Cyber criminals have started targeting a new demographic within recent years: travelers. When preparing for a trip, cyber security is probably the last thing on your mind. However, not taking cyber security into account while traveling puts both vacationers and business travelers at a higher risk for a cyber attack while away from home.

Whether you find yourself waiting at an airport, working from a hotel room, or taking a road trip with your family, you should always consider the best cyber security practices for travelers. Ready to bring cyber security to the forefront of your travel plans? Follow our expert tips to help protect your data and digital devices while away from home.

Cyber Security Risks for Travelers

When people travel, they often think about everything but cyber security. You have to pack, make arrangements for house sitting, and plan for transportation, lodging, meals, activities, and more. But why isn’t device security also a top priority for travelers?

Traveling puts you in an unfamiliar environment where you often have less control over your surroundings, including your digital environment. You’re busy and distracted, and it’s easier to do what’s most convenient, even if it’s not as safe.

Not only do travelers often engage in risky behaviors, such as connecting to public Wi-Fi, but they also keep a huge amount of valuable data close at hand. Most people carry their smartphones with them wherever they go, and laptops are a necessity for today’s traveling business professionals. Travelers also often carry passports, credit card information, lodging details, and more.

Cyber criminals are taking advantage of these circumstances. Transportation was the second-highest industry for cyber attacks, according to the 2019 IBM X-Force Threat Intelligence Index.

5 Best Cyber Security Practices for Travelers

The key to maintaining cyber security is to be vigilant about both the physical and digital safety of your devices, whether you’re at home or away. With a little effort and planning, you can follow these 5 best cyber security practices for travelers.

1. Be Cautious of Public Wi-Fi

The easiest way to keep from getting hacked is to limit public access to your phone. By simply not tapping into a public Wi-Fi network, you become the first line of defense to your own resources.

While public Wi-Fi is convenient and appealing for most travelers, these networks can put users at a higher risk for a cyber attack. Be vigilant when sleuthing out an encrypted network. Don’t shy away from asking hotel management questions about their cyber security in place for guest users.

Even private Wi-Fi networks hosted by hotels and other hotspots for travelers are susceptible to cyber attacks, since hackers know that there will be many people there. Hotel News Now reports that the Marriott International and the Drury Hotel were among the many establishments to suffer a data breach in the last two years. Millions of people had their contact information and credit card numbers stolen as a result.

Take precautions when accessing any networks while you’re away from home. If you decide to use public Wi-Fi, avoid logging into personal accounts that contain private data or accessing sensitive company information. If possible, always use public Wi-Fi with a VPN for added security.

2. Keep Your Tech Locked Up

One of the best cyber security practices for travelers is actually one of the easiest: lock up your tech! This advice considers two key parts of your tech’s security: its physical safety and its digital safety.

Physical Safety for Devices

Make sure all of your devices are securely fastened within your luggage. Be wary of slipping your phone into a side pocket, as it’s easy for someone to reach in and grab it. While you want to be able to access your devices easily, you don’t want to put them at risk for theft or unauthorized use.

Consider placing any phones, tablets, or laptops in zipper-close, opaque pockets and purchasing a backpack lock. An electronic organizer could be beneficial for keeping all of your electronic devices in one place and keeping you from digging through your luggage in a pinch.

Digital Safety for Devices

You also need to digitally limit an unknown user’s access to your devices. A vital step in protecting your privacy is to have some form of authentication for each device, if not two-factor authentication for even greater security.

Luckily, cellphones and computers typically have built-in authentication programs. These include Apple’s Touch ID feature, as well as the facial recognition features available on iPhones and some Android devices.

Even if your devices don’t have these specific features, there are several options for digital protection. Set an alphabetic, numeric, or patterned code to limit the access to your phone or tablet. Always create strong passwords for your computers and digital accounts.

Password Tips

Here are a few tips to help you come up with stronger passwords:

• The longer, the better. A lengthy password can better protect your device or account. If possible, the ideal password will be at least 15 characters.
• Use a mixture of characters. Try using a combination of lowercase and uppercase letters, numbers, and symbols. Some devices or accounts require you only use certain special characters, so keep these rules in mind.
• Don’t go the easy route. Avoid commonly used phrases, recognizable words, or any personally identifying information, such as your birthday or child’s name. Most hackers can do a quick social media search to find this information and play the guessing game when it comes to figuring out your password.
• Consider using a password generator. This will contribute to the randomness of the password, making it more difficult to crack. Password managers often include password generator features, while also giving you a place to securely store these hard-to-remember passwords.

3. Disable Risky Features

Several of the features that may help you at home carry different risks on the road. As such, one of the best cyber security practices for travelers involves disabling these risky features during trips.

Auto Connect

Even if you decide to use public Wi-Fi, make sure you disable the auto connect capabilities on your devices. While auto connect is a convenient feature when using the internet at your house, it’s good practice to require a manual connection whenever a device has access to public Wi-Fi. This gives you the opportunity to investigate a public network before choosing whether or not to connect to it.

Bluetooth Connectivity

Most devices have Bluetooth capabilities, yet many users are unfamiliar with exactly how Bluetooth works. While you’re thinking the Bluetooth feature is a great way to connect all of your devices together, a hacker sees it as an entryway into your phone or computer. Similar to the auto connect feature, Bluetooth connectivity is perfectly fine when you’re using all of your devices at home. However, when you’re traveling, it’s best to consider limiting Bluetooth usage and turn it off when not in use.

Location Sharing

It’s understandable that you may want your loved ones to keep tabs on you while you’re traveling. Maybe you just want to give your family and friends a peek into your on-the-road adventure. Although it is becoming commonplace to share your location through your phone or computer, it might not be the best cyber security practice while traveling.

Weigh the costs when sharing your location. This feature opens you up not only for a cyber attack, but also a physical one. Criminals can get information on where you are and where your hotel room is, leaving you vulnerable to theft or a physical attack. Limiting the amount of location sharing you do while traveling is an important step to keeping you and your belongings safe.

4. Install Antivirus Protection

This may seem like an obvious suggestion, but it can be all too easy to overlook in the hustle and bustle of preparing for a trip. Antivirus software is an added layer of defense that helps protect your device at all times, even while you’re away from home.

Evaluate the most powerful antivirus softwares on the market when making your decision. If you’ll be bringing work devices on a trip, check in with your company about providing antivirus software. Keep your devices up to date with the latest features from their antivirus software, and install any updates before leaving home.

5. Update Device Software Before You Go

No matter if you’re bringing a smartphone, tablet, or laptop, you want to keep the most current version of your software updated before heading out for your trip. Some devices are programmed to update once connected to a Wi-Fi network, which means your device would try to download new software the moment you connect to a public network outside of your home.

First, if possible, disable this feature to prevent any software updates over a public connection. This allows you to maintain more control over your device and prevent unwanted access. Next, install new versions of software at home before you leave for your trip.

If you are unable to do this, stop any software downloads before they start and wait until you return home to complete installation. A word of caution: not installing the most recent version of software onto your device might cause performance issues until the device is updated. You want your time away from home to be easy and effortless, and an update could strongly improve your experience with your devices.

Get the Best Cyber Security Anywhere with Guardian Computer

Whether your business needs IT services on premises or for remote workers, Guardian Computer is here to help. From cyber security to network configuration, cloud management, regulatory compliance, help desk support, and much more, our experts are available for one-off projects as well as ongoing management, maintenance, and support.

Get in touch with us today to learn more about the advanced protection, strategic digital transformation, and friendly IT support we provide.

Are you devoting enough resources to your organization’s cybersecurity? For many, cybersecurity is one of the most neglected areas of IT budgeting. In ISACA’s State of Cybersecurity 2019 report, 55% of respondents planned to increase their cybersecurity budget over the next year. Even more (60%) indicated their cybersecurity is underfunded.

As a healthcare professional, you know how important it is for patients to balance high-quality care with affordable healthcare costs. This balance also applies to IT services for doctors. Whether you’re streamlining HIPAA compliance with digital technology, or negotiating coverage and quality with insurance companies, you are aware of the constant juggling of cost and security in your industry.

Though often underfunded, cybersecurity is one of the most important aspects of any healthcare organization’s IT needs. When weighing IT services for doctors, physicians and surgeons need to know which security measures are indispensable in order to make the most of their budget.

Keep reading to learn more about the biggest security risks in healthcare today and 6 cybersecurity services and technologies to prioritize with your IT spending.

How Due Diligence Assessment and IT Services for Doctors Improve Purchasing Decisions

Attainia reports that hospitals spend an average of $93 billion per year on medical technologies and their related services, making this a major annual expense to consider. Healthcare professionals know the value of efficient, reliable equipment: it sets the pace of productivity and can help set the standard for quality service when handling patients.

Medical technology is an ever-growing field, where the phrase “the newer, the better” frequently applies. However, investing in brand-new medical equipment and software also comes at a heavy price.

Hospitals and medical practices are constantly battling the cost of their sophisticated medical equipment. Further, more advanced medical technologies also typically require more management and support from IT professionals, increasing their cost in the long term.

Not only that, but healthcare organizations also must maintain the hardware (including everything from computers to keyboards), software (such as Microsoft Windows or Mac operating systems), network, and internet connection required to run their equipment and daily operations.

Fortunately, managed IT services for doctors or a due diligence assessment can help identify your biggest tech-related risks and opportunities. By allowing technology experts to evaluate the entirety of your IT, you can gain the insight necessary to determine:

• Is it better to invest in a new piece of equipment or upgrade your existing tech?
• How much maintenance will any given technology require?
• How long will this new solution last? What is its lifespan?
• Will this technology integrate with your existing systems?
• Does this technology meet or exceed all compliance requirements?
• Where could IT deliver the biggest gains to your productivity, efficiency, and revenue?
• If neglected, which of your IT systems are most likely to cause issues? Which have the potential to cause the biggest crises?

With an informed assessment of these competing concerns, you can efficiently prioritize your IT needs and spending. For many healthcare organizations, cybersecurity is a main area requiring additional investment.

Why Medical Technology and Operations Require More Cybersecurity

Across industries, cybersecurity is often a hard sell because it is an investment that doesn’t produce direct revenue in return. For healthcare organizations juggling the significant costs of medical equipment and technology, the temptation to skimp on cybersecurity is even greater.

But as cybersecurity threats to businesses grow in number and sophistication, hospitals and medical practices can no longer afford to overlook their cybersecurity. In addition to the financial, operational, and publicity risks associated with cyberattacks, healthcare organizations must also contend with potentially devastating HIPAA violations.

Not only that, but hospitals and physicians’ offices are increasingly relying on technology, from cloud-based data management systems, to compliance software, to advanced medical tech. Avoiding cyberattacks and other disruptions can help keep your institution—and the technology it depends on—running smoothly.

Stolen Healthcare Data

The creation of electronic health records has made communication between hospitals, healthcare professionals, and insurance agencies easier and more efficient. However, the quick expansion of digital recordkeeping has also produced a great threat to the healthcare industry as a whole.

Medical software contains protected health information (PHI), such as patients’ birthdates, social security numbers, home addresses, and private medical data. Given the massive amount of sensitive information they handle on a regular basis, industries like healthcare and financial services are major targets for cyberattacks.

HIPAA Violation Costs

When medical facilities face a data breach, public morale isn’t the only issue they have to worry about. HIPAA has strict guidelines when it comes to network security. If found negligent or non-compliant, you could face charges up to $50,000 per violation—or, even worse, criminal legal action.

Healthcare organizations are held liable when a data breach occurs, and the resulting HIPAA fines could cost your facility millions of dollars. When patient information is compromised, lawsuits and settlements add even more to your costs.

System Shutdowns

Healthcare organizations may have to shut down their IT systems if faced with a threat to security. Without access to patient medical histories or full use of medical equipment, hospitals and physicians’ offices are left with little choice but to close until the threat is resolved and all systems are brought back online.

For smaller medical facilities, it’s not uncommon for it to take a full day to recover from a system shutdown and get operations up and running again. This leaves your facility vulnerable to theft and your patients unable to receive care, ultimately resulting in a loss of trust and business.

It only takes a single cyberattack to bring down a slew of serious consequences. As the risks continue to grow, it is critical to invest in proper cybersecurity and other IT services for doctors to protect their medical practices and healthcare organizations.

6 Cybersecurity Needs to Prioritize in Your IT Budget

When developing an IT budget for your healthcare organization, cybersecurity should be a top concern. While cybersecurity is an additional cost to consider, the many costs of falling victim to a cyberattack are much greater. To get started, there are 6 cybersecurity services and technologies we recommend factoring into your budget:

1. IT Due Diligence Assessment

Understanding your needs is vital when allocating funds. An IT due diligence assessment compounds your facility’s standards with a clear assessment of your IT infrastructure, systems, personnel, and processes.

Conducted by IT experts, this full-scale appraisal helps you evaluate the assets you have, determine what you need, and spot security vulnerabilities. With this information, you can develop informed priorities for your IT projects and spending.

2. Employee Cybersecurity Education

Employees are often the first line of defense against a cyberattack, making it always important to devote time and resources to proper cybersecurity education for everyone at your organization. In particular, if your hospital or medical practice is strapped for resources, spreading knowledge and awareness about cybersecurity throughout the entire team is an expense that has wide-ranging benefits.

Often, employees will fail victim to social engineering and expose your network to cyber threats. From simply teaching staff not to open links or attachments from strange emails, to conducting cyberattack practice drills with follow-up education for any missteps, cybersecurity training can thwart a substantial number of threats.

Cybersecurity education can also help support security practices you already have in place. For instance, even if you require longer passwords with numbers, uppercase and lowercase letters, and special characters, your employees may still unknowingly use unsecure practices. They might reuse passwords for multiple accounts, share passwords with others in plain text, leave their password on their desk written on a sticky note, or incorporate information that can easily be guessed in passwords.

Once employees understand the risks and their role in keeping your organization safe, they are much more willing and able to commit to secure practices. When everyone at your hospital or physicians’ office can share this responsibility and knowledge, you greatly increase your security.

3. Antivirus Software

The right antivirus software can make or break an organization. It helps prevent cyberattacks from bots, worms, spyware, and viruses. It fortifies your office computers against network vulnerabilities. Also, it alerts users to potential threats in real time, allowing for faster detection and response.

These capabilities make antivirus software a critical component of your threat detection capabilities, network security, and HIPAA compliance. Moreover, in a time when many employees have had to transition to working from home, antivirus software is an important security measure that can be extended to remote devices.

For medical facilities and hospitals, you want antivirus software that can support multiple users and devices while still maintaining network security. A good antivirus program should also have a recovery feature that will remove an unwanted invasion of your network. This software should have ongoing internet access and be updated regularly for best performance.

4. Database Encryption

Database encryption is an extremely useful tactic for protecting your sensitive information from unauthorized access. Any data stored in your database becomes encrypted, rendering it meaningless to any hackers who manage to access it. When cybercriminals realize your database is encrypted, it can sometimes be enough to keep them from ever trying to attack in the first place.

One way to implement database encryption is to make documents password protected, using complicated passwords to secure documents. With proper cybersecurity education, employees can make this tactic even more effective by creating strong passwords and using safe password practices.

5. Recovery Planning

When all preventative measures fail, your IT should have a recovery plan already in place and tested. Many times, organizations become so focused on stopping attacks from happening that they skip this crucial step.

Your recovery plan should include a designated budget to cover the anticipated costs of a cyberattack. This allows you to act quickly, without having to negotiate or wait for approval before receiving funding. You should also create an action plan, so everyone in your healthcare organization understands their roles and responsibilities in the event of a cyberattack and potential system shutdown.

In the meantime, regularly backing up your data is an important part of building a solid foundation for your recovery plan. This allows you to restore your data quickly, so patients have access to their medical records and you can resume your daily operations.

6. Cybersecurity Managed Services

The first rule of efficient budgeting is to maximize your fixed expenses. It’s dangerous for a budget to have too many fluctuating costs. By outsourcing IT services for doctors’ offices and healthcare facilities, you can take advantage of a fixed expense that adds specialized protection to your network while controlling costs.

Physicians, surgeons, hospital administrators, and healthcare professionals of all kinds have enough on their plates. By finding an IT and cybersecurity provider you trust, you can leave your tech issues to the experts. They should be able to provide ongoing monitoring, evaluation, and support for your systems, so they can fix vulnerabilities before they can be exploited, keep your systems protected and running smoothly, and make sure you’re prepared for the possibility of an attack.

There are many benefits to outsourcing your IT. You gain access to a wide variety of technology experts, who have the world-class tools and expertise to keep your systems secure and meet your IT goals. In addition to keeping your systems up to date, IT support is just a phone call, email, or chat away whenever you experience a tech issue or possible security threat.

Cybersecurity and IT Services for Doctors from Guardian Computer

It’s a tough feat to balance cost and security when assessing IT services for doctors’ offices and hospitals. Outsourcing offers a solution to the problems of unexpected IT issues and expenses, uninformed prioritizing, and overlooked or underfunded cybersecurity.

With Guardian Computer, you can trade downtime for peace of mind. Test out our services with a one-time IT due diligence assessment, so you can see what we find and make an informed decision about how to proceed. If we’re a good fit, you can hire us to complete specific IT projects or fully manage your IT. Just this year, we proudly achieved a place in the 2020 Channel Futures MSP 501 rankings for managed service providers!

Give us a call at 504-457-0005 or contact us online today to discuss a personalized IT plan that best suits the needs of your healthcare facility.

The healthcare industry is incurring a higher rate of data breaches than any other industry.

This makes HIPAA regulations of critical importance to doctors and healthcare organizations of every size. Patients (rightfully) demand it as a protection of their personal information. Not doing so, can cause a HIPAA Violation that can be exceptionally devastating to a business. Besides being an important step in protecting their patients, it’s also a great business practice to know how to keep data safe.

Some small clinics may think that because there are larger organizations to keep an eye on, they wouldn’t get investigated. But, they may be surprised by just how many investigations are initiated by a single patient complaint.

What is HIPAA Law?

HIPAA is the Health Insurance Portability and Accountability Act. There are 5 major rules of the act that covers: privacy, security, transactions and code sets (TCS), unique identifiers, and Health Information Technology for Economic and Clinical Health (HITECH) enforcement.

This act was created to develop a national standard of how medical professionals need to protect individuals’ medical records and other personal health info. Patients now have much more control over their health information. Boundaries have been set on the use and release of their health records. HIPAA violations are investigated by the U.S. Department of Health and Human Services in conjunction with the Office for Civil Rights.

How Do HIPAA Violations Occur?

Many people are surprised when we tell them that the single biggest threat is from inside of a healthcare organization. According to McAfee, insiders (including doctors, and other healthcare professionals) are responsible for 43 percent of data breaches. The Information Security Forum puts that number at 54 percent.

These are not usually actions with malicious intent. Human error plays a significant role in data breaches. Here are two easily done HIPAA violations:

• Lost or Stolen Devices – Laptops and mobile phones are easily lost or stolen. When the theft includes Protected Health Information (PHI) stored on the phone it becomes a HIPAA violation.
• Texting Patient Information – When using standard texting software on your phone, it ’s too easy for information to be stolen by cybercriminals.

More examples of human error resulting in data breaches include improper disposal of records, sharing of photos with patients on social media, and accessing patient information on home computers or public wifi networks.

Who Does a HIPAA Violation Affect?

When a HIPAA violation occurs, it is damaging for the doctor and the patient alike. Potential attackers will specifically target healthcare providers to obtain medical records, financial records, and intellectual property. This doesn’t just threaten the patient’s security. On average, medical identity theft victims pay $13,500 to resolve the issue.

When the violation is reported and action is taken against the doctor or clinic, there is usually a significant fine. The fines are adjusted based on the severity of the violation but can range anywhere between $100 to $1.5 Million, and can even include prison time.

Besides the fines, doctors can also be impacted by potential lawsuits, a disruption of care, damage to their reputation, and loss of patient’s trust.

HIPAA Violation Fines

The fines that doctors or clinics can receive for violating regulation are significant and can be highly destructive for their business. To determine the fine, the Department of Health and Human Services have created four tiers of severity.

• Tier 1 – The least severe violation. In this tier, the violation was unknown, and would not have been known while exercising reasonable due diligence. These violations are often covered by cyber insurance. Cyber insurance is important to have because it’s usually excluded from professional liability insurance policies. Fines can range from $100 to $50,000.
• Tier 2 – In this tier, the violation had a reasonable cause, but was not due to willful neglect. Negligence due to “sticking your head in the sand” automatically raises the violation to Tier 2. Fines can range from $1,000 to $50,000.
• Tier 3 – When this violation occurred, it was due to willful neglect, but it was corrected within a reasonable time period. Fines in this category can range from $10,000 to $50,000.
• Tier 4 – The most severe violations are in tier 4. This is when the violation was due to willful negligence and no attempts were made to correct the violation. The fines in this tier range from $50,000 up to $1.5 million with a potential jail sentence.

Becoming HIPAA Compliant as Small or Medium Healthcare Organizations

It is important for small and medium-sized organizations to understand they will never reach the perfect state of 100% compliant. It would simply be cost prohibitive to do so. What we do recommend is finding the biggest risks and solving those first. From there we advocate for building a clinic culture of compliance and ongoing education.

This involves doing a full assessment, creating processes and procedures, educating employees and management, and using security applications and technology.

How We Cover HIPAA Compliance

When we start working a doctor or clinic, the first step is to do a comprehensive HIPAA security review. This is to determine their current state of compliance and any specific violations they may have already had. We tie each HIPAA rule to an assessment question, then we rank the likelihood, impact, and risk of not being in compliance with that rule.

Some of the Questions We May Ask our HIPAA Compliance Clients are:

• Does your organization control access to electronic PHI and other health information by using encryption/decryption methods to deny access to unauthorized users?
• Do employees ever leave an unlocked computer alone in a room with an unauthorized employee or patient?
• Can employees identify potential ransomware? If so, do they know what to do with it?
• Do employees know how to use their phone and computer in a HIPAA compliant manner when using public or hotel Wi-Fi?

Benefits of HIPAA Compliance Assessment

For each rule, we share with our client solutions for ensuring their compliance. Which includes improving their processes, procedures, education, and technology. This, in turn, helps a clinic to make more informed decisions on where to focus their efforts and resources with remediation.

For example, those two HIPAA violations we mentioned above both have quick fixes to prevent the violation. We would password protect and encrypt most devices like phones and laptops. Then, we would also install encryption for texting to allow safe communication of PHI.

Going through an assessment like ours can lessen the penalties associated with violations. Generally, when you have an assessment and a plan in place, you can keep a violation in tier 1, the least severe.

How to Prevent a Violation

According to the Ponemon Institute’s Annual Study on Medical Identity Theft, 68% of patients aren’t confident in the measures taken to protect their medical records. It’s important not only for the patient but the clinic too, that each and every staff member knows their role in HIPAA compliance.

With only 33 percent of healthcare providers believing they have sufficient resources to prevent a data breach, education is critical. We always advocate that our clients focus on education and training. Ensuring that the office staff understands their role in HIPAA compliance is a critical part of protecting their patients’ medical records. It takes a commitment to make internal training a priority and continuing to educate the staff of the proper processes and procedures.

Since we are considered business associates to our healthcare clients, we are required to be HIPAA compliant as well. We practice what we preach with constant HIPAA training along with reviewing and updating our processes and procedures. To make sure your business is kept safe too you must have plans set in advance.

The Five Security Tests We Use In HIPAA Compliance Audits

We always perform five tests when helping clients become HIPAA compliant. Learn more about these necessary tests!

Staying HIPAA compliant is a critical move all doctors and clinics need to do. It keeps your patient’s information safe and keeps your business safe from hefty fines. These regulations are also good business practices for ensuring every staff member is on the same page and takes their position seriously.

Interested in your company’s HIPAA compliance? Let’s chat.