Mobile devices and HIPAA compliance

By EDITOR 

Mobile devices have revolutionized the healthcare industry: They’re convenient and significantly improve work efficiency and patients’ satisfaction. Yet they also come with risks. Patient data handled by those devices can be leaked. That’s why every healthcare provider needs to be extra careful about data security when using mobile devices.

Why does data security matter so much to healthcare providers?

As a healthcare provider, you’re subject to regulations by the Health Insurance Portability and Accountability Act (HIPAA), which governs how medical data is stored, accessed, and transferred. HIPAA’s objective is to protect patient privacy.

Under this regulation, you’re required to take security measures to ensure your patient data — including those handled by mobile devices — are private and secure. If your practice suffers a data breach or fails to comply with HIPAA regulation, you will be subject to heavy fines ranging from $50,000 to $1.5 million.

Some tips to help you stay compliant

It’s important to make sure your IT policies and practices adhere to HIPAA standards, and the following is what you have to do:

Risk assessment:

This is required under the HIPAA Security Rule. You must regularly audit your entire IT infrastructure, including the equipment and systems that store, transmit, or handle electronic Protected Health Information (ePHI) as well as your company policies.

Data encryption:

Even though encryption for data “at rest” isn’t required by HIPAA (only data “in motion” is governed), encryption is one of the best ways to ensure data privacy and security. It’s crucial to protect your patient data on all mobile devices with end-to-end encryptions.

Anti-virus software:

All mobile devices need to have the latest versions of antivirus software installed.

Information Access Controls:

It’s recommended that you allow only devices that have security controls to connect to your healthcare data network, and all devices must be scanned before making the connection. For certain data — especially one that is highly confidential — you can prevent it from being accessed by certain staff or being downloaded into individual devices.

It’s also a good practice to keep your employees’ personal and work data separate, so when you eventually have to delete ePHI from their devices, you can do so without wiping out your employees’ personal contacts and apps.

In case your employees’ devices are lost or stolen, you also need an app that allows you to remotely delete data stored on mobile devices.

No to SMS:

Never pass ePHI and other critical information via Short Message Services (SMS) since SMS networks are not secure. If you need to send short messages, use secure text messaging apps instead.

Employees:

You need to enforce a secure password policy within your workplace, which compels your employees to create and maintain strong passwords. As for applications, since many apps may contain malware or security flaws, you also need to control which apps your employees can download.

What’s more, public Wi-Fi networks are highly insecure, which means your employees need to be aware that accessing data via these networks are not safe and, if unavoidable, they must use VPN when accessing the data, and use secure text messaging apps to communicate via public networks to avoid communications being intercepted.

It’s also recommended to have regular security awareness training seminars and build a strong, security-focused culture. When an employee resigns, you have to delete ePHI from their devices and terminate their access rights to data immediately.

Healthcare IT security is complex and the stakes of non-compliance are high. This is why it’s important to partner with an experienced IT provider who can help protect your data and ensure your practice is cmpliant with HIPAA standards. Contact us today!

Posted in Uncategorized | Leave a comment

Google improves Chrome’s security settings

By EDITOR 

Most web browsers have built-in security measures to protect users, but some of those aren’t enough to ward off unwanted software. To improve Chrome’s security, Google rolled out some changes in its Chrome Cleanup tool for Windows. Here’s how the enhanced tool protects you.

Detect hijacked settings

Many users prefer to enhance their browsing experience by installing extensions or plug-ins, some of which could be malicious. When these extensions are installed, they could inject harmful ads into web pages or allow access to third-party servers without the user’s consent.

Google’s new hijacked settings detection function prevents this from happening. Once it detects an attempt by a third party to change your browser’s settings, it will automatically revert to Chrome’s default settings. And in case you suspect any unauthorized change in your browser, you can manually reset settings in Chrome.

Simplify cleanup

You probably don’t remember downloading many of the files in your Downloads folder, but these are actually software and other attachments that were bundled with the software that you do use.

Chrome Cleanup’s newly simplified feature makes it easier for you to determine harmful files, easing the pain of sorting through and deleting tons of downloaded files. Whenever it detects a malicious software, users will get a pop-up message that offers them an easy way to remove the potential threat, get more details about it, or disregard it in case of false detection.

Maximize removal of nonessential software

Aside from the simplified interface, Google also made some much-needed improvements in Chrome Cleanup’s performance, so it’s now capable of eliminating more junkware.

Tricking users into installing a program without their consent is one of the many characteristics of unwanted software that Google lists under its Unwanted Software Policy. To help fight against this and other browser security risks, the company has partnered with an IT security team to strengthen Chrome’s ability to detect and remove unwelcome add-ons.

It’s important to note that these upgrades don’t affect Chrome’s performance and speed because they work in the background. In addition, these changes are now available in Windows devices but will soon roll out to other platforms. In the meantime, if you want to find out more about browser and application security, contact our security specialists today!

Posted in Uncategorized | Leave a comment

Useful keyboard shortcuts for Mac users

By EDITOR 

Did you recently switch from Windows to Mac? If so, you’re probably still getting used to the Apple keyboard. The good news is it’s only slightly different from a non-Apple keyboard. The bad news is you’ll have to learn a whole new set of shortcuts. Although some basic shortcuts are the same in both Apple and Windows computers, there’s plenty more that you ought to use.

Minimizing (or ‘Docking’) the front app window: Command M

Use this combination when you have several apps, browsers, or Finder windows open and want to minimize the active one. To minimize all open windows at once, press Command + Option + M.

Closing an active window: Command + W

This shortcut lets you close active apps or programs like browsers, Finder, Thesaurus, or any app that allows multiple tabs to be open simultaneously. To close all tabs without quitting the program entirely, press Command + Option + W.

Quitting a program: Command + Q

Clicking the red X button in most Mac apps and programs, like Mail, only puts them in the dock. This shortcut lets you fully quit an application.

Force quitting a program: Command + Option + Escape

If an app becomes unresponsive, you can shut it down by using the force-quit shortcut, which displays all your open applications. Select the one you want to quit and hit ‘Force Quit.’ In some instances, you might need to press Command + Tab to switch to another app, then press Command + Shift + Option + Escape to quit an active app.

Hiding apps: Command + H

With this trick you can hide an active window, which is particularly useful when you want to quickly conceal what’s on your screen. It’s also great for decluttering your screen by keeping only one app active. Simply press Command + Option + H.

Opening folders in Finder: Command + Shift + A/U/D/H/I

These combinations offer faster ways to view your Applications (A), Utilities (U), Desktop (D), Home (H), and iCloud (I) folders without having to click several apps.

Shutting down a Mac: Command-Alt-Control-Eject

In a hurry and need to power off quick? This shortcut shuts down everything — apps, operating system, and power.

Taking a screenshot:

  • Command + Shift + 3 – Use this to take a snapshot of your entire screen.
  • Command + Shift + 4 – This combination will turn your cursor into a set of crosshairs that will let you select a specific area of your screen.
  • Command + Shift + 4 + Spacebar – Hit these keys to screenshot only your current window (browser window, Notes app, etc.) without altering its dimensions.

Other little-known shortcuts:

  • Command + Spacebar – Press these keys and the Spotlight Search bar will appear in the upper center of your screen, which you can use to search for files or programs.
  • Command + Option + D – Use this to hide the Dock.
  • Command + Shift + [ or ] – Cycle through tabs in Safari by pressing [ when moving right or ] when moving left.
  • Command + Shift – See all your open tabs in an active browser.
  • Command + , (comma) – Open the active app’s settings.
  • Command + Shift T – Opens the last closed tab in the active browser.

Everyone uses hotkeys to work faster and more efficiently. If you need more usability and productivity tips and tricks on MacBook, iMac, MacBook Pro, or any of your business devices, call our experts today!

Posted in Uncategorized | Leave a comment

Google weighs in on account hijacking

By EDITOR 

According to experts, passwords shouldn’t be the only way you defend your accounts. After all, hackers have plenty of tricks and tools to steal them. So to help businesses fully understand the risks involved, Google conducted a study on the causes of account hijacking.

The results
From March 2016 to March 2017, Google and UC Berkeley researchers examined three main ways hackers hijack accounts:

  • Keylogging software – a malicious program that records computer users’ keystrokes
  • Phishing emails – to lead people into dangerous websites
  • Stolen passwords – available to the highest bidder

In just one year, Google found 788,000 successful keylogging attacks, 12.4 million victims of phishing attacks, and 1.9 billion accounts exposed via login credentials sold on the black market.

Researchers suggest the reason so many accounts are hacked is because people tend to reuse their passwords, which means if one set of login credentials is exposed, other accounts could be compromised.

Phishing is also a big threat because it targets users — the weakest links in your cybersecurity. The strongest password or security system won’t mean anything if your employees constantly fall for online scams.

Protecting your accounts
There are several things you can do thwart account hijacking. For starters, you should set strong and unique passwords for each account to minimize data breaches.

While the general rule in the past was to set a complex password — a mix of letters, numbers, and symbols — recent studies suggest that longer, 20-character “passphrases” are much tougher to crack. If you find it difficult to remember several passwords, consider using a password manager, which not only stores all your passwords, but can generate strong passwords, too.

To deal with phishing attacks, you should activate multi-factor authentication on your accounts. This adds an extra layer of identity verification to your password (e.g., a fingerprint scan or a temporary security key sent to your phone), making your login details ‘unphishable.’

Security training is also crucial. This includes teaching your employees about what phishing attacks look like and instructing them on password protection best practices so they never fall victim to account hijacking.

The bottom line is not only that strong password security requires strong defense mechanisms; you and your employees must be vigilant, too.

Need more advice on keeping your business safe? Call us today! We provide critical security updates and comprehensive support services to help you stay well ahead of cybercriminals.

Posted in Uncategorized | Leave a comment

Tips and tricks to prolong laptop battery life

A laptop would just be a cold piece of aluminum with a flat battery if you don’t have a power socket at hand. It’s hard to get any work done when you’re peppered with pop-ups and warning messages when the battery power gets low. So here are some tips you can use to prolong the life of your precious laptop battery.

Some truths about your laptop battery

Batteries in many devices nowadays are lithium-based — either lithium-ion or lithium-polymer — so users must take note of the following guidelines for their proper maintenance:

  • They can’t be overcharged, even though you leave your battery plugged in for a long period of time. When the battery hits 100%, it’ll stop charging.
  • Leaving your battery completely drained will damage it.
  • Batteries have limited lifespans. So no matter what you do, yours will age from the very first time you charge it. This is because as time passes, the ions will no longer be able to flow efficiently from the anode to the cathode, thereby reducing its capacity.

What else can degrade your battery

Besides its being naturally prone to deterioration, your battery can degrade due to higher-than-normal voltages, which happens when you keep your battery fully charged at all times. Even though a modern laptop battery cannot be overcharged, doing so will add a stress factor that’ll harm your battery.

Both extremely high temperatures (above 70°F) and low temperatures (between 32-41°F) can also reduce battery capacity and damage its components. The same goes for storing a battery for long periods of time, which can lead to the state of extreme discharge. Another factor is physical damage. Remember that batteries are made up of sensitive materials, and physical collision can damage them.

How to prolong your battery life

Now that you know some facts about your laptop battery, it’s time to learn how to delay its demise:

  • Never leave your battery completely drained.
  • Don’t expose your battery to extremely high or low temperatures.
  • If possible, charge your battery at a lower voltage.
  • If you need to use your laptop for a long period of time while plugged into a power source, it’s better to remove the battery. This is because a plugged-in laptop generates more heat which will damage your battery.
  • When you need to store your battery for a few weeks, you should recharge your battery to 40% and remove it from your laptop for storage.

These are just a few tips on extending the life of your hardware. There are many more ways you can maximize your hardware efficiency and extend its longevity. Call our experts today to find out more!

Posted in Uncategorized | Leave a comment

No more passwords: Windows 10 knows your face

By EDITOR 

Passwords are slowly becoming a thing of the past. Microsoft’s Windows Hello feature, for example, allows you to unlock your device by simply glancing at the screen. Read on to learn more about this intriguing feature.

Say hello to fingerprint, iris, and facial scans

Windows Hello is an advanced biometric identity and access control feature in Windows 10. With it, there’s no need to enter a password; all it needs is your fingerprint, eye scan, or just your face.

For those who are worried about privacy, the feature stores your biometric data only on your device, never on Microsoft’s servers. Microsoft has also made it clear that third parties cannot access your biometric data, although, as with every new technology, it’s best to treat this with caution.

How to set up Windows Hello

All you need to get started is a laptop or desktop with Windows 10 and a compatible webcam (there is a full list here).

First, go to Settings > Account > Sign-in options. Then, under the Windows Hello section, you’ll see setup options for face, iris, or fingerprint scans. Select which method you want to set up and follow the prompts to create a login profile.

You can also save your biometric data or scan more than once to boost accuracy. Each time you scan, the system collects more data, so it’s worth completing a few scans before enabling the login feature.

However, passwords are still an option when using Windows Hello and should always be configured in case your camera isn’t operational. Once one account is set up, you can start adding family members who share the same device. Each of them can set up their own biometric profile in a separate account.

There are many features in Windows that can make your life easier. Our IT experts can help you get more out of your Windows devices. Contact us today!

Posted in Uncategorized | Leave a comment

Spiced up security features on Android Oreo

By EDITOR 

There’s plenty to get excited about in Android 8.0: improved auto-fill functionality, picture-in-picture capability, greater notification control, and plenty more. While these features are all-impressive, Android has also included a number of significant security enhancements that you shouldn’t miss.

More secure booting

Android’s Verified Boot feature was introduced in 2013 and has been fine-tuned since. In Oreo, it performs a quick inspection of a device’s software before it starts up.

The Verified Boot functionality prevents the device from starting if it detects that its OS reverted to an older version, which can expose it to security risks resulting from the older version’s vulnerabilities. With this upgrade, any attempts to exploit your device and data can be foiled by a system reboot.

Chip-embedded security

If you’re worried about physical attacks compromising your device’s security, Oreo covers that front by enabling a chip-based feature that fortifies security for Android devices. Integrating chip technology into supported devices’ security system makes tampering and other forms of physical intrusion extremely challenging for hackers, giving users greater protection.

Stricter app permissions

It’s tempting to simply click ‘OK’ whenever downloaded apps request permission to access your data and perform certain functions during installation. Android has limited what apps can actually gain access to your data with the System Alert Window feature.

The system alerts on previous Android OS were supposed to allow apps and programs to interact with the users by sending pop-up boxes and similar elements that usually cover up the device’s entire screen. However, Android developers detected a potential for its abuse. For example, hackers can easily use similar pop-up boxes that purport to be from legitimate apps.

With the new System Alert Window in Oreo, the pop-up boxes have been modified so that they’re easier to dismiss, limiting what malicious apps can do to trick users into clicking them.

Two-factor authentication support

Two-factor verification has become a standard feature in cyber security because it adds a much-needed layer of protection in accessing a password-protected account. It typically works by prompting a user to enter another piece of information in a separate device (e.g., a smartphone) or any physical token, which only the account owner would have.

Android 8.0 integrates a two-step verification that allows the use of a security key, which can easily connect to an Android device. Currently, it works only on apps that support it, but it won’t be long before more apps adopt it as an essential security protocol.

Stronger Sandboxing

Sandboxing essentially does one crucial thing for security: isolate compromised or problematic areas within a software or system so that they don’t infect the rest of the system.

Android Oreo beefs up its sandboxing capability by deploying a filter that prevents malicious apps from accessing the OS’s command center, thereby limiting their interaction with the system and other safe apps.

These security improvements aren’t the most noticeable features in Android Oreo, but they’re worth paying attention to. If you need to learn more about your systems’ and devices’ security features, get in touch with us today.

Posted in Uncategorized | Leave a comment

Beware of sneaky Microsoft Office malware

By EDITOR 

Cybersecurity systems are getting better at identifying and preventing attacks coming from all directions. At the same time, hackers are coming up with new ways to bypass these systems. While online scams are the most common ways to do this, cybercriminals have discovered a new attack method using Microsoft Office.

What’s the new Office threat?
The Office exploit takes advantage of Microsoft’s Dynamic Data Exchange (DDE), a protocol that sends messages and data between applications. For example, DDE can be used to automatically update a table in a Word document with data collected in an Excel spreadsheet.

The problem with this is hackers can create DDE-enabled documents that link to malicious sources rather than to other Office apps. Theoretically, this allows hackers to launch scripts that download Trojan viruses from the internet and execute it before the user is even aware of the attack.

And unlike most malware-embedded Office files, which are usually blocked by security protocols from Microsoft, DDE exploits are instant. Once a compromised Word file is opened, it automatically executes the hack.

Outlook at risk
What’s even more alarming are the DDE vulnerabilities in Outlook. Recent reports found that hackers can embed malicious code in the body of an email or calendar invite, allowing them to perform phishing scams without a file attachment.

Fortunately, Outlook DDE attacks are not as automated as Word or Excel DDE attacks. Two dialog boxes will usually appear when you open the email asking if you want to update a document with data from linked files and start a specific application. Simply clicking ‘No’ on either of these boxes will stop the attack from executing.

Defending against DDE attacks
Beyond saying no, you can protect yourself by following these security best practices:

  • Evaluate the authenticity of unsolicited emails before interacting with them and don’t open attachments from unfamiliar contacts.
  • View emails in plain text format to completely stop DDE attacks embedded directly in emails from running. Note that this will also disable all original formatting, colors, images, and buttons.
  • Use a strong email security system that prevents phishing emails, spam, and other unwanted messages from reaching your inbox.
  • Get in the habit of checking for Microsoft updates, as they’re usually quick to release patches after vulnerabilities have been discovered.

Last but not least, consider working with our team. We’re Microsoft Office experts who can keep you safe from the latest threats. Call us today to get started!

Posted in Uncategorized | Leave a comment

Re-secure your passwords!

By EDITOR 

In 2003, a manager at the National Institute of Standards and Technology (NIST) authored a document on password best practices for businesses, federal agencies, and academic institutions. Now retired, the author admits that his document was misguided. Find out why and what great passwords are made of.

The problem

The issue isn’t necessarily that NIST advised people to create passwords that are easy to crack, but it did steer people into creating lazy passwords, using capitalization, special characters, and numbers that are easy to predict, like “P@ssW0rd1.”

This may seem secure, but in reality, these strings of characters and numbers could easily be compromised by hackers using common algorithms.

To make matters worse, NIST also recommended that people change their passwords regularly, but did not define what it actually means to “change” them. Since people thought their passwords were already secure with special characters, most only added one number or symbol.

NIST essentially forced everyone, including you and your colleagues, to use passwords that are hard for humans to remember but easy for computers to guess.

The solution

One cartoonist pointed out just how ridiculous NIST’s best practices were when he revealed that a password like “Tr0ub4dor&3” could be cracked in only three days while a password like “correcthorsebatterystaple” would take about 550 years.

Simply put, passwords should be longer and include nonsensical phrases and English words that make it almost impossible for an automated system to make sense of.

Even better, you should enforce the following security solutions within your company:

  • Multi-factor Authentication – which only grants access after you have successfully presented several pieces of evidence
  • Single Sign-On – which allows users to securely access multiple accounts with one set of credentials
  • Account Monitoring Tools – which recognize suspicious activity and lock out hackers

When it comes to security, ignorance is the biggest threat. If you’d like to learn about what else you can do to fortify security, just give us a call.

Posted in Uncategorized | Leave a comment

The right way to set up guest Wi-Fi

By EDITOR 

Customers, partners, and vendors expect internet access when they’re visiting someone else’s office. This is why guest Wi-Fi access is so common. But setting it up the wrong way can create a frustrating experience for people looking to connect and leave your company exposed to attacks. Here’s how to do it right.

Never give guests access to your primary Wi-Fi

While giving guests password to your company’s main Wi-Fi might be the easiest way to get them connected, you should avoid this at all costs.

Anyone with a little technical know-how can potentially access everything on your company network, including confidential data. Not to mention, guests’ devices connected to your business network increase the risk of a malware infection or cyber attack since you can never be sure that they’re safe and secure.

Ways to create secondary Wi-Fi for guests

If you router has built-in guest Wi-Fi support (you can check this feature through a quick web search) you could use it to create a separate “virtual” network. This means guests will have access to the internet without connecting to your main company network.

If your router doesn’t support multiple Wi-Fi networks, you can implement a separate wireless access point that bypasses the rest of your network and connects directly to your Internet service provider (ISP) connection.

Both options will keep your guests’ connectivity separate from your company network so you’ll never have to worry about unauthorized persons accessing your company data.

Keep in mind that guest Wi-Fi still uses your ISP connection so you should limit bandwidth usage on your guest network. The last thing you want is a guest streaming videos that slow down the Internet for your employees. With that in mind, you can even have your employees use guest Wi-Fi for their personal devices too. This minimizes the chance of employees hogging company bandwidth for personal use.

Your guest Wi-Fi should only provide outsiders with internet access, nothing more. While proper setup isn’t rocket science, it can be a tedious process. Having said that, if you need a team of experts to take care of it all for you, or simply have questions about how else to leverage your hardware for better efficiency and security, just give us a call.

Posted in Uncategorized | Leave a comment