Security Archives | Guardian Computer

Top 10 Computer Security Threats to Business IT in 2020

No matter if you love technology, hate it, or fall somewhere in between, there’s no doubt it is becoming a bigger part of your life. Our digital world is expanding as more people work from home and more companies conduct their business online. But as our digital activity increases, so does criminals’ desire to take advantage of it, leading to new advancements in computer security threats and digital crime.

In the last few years, major companies across the globe have experienced cybercrimes ranging from data breaches, to unauthorized access of financial accounts, to digital impersonations of CEOs, and everything in between. From new online stores to established corporations, companies of all types, sizes, and industries are at risk.

Although cybercriminals are continuing to become smarter and more strategic, it’s also clear that many businesses aren’t putting up much of a fight when it comes to their cybersecurity. It’s up to you to protect your organization and make sure it’s investing in its security. It’s up to us, as IT experts, to provide you with the information, resources, and services necessary to help make that happen.

3 Major Trends for Computer Security Threats in 2020

Thinking about all the new and varied cyberthreats your company faces today can quickly feel overwhelming. Where should you begin, and how can you make sure you’re staying informed?

To get started, we’ve identified 3 major trends for computer security threats in 2020 that all businesses should be aware of, so you can watch out for them in whatever form they may take.

1. Disruption

Disrupting your business is a powerful way for cybercriminals to distract you, cost you time and money, bait you into making quick and unsecure fixes, or put you at their mercy. For instance, they can use premeditated internet outages to disrupt your organization, hampering business functions and employee productivity.

Cybercriminals can also cause disruption with ransomware attacks, which have increased in popularity over recent years. In these attacks, hackers gain access to information you need, either because it is necessary to run your business or because it is sensitive information you don’t want leaked. Either way, the hackers hold your data hostage and demand you pay a ransom to get it back.

2. Distortion

With the development of technology comes the development of bots and vehicles of misinformation. This could cause more members of the public to distrust the integrity of information they encounter. Or it could cause the opposite: people might mistakenly trust false information.

In either case, it’s often bad for business. It makes it difficult to communicate with consumers or maintain their trust, especially if cybercriminals have falsified information about you or impersonated you.

Hackers are distorting the data and technologies businesses use, too. For instance, criminals who hack into your company cloud might upload fake documents that instruct employees to move money into the hackers’ account or compromise your security even further.

3. Deterioration

The deterioration of a company’s complete control over its business practices can open it up to a variety of risks, which cybercriminals are quick to take advantage of. For example, more and more businesses are implementing AI to increase their efficiency. But if you deploy untested AI, it could lead to unexpected outcomes, including higher exposure to cybercrimes.

Rapid technological advancement can also mean new federal laws to regulate it, lessening companies’ control. Many expect that increases in surveillance laws could put corporations at risk of having their information exposed. Increased privacy regulations can prevent businesses from effectively monitoring employees, making it harder to identify any insider threats.

Top 10 Computer Security Threats to Prepare for in 2020

Strengthening your cybersecurity means being proactive and staying one step ahead of cybercriminals. This starts with identifying which threats are most likely to impact companies this year.

Browse our top 3 in the infographic below, or read on for more information about all top 10 computer security threats to prepare for in 2020.

1. Phishing Attacks

In a phishing attack, a hacker pretends to be someone you trust, such as your boss or your bank. Most commonly, the hacker emails you from a familiar—but slightly altered—email address.

Typically, the hacker emails you a link or attachment. They ask you to go to a website, log into your account, or enter your personal information, such as your Social Security or bank account number. In 2019, phishing was responsible for 32% of confirmed data breaches and 78% of all cybercrimes.

This year, cybercriminals have managed to create phishing schemes through companies’ cloud applications. Because of the crime’s relative newness and the implicit trust that employees have in their companies, cloud-based phishing is one of the top cybercrimes that companies need to look out for in 2020.

2. Cloud Jacking

Cloud jacking is the process by which cloud computing is infiltrated by a third party. Once a hacker gets into your company cloud, they may try to reconfigure the cloud code to manipulate sensitive data, eavesdrop on employees and company communications, and expand their reach to take control of the entire cloud.

As we mentioned earlier, cybercriminals will also use this as an opportunity to create phishing schemes. In these scenarios, cybercriminals upload fake memos, instructions, or other files to the company cloud. Employees, believing these materials are approved by the company, download the malicious files or follow the fake instructions.

This can result in everything from workers granting hackers greater company access, to releasing sensitive data, to even moving company funds into fraudulent accounts.

3. Network Perimeter and Endpoint Security

From traveling salesmen to equity investors, professionals who work remotely can be at risk from inadequate network perimeter and endpoint security. As more and more workers have had to switch to remote work in 2020, these security issues become bigger targets for hackers.

Remote work environments often lack many of the security measures put in place at your company’s workplace. With network perimeter and endpoint security, we are referring to measures that secure your computer network and its connections to various computers, phones, tablets, servers, databases, and more.

Mobile devices, which professionals often use to conduct business on the road, are often more exposed to phishing schemes because of the ways we interact with these devices. Fast-paced communications and interactions can make people more prone to click on links, playing right into phishing schemes. Experts predict that many data breaches will occur through telecommuters, mobile devices, and off-premises assets.

Even after COVID-related restrictions lift, many workers will not be returning to company offices. In the U.S., 59% of employees working from home during the pandemic say they prefer to work remotely. Some companies have already announced they are switching to a permanent remote workforce, making adequate network perimeter and endpoint security critically important for years to come.

4. Mobile Malware

It’s not just remote employees who use mobile devices for work. Many professionals are increasingly moving from desktops to laptops or smartphones for some or all of their work.

Mobile malware is a type of software used specifically on mobile devices for malicious purposes. As larger amounts of sensitive company data are being accessed and stored on mobile devices, mobile malware attacks are very likely to be one of the most pertinent cybersecurity threats this year.

5. 5G-to-Wi-Fi Security Vulnerabilities

As cyberattacks continue to become more and more sophisticated, attacks are likely to take place in newer digital spheres. In particular, we expect to see cybercriminals exploring ways to attack the 5G-to-Wi-Fi handover.

As 5G becomes more and more commonly used, wireless providers are handing off more calls and data to Wi-Fi networks in an attempt to save bandwidth. And because of this rapid growth in 5G, the technology used to protect this handover is not yet developed enough to fully protect the transition. This gives opportunities to cybercriminals to compromise these mobile devices.

Areas that are popular for professionals to perform mobile work—such as airports, cafes, and hotels—are hotspots for the 5G-to-Wi-Fi handover. This puts the voice and data information on these mobile devices at greater risk. And while these devices have built-in technologies that allow this transition to occur quietly and without notice, researchers have already found vulnerabilities in such technologies.

6. Internet of Things (IoT) Devices

Many everyday devices, such as fitness trackers, smart security systems, and even some in-car apps, are IoT devices. Simply put, these devices are used to communicate and exchange information over a network without requiring human involvement.

For instance, your fitness tracker collects information about your health and exercise, such as your heart rate, steps taken, and calories burned. That data is sent to the cloud and processed. Under certain circumstances, that data might result in an action initiated by the technology. You might periodically receive graphs that show your fitness trends and progress, or you might be sent an alert if your heart rate is too high.

It’s not news that our world is increasingly reliant on these devices. In fact, predictions indicate that the market will grow another billion dollars by 2026. With such a major increase in new technologies, cybercriminals are likely to target IoT devices that experience security issues, as technologies in their infancy often do.

While many of the most common IoT devices are personal or smart home devices, more and more businesses are taking advantage of IoT. Smart locks, connected security cameras, smart thermostats, smart lights, voice assistants, and more are appearing in the workplace. As more company information passes through these devices, more hackers may begin targeting them.

The IoMT, or Internet of Medical Things, is a collection of medical devices and applications that can connect to healthcare IT systems using network technologies. Due to the valuable personal information available through IoMT, as well as IoMT’s unique security issues, it is especially likely that cybercriminals will target these devices.

7. Deepfakes

Deepfakes have been increasingly used against a variety of individuals and industries over the last several years. A deepfake is produced by artificial intelligence that takes an existing video, photo, or voice recording and manipulates someone’s image or voice to falsify their actions or speech. In fact, deepfakes have been popularly utilized in politics to make candidates appear to say or do something that damages their reputation.

As it relates to businesses, experts predict that deepfakes will be used by cybercriminals to impersonate members of a company to gain access to important information. These “synthetic identities” can be used to commit fraud, as hackers create fake versions of real companies to lure in unsuspecting consumers. Deepfakes can also contribute to more advanced forms of phishing, allowing hackers to more convincingly impersonate CEOs and give harmful instructions to employees.

8. Highly Developed Ransomware Attacks

Ransomware has plagued businesses for several years now. Successful attacks have caused companies to lose millions of dollars in ransom payments, encouraging hackers to keep using and refining these attacks.

According to a McAfee prediction report, the process by which attackers are able to purchase ransomware kits on the darkweb is becoming easier. Not to mention, the ransomware itself is becoming increasingly more sophisticated.

The report also predicts that ransomwares will consolidate into fewer—but more powerful—ransomwares that will work in conjunction with one another. By working together in this manner, attackers become even more capable and pose greater threats to businesses. If attacked by these ransomware powerhouses, companies may experience even greater costs from downtime and recovery.

9. Insider Threats

Insider threats, or threats posed by employees, affect 34% of businesses around the world. These employees may be acting intentionally to hurt the company or accidentally, out of ignorance or negligence. As more employees move to remote work, which opens them up to additional risks, organizations should take extra precautions to curb insider threats.

Fortunately, there are specialized tools available to combat insider threats. These tools can detect unauthorized logins, the installation of new apps on locked down computers, users with newly granted authorization access, and new devices on restricted networks. In addition, businesses should provide all employees with routine cybersecurity training to help prevent these mistakes before they’re ever made.

10. API Vulnerabilities and Breaches

An application programming interface (API) is an intermediary between applications. It determines how apps can interact with one another. APIs work behind the scenes in many everyday applications, from streaming services to social media, weather apps, instant messaging, and more.

The security used for APIs is typically less advanced than web app security. This is true for most organizations. As a result, APIs are often not made accessible to the public or outside developers.

Because so many companies are becoming more reliant on APIs, attacks on these systems—and the need for API security—should increase this year.

Protect Your Business IT with Guardian Computer

If this sounds like a full-time job—from staying informed about the latest computer security threats and cybersecurity trends, to identifying and prioritizing your business’ biggest risks, to addressing current threats and protecting against others before they ever reach your business—that’s because it is! And it’s a job our IT experts perform day in and day out, with over 100 years of combined experience in the tech solutions industry.

Guardian Computer is a full-service IT provider. Whether you need help with a single IT project or want us to fully manage your IT, we have a wide range of services to meet your every need. We also provide both in-office and remote assistance. Even if you’re across the country from our homebase in New Orleans, we’re ready to hop on a plane to meet your needs, whatever and wherever they are.

The IT solutions we offer are every bit as varied and sophisticated as the computer security threats facing business IT. To give you an idea of how we can help protect your organization, here is a small sample of our services:

Patch enabalation and vulnerability management to keep your systems up to date and protected.
System and SaaS backup so your data can be quickly and easily recovered in the event of a ransomware attack, natural disaster, or any other issue.
Installation of advanced antivirus and anti-malware to keep your systems secure.
Protection for all remotely used mobile devices with a full suite of security software, including a firewall, malware protection, and more.
Emergency response team availability in case of a data breach.

For more information, check out our IT managed services as well as the IT solutions we offer to keep companies safe from computer security threats.

Ready to talk to someone on our team? Contact us today to learn how Guardian Computer can protect your business!

July 20, 2020/by Guardian Computer

Best Practices, Guardian Computer, Security

How Two Factor Authentication Can Save Your Business Money

In 2017, the number of exposed records and data breaches reached an all-time high according to Statista. The 1,579 data breaches serve as a reminder that our accounts aren’t always as safe as we think they are! The simple “username and password” log-in approach can be compromised within minutes by skilled hackers. Even with your longest and complicated passwords! Your business needs an additional security layer that addresses the vulnerabilities of a standard password-only approach.

What is Two Factor Authentication?

Two Factor Authentication, commonly abbreviated, 2FA, is a method of securing online accounts through two means of authorization. In the case of two factor authentication, you’ll need two factors (or verifications) to successfully log in. This includes something you know, usually a password, and some other method of verifying your identity. This is usually a code sent via text or email. It’s essentially an extra layer of protection designed to ensure that you’re the only person who can access your account, even if someone else knows your password.

Purpose of Two Factor Authentication

An email or any other cloud-based application hack can cost a company thousands of dollars. Hackers aren’t reading your emails for fun. They’re going in to learn how your company works. They’re waiting to see how they can utilize that information to their own gain. Hackers can look through emails for private client information like bank account numbers, or personally identifying information. Once the hacker finds the information they need, they can steal huge amounts of money.

Phishing scams, where fake but authentic-looking emails are used to steal information, are one of the easiest ways hackers can gain password information. When two factor authentication is used, it makes it considerably harder for a hacker to be successful in logging into the account.

Even if the hacker is able to crack your password, they won’t be able to log into the account without access to your second factor. Some of the benefits of two factor authentication include improved security, reduction of fraud and theft, and the increase of productivity and flexibility.

Security Solutions for You and Your Business

The easiest and most common way to implement two factor is by receiving a text message with an access code every time you log into an account. But, no solution is 100% secure. Getting two factor authentication from text messaging does have some vulnerabilities. Specifically, it leaves you exposed if someone steals your smartphone or its SIM card.

For businesses with high-security needs, hardware-based two factor authentication is the most secure option. Instead of typing in a passcode from a text message to log in, a physical security key has to be plugged into your device when prompted. This method is often used for highly sensitive systems used industries such as the financial and healthcare industries. Security keys can be found online for as low as $20 and are available for both desktop computers and mobile phones!

Our Favorite Free 2FA Applications

Many websites you use for business have some sort of two factor authentication built in such as Dropbox, Google Drive, Amazon, and Rackspace. To protect your other online accounts, there are apps specifically for providing two factor security. Our two favorite 2FA apps are Authy and Google Authenticator.

Authy simplifies using 2FA on your online accounts using your smartphone. It generates a code each time you open the app. You’ll have 20 seconds to log in after which Authy will generate a new code. It’s free, desktop and mobile-friendly, and available Windows, Mac, iOS, Android and Chrome.
Google Authenticator is a mobile-only app, so you’ll need to have your phone with you. This provides stronger security for your Google Account. A small authenticator is tied to a single device, you must manually change it in your Google settings when you switch phones.

Personal Use of Two Factor Authentication

We don’t just recommend this for businesses, it’s important to protect your personal accounts as well. Many of the social platforms that you use every day have options for enhancing security.

Facebook, Pinterest, Snapchat, Instagram, LinkedIn, and Twitter all have options for two factor authentication. Go to the settings of your account, then scroll down to security. Each application has different options including the texting feature we’ve mentioned. Utilizing two factor authentication whenever possible will help to keep you safe online!

John On Two Factor Authentication:

Two factor authentication is only one step in security. There are many ways to keep yourself protected online, such as using secure cloud storage, secure online backup, and a VPN solution. We help our clients to ensure the security covers all of their users! Let’s chat about how we can improve your business security!

December 14, 2018/by John

Best Practices, Security

Everything You Need To Know About Cloud Technology For Businesses

Utilizing cloud technology can make a huge impact on the bottom line of your business.

We’re talking about saving your time, your money, and staying safer in an emergency. Every business can get on board with that, right? Even though there are so many positives to using cloud technology, many businesses are hesitant to make the leap. This post is going to cover everything you’ll ever want to know about cloud computing as it relates to your business.

First Things First, What is The Cloud?

We’re sure you’ve probably heard of the cloud or cloud technology by now. Don’t worry, it’s not as intangible of a concept as it may sound. When working with tech companies, you’ll often hear the term “cloud” when talking about storing your data “in the cloud” or “working in the cloud”.

Simply put, the cloud is the software and services that you can access from the Internet rather than locally on your computer. A great example of a cloud service is Google Drive. Instead of storing files on your desktop or laptop, you can create documents on Google Drive and access them from anywhere, on any device, so long as you’re signed into your account.

The Main Uses For The Cloud

In our experience, we see three main uses for the cloud, besides as a storage solution.

Software-as-a-Service (SaaS). For example, using Salesforce, Box, and Office 365 all use the cloud.
Infrastructure-as-a-Service (IaaS). This category includes services like Amazon Web Services and Microsoft Azure.
Platform-as-a-Service (PaaS). This includes services like Google App Engine, AWS PaaS, and Azure PaaS.

What Are the Benefits of Using the Cloud?

The benefits of switching to the cloud can be huge for your business! We know because we help our clients make the transition all the time. The major benefits of using the cloud break down into four categories: cost, power, recovery, and security.

Cloud Technology Cost

Using the cloud helps to remove or reduce the need for an upfront capital investment. That alone can be huge for a business! When using local servers, the costs of maintenance and management are often unpredictable. But, when you use the cloud, the cost of system upgrades, new hardware and software are usually included in cloud provider contracts. Plus, you get the option for services and storage just when you need it. This means you can pay as you go instead of investing all at once.

This last one can be a huge help for small and medium businesses: no extra staff needed. An in-house expert on staff tends to be a high salary position. For big companies, they may need help to maintain servers, storage, and backup/recovery. But, honestly, there is rarely justification for keeping such a person since it doesn’t require a full-time person for a small or medium sized business.

Capacity and Computing Power

When using an in-house solution, you would need to buy more hardware each and every time you needed to increase storage. Now, with cloud technology, businesses of any size can tap into computing resources that were once only available to large corporations.

Cloud computing allows practically unlimited data storage and processing power due to the pooling of computer resources. It provides on-demand scalability that corresponds to a company’s needs so as your applications grow, you can add as much storage, RAM and CPU capacity as needed. Cloud-based applications have the ability to automatically refresh and update, which saves you time and resources.

Backup and Recovery

Private cloud solutions include backups that offer an easier, less resource-intensive method to protecting your data. In fact, most cloud providers distribute backups between data centers to ensure access.

When critical business information is saved on the computer or a server at your office it can be damaged in an emergency situation. In these cases, there is no guarantee that your data is able to be recovered. Utilizing cloud technology solves this problem.

No matter the event, a natural disaster, power failure, or other crisis, the cloud services will provide quick data recovery. For example, having critical data stored in the cloud ensures it is backed up and protected in a secure and safe location. This allows companies to conduct business as usual, minimizing downtime and loss of productivity. When critical business information is saved on a computer or a server at your office it can be damaged in an emergency situation. In these cases, there is no guarantee that your data is able to be recovered.

Enhanced Security

Our cloud is fully managed and secure, which means your data is secure no matter where you access it from. The economies of scale which apply to computer resources also ensure that the best security measures can be put in place with high-level oversight from IT security experts.

The key to this amped-up security is the encryption of data being transmitted over networks and stored in databases. By using encryption, information is less accessible by hackers or anyone else not authorized to view your data. As an added security measure, with most cloud-based services, different security settings can be set based on the user.

How We Protect Our Clients In The Cloud

While most people know that the cloud gives you a lot of flexibility, there are some security concerns if done improperly. We’ve seen concerns such as:

Theft of data from cloud infrastructures or applications.
Lack of a plan for GDPR Compliance.
Cloud providers using data centers in potentially unstable countries.
Advanced attacks against cloud infrastructure.

At Guardian Computer, we protect the intellectual property, Protected Health Information (PHI), and sensitive data of our clients who use cloud technology. With over 50 years combined in the tech solutions industry, we bring our experience to the table. We help our clients avoid the pitfalls, know the right questions to ask a potential cloud provider, and ensure our clients have a comprehensive plan to migrate to the cloud.

Questions You Should Ask A Potential Cloud Provider

Not all cloud technology service providers are of the same caliber. We have a comprehensive list of questions you should ask before making any decisions on your cloud service provider.

Download Here

Transitioning To Using The Cloud

At Guardian Computer, we help organizations understand how a migration to the cloud is different than what IT administrators are used to deploying in their legacy infrastructure environments. We want our clients to understand what they are getting into, how the process works and what they should expect.

For example, often a business’s infrastructure needs to be upgraded to handle the stress and traffic of a full-scale migration to the cloud. We help organizations develop and execute a plan for the data migration including deciding which applications and datasets need to migrate to and what tools and technologies ease the migration process.

Changing to the cloud can be challenging to start! But is more than worth it for the time and expense your business will save. Want to chat more about cloud technology? Let’s chat!

November 2, 2018/by John

Best Practices, Security

How To Avoid A Costly HIPAA Violation

The healthcare industry is incurring a higher rate of data breaches than any other industry.

This makes HIPAA regulations of critical importance to doctors and healthcare organizations of every size. Patients (rightfully) demand it as a protection of their personal information. Not doing so, can cause a HIPAA Violation that can be exceptionally devastating to a business. Besides being an important step in protecting their patients, it’s also a great business practice to know how to keep data safe.

Some small clinics may think that because there are larger organizations to keep an eye on, they wouldn’t get investigated. But, they may be surprised by just how many investigations are initiated by a single patient complaint.

What is HIPAA Law?

HIPAA is the Health Insurance Portability and Accountability Act. There are 5 major rules of the act that covers: privacy, security, transactions and code sets (TCS), unique identifiers, and Health Information Technology for Economic and Clinical Health (HITECH) enforcement.

This act was created to develop a national standard of how medical professionals need to protect individuals’ medical records and other personal health info. Patients now have much more control over their health information. Boundaries have been set on the use and release of their health records. HIPAA violations are investigated by the U.S. Department of Health and Human Services in conjunction with the Office for Civil Rights.

How Do HIPAA Violations Occur?

Many people are surprised when we tell them that the single biggest threat is from inside of a healthcare organization. According to McAfee, insiders (including doctors, and other healthcare professionals) are responsible for 43 percent of data breaches. The Information Security Forum puts that number at 54 percent.

These are not usually actions with malicious intent. Human error plays a significant role in data breaches. Here are two easily done HIPAA violations:

Lost or Stolen Devices – Laptops and mobile phones are easily lost or stolen. When the theft includes Protected Health Information (PHI) stored on the phone it becomes a HIPAA violation.
Texting Patient Information – When using standard texting software on your phone, it ’s too easy for information to be stolen by cybercriminals.

More examples of human error resulting in data breaches include improper disposal of records, sharing of photos with patients on social media, and accessing patient information on home computers or public wifi networks.

Who Does a HIPAA Violation Affect?

When a HIPAA violation occurs, it is damaging for the doctor and the patient alike. Potential attackers will specifically target healthcare providers to obtain medical records, financial records, and intellectual property. This doesn’t just threaten the patient’s security. On average, medical identity theft victims pay $13,500 to resolve the issue.

When the violation is reported and action is taken against the doctor or clinic, there is usually a significant fine. The fines are adjusted based on the severity of the violation but can range anywhere between $100 to $1.5 Million, and can even include prison time.

Besides the fines, doctors can also be impacted by potential lawsuits, a disruption of care, damage to their reputation, and loss of patient’s trust.

HIPAA Violation Fines

The fines that doctors or clinics can receive for violating regulation are significant and can be highly destructive for their business. To determine the fine, the Department of Health and Human Services have created four tiers of severity.

Tier 1 – The least severe violation. In this tier, the violation was unknown, and would not have been known while exercising reasonable due diligence. These violations are often covered by cyber insurance. Cyber insurance is important to have because it’s usually excluded from professional liability insurance policies. Fines can range from $100 to $50,000.
Tier 2 – In this tier, the violation had a reasonable cause, but was not due to willful neglect. Negligence due to “sticking your head in the sand” automatically raises the violation to Tier 2. Fines can range from $1,000 to $50,000.
Tier 3 – When this violation occurred, it was due to willful neglect, but it was corrected within a reasonable time period. Fines in this category can range from $10,000 to $50,000.
Tier 4 – The most severe violations are in tier 4. This is when the violation was due to willful negligence and no attempts were made to correct the violation. The fines in this tier range from $50,000 up to $1.5 million with a potential jail sentence.

Becoming HIPAA Compliant as Small or Medium Healthcare Organizations

It is important for small and medium-sized organizations to understand they will never reach the perfect state of 100% compliant. It would simply be cost prohibitive to do so. What we do recommend is finding the biggest risks and solving those first. From there we advocate for building a clinic culture of compliance and ongoing education.

This involves doing a full assessment, creating processes and procedures, educating employees and management, and using security applications and technology.

How We Cover HIPAA Compliance

When we start working a doctor or clinic, the first step is to do a comprehensive HIPAA security review. This is to determine their current state of compliance and any specific violations they may have already had. We tie each HIPAA rule to an assessment question, then we rank the likelihood, impact, and risk of not being in compliance with that rule.

Some of the Questions We May Ask our HIPAA Compliance Clients are:

Does your organization control access to electronic PHI and other health information by using encryption/decryption methods to deny access to unauthorized users?
Do employees ever leave an unlocked computer alone in a room with an unauthorized employee or patient?
Can employees identify potential ransomware? If so, do they know what to do with it?
Do employees know how to use their phone and computer in a HIPAA compliant manner when using public or hotel Wi-Fi?

Benefits of HIPAA Compliance Assessment

For each rule, we share with our client solutions for ensuring their compliance. Which includes improving their processes, procedures, education, and technology. This, in turn, helps a clinic to make more informed decisions on where to focus their efforts and resources with remediation.

For example, those two HIPAA violations we mentioned above both have quick fixes to prevent the violation. We would password protect and encrypt most devices like phones and laptops. Then, we would also install encryption for texting to allow safe communication of PHI.

Going through an assessment like ours can lessen the penalties associated with violations. Generally, when you have an assessment and a plan in place, you can keep a violation in tier 1, the least severe.

How to Prevent a Violation

According to the Ponemon Institute’s Annual Study on Medical Identity Theft, 68% of patients aren’t confident in the measures taken to protect their medical records. It’s important not only for the patient but the clinic too, that each and every staff member knows their role in HIPAA compliance.

With only 33 percent of healthcare providers believing they have sufficient resources to prevent a data breach, education is critical. We always advocate that our clients focus on education and training. Ensuring that the office staff understands their role in HIPAA compliance is a critical part of protecting their patients’ medical records. It takes a commitment to make internal training a priority and continuing to educate the staff of the proper processes and procedures.

Since we are considered business associates to our healthcare clients, we are required to be HIPAA compliant as well. We practice what we preach with constant HIPAA training along with reviewing and updating our processes and procedures. To make sure your business is kept safe too you must have plans set in advance.

The Five Security Tests We Use In HIPAA Compliance Audits

We always perform five tests when helping clients become HIPAA compliant. Learn more about these necessary tests!

Download Here

Staying HIPAA compliant is a critical move all doctors and clinics need to do. It keeps your patient’s information safe and keeps your business safe from hefty fines. These regulations are also good business practices for ensuring every staff member is on the same page and takes their position seriously.

Interested in your company’s HIPAA compliance? Let’s chat.

October 19, 2018/by John

Best Practices, Security

Every Business Needs An IT Emergency Preparedness Plan

Create an emergency preparedness plan for your business

When disaster strikes, the last thing you should be worried about is how it will affect your business.

As a New Orleans IT firm, we can tell you from experience that when a natural disaster occurs, your people and your family come first. Making sure your business and IT systems have a clearly defined emergency preparedness plan ready in case of any extreme event saves you time, money, and heartache after it’s done. As our IT disaster preparedness expert Charles Andrews (Andy) says, “the biggest problem is the one you aren’t prepared for.”

Read on to learn why you need a disaster preparedness plan and to download our FREE checklist!

Who Needs To Be Prepared For A Disaster?

Different areas of the US are more or less likely to have significant weather events that can cause an IT disaster. We’re in the heart of hurricane country, but events like tornadoes, earthquakes, and wildfires can be disastrous for businesses all over the country.

But, no business can afford to ignore creating an emergency preparedness plan. Even if your business is located in an area that doesn’t often see natural disasters there are still vulnerabilities. Anything from fire, gun violence, and terrorism can affect a business, their people, and their data.

Every potential disaster comes with its own set of challenges, but, we strongly feel that it’s better to be prepared for the unexpected than it is to do damage control after it happens. We believe every business needs an IT disaster plan to be integrated into their overarching disaster plan that should address their people, processes, and technology.

The First Thing A Business Should Do:

First things first, you need to know your risks. Doing a risk assessment lets you know the potential impact to your business of not being prepared. In our experience the biggest issues are:

The business has no emergency preparedness plan in place.
The business has a plan but doesn’t fully cover all three prongs (people, process, and technology).
The plan relies on the wrong technology or relies on recovering data in a way that isn’t in line with actual IT capabilities.
The plan is untested, or not fully tested.

It’s critical that your employees know their role in preparing your business for potential disasters. We often see coastal businesses focus on hurricane preparedness but neglect planning for other unexpected disasters.

Disaster Affects Every Aspect Of Your Business

When a disaster hits, very little is untouched. There are the obvious issues with the loss of sales or income from the business being down. You can also find revenue delayed if there is a disruption in the supply line, or your customers were likewise affected by the disaster. Plus, you may find yourself with a lack of cash flow as you wait for insurance to kick in.

But, it’s not just a money waiting game. You’ll likely have increased expenses from cleaning up, purchasing new equipment, recovering damaged inventory, and paying overtime if necessary. You could also experience contractual penalties if you have a major contract as a vendor or supplier. Delays in providing your product or service could breach a contractual agreement.

What’s The Biggest Weakness When A Disaster Hits?

Any physical part of your business that can be affected is going to be a huge problem. From our experience, we’ve found that the weakest link is having critical IT systems on physical servers in the office. If you have any critical applications or data saved only on a local server, you need to take the physical machine with you when you evacuate.

If that server is damaged by any physical attack (fire, water, even terrorism) it can be devastating for a business. We have even seen simple events like a hardware failure, electrical surge, and accidental user deletions make physical servers extremely problematic.

What About Data Recovery?

Although data recovery is possible, you’d be depending heavily on luck! It’s not as simple as restarting your computer. There is usually a significant expense and time used to recover data after a disaster if no other backup is used.

What You Should Do Instead

We firmly believe that you shouldn’t have a physical server on-site that houses your critical systems. Andy says that off-site backups are by far the best step to take when protecting business data. For such a significant safety measure, off-site backups are an easy and inexpensive process to implement.

Keep It In The Cloud

Utilizing the cloud makes off-site backups easy. Systems are stored in specialized facilities (or data centers) and most data centers have off-site redundancy. This means your information is stored on multiple servers in different locations, which makes sure that your data is safe even if one server goes down.

This is also important for businesses with multiple office locations. Having multiple servers can be a huge risk if a disaster hits. In order to protect your data, you would need to set in place failover options between locations, which can be expensive to implement. Plus, these systems need to be constantly monitored and routinely tested to ensure that they’re working. Instead of having a server down in one area affecting all the others, using the cloud eliminates a lot of challenges.

We Know From Experience

Over 10 years ago, Hurricane Katrina forced us to put our own emergency preparedness plan into action. We had to take our servers with our critical systems with us, which taught us just how important it is to use the cloud. Those precious hours you have to prepare need to be spent on family and your own personal belongings, not hauling servers. After Katrina, we became early adopters of cloud technology, and we’ve used it ever since. We store everything in the cloud including all of our client documentation, automated monitoring systems, and service call systems.

Our Emergency Preparedness Plan

When hurricanes threaten our area, we start implementing our plan early. Our emergency preparedness plan includes two different teams. One team assists our clients who are disaster preparing, and the other focuses on our business. We all know our own roles and we practice year-round to keep us fresh and ready or any unexpected disasters.

We have created specialized programs that monitor our clients’ IT systems and often correct any hiccups before they become problems. This way, much of our work can run on auto-pilot for a short period of time if necessary.

Also, we use hosted VOIP phone system and online chat. This allows us to stay in contact with our clients and our team without relying on cell service, landlines or other local systems. Lastly, we have a prearrangement with technical resources outside our own company. This 3rd party service can handle our client requests while we are in crisis mode taking care of our own families.

FREE Disaster Preparation Checklist

We know just how important it is to keep your business safe. Download our emergency disaster checklist to make sure you’re prepared if disaster strikes.

Download Here

A disaster can hit anywhere at any time. We know your first priority is keeping your people and your family safe through the storm. To make sure your business is kept safe too you must have your emergency preparedness plan set in advance.

Interested in your company’s risk in a disaster situation? Let’s chat.

September 5, 2018/by Jean Prejean

Best Practices, Guardian Computer, Security

A NOLA IT Professional’s Advice on Staying Safe on the Internet

Everyday there is a battle of Good versus Evil on the internet. Every morning guys and girls like me wake up, have a cup of coffee, and prepare to do battle with malicious programs out there on the world wide web. Fortunately for me, a NOLA IT professional, there are a few lines of defense that make my job a whole heck of a lot easier; namely the end user, firewalls, antivirus software, etc.

But let me be honest, none of these forms of protections are perfect. Firewalls and antivirus software are not entirely impenetrable, and I can’t tell you how many times I come across “PEBKAC” errors [Problem exists between keyboard and chair)], but as a Networking Technician it is my mission to better educate you guys on how to keep your computers safe while exploring the vast sea that is the Internet. This morning, I want to focus on how YOU, the end user; and how YOU can keep your sensitive information safe

1. Never call Microsoft

What do you mean never call Microsoft? Shouldn’t they be the most prepared to confront a virus that has made its way into my operating system?

And the answer to that is… Yes, absolutely. But the bullet point is purposefully misleading to emphasize a point. It should actually read “Never call Microsoft if your computer tells you to do so.” Often times, if we are not careful, we may accidentally click on the wrong button, link, or drop down menu that these internet villains programmed to cause a pop-up to come up on your screen that looks something like this:

nola it professional don't call microsoft — Do NOT Call Microsoft if a Warning Screen like the one Pictured Above Pops Up!

Don’t be alarmed if this happens to you! These pops-up are designed to scare us. Some of them will even cause alarming sounds to come out of your speakers. These sounds are designed to raise your heart rate and spook you into calling that number. DON’T!!! All you have to do is close out of the browser and the message and the annoying sounds should go away. Some of these

Some of these pop-ups are a little more malicious and therefore harder to close, and if that is the case we need to open our Task Manager and force the browser to close.

Here is a list of instructions at the end of this section about how to do that:

Steps Open/Use Task Manger to Close Pesky Pop-Ups

Press ctrl+alt+delete.
Open Task Manger
Right click on the browser that generated the pop-up
Select the option that reads “End Task” . The pop-up should close and the noises should stop
(optional): The likely hook of a virus getting on your machine if you close this popup without clicking else is pretty low, but for safe measure use your antivirus software to run a scan on your computer to make sure it is clean.

Don’t feel alone or dumb if this ever happens to you, everyone here at the office has done it at one point or another. Accidents happen! Even if you do click the pop-up, it doesn’t mean you’re doomed as long as you’re anti-virus works properly and you don’t call any numbers.

What they want you to do is call this number so they can “show” you that your machine has a “virus,” and then will attempt to solicit you into giving them your credit card information so that they can “fix” your computer. It is ALWAYS a scam. Microsoft will NEVER contact you about viruses on your computer.

2. Uninstall McAfee and Norton Antivirus

I am absolutely certain that everyone who has ever used the internet has heard of Norton and McAfee Antivirus software, and I guarantee that those same individuals, at one point or another, have been prompted to download or even offered a free trial version of these two programs. Well, I’m typing before you today to BEG YOU to avoid this software at all cost. These programs are known to be more malicious to your operating system than most of the common viruses out there. They update at inappropriate times, they may cause your operating system to freeze suddenly, and they definitely do not play nice with other applications on your computer. Not only that, but uninstalling these programs is not exactly a

These programs are known to be more malicious to your operating system than most of the common viruses out there. They update at inappropriate times, they may cause your operating system to freeze suddenly, and they definitely do not play nice with other applications on your computer. Not only that, but uninstalling these programs is not exactly a straight forward process; and even after they are uninstalled occasionally little bits of the software are still left behind on your machine and a technician such as myself will have to open the registry and remove the bits and pieces by hand.

*WARNING! Do not! I repeat! DO NOT open the registry to your computer without knowing exactly what you are doing. While the registry is open, one can destroy the computer’s operating system with a couple of mis-clicks of the mouse; thus, causing the user to lose ALL of the data they have stored on their computer. *

In fact, McAfee is so rough on computers that the former CEO, John McAfee, put out a rather comical but extremely inappropriate video about how to uninstall the McAfee Software; and let’s just say, he “disposes” of the computer entirely using a firearm. (As a disclaimer, I would link you guys the YouTube video but as previously stated the video is extremely inappropriate, and does not reflect the opinions, ideals, or beliefs of Guardian Computer in any way, shape, or form.)

I am text block. Click edit button to change this text. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.

3. Free Antivirus Software We Recommend

Bit Defender– If you already have Windows 10 installed on your computer, oh boy do I have good news for you! Windows 10 already has a built in Antivirus Software known as Bit Defender. It works really well for users who do what they are supposed to be doing on their computers and not clicking on anything too suspicious.

Avast– I personally used Avast before I upgraded to windows 10. It generated a few more popups than I would like, but those can easily be turned off in its settings. We really want our antivirus software to be “seen and not herd,” if you know what I mean. I only my antivirus software to yell at me if there is a major problem, but then again if there is a major problem with my computer I am probably going to recognize the change in performance of the computer right around the same time that my antivirus software does.

Malwarebytes– This is a Guardian Computer’s favorite. We use Malwarebytes pretty much every day to clean up computers that are already infected, and its antivirus works well and will not bog down a computer’s performance. The free version of this software performs a thorough scan of your machine should you ever accidently click on the wrong link and is quick to quarantine these bugs from doing any more damage to your machine.

Well if that is the case then I would have to recommend using Webroot. This is the soft where we put on all our Managed Services machines and it works like a charm. Occasionally, we will have to step in to fix a few bugs that leak through, but since we have started using Webroot I haven’t seen to many major viruses get through; but that does not give our users the go-ahead to freely click around the Internet I’m just pointing out that it has been doing a solid job of protecting our machines! If this sounds like something you would be interested in, please give us a call at the office and one of our Techs would be happy to discuss the inner workings of Webroot in more detail with you over the phone!

Conclusion from a NOLA IT Professional on Internet Safety

No matter what antivirus you are using do not assume you are completely protected out on the Internet. At the end of the day, it is always up to the user to be cautious of the links they are clicking on and the files they are downloading.

March 30, 2017/by Ryan Prejean

Best Practices, Security

Ask a New Orleans Tech: How Safe is Public Wi-Fi?

At this point in the 21st century, “What is the Wi-Fi password,” is an instinctual phrase for kids of all ages. And let’s be honest, most of you adults also have acquired this learned behavior as well. The real question is though, does either party know what is at stake while they surf the web on public Wi-Fi?

Whether you are checking in on the latest Trump versus Hillary debate or getting lost in the vast world of YouTube, we all need to take these necessary precautions to ensure that our devices and personal information are safe when we sync our devices to a foreign network.

1. Whose Wi-Fi Am I About To Use?

Always be suspicious of which network you connect to in public places. It would take minimal effort for a hacker to set up a Wi-Fi hotspot outside of a local coffee shop with a network name like “FreeCoffeeShopWifi”. This actually happens all of the time! Hackers do this to trick innocent bystanders into joining their network.

If you get lured into joining a hacker’s network like this, then you have essentially left a key under the mat for the hacker so that they may let themselves into all of your personal data! With that being said, always make sure to as an employee of the establishment for the Wi-fi Name to make sure you connect to a safe network.

2. NEVER, EVER Perform Any type of Banking or Personal Transaction Away From Home

Stick to looking up the latest meme or catching up on the news while using public Wi-Fi; your bank account will thank me later. Even a seemingly innocuous banking transaction, like transferring money from your savings account to your debit card, can lead to a hacker infiltrating your account.

3. Stay On Recognizable Websites

Preferably you should stick to what IT nerds call the surface level of the web, i.e. Facebook, YouTube, Yahoo, etc. You know, the websites almost anyone with an internet connection can identify. By taking these precautions, it makes it difficult for someone to intercept any data you send out or receive.

If you insist on exploring beyond the basics, makes sure to just visit secure websites and applications. When using your laptops on a public network always look for the HTTPS:// line rather than just HTPP:// to confirm you’ve established a secure connection.

4. Turn Off File Sharing

Turning off file sharing will only take a minute and it could potentially save you a lifetime worth of problems. Below is a guide.

For Windows users, we can find this option by opening the Control Panel and making our way to the Network and Sharing Center. From there, we want to Change Advanced Sharing Settings and Turn Off File Sharing.

For Mac users, we want to find our Systems Preferences on our toolbar and be sure to uncheck the box next to File Sharing

5. What If I Want To Work On a Public Network? Is My Data Safe?

In short, the answer is: NO, your data is not safe!

The good news for you is that this does not have to be the case, there are numerous ways to set up a Virtual Private Network (VPN) so that the data being shared between you and your work is encrypted in case a hacker decides to make you his next victim!

Without the encryption key, it is going to make it challenging for the hacker to make any sense of the data he intercepts from your device thus leaving you and your company files protected. Unfortunately, these types of networks are not always ready, but if you would like to look into getting one of these virtual connections set up one of our Guardian Computer Networking Consultants would be we would happy to help you and your company stay protected!

Ask a New Orleans Tech Conclusion: Public Wi-Fi Is Definitely NOT Safe

The internet is a wonderful place, and it is amazing that we have access to the internet on every street corner. Unfortunately, this ability to access the internet so easily is exactly what makes everyone so vulnerable to cyber-attacks! If we keep these ideas in mind on our next trip to the local coffee shop, I promise you will be able to enjoy that mocha frappuccino much more knowing that your personal data is not being exposed. Please be safe, and always keep your head on a swivel when you are out there on the world wide web!

October 28, 2016/by Ryan Prejean

Security

Disaster Recovery Plans for Hurricane Matthew: Protect Your Data

disaster recovery plans matthew hurricane model

As we watch Hurricane Matthew make landfall, we are sending out our thoughts and prayers to those impacted by the storm. As New Orleans citizens, we empathize with the damage storms like Matthew have on communities.

By the way, for those of you in our area not vigilantly tracking the storm, there is a small chance it may, for a better lack of a meteorological term, do a loopty-loop back in our direction. We are not in the clear yet so keep an eye on your preferred weather channel.

No matter where you are, but especially in hurricane and flood-prone areas, it is a good idea to have a disaster recovery plan in place to protect your data. We have years of experience creating comprehensive virus protection and disaster recovery systems. We’ll also back up all your mission-critical data off-site for safekeeping.

Businesses of every size need a plan to protect their electronic information. Often, companies do not come up with any such plan until after disaster strikes which is not the ideal way to do things. We much prefer it when clients take steps before they’ve lost data which is critical to the continued operations of their business.

Give us a call at 504-457-0005 if you or anyone you know needs to make a plan to protect data from Matthew or other potential disasters. We can get you on the right track with a comprehensive disaster recovery plan for your IT infrastructure fast.

Most importantly: everyone stay safe out there!

October 6, 2016/by Ryan Prejean