When it comes to cyber security, nothing is 100%. No matter how advanced your defenses are, hackers can find a way around them if they have enough time, money and resources. Because breaches can affect any business, it is important that you are prepared for worst case scenarios ahead of time. The right planning will help minimize damages to your business and help it to get back on its feet sooner.
With the ever-increasing flow of large-scale hacks, many seem resigned to the fact that its only a matter of time before they get hit too. Security and its challenges have fully penetrated mainstream thought. Everyone knows that the CIA, the FBI, Russia, and even the hacker next door can break into your computer or phone, hijack your router, intercept your traffic, and take over your life.
In response, there has been a huge cry for better training, more secure software, secure email and secure texting. Basically, security everywhere. But if the hackers and agencies are really this powerful, why should you bother?
Are security services and products worth anything these days? Do they actually provide any protection? Or are they the emperor’s new bullet-proof-vest? It is surprising how many people have come to accept a complete lack of security. Some seem to use this as an excuse to avoid technologies that could benefit both their personal and business lives.
A great example comes from a dentist who was interested in sending notices to his patients via text, but resigned himself to “not bothering” as there is “no way to secure these things, anyway.” While that may be true in an absolute sense, it is not true practically.
In this article we will examine the reasons why we should bother with security and how it can help us in our personal and business lives. Read the rest of this post.
LUXSCI RELEASES FREE HIPAA-COMPLIANCE EBOOK SERIES
New series further explains secure email, texting, websites, web forms and email marketing.
BOSTON, MA – May 30, 2017 – LuxSci (www.luxsci.com), the HIPAA-compliant Internet and Email Security experts, have just released their 3-part eBook series on HIPAA-compliant communications, aimed at healthcare organizations in need of additional information to help them better understand the methods and technologies available for safeguarding their practice and protecting patient privacy.
In the first eBook, “HIPAA-Compliant Email Basics”, LuxSci discusses HIPAA and ePHI, the provisions of the HIPAA email security rule, risk analysis and the need for encryption, and take a closer look at Gmail and Google Apps.
The next eBook, “HIPAA-Compliant Website Basics”, defines what is required from HIPAA-compliant websites, website hosting, and web forms.
The final eBook, “HIPAA-Compliant Bulk Emailing Basics”, is a technical guide to email marketing and outlines best practices for list maintenance, large-scale sending strategies, IP reputation challenges, SPF and DKIM considerations, and HIPAA-compliance specifics.
Erik Kangas, Ph.D. and CEO of LuxSci says, “Online communications technologies are pervasive and they can really help a healthcare organization stay current and engaged. Understanding the technologies, the risks, and the best practices are the first steps to getting started in a productive, compliant, and profitable direction. These eBooks provide a great deal of guidance, enabling you to get started quickly.“
To download these free eBooks and find out how LuxSci can help with HIPAA compliance, click here.
While messaging apps may have become more popular over the last ten or so years, email remains an important method of communication, particularly for business. Despite its common use, there are many security problems associated with regular email:
False messages are a significant threat, particularly when it comes to business and legal issues. Imagine someone else sends an email from your account – how can you prove it wasn’t you? There are many viruses that spread in this way, and with regular email, there is no concrete way to tell whether a message is false or not.
Normal emails can also be modified by anyone with system-administrator access to the SMTP servers that your emails pass through. They can alter or completely delete the message, and your recipient has no way of knowing if the message has been tampered with or not.
In the same way, messages can be saved by the SMTP system administrator, then altered and sent again at a later time. This means that subsequent messages may appear valid, even if they are actually just copies that have been faked. Read the rest of this post.
When everything is running smoothly, cyber security can go unnoticed by executives. It’s only when things go wrong that it tends to enter their peripherals. This often leads to inadequate budgeting or heavy cutbacks. Unfortunately, restricting security funds can result in incidents that cost companies many times more than what they would have spent on security measures.
Because of this, security can be seen as an investment that often has a high ROI, as long as it is applied strategically and intelligently. Although no amount of money and infrastructure can make your systems 100% secure, the right measures can still help to boost a company’s bottom line.
A well thought-out security plan is a balancing act between the costs of implementation and the potential damage of a breach. Sure, your company could invest in complex security measures, but is it justified by the risks you face?
In some situations–such as healthcare–highly advanced security is a necessity. Other businesses may be able to justify a lower level of security, particularly if they operate at a smaller scale and don’t handle sensitive data. Security needs will vary depending on industry and the individual business model, according to both the relevant regulations and the risk profile. Read the rest of this post.
The Wanacrypt0r 2.0 Ransomware May Have Stopped Spreading, But Are You Protected Against Future Attacks?
by Josh Lake
The vicious ransomware, Wanacrypt0r 2.0, may have been halted by the quick actions of a security researcher, but it won’t be long before a similar beast comes back with a vengeance. On Friday, the virus tore across the world, affecting more than 75,000 machines in over 74 countries.
It affected a range of businesses and organizations, including Fedex, Vodafone Espana, Santander, Portugal Telecom, Telefonica, and the UK’s healthcare system, the NHS. Once Wanacrypt0r 2.0 penetrated a system, it locked down files and demanded a ransom payment to have them decrypted.
The massive attack has seriously affected operations at a range of companies and has also forced some UK hospitals to divert emergency patients to locations that were unaffected. Although the spread of the attack has been stopped, it does not alleviate the problems for organizations that have already been infected.
Microsoft had already released patches for supported versions of their software that closed up the vulnerabilities. Despite this, the scale of the attack shows that many organizations either had not run the patch, or were using unsupported versions of Windows.
Due to the immense scale of the attack, Microsoft made the rare move to release patches that address the vulnerability in unsupported versions such as Windows XP, Windows 8 and Windows Server 2003. Organizations need to run these patches if they want to be protected from future forms of the virus, which could turn out to be even more damaging. Read the rest of this post.
Spam messages coming from… your own email? This may sound like a cheesy movie plot, but this form of spam, known as “spoofing,” can have horrifying consequences if they result in compromised security, stolen data, or malware on your company’s machines. Read on to find out how to snuff out spoofing and help everyone avoid these attacks in the future.
Phishing attacks have grown more complex as hackers learn how to defeat security measures and countermeasures, and their targets have become more lucrative in scope and scale: the CEOs, CFOs, CMOs, and other executives collectively making up your company’s C-suite. Personalized hacks that target top executives, known as “spear phishing” or “whaling,” can be incredibly detrimental. Training and awareness are your top tools for strengthening your C-suite’s ability to recognize and defend itself against malicious cyber threats.
Online privacy is becoming more important as our lives increasingly migrate to the internet. With government surveillance intensifying, you may have come across the term Tor as a way to protect yourself. So what exactly is it?
The Onion Router (TOR), is an open source project that aims to provide anonymous communication for its users. The underlying technology was initially developed by the United States Naval Research Laboratory in the nineties as a way to protect communications within the intelligence community. Tor has since moved over to the open source community, supported by a range of volunteers, privacy advocacy groups, various US government departments and others.
Tor allows web browsing, messaging and chat, as well as access to .onion websites, which are a secretive side of the internet. Unfortunately, Tor cannot give a user complete anonymity, particularly from government level surveillance. This is because these entities have the capability to correlate the traffic that goes into Tor with the traffic that exits. Despite this, it is still a useful tool that can help to enhance privacy in a range of use cases. Read the rest of this post.
A question about HIPAA-compliant transactional email from Ask Erik:
As a non-technical member of the founding team of a Health Care Startup I have a question about HIPAA-compliant email as we begin to send out lab test results to individuals and the health care providers we partner with:
“Does one dedicated email address for results distribution that is HIPAA-compliant and secure make us in compliance. ”
We have team members who communicate with our DDS clinics but they don’t distribute test results. Only I will do that through a dedicated email address. What do we have to do to be compliant from day one of distributing test results as part of our service to our customers (primarily dentists and oral surgeons)?
I was told by the service provider of our website and email hosting services that if we made the one email address a Business Premium account using the Microsoft Secure Server, that all the other regular email addresses would be covered as well. Is this true?
Thank you for the forum to ask real life scenario questions.
There are many aspects to your question. Lets address each one in turn: Read the rest of this post.