Despite the best efforts of individuals and businesses alike, cyber security incidents rose sharply in 2018. This, despite increasing awareness of the importance of cyber security. While some recent cyberattacks, like the Facebook attack, proved to be very public and well-known, other attacks often go unnoticed or unreported in mainstream news.
Why is the number of cyber security incidents rising, despite strong efforts from professionals around the world? There are several reasons contributing to this rise, which all businesses should know about. Education is the best tool for increasing prevention of these cyber security incidents.
New Types of Cyber Security Breaches
One of the biggest reasons for an increase in cyber security incidents was cryptocurrency mining malware. Cryptocurrency was not well-known until recently. That all changed in late 2017, when cryptocurrency prices rose to all-time highs. What was once an obscure method for exchanging funds online had suddenly become a popular investment tool for many people, which created a new target for hackers.
Even though cryptocurrency prices dropped steadily throughout 2018, there is still value in these digital currencies. As a result, hackers have developed malware that can use the processing power of victim’s computers to mine cryptocurrency. The funds are sent to the hacker, while the victim may be unaware.
The challenge for individuals and businesses is that malware lowers productivity, slows devices, and can lead to premature device failure.
Cyber Attacks are Big Business
As new types of security breaches are developed and discovered, the potential gains for hackers continue to rise. In the past, many cyber security incidents focused on stealing online banking info and other important pieces of information from individuals. While this was profitable for hackers, it pales in comparison to the scale of some recent cyberattacks targeting businesses.
It is estimated that cyber attacks cost the U.S. economy more than $100 billion per year. This is due to the increasing value of these devastating attacks. For example, ransomware can encrypt a company’s important data and hold it ransom until payment is made. Some businesses without proper backup plans end up paying large sums of money to have their data unlocked.
One of the most high profile recent cyber attacks using ransomware involved the city of Atlanta. City services were disrupted, public data was likely accessed, and the final cost had the potential of reaching millions of dollars for the city.
Governments are Getting Involved
When many people think of a hacker, they think of a computer geek sitting in a dark apartment with a bright screen and lines of code flashing past. Of course, those scenes from movies that form our imaginary idea of what a hacker looks like are not always accurate. In fact, many hackers may be sanctioned by foreign governments and even working out of government buildings around the world.
Countries like Russia and China have ramped up cyber attacks against other nations and companies around the world to disrupt operations or glean sensitive information. The United States recently accused China of corporate espionage and alleged that Chinese hackers backed by the government had been accessing and stealing sensitive data from American businesses.
As governments continue to consider cyber attacks as a legitimate form of espionage or warfare, hackers may find that they have greater support and backing to carry out their deeds. This may be one explanation for increased cyber security incidents over the past year.
How to Protect Against All Types of Security Breaches
Perhaps the only good news to come from recent cyber attacks is that awareness and vigilance will continue to increase. Hackers rely on security weaknesses to carry out their attacks and, with proper prevention, many cyber attacks can be stopped.
Education, awareness, and implementation of security best practices can greatly reduce the chances of falling victim to cyber security incidents.
To learn more about cyber attacks and how to keep your data safe, please contact RJ Young today.
For many businesses, the most secure and affordable way to handle their network is by utilizing an external company’s expertise. By using managed IT services, companies are able to focus on their business, while simultaneously meeting compliance and security standards. In the age of network breaches and cyber attacks, it is more prudent than ever for businesses to understand how managed IT compliance and managed IT security differ and why it matters.
The Ins and Outs of Compliance and Security
Prior to learning about the differences between managed IT compliance and security, it’s imperative to understand IT compliance and security.
Compliance Is External
“IT compliance is the business of making sure that everyone is following the rules. The question is, what rules are they compliant with?” – Chapter President of ISSA – Chattanooga
The external rules facing companies are typically found in the form of statutes or laws. These can be laws relating to specific industries such as the Family Education Rights and Privacy Act (FERPA) for Education or the Health Insurance Portability and Accountability Act (HIPAA) for Healthcare. Other standards are used as a means of risk management for national security. A prime example of this is the Payment Card Industry Data Security Standard (PCI DSS). This standard was put in place to protect credit card users from schemes.
Rather than focusing on the technical needs of the company, compliance is used for reporting purposes and aimed at meeting regulations to keep legally running their business. With hundreds of IT standards to meet, companies often enlist managed IT compliance services from another company. This decision allows them to focus more of their time and energy on their operations, while the IT services ensure the company’s IT network is meeting the benchmarks set by their respective regulatory committee to avoid paying fines that can reach up to $1.5 million per violation each year.
Security Is Internal
Whereas compliance focuses more on satisfying an external entity, security is about protecting the company’s internal network and confidential information. A company that provides IT security to businesses, when broken down into its simplest form, finds ways to mitigate any network issues and prevent harmful threats from ever occurring. Essentially, the company is hiring someone who has a broader range of capabilities and offerings to protect their business. While internal IT may have some ability to safeguard a business’s network, they may not have the manpower to handle a company-wide security threat. Managed IT services have teams dedicated solely to protecting the client’s entire company from threats. This kind of security guarantees that a business’s data and sensitive information is safer than it would be using the capabilities it possesses in-house.
The Security and Compliance Relationship
Compliance standards are all about ensuring companies are meeting certain levels of security in order to protect individual users on a national, and sometimes international, level. There is a certain level of IT security that a business inherently has when they are meeting regulatory compliance. From this standpoint, security and compliance seem to go hand in hand with one another. While meeting the compliance benchmark may seem to provide a sufficient amount of security for a business, this is often not the case.
“Being compliant does NOT mean you are secure, as many recent breaches have shown.” – Chapter President of ISSA – Chattanooga
Meeting bare-minimum compliance standards in an effort to reduce costs associated with information security leaves a company vulnerable and highly susceptible to a cyber attack. Another reason to avoid simply meeting compliance targets is the ever-changing nature of Information Technology. A business is never truly finished protecting itself. Constant upgrades and improvements are being made to protect businesses from threats that are more adaptive and intelligent in design.
Why Managed IT Is the Proactive Solution
Compliance benchmarks, though they may be updated periodically, are reactionary in nature. After a large breach, action committees need to get additional laws and amendments passed to alter the original law. Unfortunately, this process takes time and requires evidence of need -such as a large breach- before it is enacted. Needless to say, simply being compliant prevents a business’s IT security from being up to date. As formerly stated, managed IT services help put a company’s focus back on managing their business rather than staying compliant. When a company employs the help of managed IT services for regulatory compliance, they acquire a team of IT professionals. This team uses its expertise to provide an advanced-network security program that not only meets compliance standards but exceeds them. They proactively seek out potential hazards in the pipeline in an effort to eliminate any threat before it happens.
Is your business safe from the next wave of cyber threats? Learn more about how RJ Young’s Managed IT Services can help your business stay secure and meet your industry-specific regulatory requirements by filling out our contact form or calling us at 800-347-1955.
The healthcare industry has some of the most stringent standards in terms of data-related regulatory compliance. HIPAA (the Health Insurance Portability and Accountability Act) applies to 18 different aspects of individual health information that could potentially be used to identify someone. HIPAA privacy rules apply to both written and visual information. Privacy rules are only one aspect of HIPAA. While the entire act revolves around patient privacy, it’s not only organizations within the healthcare industry that need to be concerned about HIPAA compliance. Any covered entity or business associate that interacts with healthcare information also falls under the jurisdiction of HIPAA and must meet the requirements set forth by the HIPAA security compliance checklist. The good news for healthcare providers, dentists, and doctors is that document management providers are able to ensure they remain compliant with HIPAA.
The HIPAA Security Compliance Checklist
The HIPAA compliance checklist is just what it sounds like – a checklist of criteria that organizations must meet in order to comply with HIPAA regulations. The requirements of HIPAA are broad so they can be applied to all organizations that come into contact with Protected Health Information (PHI). There are five main technological safeguards that must be in place, according to the HIPAA compliance checklist. These HIPAA security rules include:
- Implementation of a means of control
- The inclusion of a verified authentication method for ePHI
- Tools for encryption and decryption
- Introduction of activity logs and audit controls
- Facilitation of automatic log-off for network-connected devices
Failing to adhere to HIPAA compliance comes with a heavy cost. Fines for violations can be as high as $1 million when sensitive information is concerned. Needless to say, any organization within healthcare or related to healthcare cannot afford to neglect security measures that involve Patient Health Information.
HIPAA Compliance & Document Security Equipment
The primary challenge of medical software is dealing with document management. Because such software is essential to processing large numbers of documents, most healthcare providers utilize these systems. Some of the key features of quality medical document security software include ease of use, strictly defined structure, and data security. Security solutions at the software level mean little without the hardware necessary to implement those solutions. Document security equipment includes medical office multi-function printers, medical office scanners, and network security, which helps to deal with issues that all organizations must concern themselves with today.
Other than requiring an inventory of all hardware containing ePHI, the HIPAA compliance checklist does not define specific hardware requirements. However, the entire list, when taken as a whole, implies that the proper document security equipment has to be implemented. This includes everything necessary to prevent or detect breaches if and when they do happen. In order to provide an integrated-document security solution, multi-function printers (MFPs) can be outfitted with wireless access points with pre-installed security-conscious firmware. With medical office managed IT, this integration can be accomplished without the need for piecing together every detail on your own.
High Quality HIPAA Compliance
External Managed IT services can provide services that will further integrate the necessary components of HIPAA security compliance into an office’s overall infrastructure. This eliminates the worry concerning the chance of a data leak or a security breach happening in some unexpected corner of document security services.
Doctors, nurses, and other healthcare professionals have enough to worry about. By placing document-security, for both paper documents and digital files, concerns in the hands of experienced professionals, healthcare offices are able to have a HIPAA-compliant infrastructure that is tailored to meet the needs of their team and patients. Medical offices also benefit from a more efficient workflow that not only keeps them in compliance with HIPAA, but adapts to their changing needs.
Want to learn more about the available IT security options that RJ Young offers to hospitals, doctor’s offices, and other healthcare organizations? Contact us today to learn more about the latest HIPAA compliant document security innovations.
Millions of emails are exchanged daily throughout the world. As email continues to be a prominent form of communication, our Managed IT Services team warns that the opportunity also increases for a cyber threat. Phishing is one of the most common cyber threats in today’s world.
What Is Phishing?
Phishing is one of the most frequent causes of security breaches. According to Tech Target, “Phishing is a form of fraud in which an attacker masquerades as a reputable entity or person in email or other communication channels. The attacker uses phishing emails to distribute malicious links or attachments. More importantly, these links and attachments can perform a variety of functions, including the extraction of login credentials or account information from victims.”
Phishing cyber criminals instruct individuals to provide sensitive data like personal information, bank and credit card details, or passwords through electronic forms or ransomware. Individuals can be notified by email, telephone, or text message. Thieves use this strategic method to lure you into giving them your most precious information, threatening your network security. Phishing attacks result in credit card fraud, identity theft, and financial loss.
One of the most common ways that phishing cybercriminals obtain sensitive data on their victims is through email. According to Phishing.Org, these are few simple tips to think about before opening and clicking an email:
Too Good To Be True
You know those emails you get saying you have won a free cruise? In spite of the fact that you have not entered a for that cruise? Those offers all seem too good to be true, probably because they are. Enticing offers are used to attract your attention right away. The cybercriminal wants you to click the call to action button which will in return, allow them to attack your personal information. In this instance, the most natural thing to remember is that if an offer seems too good to be true, it probably is.
Sense of Urgency
A common tactic amongst cybercriminals is to add a sense of urgency. These criminals may tell you that you have a limited time to claim the offer or threaten immediate account suspension. That is just not true. Generally, most credible organizations will give you ample time to respond when your intimate account details are involved. When in doubt, contact the organization in question. The organization will be able to provide you with all the necessary information and verify the email in question.
One of the fastest ways to verify a cyber threat in an email is to check all the hyperlinks. Take your mouse and hover over the directed hyperlink. Hyperlinks should match the URL they are leading you to and that the URL in question is spelled right. For example, if the hyperlink says RJYoung.Com, but when you hover over it says AJYoung.Com, do not click it. If you suspect the link may be suspicious, it is better not to click it.
If an unexpected email has an attachment, do not open it! Often these attachments contain ransomware or other viruses that can overtake your entire computer to steal your personal information.
Whether you know the sender or not, does the email make sense for you to receive? If not, do not even open it. Also accidentally opening the email can cause issues. Most of the time cybercriminals have a call to action in the email. Whether it is donating to a fundraiser or asking for personal help, be conscious of how the email’s wording and what they are requesting. Many times, the email will explain there is a problem you need to verify, notify you that you are a winner, or ask for help.
A bank will never ask for personal information via email or suspend your account if you do not immediately update your personal information. Most banks and financial institutions usually provide an account number or other personal details within the email.
Protecting Your Business From A Cyber Threat
Cyber Security Education
Make sure that you are continually learning how to defend yourself, and arm your business with an information technology expert. Just as experts are staying up to date with the latest technology, so are the cybercriminals. Be sure to always educate yourself on how cyber threats are changing and how they can affect you.
A Practical Application
Recently, we conducted an internal email test for our employees using Sophos Intercept X. This technology is one of many used by our clients as part of their Managed IT Service Plan. We sent a fake phishing email to all of our employees and tracked the number of opens and clicks to evaluate our own risk of a cyber threat.
After that, we sent out an educational email to make employees aware of the test and provided detail information on what to be mindful of when receiving a potential threatening email. We presented our employees with an easy to follow infographic to use as a guide for analyzing phishing scams in the future. Education is often the most cost-effective solution to protecting your network’s security.
Cyber Security Service
If it seems like cyber threats seem to be occurring more frequently and taking down business operations across the globe, you’re right. The number of data breaches in the U.S. has jumped 29 percent in 2017 according to The Identity Theft Resource Center and CyberScout. The best way to prevent these attacks is to have a proactive plan for your business. Make sure your Managed IT service partner understands your business. RJ Young’s Managed IT Services include the design, upgrade, and maintenance of cloud services and IT networks for small to mid-sized companies. We create customized plans for our customers to fit your specific needs and goals for success.
As technology advances, so do cybercriminals. Cyber attacks seem to be occurring more frequently than ever and hurting businesses throughout the world. Furthermore, for many small to enterprise-level businesses, a cybersecurity breach can quickly impact the business’s compliance with significant IT compliance regulations. Even companies with enterprise-level IT support can benefit from easy and necessary IT Security safeguards. Here are 3 easy ways to help safeguard yourself against a cybersecurity breach that takes only 5 minutes each week.
1. Change Your Passwords
Every IT network support progressional will tell you – change your passwords often! This fast and easy fix could save you from a cybersecurity threat. Set time aside to update your passwords on all of your accounts. Experts recommend having different passwords across all your personal network. This ensures that if one is compromised the hacker has access to only one system, not all of them.
Forget the tough passwords; new guidelines recommend keeping it simple. According to the United States National Institution for Standards and Technology (NIST), new password guidelines help you stay protected. NIST suggests, keeping your passwords simple, long, and memorable. Phrases, lowercase letters, and typical English words and objects are suggested when creating passwords. This recommendation had changed from when the organization suggested using unique characters and a mix of lower and uppercase letters.
These new guidelines may seem surprisingly easy, Paul Grassi, senior standards and technology adviser at NIST, who led the new revision of guidelines, says that these new guidelines will help users create longer passwords, which are harder for hackers to break.
Once a cybercriminal has access to your personal credentials they can impersonate you to send personal emails directly to your friends, family, and co-workers. Soon, and IT security breach can lead to imposter postings on your social networks where cybercriminals seek to collect even more sensitive information. This a small business managed network services nightmare. It is also often a socially and professionally embarrassing experience.
Managed IT Services Expert Tip:
A bank will never ask for personal information via email or suspend your account if you do not immediately update your personal information. Most banks and financial institutions usually provide an account number or other personal details within the email. This information is how you can ensure that the email or phone call is coming from a reliable source.
2. Think Before You Click
Many IT network security threats happen by accident. You see an email from an old friend or a significant update from your bank, and you just go ahead and click on the email without thinking. Unfortunately, these emails are socially engineered to look like they came from a trustworthy source, not a cybercriminal. Here are some things to think about before clicking an email.
One of the fastest ways to verify an email is to check all the hyperlinks. Take your mouse and hover over the directed hyperlink in an email. Make sure that the hyperlinks match the URL you land after clicking. Check for spelling errors in the web address. Popular websites are often manipulated but contain spelling errors. For example, if the hyperlink says www.mybank.com, but when you hover over it says wwwmybank.com, do not click it. If you suspect the link may be suspicious, better to not click it.
Is this offer too good to be true?
Most of these cybercriminals will present you with an eye-catching deal to make you think you have won a contest; you have not entered or asking you to claim a prize that is too good to be true. In an instance like this, it is best to remember that if the offer seems too good to be true, it probably is. If you ever have questions, contact the organization directly from a contact page on a trusted website, or your business’s managed IT services team, not the email in question.
Who is sending this email?
Whether you know the sender or not, does the email make sense for you to receive? If not, do not even open it. Simply, delete and move on. Accidentally opening the email can cause IT security issues and potentially make you vulnerable to a cybersecurity threat. If someone you know is asking for money, call or text to verify. When in doubt, always think critically before acting.
3. Install Updates
We all know how annoying it can be when your computer continually reminds you to update your software. That said, an enterprise-level managed network services expert will tell you these updates are essential in protecting you against a cybersecurity threat. Updates give you more than just the latest and greatest features; they make sure you also have the most updated security to protect your IT network. Thousands of new malware variants run every day. Having out of date security software is almost as bad as having none at all.
Is your software up-to-date?
Your un-updated software is vulnerable. According to Sophos, cybercriminals can exploit this vulnerability by writing code explicitly targeting your network’s system. This can infect your computer without you ever taking action. When your computer is compromised, cybercriminals steal data and gain control over your computer and personal information.
Managed IT Services
The 5 minutes each week you devote to strengthening your network will help protect you from any future threats. Small to enterprise-level business owners who are not comfortable with handling their network’s security are good candidates for small business network services or enterprise level managed IT services. Managed IT services allow business owners to focus on their business rather than their system. RJ Young offers free network assessment for businesses. We can help ensure your organization is protected from IT security vulnerabilities.
2018 is here, and RJ Young is ready to help you meet all of your business resolutions this new year. Follow along over the next few months as we help you identify ten ways to simplify your business, from outsourced IT services to having a one-stop shop for all your office technology needs. Make 2018 the year you design an office that runs efficiently and implement technology that powers productivity.
Resolution #1: Save on office supplies and waste less paper
Did you know that office printing can make up to 15% of a business’ annual expenditures? Fill up your printing queue with savings this year!
What are Managed Print Services?
Managed Print Services bring clarity and efficiency to everything related to your office printing needs. From saving paper and reducing waste to taking care of all your printer maintenance needs, Managed Print Services can save you time and money, so you can focus on growing your business.
Printers, Maintenance + Supplies … Streamlined!
Are your printing needs paper-jammed? Managed Print Services equipment, ongoing maintenance, and supplies. Imagine having what you need before you even know you need it—and eliminating expensive last-minute runs to the local office supply store. A quick call will bring printer maintenance professionals to your door when you need them.
You’ll never have to think about printing services—use your valuable time to focus on growing your business. Just don’t count on us to remember the donuts for staff meeting … that’s all on you!
Customize + Optimize with Managed Print Services
Managed Print Services include more than equipment and maintenance. You can customize the perfect printing solution for your office—and then track who, how much and when your team is printing, allowing you to optimize your printing resources.
+ See what department is using the most printing resources
+ Quarterly data reports give you insights into your company’s printing, allowing you to make critical adjustments to save money
+ User access allows you identify high-volume users, and restrict full-color printing and other costly uses
Trust Our Compliance Initiatives
RJ Young is industry-leading when it comes to keeping your data secure. Is your business required to follow FERPA, HIPAA or Sarbanes-Oxley regulations? RJ Young Managed Print Services brings the most up-to-date technology to create user accounts, rights management and authentication services.
Managed Print Services Save You Time, Money and Margin
See how much simpler your printing can be with Managed Print Services. Give yourself more margin to focus on growing your business while RJ Young’s team of printing experts take care of your printers, supplies, printing data, compliance, and more.
Learn more about Managed Print Services from RJ Young here.
Ransomware attacks seem to be occurring frequently and taking down business operations across the globe. A recent example of a global cyberattack was the “New Petya” ransomware. These intrusions often cost organizations in downtime and loss of valuable data. A few simple tips can provide the best defense and help prevent businesses from falling victim to these threats.
Install Updates and Patches
Many viruses and malware are able to attack through vulnerabilities in an operating system. As seen with the WannaCry virus in May 2017, Microsoft issued a patch for Windows dating back as far as 14 years. Users and system administrators failing to install updates was the primary reason the malicious virus was able to spread. Systems should always be patched, even if they are running an unsupported version of Windows XP, Windows 8 or Windows Server 2003.
Maintain a Back-up Solution
Should a company be hit with a virus, restoring from a back-up is the best option. Companies need to make sure that files are backed up regularly to a hard drive that is not shared with other devices and keep a recent back-up copy off-site or in the cloud. There are many other ways files can suddenly disappear such as fire, flood, theft, or just a dropped laptop. Backing up files remotely ensures that businesses are able to prevent any of these from becoming a catastophe.
Run Anti Ransomware Programs
Businesses should install security software and, most importantly, keep it up to date. Thousands of new malware variants run every day. Having out of date security software is almost as bad as having none at all.
Never Open Suspicious Email Attachments
Employees should avoid opening any attachments from an unknown email address. Regardless of how many attachments an employee generally receives, each one should be carefully looked at prior to opening them. Failure to do so could lead to infected computers and expose the company to malicious software or other security threats such as ransomware.
Sophos Guide to Avoiding Ransomware Attacks: HERE
Microsoft Guidance for WannaCry Attacks: HERE
What is phishing?
Phishing is a common type of email scam designed to trick you into disclosing your personal or financial information for the purpose of financial fraud or identity theft.
Most recently numerous organizations have been victimized by a form of business email compromise. The individual in your organization who typically handles tax information (W2s) for your employees will receive an email from a cyber criminal impersonating the CEO or other executive level employee. The email appears to be from the CEO, and states the following1:
Subject: SALARY REVIEW
Kindly send me the 2015 W-2 (PDF) of our company staff for a quick review
Numerous employees have followed instruction and replied by sending PDF containing sensitive employee information, including names, dates of birth and Social Security numbers. Thinking information was being sent to the company CEO, it was instead sent to the cyber criminal for identity theft. Even if employee information is not listed on your corporate website, cyber criminals are finding information from social media platforms—such as LinkedIn—to spoof email addresses.
Educate your employees against the dangers of phishing emails and cyber crimes because once your information has been compromised, it’s virtually impossible to retrieve.
1 Source: Scott Augenbaum, Special Agent, Federal Bureau of Investigation, Email Notification 3/10/16
James Walker, Regional Director of Managed IT Services
James oversees the Chattanooga, Nashville and Huntsville markets of our managed IT Services department. In his role he manages service delivery and support of engineers in all regions, does security and compliance auditing, and works with businesses in network design, implementation and troubleshooting. He has been in the technology industry for over 24 years. James is originally from Boston, MA and works out of our Chattanooga office. He joined RJ Young in January 2013 through the acquisition of his previous company, Preferred Computers, Inc.