Employees are one of your biggest security holes. There is no foolproof prevention method for human error, which is why employee mistakes are one of the most common causes of a security breach. To reduce potential risks, we’ve suggested a few IT policies you should implement to protect your business.

Internet

In today’s business world, employees spend a lot of time on the internet. To ensure they’re not putting your business at risk, you need a clear set of web policies. This must limit internet use for business purposes only, prohibit unauthorized downloads, and restrict access to personal emails on company devices. You can also include recommended browsing practices and policies for using business devices on public wifi.

Email

Just like the Internet policy mentioned above, company email accounts should only be utilized for business use. That means your employees should never use it to send personal files, forward links, or perform any type of business-related activities outside their specific job role. Additionally, consider implementing a standard email signature for all employees. This not only creates brand cohesion on all outgoing emails, but also makes it easy to identify messages from other employees, thus preventing spear phishing.

Passwords

We’ve all heard the importance of a strong password time and time again. And this same principle should also apply to your employees. The reason is rather simple. Many employees will create the easiest to crack passwords for their business accounts. After all, if your organization gets hacked, it’s not their money or business at stake. So to encourage employees to create strong passwords, your policy should instruct them to include special characters, uppercase and lowercase letters, and numbers in their passwords.

Data

Whether or not you allow your employees to conduct work on their own devices, such as a smartphone or tablet, it is important to have a bring your own device (BYOD) policy. If your employees aren’t aware of your stance on BYOD, some are sure to assume they can conduct work-related tasks on their personal laptop or tablet. So have a BYOD policy and put it in the employee handbook. In addition to this, make sure to explain that data on any workstation is business property. This means employees aren’t allowed to remove or copy it without your authorization.

We hope these four policies shed some light on the industry’s best security practices. If you’d like more tips or are interested in a security audit of your business, give us a call.

The post IT policies to protect your business appeared first on TechSolutions, Inc..

There are a number of reasons you should be wary of saving your password to a digital platform. Just look at Yahoo’s data breach in 2013, which leaked passwords for three billion people. Even when your password isn’t compromised, saving it to a browser could have serious implications for your privacy.

Why auto-fill passwords are so dangerous

In 2015, the average internet user had 90 online accounts, a number that has undoubtedly grown since then. This has forced users to create dozens of passwords, sometimes because they want to practice healthy security habits and other times because the platforms they’re using have different password requirements.

Web browsers and password manager applications addressed this account overload by allowing usernames and passwords to be automatically entered into a web form, eliminating the need for users to hunt down the right credentials before logging in.

The process of tricking a browser or password manager into giving up this saved information is incredibly simple. All it takes is an invisible form placed on a compromised webpage to collect users’ login information without them knowing.

Using auto-fill to track users

Stealing passwords with this strategy has been a tug-of-war between hackers and security professionals for over a decade. However, it has recently come to light that digital marketers are also using this tactic to track users.

Two groups, AdThink and OnAudience, have been placing these invisible login forms on websites as a way to track which sites users visit. These marketers made no attempts to steal passwords, but security professionals said it wouldn’t have been hard to accomplish. AdThink and OnAudience simply tracked people based on the usernames in hidden auto-fill forms and sold that information to advertisers.

One simple security tip for today

Turn off auto-fill in your web browser. It’s quick, easy, and will go to great lengths to improve your account security.

• If you use Chrome – Open the Settings window, click Advanced, and select the appropriate settings under Manage Passwords
• If you use Firefox – Open the Options window, click Privacy, and under the History heading select “Firefox will: Use custom settings for history.” In the new window, disable “Remember search and form history.”
• If you use Safari – Open the Preferences window, select the Auto-fill tab, and turn off all the features related to usernames and passwords.

This is just one small thing you can do to keep your accounts and the information they contain safe. For managed, 24×7 cybersecurity assistance that goes far beyond protecting your privacy, call us today.

The post Think before saving logins to your browser appeared first on TechSolutions, Inc..

ESPN recently reported that a laptop containing the medical records of thousands of NFL players was stolen from the car of a Washington Redskins’ trainer. And while the team released a statement saying no health information protected under HIPAA guidelines was at risk, the incident shows that EMRs are vulnerable no matter the size of your company. That’s why you need to have all medical records completely protected no matter where they are being stored.

And while the Redskins’ situation was bad, an NFL spokesperson did state that the NFL EMR system was not compromised and the league believes the thief was unable to gain access to the intercepted computer or its files. However, this does not mean the situation is resolved and the team is now in the process of informing every person who could be affected.

Not only is this embarrassing but the Redskins could also be vulnerable to civil lawsuits from players affected even if no HIPAA protected information was accessed. If this sensitive data had been breached the team would have faced a significant fine from the federal government in addition to these lawsuits.

According to Bloomberg Business News, a Massachusetts hospital was required to pay the federal government $850,000 for HIPAA violations last year after a laptop containing private health information was stolen. This event triggered a system-wide analysis which revealed several other areas of non-compliance. Not only was the hospital required to pay the fine, but it also had to invest heavily to upgrade their technology systems.

These two stories can serve as a valuable learning tool for any organization that stores documents or files that are regulated under HIPAA guidelines. For starters, it is important to understand that while email threats like phishing are very real and dangerous, the easiest way for a person to gain access to medical records is to simply take the device they are physically stored on.

That is why it is absolutely vital to have any device, be it a smartphone, a computer or tablet, password protected and encrypted should it store or transmit medical information of any sort. This, however, is simply the bare minimum and you might want to consider additional security measures such as two-factor authentication to add an extra level of protection to your devices.

Another thing to consider is storing your EMR using the cloud. When files are stored on the cloud, it means you have complete control over who is able to access these documents and where they can be accessed from. In the case of a missing laptop, once it has been reported as lost, you can immediately block it from retrieving any files and perform a remote wipe which will erase anything currently stored on it.

It is important to remember that every device, even those at companies that use the cloud for document access and storage, still need to have strong passwords and encryption in place. Also, it should be noted that transferring HIPAA-protected data to the cloud is a process that must be handled with care. There are several things which must be addressed to ensure your data is protected in line with all government regulations. Bringing in a cloud service provider who specializes in HIPAA storage can make this process a smooth one for you, your staff, and your patients.

Need help protecting your EMR? Interested in learning more about utilizing the cloud to store your documents? Contact us today. We’re experts in HIPAA-related matters and will guarantee your information remains safe and compliant.

The post NFL team fumbles their Electronic Medical Records appeared first on TechSolutions, Inc..

Most business owners have an employee handbook. But when it comes to the online security of their business, often times this portion is either not adequately addressed, or not addressed at all. However, with cyber crimes an ever increasing threat, and the fact that employee error is one of the most common causes of a security breach, it is incredibly vital that your staff is informed of your policies. Here are four policies that every business owner should share with their employees.

Internet

In today’s business world, employees spend a lot of time on the Internet. To ensure they’re not putting your business at risk, you need a clear set of web policies. Here are three important ones to keep in mind:

1. Employees should be using the Internet for business purposes only. While this is undoubtedly hard to avoid without blocking specific websites, having a policy in place should at least cut back on employees spending time on non-business related sites.
2. Prohibit unauthorized downloads. This includes everything from music to games, and even data or applications.
3. Accessing personal email should not be done on business devices. If employees must access their own email account during the day, they can do so on their smartphone or other personal device.

These are just a few Internet policies to get started, but you should also consider including information on your recommended browsing practices and your policies for using business devices (such as company phones) on public wifi.

Email

Just like with the Internet policy mentioned above, company email accounts should only be utilized for business use. That means your employees should never use it to send personal files, forward links or perform any type of business-related activities outside of their specific job role. Additionally, consider implementing a standard email signature for all employees. This not only creates brand cohesion on all outgoing emails, but also makes it easy to identify messages from other employees, and hence helps prevents spear phishing.

Passwords

We’ve all heard the importance of a strong password time and time again. And this same principle should also apply to your employees. The reason is rather simple. Many employees will create the easiest to crack passwords for their business accounts. After all, if your organization gets hacked, it’s not their money or business at stake. So to encourage employees to create strong passwords, your policy should instruct them to include special characters, uppercase and lowercase letters, and numbers in their passwords.

Data

Whether or not you allow your employees to conduct work on their own device, such as a smartphone or tablet, it is important to have a bring your own device (BYOD) policy. If your employees aren’t aware of your stance on BYOD, some are sure to assume they can conduct work related tasks on their personal laptop or tablet. So have a BYOD policy and put it in the employee handbook. In addition to this, make sure to explain that data on any workstation is business property. That means employees aren’t allowed to remove or copy it without your authorization.

We hope these four policies have shed some light on best security practices. If you’d like more tips or are interested in a security audit of your business, do get in touch.

The post IT Security Policies you need to implement appeared first on TechSolutions, Inc..