" security Archives - Page 4 of 8 - LuxSci

Posts Tagged ‘security’

Login security & passwords – yesterday, today and tomorrow

Wednesday, December 20th, 2017

The act of “logging in” – that is, gaining access to some private area in a shared space – has been with us since the early 60s with the introduction of time-sharing computers, albeit confined in those days to very limited professional circles. However, with the use of the public internet as a communication and social medium and the growth of the web as a platform for commerce in the past twenty years, remembering login names and passwords for access to all our online resources is as commonplace as remembering the birthdays of our loved ones. While we might remember at most ten birthdays (with the rest written down in calendars and diaries), the average person has accumulated, based on an anonymized survey of its enterprise accounts by the popular password manager vendor LastPass, about 191 online accounts!

Lest this seem like an absurdly large number, consider all the professional accounts as well as numerous personal ones accumulated over one’s online lifetime, many of which are quickly set up for some online purchase or commenting at an informational web site and then forgotten or rarely visited. These days it seems that even the slightest online activity requires creating an account and signing in. Thus, it is not surprising that most people reuse the same login credentials (user name and password) across multiple sites. Security experts have long warned against this obvious vulnerability, but who can blame the average user for choosing an easy path to manage this increasing burden of remembering multiple passwords. (Some recent statistics suggests that only 22% of online users in the US use different credentials for each online account.)

Read the rest of this post »

Tags: login, password, security, sqrl
Posted in LuxSci Library: Security and Privacy
No comments »

Application Specific Passwords / Login Aliases at LuxSci

Thursday, December 14th, 2017

LuxSci now supports the creation of “application-specific passwords” for individual user accounts.

What are these?  The are essentially “login aliases.”

Increase your security through application-specific passwords
Users can create distinct username/password combinations for use with different applications, devices, or for shared account access.  These login aliases can have limited privileges; for example, granting access only to email or only to web site file storage.  Use of application specific passwords can greatly enhance user security.  In this article, we will discuss application-specific passwords, what their benefits are, and how to use them effectively.

Read the rest of this post »

Tags: application password, login, password, security
Posted in LuxSci Library: Security and Privacy
No comments »

WordPress & HIPAA – can these coexist?

Monday, October 23rd, 2017
For a deep dive, see our white paper: Securing WordPress

As we discussed in an earlier post, WordPress, despite its vulnerabilities, is the world’s most popular content management system for both blogging and creating web sites.  It is popular because it is quick to set up, easy to administer, with a very large choice of plugins for add-on functionality, and themes for making the sites look good.  As a result, many LuxSci customers use WordPress in one fashion or another for their web sites hosted at LuxSci.

As LuxSci caters to a large segment of customers who have specific compliance needs, specifically HIPAA compliance, we are frequently asked about using WordPress in a medical provider setting. Given the information about WordPress vulnerabilities, the question usually asked is whether a site created using WordPress can secure access to electronic protected health information (ePHI) in a way that meets the requirements of the HIPAA-HITECH regulations.

WordPress for HIPAA-compliant sites?

Such questions are reasonable because although WordPress has many great features that make it quick and easy to get a web site running, it is still a third-party tool which is not specifically designed to conform to HIPAA standards. When using any third-party software, you should be aware of the associated risks that are out of your control. Vulnerabilities in WordPress can disrupt your site’s availability, perhaps even lead to a breach of protected and private information. Even if it is the WordPress software that’s at fault, the responsibility for any security lapses still falls on the site owner.

However, it is not all doom and gloom. The short answer to the question posed in the title of this post is “yes”. It is possible with care to build a site with WordPress (including plugins and themes) that is secured in a way that meets the requirements of the HIPAA security rules. The remainder of this post will discuss how this might be achieved.

Read the rest of this post »

Tags: hipaa, security, wordpress
Posted in LuxSci Library: HIPAA, LuxSci Library: Web Design and Programming
No comments »

Securing WordPress sites

Tuesday, October 17th, 2017
For a deep dive, see our white paper: Securing WordPress

We have written posts describing WordPress vulnerabilities and the methods hackers use to exploit these. In this post, we describe steps by which a web site owner can mitigate the risks of using WordPress as a content management system. After all, it cannot be denied that WordPress remains the most user-friendly tool for creating and managing both large and small websites, as shown by its enormous adoption rate.

There is a very rich literature describing WordPress vulnerabilities and ways to harden a system against exploits. Here we distill some of these learnings into a practical guide for WordPress-based web site owners. We specifically have in mind small to medium-sized medical practices that wish to use WordPress to create (or maintain) their online portal for patients. In a future post, we’ll describe how such steps can meet HIPAA-HITECH guidelines for safeguarding electronic protected health information (ePHI).

We describe these steps in a layered way – starting at the bottom with the hosting server infrastructure, before moving to the WordPress platform itself and other applications.

Read the rest of this post »

Tags: security, wordpress
Posted in LuxSci Library: HIPAA, LuxSci Library: Web Design and Programming
No comments »

6 Telehealth Privacy and Security Essentials

Thursday, September 21st, 2017

HIPAA covers telehealth but does this make it safe? Learn the measures that ensure patient safety and privacy while using a virtual doctor visit program. 

Over the past few years, the rise of telehealth in healthcare has transformed patient-doctor interactions. Nonetheless, the privacy and security of protected health information (PHI) remain a big question. These concerns make sense because new technology often comes with new challenges.

Luckily, every problem comes with a solution. Thus, making a few smart choices can work wonders to keep the patient data protected.

Read the rest of this post »

Tags: ePHI, hipaa, HIPAA-compliant video conferencing, privacy, security, telehealth, video conferencing
Posted in LuxSci Library: HIPAA
1 Comment »

« Older Entries
Newer Entries »