Blog

  • 0

Hospitals back on the Ransomware Radar in August

It seems once again the Locky ransomware is appearing in email boxes at hospitals in the US and Japan just waiting on the unsuspecting user to open it.  If you don’t know where the email came from or if you do and it still looks suspicious – don’t touch it.  If the email is not known to you, delete it immediately or if it is from someone you do know and it looks suspicious then call the sender and ask if they sent it.  You always want to be sure you are opening a legit email and one extra phone call or email to the sender is worth the time and energy required to fix a ransomware hit.

One has to wonder, when the success rate isn’t what they expect, will the local clinics and doctor offices be next? It’s scary to think that is a possibility.  Only time will tell, and the best solution is to have a good backup of all your data and practice safe computing practices when it comes to opening emails.

Click the link below to read the recent article on the sudden increase in the Cyber Assault on hospitals:

The Register

 


  • 0

Virtual Desktop Infrastructure and the Hidden Business Use Case

As technology evolves, many organizations are seeking to transition from an internal IT infrastructure to a virtual desktop infrastructure, also known as VDI. Ultimately, while this may seem moderately easy for an organization to achieve, there are a myriad of things to consider. The rationale on implementing a VDI can vary and for some a Virtual Desktop Infrastructure can be deployed without disrupting or  displacing an existing environment. Provisioning, installing and testing can be achieved in a parallel setting while never impacting day to day operations.

Now what? When making any decision to transition from one technology to another, you should ask yourself a few essential questions:

1. What is my return on investment (ROI)?
2. Will this investment make my company more secure?
3. Will I see an increase in operational efficiency and gain productivity?
4. Will this make me competitive?

Now let’s think through the “how” of your IT environment:

  • Have I fully defined my requirements? What is truly needed for people to do their jobs and how will each department will be impacted?
  • Have I considered the method of adoption and how each employee will be introduced and trained on the new technology?
  • How will I capture the cost savings of implementing VDI into my environment?
  • How will I redeploy IT resources to focus on higher value initiatives to meet the ever demanding and changing needs of today’s data, security, and mobility challenges? How will this allow the IT team to focus on the task at hand and increases operational efficiency?

Red Night Consulting

 


  • 0

No Business is Too Small to Be Hacked

The already alarming number of targeted attacks aimed at small to medium sized businesses is on the rise and provides an indication that hackers are devoting resources to what they see as the most vulnerable targets.

Example: Target stores data breach in 2013 and millions of  dollars later to settle!

Reuters Article

Who, what, when, where and why?

A targeted attack is one that’s tailored to a specific company and in some cases even an industry. This is simply where Mr. What meets Mr. Who. Cyber-criminals A.K.A “hackers” are furnishing customized malware acts to particular vulnerabilities and can use information gathered publicly — or stolen from other companies. All of this can be done simply to create emails containing malicious attachments that have a higher chance of being opened by your employees. The industry calls it Social Engineering; a type of attack that is proving to be successful because it targets your greatest asset yet exposes your greatest vulnerability – your employees. Despite warnings and your IT department’s efforts to increase security, regular awareness training and warning workers away from opening potentially dangerous emails can help lower instances of these hackers getting in to your system.

Hackers are shifting resources toward small companies because they often partner with large businesses in fulfilling major contracts. This is where Mr. Who meets Mr. When & Why. Smaller companies can be the weakest link in the resell, distribution, fulfillment and eCommerce chain. Cyber-criminals can use small businesses to gain information that can used to penetrate the security posture of their larger partners.

Small businesses can improve their security posture by following best practices, such as having a process in place to ensure that all software is up-to-date and patched regularly. Hackers go after known vulnerabilities (say hello to Mr. Where), so having the latest version of an application goes a long way towards protecting your company’s most valuable asset – your data.

NY Times

 


  • 0

HIPAA Guidance on Reporting Ransomware

According to the Health Insurance and Accountability Act (HIPAA), all Ransomware infections need to be reported to the Department of Health and Human Services. This is to be handled as a breach because in the act of encrypting the file, the attacker has acquired the files and has impacted the the ability to access the data and maintain the integrity of the data.

As always, prevention is better than recovery but it isn’t always easy. This type of risk can appear to new but in reality, these threats have been around a long time. It is no different than a disk or storage failure. Therefore, the magic bullet is to have adequate backups of all data and systems as required by HIPAA. Never have patient health information (PHI) stored where it cannot be backed up, or in a copy that can be replaced by restoring the data to its pre-encryption state. The best idea is to only work with copies and never original data.

HHS FACT SHEET (PDF)
Health Leaders Media
SC Magazine: