anti-virus Archives - Third Rock

Cyber Hygiene: Are your systems hardened?

Robert Felps — Thu, 08 Feb 2018 15:00:46 +0000

Third Rock performs Risk Assessments (Security Risk Analysis) for very small firms to large organizations in healthcare, technical, financial, insurance, oil and gas, and other industries. We know the focus of the assessment needs to be security; therefore, we run an industry standard (NIST based) scan checking computers for vulnerabilities and many variants of compliance. (NIST stands for National Institute of Standards and Technology) Our findings show that the average covered entity is about 15% compliant and the Windows Operating System is about 27% compliant against the NIST test. It’s obvious to us that cybersecurity has not been addressed.

You might ask, “How do we improve these findings and correct these issues?”

It’s actually not too difficult.

Make sure your software is up-to-date. You should have “auto-update” turned on for operating systems, anti-virus software, and applications.
Ensure that your backups are (a) current, (b) secure, (c) off-site, and that they work. Test the backups on a daily basis to make sure they have not been encrypted by ransomware.
Correct the deficiencies of the Windows operating system, including setting up password policies. Utilizing a domain is wise.
Hire competent IT staff or a Managed Service Provider to provide consistent service for your computers and network. Paying for assistance only when you have a problem means no one is monitoring your network or computers on a regular basis.
Make sure your network has been locked down. Change firewall logins regularly, and use strong passwords. Hide or turn off WiFi broadcasting and use strong passwords. Do NOT allow guests onto the company network.
If you’re a larger covered entity, you should consider hiring a Managed Security Services Provider (MSSP).

Hope this helps you think about cybersecurity in a new light and to take action to harden your systems and network.

If you have any questions drop us an email at compliance@thirdrock.com. We’re happy to help!

Protect your Clients. Protect your Organization. Protect Yourself.™

The post Cyber Hygiene: Are your systems hardened? appeared first on Third Rock.

Protect Yourself!

Ed Jones, PMP, CHSP — Wed, 20 Sep 2017 14:00:01 +0000

If you’ve read our blog articles before, you’ve seen our tag line; Protect your Patients. Protect your Practice. Protect Yourself. Most of our articles focus on protecting your practice and patients. Very few have been focused on you, the individual and your protection. Now each newsletter will include advice on how you can better protect yourself and your confidential data. Hopefully we can help your family and friends as well.

So, let’s start at square one; your home computer. If it is connected to the Internet, it is vulnerable to cyber attack. Install a reputable antivirus software package on your system and turn on automatic updates. Thousands of new computer viruses are created daily and existing ones are continually updated in an effort to sneak past antivirus software. Almost a million new variants per day! It’s very important that antivirus software is continually updated to recognize the latest viruses. If you use on-line banking or bill payment, it is essential to have antivirus software. There are many good products on the market that will cost between $20 to $60 per year. There are some decent free versions available as well. Search on 2017 antivirus reviews and a wide range of reviews are available, most from publications. In my opinion, most are not completely unbiased due to ad revenue issues. I tend to rely on Av-Test, an independent lab: https://www.av-test.org/en/antivirus/home-windows/.

I won’t recommend a product as preferences vary and it boils down to personal preference. I will say I don’t rely on Microsoft’s Windows Defender. There are also concerns about Kaspersky Lab, which is always rated high, but there are worries about links to the Russian intelligence agencies. Though Kaspersky denies any ties to Russian government or spy organizations, the US government is blocking purchase and use of the software in its organizations.

Hope this helps you personally! Join our free monthly newsletter to stay up-to-date on HIPAA and cybersecurity.

Protect Your Patients. Protect your Practice. Protect Yourself. ™

The post Protect Yourself! appeared first on Third Rock.

Closing the Cybersecurity Gap

Clint Eschberger — Thu, 06 Jul 2017 14:00:45 +0000

As we hear more and more about breaches and ransomware in businesses and especially healthcare, it is becoming an even greater concern for healthcare business owners. It is no longer if you will be attacked, but when and how often.

The first step in closing the cybersecurity gap is to realize that you can’t do it on your own. Cybersecurity is not finding your basic “IT guy” that “can fix it”. It is about obtaining the right resource whether that is a full time hire or a managed service.

The next thing to realize with cybersecurity is that it is not a one time fix, but is ongoing and continually changing to meet the new challenges coming out every day. This is not just adding a firewall, anti-virus, patches, etc. It is a plan, a mentality that evolves over time.

HIPAA is actually a good start towards good cybersecurity, but it is not everything. We all like to complain about HIPAA, but it is actually a great guide to getting your business far more secure and ready to be secure. However, to truly close the cybersecurity gap, no static documents and processes will keep you continuously secure by themselves.

Why worry?

One breach can close your business! Think about your business being down for days, weeks, or even longer. How long can you survive? What about a breach where patient data gets stolen and leaked!! Now you have to go through notifying the government and the public, HIPAA audits, and major fines.

Keep in mind there are 4 tiers of HIPAA fines. If you have a proper HIPAA risk assessment and cybersecurity plan, those fines will be significantly reduced. If not, you could see fines of $50,000 PER PATIENT RECORD.

Time to close that GAP!!

Protect Your Patients. Protect Your Practice. Protect Yourself™.

If you have questions concerning establishing a cybersecurity plan or about HIPAA, including how to conduct a Security Risk Assessment or how to best remediate identified risks, please contact us: info@thirdrock.com; 512.310.0020. We’d be happy to help!

The post Closing the Cybersecurity Gap appeared first on Third Rock.

Cybersecurity: Have you hardened your systems?

Robert Felps — Tue, 25 Apr 2017 14:00:15 +0000

We perform HIPAA Risk Assessments (Security Risk Analysis) for very small practices to large healthcare organizations, plus business associates that include software, big data, and marketing companies. We know the focus of the assessment needs to be security; therefore, we run an industry standard (NIST based) scan checking computers for HIPAA compliance. (NIST stands for National Institute of Standards and Technology) Our findings show that the average covered entity is about 15% compliant and the Windows Operating System is about 63% compliant against the NIST test. It’s obvious to us that cybersecurity has not been addressed.

If you’re a covered entity or a business associate, you might ask, “How do we improve these findings and correct these issues?”

It’s actually not too difficult.

Make sure your software is up-to-date. You should have “auto-update” turned on for operating systems, anti-virus software, and applications.
Ensure that your backups are (a) current, (b) secure, (c) off-site, and that they work. Test the backups on a daily basis to make sure they have not been encrypted by ransomware.
Correct the deficiencies of the Windows operating system, including setting up password policies. Utilizing a domain is wise.
Hire competent IT staff or a Managed Service Provider to provide consistent service for your computers and network. Paying for assistance only when you have a problem means no one is monitoring your network or computers on a regular basis.
Make sure your network has been locked down. Change firewall logins regularly, and use strong passwords. Hide or turn off WIFI broadcasting and use strong passwords. Do NOT allow guests onto the company network.
If you’re a larger covered entity, you should consider hiring a Managed Security Services Provider (MSSP).

Hope this helps you think about cyber security in a new light and to take action to Protect Your Patients, Protect Your Practice, and Protect Yourself.

If you have any questions drop us an email at compliance@thirdrock.com. We’re happy to help!

The post Cybersecurity: Have you hardened your systems? appeared first on Third Rock.

Why Physicians should never use public Wi-Fi

Robert Felps — Tue, 10 Jan 2017 15:00:01 +0000

We all enjoy the convenience of being somewhere, like a coffee shop, airport, hotel room, or lobby of a building waiting, and hopping on the free WiFi to catch up on some work. Unfortunately, all healthcare workers should avoid free WiFi at all costs. It is very important to realize that if you can access the free WiFi, so can anyone else. They can even leave devices behind that stay on the WiFi, breach other systems and transmit the data back to their “home” base. If you share a local WiFi network, it is fairly easy for someone to access your device (laptop, tablet, phone) and copy data from your device to theirs without you ever knowing it. It’s worth noting that criminals can infect your device with a virus or malware and later take control or steal data from your device.

There are several things you can do to prevent a breach …

Don’t connect to free WiFi networks.
Use your mobile phone hotspot or wait until you’re on a known secure network.
If you do use free WiFi or connect remotely to your EMR or other applications use a VPN (virtual private network).
Make sure you have a properly configured firewall on your device and select “public” network when you connect.
Encrypt the data on your device.
Did I say, “Don’t use free WiFi networks.”?
Don’t download, access, or store PHI on mobile devices.

Their are various ways to address the above list, contact your tech expert for assistance and make it a high priority.

Take away: Make cyber security a top priority for 2017, take a step each week to improve your cyber security.

The post Why Physicians should never use public Wi-Fi appeared first on Third Rock.

Focus on Technology: HIPAA Quick Fixes

Clint Eschberger — Tue, 27 Sep 2016 14:00:37 +0000

While meeting all the HIPAA requirements for your technology (computer, network, etc.) requires some planning, there are some quick fixes that can greatly reduce the odds of your organization being breached while at the same time starting you on your path to compliance.

Below are some common issues that we see at all sizes of organizations. How you go about correcting some of them is determined by the size and resources of your organization.

Quick Fix #1

Issue: The operating system (i.e. Windows) on your organization’s computers / laptops is out of date.

Details: Hackers are constantly finding new ways into your computers. If you do not keep your computer up to date, it leaves these vulnerabilities open for attack.

Fix: For smaller organizations you will need to manually check each of your computers to make sure automatic updates are turned on and updating. Alternatively there are centralized patch management systems that can help, if you are running on a Windows domain.

Quick Fix #2

Issue: Weak password! Simple passwords DO NOT WORK!

Details: Hackers can download a tool off of the internet to crack passwords fairly easily. The weaker the password the more likely the hacker will be able to breach your computer and network.

Fix: Require that all users have unique accounts and passwords that are a minimum of 12 characters with a mix of UPPERCASE, lowercase, numbers, and at least one special character (i.e. !@#$%^&*). You should also have your users change their password every 90 days max. If you have a Windows domain you can enforce this with a domain policy.

Quick Fix #3

Issue: Outdated Antivirus

Details: Similar to #1, if your antivirus is out of date, your computers and networks are vulnerable to the latest virus’, malware, and ransomware.

Fix: Check all of your computer’s antivirus software to ensure that it still has an active subscription, is running, and is being updated. Most major antivirus companies have business versions of their product that allow you to centrally manage the antivirus and reduce the likelihood of something happening.

Quick Fix #4

Issue: Lack of trained staff

Details: Staff that has not been trained to watch out for malware in emails or on the web is generally the most likely way for your organization to become a victim of malware or ransomware.

Fix: Ensure the staff is properly trained in HIPAA. There are plenty of online training courses that are neither expensive nor time consuming. While the return on investment may be hidden, it is huge.

The post Focus on Technology: HIPAA Quick Fixes appeared first on Third Rock.

Using Caution with Email Attachments

Clint Eschberger — Tue, 12 Jul 2016 13:45:50 +0000

Email is a way of life in most business and is often one of those tools we take for granted. We all feel the pain when it is down as for many it is a key part of their job. It’s also an extremely powerful tool that allows us to not only send and receive messages and meeting request, but also attachments. This is where email becomes dangerous to both you and your organization. Most organizations take some level of effort to protect the computer and network from these potentially dangerous attachments with varying levels of success. However there are practical steps that you can take to help ensure that a dangerous email attachment does not infect your organization.

Why can email attachments be dangerous?

Some of the characteristics that make email attachments convenient and popular are also the ones that make them a common tool for attackers:

Attachments can pose a threat when it is an executable and/or script.
Attachments can come in the form of a virus which infects your computer and potentially automatically forwards itself to everyone in your address book, quickly infecting your entire organization as well as others in your address book. This could include ransomware, data theft, etc.
Attachments could be used to data mine your emails for personal or business information that can be used to harm you or your organization.

What steps can you take to protect yourself and others in your address book?

Be wary of unsolicited attachments, even from people you know – Just because an email message looks like it came from your mom, grandma, or boss doesn’t mean that it did. Many viruses can “spoof” the return address, making it look like the message came from someone else. If you can, check with the person who supposedly sent the message to make sure it’s legitimate before opening any attachments. This includes email messages that appear to be from your ISP or software vendor and claim to include patches or anti-virus software. ISPs and software vendors do not send patches or software via email.
Keep software up to date – Install software patches so that attackers can’t take advantage of known problems or vulnerabilities (see Understanding Patches for more information). Many operating systems offer automatic updates. If this option is available, you should enable it.
Trust your instincts – If an email or email attachment seems suspicious, don’t open it, even if your anti-virus software indicates that the message is clean. Attackers are constantly releasing new viruses, and the anti-virus software might not have the signature. At the very least, contact the person who supposedly sent the message to make sure it’s legitimate before you open the attachment. However, especially in the case of forwards, even messages sent by a legitimate sender might contain a virus. If something about the email or the attachment makes you uncomfortable, there may be a good reason. Don’t let your curiosity put your computer at risk.
Turn off the option to automatically download attachments – To simplify the process of reading email, many email programs offer the feature to automatically download attachments. Check your settings to see if your software offers the option, and make sure to disable it.
Save and scan any attachments before opening them – If you have to open an attachment before you can verify the source, take the following steps:

Be sure the signatures in your anti-virus software are up to date.
Save the file to your computer or a disk.
Manually scan the file using your anti-virus software.
If the file is clean and doesn’t seem suspicious, go ahead and open it.

The post Using Caution with Email Attachments appeared first on Third Rock.

Coffee Makers and World Mayhem!

Robert Felps — Tue, 17 Nov 2015 15:00:46 +0000

We’ve all heard or read about cyber breaches and viruses taking down clouds of computers or stealing millions of customer records. But have you ever thought about a virus shutting off your coffee maker. You might ask, “Why would a criminal want to turn off my coffee maker?” Well, you’re not thinking like a criminal or an aggressive nation. Instead of thinking about it on a personal basis, “Why did these scums crash my computer and cause me to lose all my data!”, think about the pandemonium they can cause by hitting millions of people simultaneously with a frustrating event.

Back to coffee makers. Let’s assume the Internet of Things is here for coffee makers and most of the coffee makers in the (modern) world (70% of them) are connected. A nation wants to cause the American economy to have a hick-up. They release a time-bomb virus on all coffee makers. On Valentine’s Day, the virus shutdowns all coffee makers in the U.S. Every “addicted” person awakes, goes to make a cup of coffee and nothing happens. Well, fine, some pull out the old coffee maker from under the cabinet and stumble through making their addiction juice. But, most head out to buy a cup. However, the virus has shutdown industrial coffee makers too. Now, this is getting ugly and fast. People, think, fine, I’ll head to the office and make coffee. Upon arriving at work they head straight to the break room and find a line of torqued up coffee addicts. The machine doesn’t seem to be working, no power. Hmmm, my coffee maker didn’t work either. Now, the cats out of the bag and everyone realizes all of the coffee makers are “down”. But, not sure why.

Production for the day isn’t good. Many workers, the coffee drinkers are edgy, the other workers are wondering what appliance is next and millions of man hours are wasted. Everyone, thinks, “Someone” will fix the problem and tomorrow will be better. But, there is no simple, quick fix. Plus, half of the nation screwed up, forgot to buy flowers and chocolates because they were to self-consumed with not having their daily coffee. If only a 10% reduction in Valentines Day spending, that’s $1.9 Billion. The second day is worse, production is lower, but people decide to take matters into their own hand and buy new coffee makers. The problem is, the virus hits those coffee makers immediately and they become useless counter weights. This goes on for several days at full force and lingers on for several weeks.

So, the criminals or nation has been successful in disrupting American productivity. SCORE!!! Now it’s time to get serious and do some real damage, the proof of concept was very successful, and the side benefit was good too. The criminals bought large amounts of coffee maker stocks, which rose over the following weeks and months. To add insult to injury they made millions off the demand they generated and disrupted American productivity. They are the envied Kings of the dark net world.

Now, the game is on, the next guys will be working hard to do it bigger and better soon. Be wary of your need for convenience or desire to live like the Jetson’s. The Internet of Things is here and bringing massive changes to the world, but like most changes there are side effects and some are worse than others.

Next up: Mass Hysteria -The Hacking of A-u-t-m-o-b-i-l-e-s! (You thought coffee makers pose a problem!)

The post Coffee Makers and World Mayhem! appeared first on Third Rock.