Now more than ever, cybersecurity is the key to business continuity and productivity. Whether you’re looking to protect yourself from a data breach, avoid costly network downtime, or implement secure practices for employees traveling on business or working remotely, your organization can benefit from assessing and addressing its vulnerabilities.

Wondering what threats you might face? With data security at the forefront of our concerns, our security expert, Charles Andrews (better known as Andy), has outlined the top 5 cybersecurity threats facing companies across industries today. Learn more and protect your business!

5. Insider Threats

In a study by Ponemon Institute, 62% of employees surveyed reported that they had access to sensitive company data that they didn’t need to do their jobs. What’s more, Verizon indicated that 25% of the data breaches they reviewed in their 2017 report were caused by insider threats.

When employees have free range over sensitive information, insider threats become more common and the burden of a data breach is left on the employer’s shoulders. Not only that, but many companies lack proper procedures for revoking access once someone is no longer employed with the company.

According to Andy, “A lot of people take into consideration when a new user starts, but we’ve seen cases where someone got fired or someone left the organization two or three weeks ago, and no one sent an email to IT letting them know to deactivate that user’s access, which is a glaring security hole.”

Fortunately, data breaches can be prevented through employee training, restricted access to sensitive information, and a seamless integration of security protocols into your company culture.

Andy’s Tips

  • Limit employee access to only the data they need.
  • Use separation of duties where needed.
  • Establish clear company processes and procedures to bolster data security.
  • Control the offboarding process as well as onboarding.
  • Utilize data monitoring and auditing technology to track anomalous behavior.
  • Use a Data Loss Prevention (DLP) program to send an alert if someone tries to exfiltrate sensitive data, such as bank account information or Social Security numbers.

4. Passwords

It’s a common misconception that a password is all it takes to protect your information. Forbes reported that there are around 15 billion stolen passwords available for sale on the dark web, giving us a glimpse into how widespread an issue this is.

Earlier this month, the CyberNews Investigation team analyzed 15,212,645,925 passwords from across the globe that were breached and publicly released. Less than 15% of the passwords were unique and over 75% of the passwords included 10 or fewer characters, suggesting that an overwhelming majority of passwords are weak and easy to guess.

Andy said, “These easy-to-guess passwords leave your data open to brute force attacks, such as a dictionary attack, which guesses passwords until it gets it right.” Furthermore, a survey conducted by Google revealed that 65% of respondents reused a password across multiple accounts, if not every account.

Weak or outdated passwords can leave your organization’s accounts vulnerable to a cyberattack, putting you at risk of data loss as well as company downtime, which can quickly rack up a high price.

Andy’s Tips

The best way to handle the issue of weak passwords is proper employee training and authentication, said Andy. Your company should have at least a two-factor authentication (2FA) to validate user identity, and passwords should be changed at least once every six months. In industries where HIPAA compliance is a factor, organizations should consider changing their passwords at least once every three months.

3. Ransomware

The rate at which ransomware has exploded is alarming. In 2014, there were just 3.2 million ransomware attacks worldwide. In 2019, there were 188 million, and these attacks only continue to grow in popularity and sophistication as more people work remotely.

Hackers have moved away from hitting the occasional laptop or desktop, instead developing more patient strategies to infect and encrypt file servers, web servers, and more.

There’s a common misconception that small businesses don’t get targeted often by hackers. Tech Times reported that 71% of ransomware attacks were aimed at small businesses, with an average ransom of more than $100,000.

“Cybercriminals know that small businesses are more likely to pay up because they often don’t have the most robust backup solutions,” Andy said. “Backups are important, not just in case a server breaks down, but also in case someone manages to get ransomware on your network and effectively torches your data.”

Andy’s Tips

The two best ways to protect your organization from ransomware are:

  • Implementing a centrally managed antivirus software that will alert you to infections and monitor your endpoints.
  • Regularly backing up your data, as well as checking to make sure it’s backing up correctly. According to Andy, too many companies run backups without confirming that they’re working properly. “And if you don’t have backups,” Andy said, “I don’t have enough coffee for that discussion!”

2. Phishing

Phishing is one of the most common cyberattacks affecting businesses today. In fact, the SANS Institute reports that phishing is responsible for a whopping 95% of attacks on company networks. It only takes one of the many employees on an enterprise network clicking on a malicious link in a phishing email.

While there are a number of ways to filter out a large portion of these emails, some will invariably get through. According to Andy, “End users need to be able to spot phishing attacks and flag them without being tempted to click a link. It’s important for a framework to be in place for sensitive tasks like these.”

Andy’s Tips

The most effective way to combat phishing is to prioritize user training. Your organization should have a system in place to properly filter emails as well, and you can even add a banner for emails that originate from outside your organization. But nothing can replace having knowledgeable staff who are able to catch phishing attacks before they harm your business.

1. Failed Compliance

Failed compliance is the number one concern that companies should know about. “Compliance can be a nightmare if left unchecked,” said Andy.

Whether it’s HIPAA, PCI, GDPR, GLBA, or another regulation, failed compliance could put you out of business. The American Medical Association states that each HIPAA violation could cost your organization up to $50,000, with an annual cap of $1.5 million for repeat violations.

Compliance can be a tangled web of provisions, audits, and fines, but these regulations are in place to ultimately protect the sensitive data of your customers and your business.

Andy’s Tips

Vulnerability scans, keeping IT systems updated, and proper monitoring and management are the best ways to stay ahead of the curve. As a business owner, it is vital that you stay on top of the constantly evolving regulations in your industry and keep your organization prepared for anything.

Improve Your Security with Guardian Computer

You already have enough on your plate. Let the professionals handle your security, so you can focus on your business.

Guardian Computer has been serving businesses across the U.S. since 1996. With knowledgeable IT professionals like Andy, a Certified Information Systems Security Professional (CISSP), our team can help you navigate these security challenges and many others.

Contact us today and build the cyber resilience you need to thrive through 2021 and beyond!

Before smartphones were the norm, few business owners and leaders had to consider why mobile security is important. Today, there are many more concerns for an organization’s cybersecurity, with mobile security chief among them. Yet many businesses still do not consider the consequences that can result from employees using personal smartphones for work or company smartphones for personal use.

So why is mobile security important?

With threats to mobile devices on the rise, organizations must invest in their mobile security and foster safer practices among employees.

Start Protecting Your Business with Mobile Security

Read our blog post or refer to this infographic to understand why mobile security is important and how to protect your business.

Establish a Device Policy

A corporate device policy provides a standard of expectations that employees know to follow, as well as the consequences for breaking them. To cover all your bases, be sure to address the use of company-issued devices as well as personal devices.

Consider these tips for setting up a corporate device policy:

  • Bring Your Own Device – Be clear about whether employees are allowed to use personal devices at work or not. If they are, write a clear Bring Your Own Device (BYOD) policy. Consider what types of devices and activities will be permitted.
  • Monitoring and Transparency – Employees and visitors on your premises should be fully aware of any monitoring your company intends to perform on their devices or activity. Monitoring not only protects company interests, but also encourages employees to take care with their activity and abide by the rules. Building a transparent company policy can help avoid employee distrust and dissatisfaction, while also highlighting how company cybersecurity is truly an all-hands team effort.
  • Approved Applications and Software – By creating a list of approved applications and software, you can increase your device security and limit the amount of lost productivity. Most importantly, you will decrease the chances of mobile malware infiltrating your company’s devices or network via unsecure apps.

Use Mobile Device Management Software

For stronger security, implement mobile device management (MDM) software. MDM is vital for separating business and personal information for employees, while enabling employers to create security measures for their devices.

Typically, cloud-based software will be less expensive, more flexible, and easier to manage than on-premises software. Look for features that will enable you to view device information, configure devices, manage and update apps, create restrictions for device usage, and wipe devices remotely.

If possible, use MDM software that will enforce your company’s security measures across devices. This could include everything from using strong passwords, to encrypting data, to establishing containers for keeping company information separate from personal information.

Keep Devices Up to Date

Whether you’re considering the importance of mobile security or looking to boost cybersecurity for other hardware or software, keep company devices up to date. An update can remedy operating bugs, enhance software security, and heighten the performance of your device and its software.

Often, businesses fail to update their software regularly, especially on mobile devices. As a result of these delays, mobile malware can sneak onto your device and leave you open to a cyberattack.

Protect Your Business Today with Guardian

A mobile user using potentially unsecure apps, unaware of why mobile security is important.

Have more questions about mobile security? Want help protecting your business? Give Guardian Computer a call!

We offer a wide variety of IT services and support to provide businesses with robust, proactive cybersecurity and technology solutions. Whether your organization wants help with a specific problem or project, or you want our experts to manage all your IT needs, Guardian Computer is ready to help.

Contact us online by filling out the form below or call 866-488-4726 to talk to someone from our team today!

    Cyber criminals have started targeting a new demographic within recent years: travelers. When preparing for a trip, cyber security is probably the last thing on your mind. However, not taking cyber security into account while traveling puts both vacationers and business travelers at a higher risk for a cyber attack while away from home.

    Whether you find yourself waiting at an airport, working from a hotel room, or taking a road trip with your family, you should always consider the best cyber security practices for travelers. Ready to bring cyber security to the forefront of your travel plans? Follow our expert tips to help protect your data and digital devices while away from home.

    Cyber Security Risks for Travelers

    When people travel, they often think about everything but cyber security. You have to pack, make arrangements for house sitting, and plan for transportation, lodging, meals, activities, and more. But why isn’t device security also a top priority for travelers?

    Traveling puts you in an unfamiliar environment where you often have less control over your surroundings, including your digital environment. You’re busy and distracted, and it’s easier to do what’s most convenient, even if it’s not as safe.

    Not only do travelers often engage in risky behaviors, such as connecting to public Wi-Fi, but they also keep a huge amount of valuable data close at hand. Most people carry their smartphones with them wherever they go, and laptops are a necessity for today’s traveling business professionals. Travelers also often carry passports, credit card information, lodging details, and more.

    Cyber criminals are taking advantage of these circumstances. Transportation was the second-highest industry for cyber attacks, according to the 2019 IBM X-Force Threat Intelligence Index.

    5 Best Cyber Security Practices for Travelers

    The key to maintaining cyber security is to be vigilant about both the physical and digital safety of your devices, whether you’re at home or away. With a little effort and planning, you can follow these 5 best cyber security practices for travelers.

    1. Be Cautious of Public Wi-Fi

    The easiest way to keep from getting hacked is to limit public access to your phone. By simply not tapping into a public Wi-Fi network, you become the first line of defense to your own resources.

    While public Wi-Fi is convenient and appealing for most travelers, these networks can put users at a higher risk for a cyber attack. Be vigilant when sleuthing out an encrypted network. Don’t shy away from asking hotel management questions about their cyber security in place for guest users.

    Even private Wi-Fi networks hosted by hotels and other hotspots for travelers are susceptible to cyber attacks, since hackers know that there will be many people there. Hotel News Now reports that the Marriott International and the Drury Hotel were among the many establishments to suffer a data breach in the last two years. Millions of people had their contact information and credit card numbers stolen as a result.

    Take precautions when accessing any networks while you’re away from home. If you decide to use public Wi-Fi, avoid logging into personal accounts that contain private data or accessing sensitive company information. If possible, always use public Wi-Fi with a VPN for added security.

    2. Keep Your Tech Locked Up

    One of the best cyber security practices for travelers is actually one of the easiest: lock up your tech! This advice considers two key parts of your tech’s security: its physical safety and its digital safety.

    Physical Safety for Devices

    Read this infographic or continue with our blog post to learn the best cyber security practices for travelers' devices.

    Make sure all of your devices are securely fastened within your luggage. Be wary of slipping your phone into a side pocket, as it’s easy for someone to reach in and grab it. While you want to be able to access your devices easily, you don’t want to put them at risk for theft or unauthorized use.

    Consider placing any phones, tablets, or laptops in zipper-close, opaque pockets and purchasing a backpack lock. An electronic organizer could be beneficial for keeping all of your electronic devices in one place and keeping you from digging through your luggage in a pinch.

    Digital Safety for Devices

    You also need to digitally limit an unknown user’s access to your devices. A vital step in protecting your privacy is to have some form of authentication for each device, if not two-factor authentication for even greater security.

    Luckily, cellphones and computers typically have built-in authentication programs. These include Apple’s Touch ID feature, as well as the facial recognition features available on iPhones and some Android devices.

    Even if your devices don’t have these specific features, there are several options for digital protection. Set an alphabetic, numeric, or patterned code to limit the access to your phone or tablet. Always create strong passwords for your computers and digital accounts.

    Password Tips

    Here are a few tips to help you come up with stronger passwords:

    • The longer, the better. A lengthy password can better protect your device or account. If possible, the ideal password will be at least 15 characters.
    • Use a mixture of characters. Try using a combination of lowercase and uppercase letters, numbers, and symbols. Some devices or accounts require you only use certain special characters, so keep these rules in mind.
    • Don’t go the easy route. Avoid commonly used phrases, recognizable words, or any personally identifying information, such as your birthday or child’s name. Most hackers can do a quick social media search to find this information and play the guessing game when it comes to figuring out your password.
    • Consider using a password generator. This will contribute to the randomness of the password, making it more difficult to crack. Password managers often include password generator features, while also giving you a place to securely store these hard-to-remember passwords.

    3. Disable Risky Features

    Read this infographic or continue with our blog post to learn which features you should disable as part of the best cyber security practices for travelers.

    Several of the features that may help you at home carry different risks on the road. As such, one of the best cyber security practices for travelers involves disabling these risky features during trips.

    Auto Connect

    Even if you decide to use public Wi-Fi, make sure you disable the auto connect capabilities on your devices. While auto connect is a convenient feature when using the internet at your house, it’s good practice to require a manual connection whenever a device has access to public Wi-Fi. This gives you the opportunity to investigate a public network before choosing whether or not to connect to it.

    Bluetooth Connectivity

    Disable Bluetooth Connectivity, as shown here, as part of the best cyber security practices for travelers.

    Most devices have Bluetooth capabilities, yet many users are unfamiliar with exactly how Bluetooth works. While you’re thinking the Bluetooth feature is a great way to connect all of your devices together, a hacker sees it as an entryway into your phone or computer. Similar to the auto connect feature, Bluetooth connectivity is perfectly fine when you’re using all of your devices at home. However, when you’re traveling, it’s best to consider limiting Bluetooth usage and turn it off when not in use.

    Location Sharing

    It’s understandable that you may want your loved ones to keep tabs on you while you’re traveling. Maybe you just want to give your family and friends a peek into your on-the-road adventure. Although it is becoming commonplace to share your location through your phone or computer, it might not be the best cyber security practice while traveling.

    Weigh the costs when sharing your location. This feature opens you up not only for a cyber attack, but also a physical one. Criminals can get information on where you are and where your hotel room is, leaving you vulnerable to theft or a physical attack. Limiting the amount of location sharing you do while traveling is an important step to keeping you and your belongings safe.

    4. Install Antivirus Protection

    This may seem like an obvious suggestion, but it can be all too easy to overlook in the hustle and bustle of preparing for a trip. Antivirus software is an added layer of defense that helps protect your device at all times, even while you’re away from home.

    Evaluate the most powerful antivirus softwares on the market when making your decision. If you’ll be bringing work devices on a trip, check in with your company about providing antivirus software. Keep your devices up to date with the latest features from their antivirus software, and install any updates before leaving home.

    5. Update Device Software Before You Go

    No matter if you’re bringing a smartphone, tablet, or laptop, you want to keep the most current version of your software updated before heading out for your trip. Some devices are programmed to update once connected to a Wi-Fi network, which means your device would try to download new software the moment you connect to a public network outside of your home.

    First, if possible, disable this feature to prevent any software updates over a public connection. This allows you to maintain more control over your device and prevent unwanted access. Next, install new versions of software at home before you leave for your trip.

    If you are unable to do this, stop any software downloads before they start and wait until you return home to complete installation. A word of caution: not installing the most recent version of software onto your device might cause performance issues until the device is updated. You want your time away from home to be easy and effortless, and an update could strongly improve your experience with your devices.

    Get the Best Cyber Security Anywhere with Guardian Computer

    Whether your business needs IT services on premises or for remote workers, Guardian Computer is here to help. From cyber security to network configuration, cloud management, regulatory compliance, help desk support, and much more, our experts are available for one-off projects as well as ongoing management, maintenance, and support.

    Get in touch with us today to learn more about the advanced protection, strategic digital transformation, and friendly IT support we provide.

    Whether you’re grocery shopping, working at a coffee shop, or waiting in an airport, public WiFi is a convenient way to hop online. Unfortunately, it’s also a risky one. Hackers take advantage of the lax security and easy access that often accompanies public WiFi.

    If you need to connect to public WiFi, you should take precautions to maintain the security of your device and information. A VPN, or Virtual Private Network, is one of the most common privacy measures for public WiFi usage. But many users still wonder, is it safe to use public WiFi with a VPN? Are there any risks?

    While VPNs are generally considered an essential security tool for remote work and other public network usage, there are weaknesses that can still leave your work and personal data vulnerable to cybercriminals. Keep reading to learn more about using VPNs, their security benefits and shortcomings, and our expert tips for using public WiFi.

    What Makes Public WiFi Risky?

    On an unsecured network, hackers may be able to spy on the information you send, such as when you enter a password or credit card information on a website. They may even be able to monitor the keystrokes you make on your keyboard, allowing them to record your logins or private conversations.

    Cybercriminals can also circulate malware or launch worm attacks over unsecured WiFi. Even public WiFi networks that require a password aren’t safe if that same password is readily available to anyone in the establishment, such as a coffee shop or doctor’s office.

    What Is a VPN?

    A VPN allows a user’s devices to connect to a private network over a public network. VPNs were created to securely connect devices within a business network to private internet servers. They allow network users to access their business network remotely from home, another office, or elsewhere using public WiFi.

    How Do VPNs Work?

    Is it safe to use public WiFi with a VPN? Check out our infographic or keep reading to find out.

    A VPN works by connecting your computer, tablet, or smartphone to a server, so you can go online using the server’s internet connection. The public WiFi network is only used to connect your device to the server, rather than to any of the websites or applications you subsequently access.

    A VPN grants you access to a private, anonymous network, which is very appealing if you handle sensitive information. VPNs use encryption to scramble your data and make it unreadable when it’s sent over a public network.

    Without a VPN, an internet service provider has access to your entire browsing history, from the websites you visit to the passwords you enter. That’s because web activity is normally associated with a local IP address. A VPN allows you to funnel your own internet traffic through a private server, so your activity is associated with that server’s IP address rather than your own. This effectively masks your location and keeps your online activity and data private.

    How Safe Is It to Use Public WiFi with a VPN?

    A VPN app open on a smartphone and laptop, illustrating one way to more safely use public WiFi.

    Both the Federal Trade Commission and Cybersecurity & Infrastructure Security Agency (CISA) recommend the use of VPNs while using public WiFi. Even so, many people still wonder exactly how safe it is to use public WiFi with a VPN.

    Generally, a VPN is an important security measure to have in place. But there is a vulnerability that occurs at the moment you connect to a public WiFi network.

    Most public networks will allow devices to automatically connect to the WiFi. However, you must open a browser to what’s called a “captive portal.” There, you manually agree to local terms of service before actually being allowed to access any websites.

    Despite being connected to the internet and having a VPN, there is a gap in coverage after you connect to WiFi but before you can turn on your VPN. This brief period leaves you vulnerable to risks associated with public, unsecured networks.

    Although you face risks during this vulnerable period, it is only for a very limited amount of time. Using a VPN in public is still much safer than logging onto a public network without any additional digital protection.

    Do VPNs Have Additional Security Features?

    As VPNs have become more popular, VPN service providers have found other ways that their services can protect your data while in public.

    Some VPN services offer a feature called an “Internet Kill Switch,” for example. In the event that your VPN connection is ever interrupted or disconnected, this feature protects your device and its data from prying eyes. It works by blocking all internet-bound traffic to your device until the connection with your VPN is reestablished.

    VPN clients may offer an Internet Kill Switch at a granular application level. If you are using a VPN to access particularly sensitive applications and information, this tool is incredibly valuable. At the moment a VPN disconnects, the Kill Switch would close that sensitive application and require it to be manually reopened after reestablishing a secure connection.

    For those who need an additional level of security when accessing public WiFi, finding a VPN service with an Internet Kill Switch is an excellent option.

    Safety Tips for Using Public WiFi

    While having a VPN can bring peace of mind while using public WiFi, there are still a number of other measures you should take to keep your data safe—no matter where you are.

    • Use strong passwords. No matter how secure your network is, a weak password leaves you vulnerable to hackers. Ensure that your passwords contain a healthy mix of case-sensitive letters, numbers, and other characters. Avoid including personal information, such as your birthdate or pet’s name, which can often be found on social media. Do not repeat passwords you have already used or reuse the same password for multiple accounts, or else a breach of one can compromise them all. Do not leave your password written on a sticky note on your desk or send it in plain text via email, instant message, or text message.
    • Don’t leave your device signed in while unattended. It’s all too easy for a smartphone to get stolen off a desk or out of a bag. If you’re working in a public space, be aware of your surroundings and your possessions. Even in your company building, you never know if a delivery person or visitor might come across your computer while you’re in the bathroom. Log off of any device whenever you are not actively using it. Keep any portable devices you aren’t currently using in a secure case or bag within your sight.
    • Turn off automatic connectivity. Some phones will automatically connect to open WiFi networks as soon as they’re in range. If your device connects to an unsecured network and you don’t immediately enable a VPN for protection, you’re leaving yourself at risk of having your information stolen.
    • Enable two-factor authentication. Two-factor authentication requires two verifications before users can log into an account. In the event that your password is compromised, two-factor authentication will keep unwanted guests from accessing your account by requiring more than just that password. If an unauthorized user fails to bypass the two-factor authentication, you will be alerted. This gives you the chance to change your password and protect your private information.
    • Beware of phishing. Even with a VPN in place, a successful phishing text or email can easily collect your sensitive information. A phishing message appears to be from a trusted company or individual, but is actually from a cybercriminal. It will usually ask you to visit a link, open an attachment, or confirm your identity or login information. Fast-paced communications and interactions, such as texting, can make people more prone to click on links, playing right into phishing schemes.

    How to Set Up and Use a VPN

    In addition to other cybersecurity best practices, using a VPN is a wise choice, whether for personal or business use. Setting one up for the first time isn’t as difficult as you might think. You have the option to set up a VPN for your entire home network or on individual devices.

    Setting Up a VPN at Home

    If you frequently work from home or want additional home protection, setting up a VPN for your entire home network is a good idea. This means that any device that connects to the internet at your home will be using a secure and protected network. However, adding this extra step can slow down web traffic, which may lead to longer loading times for all users.

    When setting up a VPN at home, there are a few options that you can choose from:

    1. Get a router with VPN capabilities. Some higher end routers come with built-in VPN servers that are ready to go out of the box. If your home office is your primary office, this may be an appealing option. The process is completely automated, and your server will automatically connect all your internet devices to the VPN without the need for an additional VPN app or service. Once those devices are removed from your home network, however, they will not be protected by the VPN.
    2. See if your current router supports third-party firmware. Routers actually have their own operating systems, known as firmware. If you have some advanced technical skills under your belt, it’s also possible to replace your current router’s firmware with one that can support a VPN in order to secure your home’s WiFi network.
    3. Set up your own dedicated VPN server. To set up a dedicated VPN server, you’ll need a computer that’s on all the time, rather than a desktop you turn off when you’re done using it. This option also requires some technical ability. But if you’re a business owner, setting up a dedicated VPN server for all employees to use can be a smart choice.

    Using VPN Services and Apps in Public

    If you need to work at coffee shops, hotels, airports, or other public places, then VPN services and apps are a more appropriate choice for keeping your data secure. These apps download onto individual devices so that you can bring the security of a VPN with you, no matter where you are.

    VPN app services are available for an annual or monthly subscription, which often varies from around $4 to $12 per month. Examples include NordVPN, TunnelBear, and ProtonVPN. These apps will typically allow a set number of devices to operate on a single VPN account, with scalable options for adding more user licenses and servers on business accounts.

    Many VPN apps work with a variety of browsers and operating systems, such as Windows 10, macOS, iOS, Android, and Google Chrome. These apps offer a host of features, such as easy-to-use interfaces, good speed tests, affordability, and a number of servers located around the world for additional security.

    In addition, many VPN services come with prepackaged installers. After you decide on a VPN service, setup can be relatively straightforward once the proper permissions and settings are in place.

    If you own a business and are looking to get a VPN for your employees, IT professionals can set up a VPN on a variety of devices (both hard-wired and mobile) that regularly connect to your business network. Ask your IT department or managed service provider, or contact an IT company to provide this setup service.

    Set Up a VPN and Improve Network Security with Guardian Computer

    Guardian Computer is a full-service IT provider with over 100 years of combined experience in the tech solutions industry. We’ve worked with a wide variety of businesses to protect their data, including everything from setting up VPNs to networking services, cybersecurity, and data backup and recovery.

    Our expertise means you can rest easy, knowing your IT project is professionally handled and our team is preparing your organization for potential issues before they ever become a problem. Whether you need help with a single IT project or want us to fully manage your IT, we have a wide range of services to meet your business’ unique needs. Where you see a tech headache, we see a new challenge to tackle!

    Ready to talk to someone on our team? Contact us today to learn how Guardian Computer can protect your business!

    Are you devoting enough resources to your organization’s cybersecurity? For many, cybersecurity is one of the most neglected areas of IT budgeting. In ISACA’s State of Cybersecurity 2019 report, 55% of respondents planned to increase their cybersecurity budget over the next year. Even more (60%) indicated their cybersecurity is underfunded.

    As a healthcare professional, you know how important it is for patients to balance high-quality care with affordable healthcare costs. This balance also applies to IT services for doctors. Whether you’re streamlining HIPAA compliance with digital technology, or negotiating coverage and quality with insurance companies, you are aware of the constant juggling of cost and security in your industry.

    Though often underfunded, cybersecurity is one of the most important aspects of any healthcare organization’s IT needs. When weighing IT services for doctors, physicians and surgeons need to know which security measures are indispensable in order to make the most of their budget.

    When considering IT services for doctors, prioritize these 6 cybersecurity needs in your budget, outlined here in our infographic and later in our blog post.

    Keep reading to learn more about the biggest security risks in healthcare today and 6 cybersecurity services and technologies to prioritize with your IT spending.

    How Due Diligence Assessment and IT Services for Doctors Improve Purchasing Decisions

    Attainia reports that hospitals spend an average of $93 billion per year on medical technologies and their related services, making this a major annual expense to consider. Healthcare professionals know the value of efficient, reliable equipment: it sets the pace of productivity and can help set the standard for quality service when handling patients.

    Medical technology is an ever-growing field, where the phrase “the newer, the better” frequently applies. However, investing in brand-new medical equipment and software also comes at a heavy price.

    Hospitals and medical practices are constantly battling the cost of their sophisticated medical equipment. Further, more advanced medical technologies also typically require more management and support from IT professionals, increasing their cost in the long term.

    Not only that, but healthcare organizations also must maintain the hardware (including everything from computers to keyboards), software (such as Microsoft Windows or Mac operating systems), network, and internet connection required to run their equipment and daily operations.

    Fortunately, managed IT services for doctors or a due diligence assessment can help identify your biggest tech-related risks and opportunities. By allowing technology experts to evaluate the entirety of your IT, you can gain the insight necessary to determine:

    • Is it better to invest in a new piece of equipment or upgrade your existing tech?
    • How much maintenance will any given technology require?
    • How long will this new solution last? What is its lifespan?
    • Will this technology integrate with your existing systems?
    • Does this technology meet or exceed all compliance requirements?
    • Where could IT deliver the biggest gains to your productivity, efficiency, and revenue?
    • If neglected, which of your IT systems are most likely to cause issues? Which have the potential to cause the biggest crises?

    With an informed assessment of these competing concerns, you can efficiently prioritize your IT needs and spending. For many healthcare organizations, cybersecurity is a main area requiring additional investment.

    Why Medical Technology and Operations Require More Cybersecurity

    Across industries, cybersecurity is often a hard sell because it is an investment that doesn’t produce direct revenue in return. For healthcare organizations juggling the significant costs of medical equipment and technology, the temptation to skimp on cybersecurity is even greater.

    But as cybersecurity threats to businesses grow in number and sophistication, hospitals and medical practices can no longer afford to overlook their cybersecurity. In addition to the financial, operational, and publicity risks associated with cyberattacks, healthcare organizations must also contend with potentially devastating HIPAA violations.

    Not only that, but hospitals and physicians’ offices are increasingly relying on technology, from cloud-based data management systems, to compliance software, to advanced medical tech. Avoiding cyberattacks and other disruptions can help keep your institution—and the technology it depends on—running smoothly.

    Stolen Healthcare Data

    The creation of electronic health records has made communication between hospitals, healthcare professionals, and insurance agencies easier and more efficient. However, the quick expansion of digital recordkeeping has also produced a great threat to the healthcare industry as a whole.

    Medical software contains protected health information (PHI), such as patients’ birthdates, social security numbers, home addresses, and private medical data. Given the massive amount of sensitive information they handle on a regular basis, industries like healthcare and financial services are major targets for cyberattacks.

    HIPAA Violation Costs

    HIPAA violation costs, as highlighted by the paperwork in this photos, are just one reason why healthcare organizations benefit from cybersecurity and IT services for doctors.

    When medical facilities face a data breach, public morale isn’t the only issue they have to worry about. HIPAA has strict guidelines when it comes to network security. If found negligent or non-compliant, you could face charges up to $50,000 per violation—or, even worse, criminal legal action.

    Healthcare organizations are held liable when a data breach occurs, and the resulting HIPAA fines could cost your facility millions of dollars. When patient information is compromised, lawsuits and settlements add even more to your costs.

    System Shutdowns

    Healthcare organizations may have to shut down their IT systems if faced with a threat to security. Without access to patient medical histories or full use of medical equipment, hospitals and physicians’ offices are left with little choice but to close until the threat is resolved and all systems are brought back online.

    For smaller medical facilities, it’s not uncommon for it to take a full day to recover from a system shutdown and get operations up and running again. This leaves your facility vulnerable to theft and your patients unable to receive care, ultimately resulting in a loss of trust and business.

    It only takes a single cyberattack to bring down a slew of serious consequences. As the risks continue to grow, it is critical to invest in proper cybersecurity and other IT services for doctors to protect their medical practices and healthcare organizations.

    6 Cybersecurity Needs to Prioritize in Your IT Budget

    When developing an IT budget for your healthcare organization, cybersecurity should be a top concern. While cybersecurity is an additional cost to consider, the many costs of falling victim to a cyberattack are much greater. To get started, there are 6 cybersecurity services and technologies we recommend factoring into your budget:

    1. IT Due Diligence Assessment

    Understanding your needs is vital when allocating funds. An IT due diligence assessment compounds your facility’s standards with a clear assessment of your IT infrastructure, systems, personnel, and processes.

    Conducted by IT experts, this full-scale appraisal helps you evaluate the assets you have, determine what you need, and spot security vulnerabilities. With this information, you can develop informed priorities for your IT projects and spending.

    2. Employee Cybersecurity Education

    Employees are often the first line of defense against a cyberattack, making it always important to devote time and resources to proper cybersecurity education for everyone at your organization. In particular, if your hospital or medical practice is strapped for resources, spreading knowledge and awareness about cybersecurity throughout the entire team is an expense that has wide-ranging benefits.

    Often, employees will fail victim to social engineering and expose your network to cyber threats. From simply teaching staff not to open links or attachments from strange emails, to conducting cyberattack practice drills with follow-up education for any missteps, cybersecurity training can thwart a substantial number of threats.

    Cybersecurity education can also help support security practices you already have in place. For instance, even if you require longer passwords with numbers, uppercase and lowercase letters, and special characters, your employees may still unknowingly use unsecure practices. They might reuse passwords for multiple accounts, share passwords with others in plain text, leave their password on their desk written on a sticky note, or incorporate information that can easily be guessed in passwords.

    Once employees understand the risks and their role in keeping your organization safe, they are much more willing and able to commit to secure practices. When everyone at your hospital or physicians’ office can share this responsibility and knowledge, you greatly increase your security.

    3. Antivirus Software

    The right antivirus software can make or break an organization. It helps prevent cyberattacks from bots, worms, spyware, and viruses. It fortifies your office computers against network vulnerabilities. Also, it alerts users to potential threats in real time, allowing for faster detection and response.

    These capabilities make antivirus software a critical component of your threat detection capabilities, network security, and HIPAA compliance. Moreover, in a time when many employees have had to transition to working from home, antivirus software is an important security measure that can be extended to remote devices.

    For medical facilities and hospitals, you want antivirus software that can support multiple users and devices while still maintaining network security. A good antivirus program should also have a recovery feature that will remove an unwanted invasion of your network. This software should have ongoing internet access and be updated regularly for best performance.

    4. Database Encryption

    Database encryption is an extremely useful tactic for protecting your sensitive information from unauthorized access. Any data stored in your database becomes encrypted, rendering it meaningless to any hackers who manage to access it. When cybercriminals realize your database is encrypted, it can sometimes be enough to keep them from ever trying to attack in the first place.

    One way to implement database encryption is to make documents password protected, using complicated passwords to secure documents. With proper cybersecurity education, employees can make this tactic even more effective by creating strong passwords and using safe password practices.

    5. Recovery Planning

    When all preventative measures fail, your IT should have a recovery plan already in place and tested. Many times, organizations become so focused on stopping attacks from happening that they skip this crucial step.

    Your recovery plan should include a designated budget to cover the anticipated costs of a cyberattack. This allows you to act quickly, without having to negotiate or wait for approval before receiving funding. You should also create an action plan, so everyone in your healthcare organization understands their roles and responsibilities in the event of a cyberattack and potential system shutdown.

    In the meantime, regularly backing up your data is an important part of building a solid foundation for your recovery plan. This allows you to restore your data quickly, so patients have access to their medical records and you can resume your daily operations.

    6. Cybersecurity Managed Services

    The first rule of efficient budgeting is to maximize your fixed expenses. It’s dangerous for a budget to have too many fluctuating costs. By outsourcing IT services for doctors’ offices and healthcare facilities, you can take advantage of a fixed expense that adds specialized protection to your network while controlling costs.

    Physicians, surgeons, hospital administrators, and healthcare professionals of all kinds have enough on their plates. By finding an IT and cybersecurity provider you trust, you can leave your tech issues to the experts. They should be able to provide ongoing monitoring, evaluation, and support for your systems, so they can fix vulnerabilities before they can be exploited, keep your systems protected and running smoothly, and make sure you’re prepared for the possibility of an attack.

    There are many benefits to outsourcing your IT. You gain access to a wide variety of technology experts, who have the world-class tools and expertise to keep your systems secure and meet your IT goals. In addition to keeping your systems up to date, IT support is just a phone call, email, or chat away whenever you experience a tech issue or possible security threat.

    Cybersecurity and IT Services for Doctors from Guardian Computer

    A photo of the Guardian Computer team, ready to provide you with IT services for doctors.

    It’s a tough feat to balance cost and security when assessing IT services for doctors’ offices and hospitals. Outsourcing offers a solution to the problems of unexpected IT issues and expenses, uninformed prioritizing, and overlooked or underfunded cybersecurity.

    With Guardian Computer, you can trade downtime for peace of mind. Test out our services with a one-time IT due diligence assessment, so you can see what we find and make an informed decision about how to proceed. If we’re a good fit, you can hire us to complete specific IT projects or fully manage your IT. Just this year, we proudly achieved a place in the 2020 Channel Futures MSP 501 rankings for managed service providers!

    Give us a call at 504-457-0005 or contact us online today to discuss a personalized IT plan that best suits the needs of your healthcare facility.

    No matter if you love technology, hate it, or fall somewhere in between, there’s no doubt it is becoming a bigger part of your life. Our digital world is expanding as more people work from home and more companies conduct their business online. But as our digital activity increases, so does criminals’ desire to take advantage of it, leading to new advancements in computer security threats and digital crime.

    In the last few years, major companies across the globe have experienced cybercrimes ranging from data breaches, to unauthorized access of financial accounts, to digital impersonations of CEOs, and everything in between. From new online stores to established corporations, companies of all types, sizes, and industries are at risk.

    Although cybercriminals are continuing to become smarter and more strategic, it’s also clear that many businesses aren’t putting up much of a fight when it comes to their cybersecurity. It’s up to you to protect your organization and make sure it’s investing in its security. It’s up to us, as IT experts, to provide you with the information, resources, and services necessary to help make that happen.

    3 Major Trends for Computer Security Threats in 2020

    Thinking about all the new and varied cyberthreats your company faces today can quickly feel overwhelming. Where should you begin, and how can you make sure you’re staying informed?

    To get started, we’ve identified 3 major trends for computer security threats in 2020 that all businesses should be aware of, so you can watch out for them in whatever form they may take.

    1. Disruption

    Disrupting your business is a powerful way for cybercriminals to distract you, cost you time and money, bait you into making quick and unsecure fixes, or put you at their mercy. For instance, they can use premeditated internet outages to disrupt your organization, hampering business functions and employee productivity.

    Cybercriminals can also cause disruption with ransomware attacks, which have increased in popularity over recent years. In these attacks, hackers gain access to information you need, either because it is necessary to run your business or because it is sensitive information you don’t want leaked. Either way, the hackers hold your data hostage and demand you pay a ransom to get it back.

    2. Distortion

    With the development of technology comes the development of bots and vehicles of misinformation. This could cause more members of the public to distrust the integrity of information they encounter. Or it could cause the opposite: people might mistakenly trust false information.

    In either case, it’s often bad for business. It makes it difficult to communicate with consumers or maintain their trust, especially if cybercriminals have falsified information about you or impersonated you.

    Hackers are distorting the data and technologies businesses use, too. For instance, criminals who hack into your company cloud might upload fake documents that instruct employees to move money into the hackers’ account or compromise your security even further.

    3. Deterioration

    The deterioration of a company’s complete control over its business practices can open it up to a variety of risks, which cybercriminals are quick to take advantage of. For example, more and more businesses are implementing AI to increase their efficiency. But if you deploy untested AI, it could lead to unexpected outcomes, including higher exposure to cybercrimes.

    Rapid technological advancement can also mean new federal laws to regulate it, lessening companies’ control. Many expect that increases in surveillance laws could put corporations at risk of having their information exposed. Increased privacy regulations can prevent businesses from effectively monitoring employees, making it harder to identify any insider threats.

    Top 10 Computer Security Threats to Prepare for in 2020

    Strengthening your cybersecurity means being proactive and staying one step ahead of cybercriminals. This starts with identifying which threats are most likely to impact companies this year.

    Browse our top 3 in the infographic below, or read on for more information about all top 10 computer security threats to prepare for in 2020.

    An infographic with our top 3 computer security threats to prepare for in 2020.

    1. Phishing Attacks

    In a phishing attack, a hacker pretends to be someone you trust, such as your boss or your bank. Most commonly, the hacker emails you from a familiar—but slightly altered—email address.

    Typically, the hacker emails you a link or attachment. They ask you to go to a website, log into your account, or enter your personal information, such as your Social Security or bank account number. In 2019, phishing was responsible for 32% of confirmed data breaches and 78% of all cybercrimes.

    This year, cybercriminals have managed to create phishing schemes through companies’ cloud applications. Because of the crime’s relative newness and the implicit trust that employees have in their companies, cloud-based phishing is one of the top cybercrimes that companies need to look out for in 2020.

    A hacker with a fishing rod hooked onto a stranger's ID across the globe, representing phishing attacks, one of the top computer security threats to business IT in 2020.

    2. Cloud Jacking

    Cloud jacking is the process by which cloud computing is infiltrated by a third party. Once a hacker gets into your company cloud, they may try to reconfigure the cloud code to manipulate sensitive data, eavesdrop on employees and company communications, and expand their reach to take control of the entire cloud.

    As we mentioned earlier, cybercriminals will also use this as an opportunity to create phishing schemes. In these scenarios, cybercriminals upload fake memos, instructions, or other files to the company cloud. Employees, believing these materials are approved by the company, download the malicious files or follow the fake instructions.

    This can result in everything from workers granting hackers greater company access, to releasing sensitive data, to even moving company funds into fraudulent accounts.

    3. Network Perimeter and Endpoint Security

    From traveling salesmen to equity investors, professionals who work remotely can be at risk from inadequate network perimeter and endpoint security. As more and more workers have had to switch to remote work in 2020, these security issues become bigger targets for hackers.

    Remote work environments often lack many of the security measures put in place at your company’s workplace. With network perimeter and endpoint security, we are referring to measures that secure your computer network and its connections to various computers, phones, tablets, servers, databases, and more.

    Mobile devices, which professionals often use to conduct business on the road, are often more exposed to phishing schemes because of the ways we interact with these devices. Fast-paced communications and interactions can make people more prone to click on links, playing right into phishing schemes. Experts predict that many data breaches will occur through telecommuters, mobile devices, and off-premises assets.

    Even after COVID-related restrictions lift, many workers will not be returning to company offices. In the U.S., 59% of employees working from home during the pandemic say they prefer to work remotely. Some companies have already announced they are switching to a permanent remote workforce, making adequate network perimeter and endpoint security critically important for years to come.

    4. Mobile Malware

    A smartphone with security lock icons, representing one of the top computer security threats in 2020: mobile malware.

    It’s not just remote employees who use mobile devices for work. Many professionals are increasingly moving from desktops to laptops or smartphones for some or all of their work.

    Mobile malware is a type of software used specifically on mobile devices for malicious purposes. As larger amounts of sensitive company data are being accessed and stored on mobile devices, mobile malware attacks are very likely to be one of the most pertinent cybersecurity threats this year.

    5. 5G-to-Wi-Fi Security Vulnerabilities

    As cyberattacks continue to become more and more sophisticated, attacks are likely to take place in newer digital spheres. In particular, we expect to see cybercriminals exploring ways to attack the 5G-to-Wi-Fi handover.

    As 5G becomes more and more commonly used, wireless providers are handing off more calls and data to Wi-Fi networks in an attempt to save bandwidth. And because of this rapid growth in 5G, the technology used to protect this handover is not yet developed enough to fully protect the transition. This gives opportunities to cybercriminals to compromise these mobile devices.

    Areas that are popular for professionals to perform mobile work—such as airports, cafes, and hotels—are hotspots for the 5G-to-Wi-Fi handover. This puts the voice and data information on these mobile devices at greater risk. And while these devices have built-in technologies that allow this transition to occur quietly and without notice, researchers have already found vulnerabilities in such technologies.

    6. Internet of Things (IoT) Devices

    Many everyday devices, such as fitness trackers, smart security systems, and even some in-car apps, are IoT devices. Simply put, these devices are used to communicate and exchange information over a network without requiring human involvement.

    A digital concept for Internet of Things devices, one of our top computer security threats in 2020, with icons for laptop, mobile, home, email, home appliance, Bluetooth, automobile, and more.

    For instance, your fitness tracker collects information about your health and exercise, such as your heart rate, steps taken, and calories burned. That data is sent to the cloud and processed. Under certain circumstances, that data might result in an action initiated by the technology. You might periodically receive graphs that show your fitness trends and progress, or you might be sent an alert if your heart rate is too high.

    It’s not news that our world is increasingly reliant on these devices. In fact, predictions indicate that the market will grow another billion dollars by 2026. With such a major increase in new technologies, cybercriminals are likely to target IoT devices that experience security issues, as technologies in their infancy often do.

    While many of the most common IoT devices are personal or smart home devices, more and more businesses are taking advantage of IoT. Smart locks, connected security cameras, smart thermostats, smart lights, voice assistants, and more are appearing in the workplace. As more company information passes through these devices, more hackers may begin targeting them.

    The IoMT, or Internet of Medical Things, is a collection of medical devices and applications that can connect to healthcare IT systems using network technologies. Due to the valuable personal information available through IoMT, as well as IoMT’s unique security issues, it is especially likely that cybercriminals will target these devices.

    7. Deepfakes

    Deepfakes have been increasingly used against a variety of individuals and industries over the last several years. A deepfake is produced by artificial intelligence that takes an existing video, photo, or voice recording and manipulates someone’s image or voice to falsify their actions or speech. In fact, deepfakes have been popularly utilized in politics to make candidates appear to say or do something that damages their reputation.

    As it relates to businesses, experts predict that deepfakes will be used by cybercriminals to impersonate members of a company to gain access to important information. These “synthetic identities” can be used to commit fraud, as hackers create fake versions of real companies to lure in unsuspecting consumers. Deepfakes can also contribute to more advanced forms of phishing, allowing hackers to more convincingly impersonate CEOs and give harmful instructions to employees.

    8. Highly Developed Ransomware Attacks

    Ransomware has plagued businesses for several years now. Successful attacks have caused companies to lose millions of dollars in ransom payments, encouraging hackers to keep using and refining these attacks.

    According to a McAfee prediction report, the process by which attackers are able to purchase ransomware kits on the darkweb is becoming easier. Not to mention, the ransomware itself is becoming increasingly more sophisticated.

    The report also predicts that ransomwares will consolidate into fewer—but more powerful—ransomwares that will work in conjunction with one another. By working together in this manner, attackers become even more capable and pose greater threats to businesses. If attacked by these ransomware powerhouses, companies may experience even greater costs from downtime and recovery.

    9. Insider Threats

    Insider threats, or threats posed by employees, affect 34% of businesses around the world. These employees may be acting intentionally to hurt the company or accidentally, out of ignorance or negligence. As more employees move to remote work, which opens them up to additional risks, organizations should take extra precautions to curb insider threats.

    Fortunately, there are specialized tools available to combat insider threats. These tools can detect unauthorized logins, the installation of new apps on locked down computers, users with newly granted authorization access, and new devices on restricted networks. In addition, businesses should provide all employees with routine cybersecurity training to help prevent these mistakes before they’re ever made.

    10. API Vulnerabilities and Breaches

    An application programming interface (API) is an intermediary between applications. It determines how apps can interact with one another. APIs work behind the scenes in many everyday applications, from streaming services to social media, weather apps, instant messaging, and more.

    The security used for APIs is typically less advanced than web app security. This is true for most organizations. As a result, APIs are often not made accessible to the public or outside developers.

    Because so many companies are becoming more reliant on APIs, attacks on these systems—and the need for API security—should increase this year.

    Protect Your Business IT with Guardian Computer

    If this sounds like a full-time job—from staying informed about the latest computer security threats and cybersecurity trends, to identifying and prioritizing your business’ biggest risks, to addressing current threats and protecting against others before they ever reach your business—that’s because it is! And it’s a job our IT experts perform day in and day out, with over 100 years of combined experience in the tech solutions industry.

    Guardian Computer is a full-service IT provider. Whether you need help with a single IT project or want us to fully manage your IT, we have a wide range of services to meet your every need. We also provide both in-office and remote assistance. Even if you’re across the country from our homebase in New Orleans, we’re ready to hop on a plane to meet your needs, whatever and wherever they are.

    The IT solutions we offer are every bit as varied and sophisticated as the computer security threats facing business IT. To give you an idea of how we can help protect your organization, here is a small sample of our services:

    • Patch enabalation and vulnerability management to keep your systems up to date and protected.
    • System and SaaS backup so your data can be quickly and easily recovered in the event of a ransomware attack, natural disaster, or any other issue.
    • Installation of advanced antivirus and anti-malware to keep your systems secure.
    • Protection for all remotely used mobile devices with a full suite of security software, including a firewall, malware protection, and more.
    • Emergency response team availability in case of a data breach.

    For more information, check out our IT managed services as well as the IT solutions we offer to keep companies safe from computer security threats.

    Ready to talk to someone on our team? Contact us today to learn how Guardian Computer can protect your business!

    In 2017, the number of exposed records and data breaches reached an all-time high according to Statista. The 1,579 data breaches serve as a reminder that our accounts aren’t always as safe as we think they are! The simple “username and password” log-in approach can be compromised within minutes by skilled hackers. Even with your longest and complicated passwords! Your business needs an additional security layer that addresses the vulnerabilities of a standard password-only approach.

    What is Two Factor Authentication?

    Two Factor Authentication, commonly abbreviated, 2FA, is a method of securing online accounts through two means of authorization. In the case of two factor authentication, you’ll need two factors (or verifications) to successfully log in. This includes something you know, usually a password, and some other method of verifying your identity. This is usually a code sent via text or email. It’s essentially an extra layer of protection designed to ensure that you’re the only person who can access your account, even if someone else knows your password.

    Purpose of Two Factor Authentication

    An email or any other cloud-based application hack can cost a company thousands of dollars. Hackers aren’t reading your emails for fun. They’re going in to learn how your company works. They’re waiting to see how they can utilize that information to their own gain. Hackers can look through emails for private client information like bank account numbers, or personally identifying information. Once the hacker finds the information they need, they can steal huge amounts of money.

    Phishing scams, where fake but authentic-looking emails are used to steal information, are one of the easiest ways hackers can gain password information. When two factor authentication is used, it makes it considerably harder for a hacker to be successful in logging into the account.

    Even if the hacker is able to crack your password, they won’t be able to log into the account without access to your second factor. Some of the benefits of two factor authentication include improved security, reduction of fraud and theft, and the increase of productivity and flexibility.

    Security Solutions for You and Your Business

    The easiest and most common way to implement two factor is by receiving a text message with an access code every time you log into an account. But, no solution is 100% secure. Getting two factor authentication from text messaging does have some vulnerabilities. Specifically, it leaves you exposed if someone steals your smartphone or its SIM card.

    For businesses with high-security needs, hardware-based two factor authentication is the most secure option. Instead of typing in a passcode from a text message to log in, a physical security key has to be plugged into your device when prompted. This method is often used for highly sensitive systems used industries such as the financial and healthcare industries. Security keys can be found online for as low as $20 and are available for both desktop computers and mobile phones!

    Our Favorite Free 2FA Applications

    Many websites you use for business have some sort of two factor authentication built in such as Dropbox, Google Drive, Amazon, and Rackspace. To protect your other online accounts, there are apps specifically for providing two factor security. Our two favorite 2FA apps are Authy and Google Authenticator.

    • Authy simplifies using 2FA on your online accounts using your smartphone. It generates a code each time you open the app. You’ll have 20 seconds to log in after which Authy will generate a new code. It’s free, desktop and mobile-friendly, and available Windows, Mac, iOS, Android and Chrome.
    • Google Authenticator is a mobile-only app, so you’ll need to have your phone with you. This provides stronger security for your Google Account. A small authenticator is tied to a single device, you must manually change it in your Google settings when you switch phones.

    Personal Use of Two Factor Authentication

    We don’t just recommend this for businesses, it’s important to protect your personal accounts as well. Many of the social platforms that you use every day have options for enhancing security.

    Facebook, Pinterest, Snapchat, Instagram, LinkedIn, and Twitter all have options for two factor authentication. Go to the settings of your account, then scroll down to security. Each application has different options including the texting feature we’ve mentioned. Utilizing two factor authentication whenever possible will help to keep you safe online!

    John On Two Factor Authentication:

    Two factor authentication is only one step in security. There are many ways to keep yourself protected online, such as using secure cloud storage, secure online backup, and a VPN solution. We help our clients to ensure the security covers all of their users! Let’s chat about how we can improve your business security!

    Utilizing cloud technology can make a huge impact on the bottom line of your business.

    We’re talking about saving your time, your money, and staying safer in an emergency. Every business can get on board with that, right? Even though there are so many positives to using cloud technology, many businesses are hesitant to make the leap. This post is going to cover everything you’ll ever want to know about cloud computing as it relates to your business.

    First Things First, What is The Cloud?

    We’re sure you’ve probably heard of the cloud or cloud technology by now. Don’t worry, it’s not as intangible of a concept as it may sound. When working with tech companies, you’ll often hear the term “cloud” when talking about storing your data “in the cloud” or “working in the cloud”.

    Simply put, the cloud is the software and services that you can access from the Internet rather than locally on your computer. A great example of a cloud service is Google Drive. Instead of storing files on your desktop or laptop, you can create documents on Google Drive and access them from anywhere, on any device, so long as you’re signed into your account.

    The Main Uses For The Cloud

    In our experience, we see three main uses for the cloud, besides as a storage solution.

    • Software-as-a-Service (SaaS). For example, using Salesforce, Box, and Office 365 all use the cloud.
    • Infrastructure-as-a-Service (IaaS). This category includes services like Amazon Web Services and Microsoft Azure.
    • Platform-as-a-Service (PaaS). This includes services like Google App Engine, AWS PaaS, and Azure PaaS.

    What Are the Benefits of Using the Cloud?

    The benefits of switching to the cloud can be huge for your business! We know because we help our clients make the transition all the time. The major benefits of using the cloud break down into four categories: cost, power, recovery, and security.

    Cloud Technology Cost

    Using the cloud helps to remove or reduce the need for an upfront capital investment. That alone can be huge for a business! When using local servers, the costs of maintenance and management are often unpredictable. But, when you use the cloud, the cost of system upgrades, new hardware and software are usually included in cloud provider contracts. Plus, you get the option for services and storage just when you need it. This means you can pay as you go instead of investing all at once.

    This last one can be a huge help for small and medium businesses: no extra staff needed. An in-house expert on staff tends to be a high salary position. For big companies, they may need help to maintain servers, storage, and backup/recovery. But, honestly, there is rarely justification for keeping such a person since it doesn’t require a full-time person for a small or medium sized business.

    Capacity and Computing Power

    When using an in-house solution, you would need to buy more hardware each and every time you needed to increase storage. Now, with cloud technology, businesses of any size can tap into computing resources that were once only available to large corporations.

    Cloud computing allows practically unlimited data storage and processing power due to the pooling of computer resources. It provides on-demand scalability that corresponds to a company’s needs so as your applications grow, you can add as much storage, RAM and CPU capacity as needed. Cloud-based applications have the ability to automatically refresh and update, which saves you time and resources.

    Backup and Recovery

    Private cloud solutions include backups that offer an easier, less resource-intensive method to protecting your data. In fact, most cloud providers distribute backups between data centers to ensure access.

    When critical business information is saved on the computer or a server at your office it can be damaged in an emergency situation. In these cases, there is no guarantee that your data is able to be recovered. Utilizing cloud technology solves this problem.

    No matter the event, a natural disaster, power failure, or other crisis, the cloud services will provide quick data recovery. For example, having critical data stored in the cloud ensures it is backed up and protected in a secure and safe location. This allows companies to conduct business as usual, minimizing downtime and loss of productivity. When critical business information is saved on a computer or a server at your office it can be damaged in an emergency situation. In these cases, there is no guarantee that your data is able to be recovered.

    Enhanced Security

    Our cloud is fully managed and secure, which means your data is secure no matter where you access it from. The economies of scale which apply to computer resources also ensure that the best security measures can be put in place with high-level oversight from IT security experts.

    The key to this amped-up security is the encryption of data being transmitted over networks and stored in databases. By using encryption, information is less accessible by hackers or anyone else not authorized to view your data. As an added security measure, with most cloud-based services, different security settings can be set based on the user.

    How We Protect Our Clients In The Cloud

    While most people know that the cloud gives you a lot of flexibility, there are some security concerns if done improperly. We’ve seen concerns such as:

    • Theft of data from cloud infrastructures or applications.
    • Lack of a plan for GDPR Compliance.
    • Cloud providers using data centers in potentially unstable countries.
    • Advanced attacks against cloud infrastructure.

    At Guardian Computer, we protect the intellectual property, Protected Health Information (PHI), and sensitive data of our clients who use cloud technology. With over 50 years combined in the tech solutions industry, we bring our experience to the table. We help our clients avoid the pitfalls, know the right questions to ask a potential cloud provider, and ensure our clients have a comprehensive plan to migrate to the cloud.

    Questions You Should Ask A Potential Cloud Provider

    Not all cloud technology service providers are of the same caliber. We have a comprehensive list of questions you should ask before making any decisions on your cloud service provider.

    Transitioning To Using The Cloud

    At Guardian Computer, we help organizations understand how a migration to the cloud is different than what IT administrators are used to deploying in their legacy infrastructure environments. We want our clients to understand what they are getting into, how the process works and what they should expect.

    For example, often a business’s infrastructure needs to be upgraded to handle the stress and traffic of a full-scale migration to the cloud. We help organizations develop and execute a plan for the data migration including deciding which applications and datasets need to migrate to and what tools and technologies ease the migration process.

    Changing to the cloud can be challenging to start! But is more than worth it for the time and expense your business will save. Want to chat more about cloud technology? Let’s chat!

    The healthcare industry is incurring a higher rate of data breaches than any other industry.

    This makes HIPAA regulations of critical importance to doctors and healthcare organizations of every size. Patients (rightfully) demand it as a protection of their personal information. Not doing so, can cause a HIPAA Violation that can be exceptionally devastating to a business. Besides being an important step in protecting their patients, it’s also a great business practice to know how to keep data safe.

    Some small clinics may think that because there are larger organizations to keep an eye on, they wouldn’t get investigated. But, they may be surprised by just how many investigations are initiated by a single patient complaint.

    What is HIPAA Law?

    HIPAA is the Health Insurance Portability and Accountability Act. There are 5 major rules of the act that covers: privacy, security, transactions and code sets (TCS), unique identifiers, and Health Information Technology for Economic and Clinical Health (HITECH) enforcement.

    This act was created to develop a national standard of how medical professionals need to protect individuals’ medical records and other personal health info. Patients now have much more control over their health information. Boundaries have been set on the use and release of their health records. HIPAA violations are investigated by the U.S. Department of Health and Human Services in conjunction with the Office for Civil Rights.

    How Do HIPAA Violations Occur?

    Many people are surprised when we tell them that the single biggest threat is from inside of a healthcare organization. According to McAfee, insiders (including doctors, and other healthcare professionals) are responsible for 43 percent of data breaches. The Information Security Forum puts that number at 54 percent.

    These are not usually actions with malicious intent. Human error plays a significant role in data breaches. Here are two easily done HIPAA violations:

    • Lost or Stolen Devices – Laptops and mobile phones are easily lost or stolen. When the theft includes Protected Health Information (PHI) stored on the phone it becomes a HIPAA violation.
    • Texting Patient Information – When using standard texting software on your phone, it ’s too easy for information to be stolen by cybercriminals.

    More examples of human error resulting in data breaches include improper disposal of records, sharing of photos with patients on social media, and accessing patient information on home computers or public wifi networks.

    Who Does a HIPAA Violation Affect?

    When a HIPAA violation occurs, it is damaging for the doctor and the patient alike. Potential attackers will specifically target healthcare providers to obtain medical records, financial records, and intellectual property. This doesn’t just threaten the patient’s security. On average, medical identity theft victims pay $13,500 to resolve the issue.

    When the violation is reported and action is taken against the doctor or clinic, there is usually a significant fine. The fines are adjusted based on the severity of the violation but can range anywhere between $100 to $1.5 Million, and can even include prison time.

    Besides the fines, doctors can also be impacted by potential lawsuits, a disruption of care, damage to their reputation, and loss of patient’s trust.

    HIPAA Violation Fines

    The fines that doctors or clinics can receive for violating regulation are significant and can be highly destructive for their business. To determine the fine, the Department of Health and Human Services have created four tiers of severity.

    • Tier 1 – The least severe violation. In this tier, the violation was unknown, and would not have been known while exercising reasonable due diligence. These violations are often covered by cyber insurance. Cyber insurance is important to have because it’s usually excluded from professional liability insurance policies. Fines can range from $100 to $50,000.
    • Tier 2 – In this tier, the violation had a reasonable cause, but was not due to willful neglect. Negligence due to “sticking your head in the sand” automatically raises the violation to Tier 2. Fines can range from $1,000 to $50,000.
    • Tier 3 – When this violation occurred, it was due to willful neglect, but it was corrected within a reasonable time period. Fines in this category can range from $10,000 to $50,000.
    • Tier 4 – The most severe violations are in tier 4. This is when the violation was due to willful negligence and no attempts were made to correct the violation. The fines in this tier range from $50,000 up to $1.5 million with a potential jail sentence.

    Becoming HIPAA Compliant as Small or Medium Healthcare Organizations

    It is important for small and medium-sized organizations to understand they will never reach the perfect state of 100% compliant. It would simply be cost prohibitive to do so. What we do recommend is finding the biggest risks and solving those first. From there we advocate for building a clinic culture of compliance and ongoing education.

    This involves doing a full assessment, creating processes and procedures, educating employees and management, and using security applications and technology.

    How We Cover HIPAA Compliance

    When we start working a doctor or clinic, the first step is to do a comprehensive HIPAA security review. This is to determine their current state of compliance and any specific violations they may have already had. We tie each HIPAA rule to an assessment question, then we rank the likelihood, impact, and risk of not being in compliance with that rule.

    Some of the Questions We May Ask our HIPAA Compliance Clients are:

    • Does your organization control access to electronic PHI and other health information by using encryption/decryption methods to deny access to unauthorized users?
    • Do employees ever leave an unlocked computer alone in a room with an unauthorized employee or patient?
    • Can employees identify potential ransomware? If so, do they know what to do with it?
    • Do employees know how to use their phone and computer in a HIPAA compliant manner when using public or hotel Wi-Fi?

    Benefits of HIPAA Compliance Assessment

    For each rule, we share with our client solutions for ensuring their compliance. Which includes improving their processes, procedures, education, and technology. This, in turn, helps a clinic to make more informed decisions on where to focus their efforts and resources with remediation.

    For example, those two HIPAA violations we mentioned above both have quick fixes to prevent the violation. We would password protect and encrypt most devices like phones and laptops. Then, we would also install encryption for texting to allow safe communication of PHI.

    Going through an assessment like ours can lessen the penalties associated with violations. Generally, when you have an assessment and a plan in place, you can keep a violation in tier 1, the least severe.

    How to Prevent a Violation

    According to the Ponemon Institute’s Annual Study on Medical Identity Theft, 68% of patients aren’t confident in the measures taken to protect their medical records. It’s important not only for the patient but the clinic too, that each and every staff member knows their role in HIPAA compliance.

    With only 33 percent of healthcare providers believing they have sufficient resources to prevent a data breach, education is critical. We always advocate that our clients focus on education and training. Ensuring that the office staff understands their role in HIPAA compliance is a critical part of protecting their patients’ medical records. It takes a commitment to make internal training a priority and continuing to educate the staff of the proper processes and procedures.

    Since we are considered business associates to our healthcare clients, we are required to be HIPAA compliant as well. We practice what we preach with constant HIPAA training along with reviewing and updating our processes and procedures. To make sure your business is kept safe too you must have plans set in advance.

    The Five Security Tests We Use In HIPAA Compliance Audits

    We always perform five tests when helping clients become HIPAA compliant. Learn more about these necessary tests!

    Staying HIPAA compliant is a critical move all doctors and clinics need to do. It keeps your patient’s information safe and keeps your business safe from hefty fines. These regulations are also good business practices for ensuring every staff member is on the same page and takes their position seriously.

    Interested in your company’s HIPAA compliance? Let’s chat.

    Create an emergency preparedness plan for your business

    When disaster strikes, the last thing you should be worried about is how it will affect your business.

    As a New Orleans IT firm, we can tell you from experience that when a natural disaster occurs, your people and your family come first. Making sure your business and IT systems have a clearly defined emergency preparedness plan ready in case of any extreme event saves you time, money, and heartache after it’s done. As our IT disaster preparedness expert Charles Andrews (Andy) says, “the biggest problem is the one you aren’t prepared for.”

    Read on to learn why you need a disaster preparedness plan and to download our FREE checklist!

    Who Needs To Be Prepared For A Disaster?

    Different areas of the US are more or less likely to have significant weather events that can cause an IT disaster. We’re in the heart of hurricane country, but events like tornadoes, earthquakes, and wildfires can be disastrous for businesses all over the country.

    But, no business can afford to ignore creating an emergency preparedness plan. Even if your business is located in an area that doesn’t often see natural disasters there are still vulnerabilities. Anything from fire, gun violence, and terrorism can affect a business, their people, and their data.

    Every potential disaster comes with its own set of challenges, but, we strongly feel that it’s better to be prepared for the unexpected than it is to do damage control after it happens. We believe every business needs an IT disaster plan to be integrated into their overarching disaster plan that should address their people, processes, and technology.

    The First Thing A Business Should Do:

    First things first, you need to know your risks. Doing a risk assessment lets you know the potential impact to your business of not being prepared. In our experience the biggest issues are:

    • The business has no emergency preparedness plan in place.
    • The business has a plan but doesn’t fully cover all three prongs (people, process, and technology).
    • The plan relies on the wrong technology or relies on recovering data in a way that isn’t in line with actual IT capabilities.
    • The plan is untested, or not fully tested.

    It’s critical that your employees know their role in preparing your business for potential disasters. We often see coastal businesses focus on hurricane preparedness but neglect planning for other unexpected disasters.

    Disaster Affects Every Aspect Of Your Business

    When a disaster hits, very little is untouched. There are the obvious issues with the loss of sales or income from the business being down. You can also find revenue delayed if there is a disruption in the supply line, or your customers were likewise affected by the disaster. Plus, you may find yourself with a lack of cash flow as you wait for insurance to kick in.

    But, it’s not just a money waiting game. You’ll likely have increased expenses from cleaning up, purchasing new equipment, recovering damaged inventory, and paying overtime if necessary. You could also experience contractual penalties if you have a major contract as a vendor or supplier. Delays in providing your product or service could breach a contractual agreement.

    What’s The Biggest Weakness When A Disaster Hits?

    Any physical part of your business that can be affected is going to be a huge problem. From our experience, we’ve found that the weakest link is having critical IT systems on physical servers in the office. If you have any critical applications or data saved only on a local server, you need to take the physical machine with you when you evacuate.

    If that server is damaged by any physical attack (fire, water, even terrorism) it can be devastating for a business. We have even seen simple events like a hardware failure, electrical surge, and accidental user deletions make physical servers extremely problematic.

    What About Data Recovery?

    Although data recovery is possible, you’d be depending heavily on luck! It’s not as simple as restarting your computer. There is usually a significant expense and time used to recover data after a disaster if no other backup is used.

    What You Should Do Instead

    We firmly believe that you shouldn’t have a physical server on-site that houses your critical systems. Andy says that off-site backups are by far the best step to take when protecting business data. For such a significant safety measure, off-site backups are an easy and inexpensive process to implement.

    Keep It In The Cloud

    Utilizing the cloud makes off-site backups easy. Systems are stored in specialized facilities (or data centers) and most data centers have off-site redundancy. This means your information is stored on multiple servers in different locations, which makes sure that your data is safe even if one server goes down.

    This is also important for businesses with multiple office locations. Having multiple servers can be a huge risk if a disaster hits. In order to protect your data, you would need to set in place failover options between locations, which can be expensive to implement. Plus, these systems need to be constantly monitored and routinely tested to ensure that they’re working. Instead of having a server down in one area affecting all the others, using the cloud eliminates a lot of challenges.

    We Know From Experience

    Over 10 years ago, Hurricane Katrina forced us to put our own emergency preparedness plan into action. We had to take our servers with our critical systems with us, which taught us just how important it is to use the cloud. Those precious hours you have to prepare need to be spent on family and your own personal belongings, not hauling servers. After Katrina, we became early adopters of cloud technology, and we’ve used it ever since. We store everything in the cloud including all of our client documentation, automated monitoring systems, and service call systems.

    Our Emergency Preparedness Plan

    When hurricanes threaten our area, we start implementing our plan early. Our emergency preparedness plan includes two different teams. One team assists our clients who are disaster preparing, and the other focuses on our business. We all know our own roles and we practice year-round to keep us fresh and ready or any unexpected disasters.

    We have created specialized programs that monitor our clients’ IT systems and often correct any hiccups before they become problems. This way, much of our work can run on auto-pilot for a short period of time if necessary.

    Also, we use hosted VOIP phone system and online chat. This allows us to stay in contact with our clients and our team without relying on cell service, landlines or other local systems. Lastly, we have a prearrangement with technical resources outside our own company. This 3rd party service can handle our client requests while we are in crisis mode taking care of our own families.

    FREE Disaster Preparation Checklist

    We know just how important it is to keep your business safe. Download our emergency disaster checklist to make sure you’re prepared if disaster strikes.

    A disaster can hit anywhere at any time. We know your first priority is keeping your people and your family safe through the storm. To make sure your business is kept safe too you must have your emergency preparedness plan set in advance.

    Interested in your company’s risk in a disaster situation? Let’s chat.