilities in security can lead cybercriminals right to the larger corporation they’ve been after.

25Cybercriminals Target Companies with 250 or Fewer Employees

In 2012, Symantec research confirmed that cybercriminals are increasingly targeting smaller businesses with 250 or fewer employees. Attacks aimed at this demographic practically doubled from the previous year. This news has made larger enterprises particularly careful about whom they do business with. This means that any SMB targeting high-end B2B clientele, or those seeking partnerships with large public or government entities, must be prepared to accurately answer questions pertaining to security. This requires an honest assessment of the processes taken to limit security risks.

View Security Measures as Investments

CIOs must start viewing any extra investment to enhance security as a competitive differentiator in attracting new business. Adopting the kind of security measures that large enterprises seek from third-party partners they agree to work with will inevitably pay off. The payoff will come by way of new revenue-generating business contracts that will likely surpass whatever was spent to improve security.

Would-be business partners have likely already asked for specifics about protecting the integrity of their data.  Some larger entities require that SMBs complete a questionnaire addressing their security concerns. This kind of documentation can be legally binding so it’s important that answers aren’t fudged just to land new business. If you can’t answer “yes” to any question about security, find out what it takes to address that particular security concern.

Where a Managed Service Provider Comes In

Anyone who isn’t yet working with a Managed Service Provider (MSP) should consider it. First, a manual network and security assessment offers a third-party perspective that will uncover any potential business-killing security risks. A good MSP will produce a branded risk report to help you gain the confidence of prospects to win new business.

A MSP can properly manage key elements of a small company’s security plan. This includes administrative controls like documentation, security awareness training, and audits as well as technical controls like antivirus software, firewalls, patches, and intrusion prevention. Good management alone can eliminate most security vulnerabilities and improve security.

Stay secure and CLICK HERE for a free network assessment. Managed IT could prevent a security breach.

Achieving Hipaa Compliance & Data Security In The Cloud

/in , , /by

Prioritizing Security & Privacy in Healthcare Sector

Physician offices, hospitals and health insurers take practical steps each day to protect private patient health information (PHI) and comply with HIPAA regulations. Anyone interacting with patients and regularly accessing or discussing confidential medical records is obligated to adhere to certain requirements to uphold privacy and security.

For example, employees must be mindful of what is said aloud pertaining to an individual patient. Doors must be closed when patient conditions, treatments and procedures are discussed in person or over the phone. Staff should never leave voice mails with specifics about patient health conditions or test results. Even simple acts like summoning patients from the waiting room must be carried out with patient discretion in mind.

Failure to do this can result in a reported HIPAA breach that can be accompanied by potentially heavy monetary fines and often-irreparable reputation damage. The industry’s need to prioritize the integrity of patient data is even more pronounced in this time of flux within the healthcare sector.

Transitioning to the Electronic Age

Healthcare service providers today are in the process of converting all paper medical records to electronic health records (EHRs) or electronic medical records (EMRs) to meet the meaningful use requirements outlined in the American Recovery and Reinvestment Act of 2009 (ARRA). The ARRA incentivizes the healthcare sector to accelerate the adoption of enterprise-wide electronic medical data by 2015 or face possible penalties.

We are entering a period in our history where volumes of confidential patient health information (PHI) will be stored, shared, and accessed electronically for the very first time ever. There has never been a more critical time for healthcare service providers to ensure that patient rights are protected, confidential information is safeguarded, and this transition from the immovable locked file cabinets to today’s electronic-system is completely HIPAA compliant and secure.

How HIPAA Breaches Most Commonly Happen

The U.S. Department of Health’s Office of Civil Rights found that there have been 21 million HIPAA security breaches since 2009. These breaches have resulted in an average of 2,769 records being lost or stolen per breach. Among them:

  • 48% were stolen medical files
  • 48% were stolen billing and insurance records
  • 20% were stolen prescription details
  • 13% were stolen monthly statements
  • 24% were stolen patient billing/payment details
  • 19% were stolen payment details

During this period, 66 percent of the reported large-scale HIPPA violations were due to the physical loss or theft of electronic equipment or storage media such as a laptop or flash drive that held unencrypted PHI. Another 8 percent of the large-scale HIPAA breach incidents were the result of hacking and cybercrime.

Physical Theft

Based on the above findings alone, one can come to the obvious conclusion that storing such unencrypted data on a physical hard drive or any portable storage media device elevates the risk of an HIPAA breach. Therefore, eliminating the need to store or transfer this data on equipment such as laptops or flash drives should significantly minimize the risk of many of the HIPAA violations reported today.

Cybercrime

Cybercrime is a growing threat within the healthcare sector since the industry has been slow to adopt new technology. According to the Identity Theft Resource Center, there were 17 reported financial industry data breaches in 2012 compared to a reported 154 healthcare industry breaches during the same time frame. The aging technology commonly used by healthcare service providers is rife with software and security flaws making it susceptible to data breaches resulting from hacking and other cyber-attacks.

Data thieves view private medical records as a high valued commodity – a gateway to identity theft. Safeguarding this data is challenging. With the shift to electronic records, data thieves have upped their game, finding new ways to gain unauthorized access to patient data by exposing vulnerabilities.

Defending against cybercrime requires constant monitoring for intrusion attempts and security upgrades. In this era where the volume of stored data is increasing, new cyber threats seemingly surface every day, and there is continuous demand to comply with regulations; healthcare service providers securing their own infrastructure will inevitably become overburdened and more vulnerable to attacks and HIPAA breaches.

 

The Case for Moving Data to the Cloud

Although many healthcare service providers have shown a reluctance to abandon their in-house IT infrastructure and security measures, on premise data center attacks are proving to be more prevalent, costly, and difficult to rebound from.

Healthcare providers who have resisted the cloud due to privacy and security concerns could be making a grave mistake. Increasing evidence suggests that the cloud can actually enhance data security. It does this while also freeing up manpower and budget dollars that can be better allocated toward the principle objective of improving patient care.

Proactive Remote Monitoring

Leading cloud-service providers offer an around-the-clock remote monitoring service that maximizes uptime while monitoring each node in the cloud infrastructure, each access point, and the data center platform as a whole. This is an extremely important function that detects and addresses potential issues before they become serious breach incidents. Metrics are collected and alerts are triggered whenever faulty conditions such as a data backup failure or an authorized attempt to access data are detected.

CLICK HERE for a free network assessment and see how your sensitive information can remain secure in the cloud.

Cognoscape, a Managed Service IT Provider – The Basics

/in /by

15The Concept of Managed Services

Managed Services Providers – or MSPs – are often recommended as a cost-effective IT solution for small businesses. For a minimal monthly fee, MSPs provide a reasonably priced solution to the complex technology pains of small businesses. Sometimes an MSP will enter the picture to support an overworked IT support person or staff. They can also assume complete responsibility of all IT and network operations if need be.

MSPs can decrease the overall IT support costs by as much as 30% to 50%. Rather than stressing about technology, business owners can instead get back to focusing on growing their business. All while enjoying the benefit of a team of highly-trained IT experts boosting their network’s reliability and performance.

The Benefits of a Managed Services Provider

  • Freed-Up Resources and a Renewed Emphasis on Core Business – Most pricey repairs and recovery costs are the result of a lack of consistent monitoring and maintenance. While these activities are absolutely critical to day-to-day business operations, they are also repetitive, monotonous and “a time kill” for any IT support on payroll. Both business owners and internal IT staff would much rather focus on revenue enhancing tasks like product development or the creation of cutting-edge applications/services. This is one reason routine monitoring and maintenance tasks are often neglected by an internal IT person or team, which always proves to be detrimental much later. Often misportrayed as a “threat” to an internal IT person or staff, MSPs can instead alleviate internal staff of mundane network operations maintenance, repetitious monitoring of server and storage infrastructure, and day-to-day operations and help desk duties.
  • A True Partner Sharing Risks And Responsibilities – Earlier we alluded to a mistrust of IT consultants who profit from your technological misery. In comparison, the goal of an MSP is to deliver on contracted services, measure, report, analyze, and optimize IT service operations, and truly become an irreplaceable catalyst for business growth. MSPs not only assume leadership roles, they mitigate risks, enhance efficiency and change the culture by introducing internal IT operations to new technologies and processes.

 14

  • Access to Expertise, Best Practices and World – Class Tools and Technologies – MSPs has worked with a variety of businesses and organizations. Since each client presents a completely unique set of business and technology needs, there isn’t a “one-size-fits-all” method to what they do. That said, they’ve likely seen it all, and the benefit of an experienced MSP undoubtedly adds value to your business. MSPs can keep your business relevant and on track with continually evolving technology, support, and productivity demands. Let’s face it – no small or medium-sized business can afford to fall behind with technology trends in today’s business world.
  • The Benefit of a Full – Time Fully Staffed IT Department at a Fraction of the Cost – Most small business owners live and die by proactive management. They just haven’t had the budget, resources or access to on-demand expertise to be proactive with information technology management. An MSP gives business owners and overwhelmed internal IT staff affordable computer and server support, remote monitoring of critical network components like servers and firewalls, data backup and disaster recovery, network security, custom software solutions, and technology evaluation and planning. Freeing them from expensive computer problems, security threats like spyware and spam, and the repercussions of prolonged downtime. All without being “nickel-and-dimed” by on-call IT firms.

CLICK HERE for a free network assessment. Choose Cognoscape for your managed services and IT needs.

Embracing the Age of Mobility & the BYOD Workplace

/in /by

15In today’s always-connected world, the time-honored separation of work and personal time is quickly disappearing. Mobile devices such as laptops, netbooks, tablets, and smartphones have fundamentally changed how all of us live and work.

With work no longer confined to a physical office space, or limited to traditional business hours, we’ve created an increasingly mobile and dispersed workforce capable of working anywhere at any time. 3 out of 5 workers today no longer believe an office presence is necessary for a productive day’s work. By 2015, the IDC estimates the U.S. will have over 200 million people working remotely.

By now, it’s obvious that BYOD (Bring- Your-Own-Device) isn’t just another buzz-worthy acronym or a workplace trend that will eventually fade; it’s part of the complete restructuring of the conventional way we’ve worked up to this point. There is simply no going back to the way we were. With or without company approval, employees prefer working from devices they own and are most comfortable with, meaning it’s out with yesterday’s loud, clunky and slow in-office desktop PCs and in with today’s feature-rich, on-the-go, employee-owned mobile devices.

Although many small-to-midsize businesses (SMBs) have fully embraced BYOD for its countless benefits, this proliferation of employee-owned devices accessing company databases, files, and email servers is unprecedented. It is also risky because it increases vulnerability to security breaches and data loss.

Which raises the question: are workplaces today responsibly ushering in BYOD with safety, security, and long-term adaptability in mind?

THE MAINSTREAMING OF BYOD

It’s hard to believe that just a decade ago work mobility was practically nonexistent. We worked from cubicle farms with workstations and desktop PCs straight out of the movie Office Space. The office was our only access to the company network. Select employees might be provided with company-issued laptops with pre-loaded software useful for work. Perhaps they’d be trusted with FTP (File Transfer Protocol) privileges to access and transfer files to the server. Cell phones were actually just phones.

Even when BlackBerrys were introduced to the business world, allowing people to use a mobile handheld device to access their work email and manage their schedule for the very first time, the BlackBerry Enterprise Server made it easy for IT departments to configure and manage the device. BlackBerrys eventually gave way to iPhones and Androids. Laptops eventually gave way to iPads and tablets that combined laptop usability with smartphone portability. Meanwhile, the number of public Wi- Fi hotspots grew, making employees eager to access their company network and work files from just about anywhere through their mobile device.

Today, BYOD has become the “new normal”. A recent poll of 1,021 small business owners in the United States found that 68% allowed employees to use personal devices for work. 79% of CIOs at businesses who aren’t encouraging BYOD believe employees access their network with unauthorized personal devices every day.

Initial resistance to the BYOD movement has proven to be futile. Gartner, a technology research firm, predicts that 90% of businesses and organizations will support the use of personal devices for work purposes by the end of 2014.

And it certainly seems that more business owners today are seeing the upside of BYOD, which include…

Increased Production

On average, it has been approximated that businesses gain 9 additional hours of productivity per week when employees use personal devices.

Improved Service

The benefits of this increased production and greater flexibility naturally extend to clients and customers since mobility allows workers to resolve escalated issues or almost instantly reply to inquiries outside of normal work hours. It is common these days to receive an email response after 5pm with a “Sent from my iPhone” tagline at the bottom.

Reduced Costs

Transferring IT hardware and equipment expenses to employees can save SMBs significant money. A study conducted by Cisco’s Internet Business Solutions projected that U.S. companies utilizing BYOD can save up to $3,150 per employee each year. Additionally, since consumers are drawn to the freshest technology, and the latest upgrade to their device of choice, businesses no longer have to budget to continually upgrade to keep up with technological advances.

In 2013, telecommunications and information technology service provider Cbeyond, Inc. conducted a blind survey of 711 C-level executives of firms with fewer than 250 employees. Their findings revealed that not only is BYOD more widely accepted today, but mobile devices have also become critical to day-to-day operations and essential to meeting business objectives. Many acknowledged that it would be a challenge to do business today otherwise. A fair share of executives felt their business couldn’t survive without mobile device usage.20

One troubling aspect of the aforementioned report is 32% of the surveyed SMBs aren’t sure if their data is adequately protected. While they acknowledge that BYOD puts their organization at risk, just 22% of SMBs currently have a comprehensive BYOD policy in place to address mobile device usage and define data privileges extended to personal devices.

Here are a few reasons this sets a dangerous precedent.

  • Nearly a third of employees use more than one mobile device during a typical workday. It’s critical that organizations, especially small businesses, know whatdevices are accessing their network and whom they belong to.
  • With the existence of public Wi-Fi hotspots at coffee shops, restaurants, hotels, convention centers, trains, and airports, inadequately secured mobile devices are constantly exposed to hackers monitoring traffic on open networks. According to data compiled by the Ponemon Institute, 59% of organizations have experienced a rise in malware infections linked to insecure mobile devices.
  • BYOD makes SMBs increasingly susceptible to costly data breaches with 38% of these breaches occurring as the result of lost or stolen mobile devices. Verizon Business has estimated that 174 million records have been stolen in 855 data breaches linked to smartphones and tablets.
  • There are more than 500,000 apps in the Apple App Store. The Android Marketplace has over 200,000 apps. The security controls in place to evaluate the safety of these applications are suspect and some apps having phishing screens, hidden spyware, and malware. This means the apps or clients being used to access enterprise content could put your data at risk.

The adoption of BYOD can be beneficial to small businesses but it shouldn’tcompromise company or customer data. Developing a comprehensive BYOD policy minimizes risk while still granting full (and secure) access to the files and applications your employees need, regardless of where they are.

CLICK HERE for a free network assessment.

Common Causes of Downtime

/in , , /by

ChartZero In On Infrastructure Vulnerability to Data Center Downtime

Leading Causes of Downtime

  • Power Outages – 48%
  • Accidental Data Deletion – 31%
  • Employee Created – 29%
  • Virus/Malware – 25%
  • Application Failure – 20%

Power Related Outages – Vulnerabilities to a data center’s power still rank as one of the leading causes of unplanned network outages and can often be catastrophic. Particularly costly are UPS (Uninterrupted Power Supply) related failures (this includes batteries) and generator failures.

ZERO IN

To minimize the impact that power outages have on data center operations, and to prevent a potentially catastrophic unavailability of the data center, a dependable backup system is needed. This ensures the backup of critical data and applications is always in place in the event of equipment failure.

The integration of comprehensive infrastructure monitoring and management tools also minimizes the costs associated with identifying and repairing power system failures. Accidental Data Deletion and

Employee Created Downtime

Simple human error is a prevalent cause of downtime. Whether months of data is unintentionally lost in a backup error, a power cord is unplugged, a busy IT technician overlooks routine maintenance and alert monitoring, or there is an error in judgment during an emergency, to err is human and apparently quite frequent as well.

A study by the Gartner Group, an IT research and advisory firm, projected that through 2015, 80% of downtime will be due to people and process issues.

In the fall of 2010, foursquare – a widely used mobile check-in app – had a highly publicized outage of eleven hours, followed by another shorter service disruption the next day. All three million users of the app were affected and it was a chain of human mistakes that led to both outages. IT techs noticed that a server was storing too much data, but as the support team tried to resolve the issue, all the servers went down.

9ZERO IN

Regardless of proper training, or the quality of IT technician hires, human mistakes will likely always lead to instances of a downed data center or network, especially considering the expected learning curve of adapting to new technologies. Ensuring proper communication amongst team members and adequate training at all levels is critical. Of course, it goes without saying that having a comprehensive backup strategy is also a necessity to counteract downtime and ensure business continuity regardless of who is having a bad day.

 

Virus/Malware/Hacks – SMBs are often guilty of thinking they are immune to hackers, viruses and malware. According to a National Cyber Alliance and Symantec survey, 77% of SMBs don’t believe they’re at risk for cybercrime while 83% admit to having no formal measures in place to counter these threats. This isn’t merely a threat to your data; it puts your bank account and the sensitive data of your customers at risk.

ZERO IN

Passwords should be regularly changed every few months. They should also be strong. This means no more passwords like “password” or “1234567.” Employees must be educated on security and precautionary measures. And there is no excuse for not having data backed up in this era of cloud computing and virtualization – where the entire contents of physical server – including the operating system, applications, patches and all data – can easily and cost-effectively be grouped into one software bundle or virtual server.

 

Application Failure – Many applications or their components contribute to recurring downtime. While virtualization offers many multi-faceted advantages it has also further exacerbated overlapping applications in the infrastructure. One small application component failure is now likely to impact many applications.

ZERO IN

It is critical that all components are profiled and there is a general understanding as to what each application does – the hardware resources used by the application and the software it integrates with. Identifying an owner will allow for better monitoring and recognition of failure points.

10

SMBs can benefit from a little help when it comes to properly implementing and leveraging this new technology to strengthen their disaster recovery efforts. Access to a 24/7 NOC (Network Operations Center) team offering remote monitoring and management solutions, along with a 24/7 help desk, can help SMBs improve backup, monitoring and troubleshooting processes for maximum uptime and business continuity.

CLICK HERE for a free network assessment.

 

Breach at eBay – Change Your Password Now

/in , , /by

The following article is from krebsonsecurity.com

“eBay is asking users to pick new passwords following a data breach earlier this year that exposed the personal information of an untold number of the auction giant’s 145 million customers.

In a blog post published this morning, eBay said it had “no evidence of the compromise resulting in unauthorized activity for eBay users, and no evidence of any unauthorized access to financial or credit card information, which is stored separately in encrypted formats. However, changing passwords is a best practice and will help enhance security for eBay users.”

Assisted by federal investigators, eBay determined that the intrusion happened in late February and early march, after a “small number of employee log-in credentials” that allowed attackers access to eBay’s corporate network were compromised. The company said the information compromised included eBay customers’ name, encrypted password, email address, physical address, phone number and date of birth. eBay also said it has no evidence of unauthorized access or compromises to personal or financial information for PayPal users.

The company said it will begin pushing out emails today asking customers to change their passwords. eBay has not said what type of encryption it used to protect customer passwords, but it previous breaches are any indication, the attackers are probably hard at work trying to crack them.

If you’re an eBay user, don’t wait for the email; change your password now, and make it a good one. Most importantly, don’t re-use your eBay or PayPal password elsewhere. If you did that prior to today, it’s a good idea to change that password to something unique at the other sites that shared it. And be extra wary of phishing emails that spoof eBay and PayPal and ask you to click on some link or download some security tool; attackers are likely to capitalize on this incident to spread malware and to hijack accounts.

eBay and PayPal users who haven’t already done so should consider using the PayPal Security Key, a two-factor authentication solution that can be used to add for additional security on both sites.”

With as many breaches occurring in only the first half of 2014, the necessity for internet and information security is at an all time high. SMBs and healthcare providers dealing with sensitive information need to protect this info from security breaches and potential data loss as a result. CLICK HERE to sign up for a security audit.

Five Ways SMBs Can Minimize Data Loss

/in , , , /by
  1. Enforce Data Security – This is more or less the managing of the “human factor.” CIOs and those in SMB management roles must communicate data protection policies to staff and ensure their implementation. Rules must be set, particularly with personal devices, to enforce security policies. It can be as simple as sending reminders to not open email attachments from unknown sources, requiring passwords be reset every few months or the banning of specific file sharing or social networking sites. In May of 2012, security concerns led to over 400,000 IBM employees being banned from using the cloud storage service Dropbox and Siri – the iPhone personal assistant. While far from an SMB, if IBM can go that far and make such a demand to so many employees, an insurance agent can certainly remind his or her marketing representative to not play Farmville on Facebook if they’re using a laptop containing company and customer/client data.
  2. Stress the consequences – both personal and business – of not properly protecting confidential data. Encourage employees to make passwords difficult to crack. Patch holes in the infrastructure’s walls by identifying the most critical data. Perhaps a trusted IT advisor can help implement processes to better protect that data’s security perimeters.
  3. Mobile Device Management – Mobile Device Management grants SMBs a semblance of control over the mobile devices used within the company. Devices tapping into company system are identified and remotely monitored and managed 24/7. More importantly, they are proactively secured via specified password policies, encryption settings, and automated compliance actions. Lost or stolen devices can be located and either locked or stripped of all SMB-related data.
  4. Snapshots – Fully backing up large amounts of data can be a lengthy process. The data being backed up is also vulnerable to file corruption from read errors. This means sizeable chunks of data may not be stored in the backup and be unavailable in the event of a full restore. This can be avoided by backing up critical data as snapshots, which are read-only copies of data frozen to a specific point in time and stored using minimal disk space. These virtual snapshots are immediately available for restores in the event of data loss.
  5. Cloud Replication and Disaster Recovery Services – The cloud provides SMBs who consider data backup to be too costly, time consuming and complex with a cost-effective, automated off-site data replication process that provides continuous availability to business-critical data and applications. Cloud replication can often get systems back online in under an hour following a data loss.

6

CLICK HERE for a free network assessment.