This month, we are focusing our attention on a myth vs fact series to dispel some misconceptions around tech. Below, we’ve answered some of the most frequent questions we get from clients in the hopes of clarifying for you. Without further ado, here are three questions, answers, and solutions for you to implement.
Myth Vs Fact #1
On-Prem servers are more secure than cloud-based servers?
In IT, on-premises (or “on-prem” as it’s often abbreviated) refers to software that runs on hardware that’s physically located on the premises, as opposed to software that runs remotely.
This one is False! For one, physical servers that are in your building can be stolen. Any employee with access to these servers can do damage. You need to have security measures (locked doors, for example) in place to protect from malicious employees. Unfortunately, what you will typically see is a server sitting under someone’s desk right in the front office.
Alternatively, access to cloud servers is significantly more difficult. From a compliance standpoint: compliance is not only about the physical access or people accessing data, it’s also about business continuity. The difference between cloud and on-prem is night and day for business continuity.
If something catastrophic happens to your cloud server, we’ll have you up in less than an hour. If something happens to an on-prem server, first we’ll need to troubleshoot the hardware to figure out the cause of the disruption. Then, you may need to replace the hardware which means more downtime as you wait for the new parts to arrive.
If it gives you peace of mind, get a cardboard box, write server on it, stick it in the corner…and then set up a cloud server.
Myth Vs Fact #2
I am HIPPA compliant if I have a BAA (a Business Associate Agreement) with my email service provider.
We get this one frequently from our healthcare provider clients. The answer is no, this is not correct. You may be HIPAA compliant for that specific email piece, but HIPAA compliance spans many different avenues.
Your BAA with an email provider does not give you physical documentation, nor does it give you security such as 2FA. If you’re relying on your BAA with your email provider, you’ve got a really limited scope of compliance.
So, what should you do? Make sure your email has multi-factor authentication options that you can enable and enforce. All your emails need to also be held for a certain amount of time. Microsoft calls this Legal Hold. If you send any emails outside of your internal team that has patient information in it, that email then needs to be encrypted.
Lots of pieces need to be set up to ensure you are HIPAA compliant. Not many email providers give you all the options listed above. So, it’s important to get someone who knows the email world when it comes to HIPAA. The Guardian team can help get you set up with all the proper settings and compliance features.
Myth Vs Fact #3
The best and only way to determine if your system has a virus or a ransomware is if your system is running slower.
Short answer: depends on the virus or ransomware.
There are plenty of them out there that are “zero day attacks” meaning the attack is timed. If it hasn’t been programmed to attack, it will lay dormant. This means it’s not necessarily running all the time and you won’t notice a difference until it “wakes up” to attack.
If it’s a virus that’s killing your speed, then it is typically an older or more of a annoying kind of virus than something that is going to cause severe havoc, like ransomware. Ransomware hides much better.
The viruses that affect your speed are the ones that are taking over your processor or machine in order to host out something for other people. By the time you notice you have a speed problem, it’s too late. The best line of defense is to put an end-point detection on your machine on the front-end to make sure you don’t get something like that.
A virus does not want to be detected. Your screen won’t go black with a message reading “You Have A Virus!” If this does happen, just power off your computer and power it back on. That type of obvious virus message was running from a website and they are trying to get you to call or give them access to the machine.
There you have it! Myths Busted.
If you have other questions that weren’t answered here, give us a call to learn more. We’ve recently partnered with Cynet to provide front-end protection and we can certainly know email clients well enough to set you up properly for HIPAA compliance. We’re happy to help.