What Can Companies Do To Prevent Privacy Violations?

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

Whether it’s physical, virtual, or in the cloud, discovering and blocking sophisticated threats in the network is at the forefront of every company’s mind.

However, businesses are finding that more and more data violations are taking place when network security centers on the edge of the network are not giving equal protection to the network itself.

Security at the perimeter of the network has received most of the attention from data protection companies.

What many internet service providers and businesses have neglected is protecting what lies within the network. What can your company do to solidify your network and protect you from hackers on the inside? [Read more…]

53% Of Businesses Have Publicly Exposed Cloud Services

Chris Myers is a field service technician for Tech Experts.

Malware comes in many different forms and is used by hackers in a number of different ways. It can be used to steal information, locate vulnerabilities in your IT systems for a secondary attack, or simply to cause damage.

There are countless hackers out there just waiting for your business to leave your data vulnerable. With the introduction of the cloud, you felt a bit more secure and slept slightly better at night – but now, it seems that was precisely what hackers wanted us to do.

A recent Cloud Security Trends study found that 53% of businesses using cloud storage accidentally expose their data to the public. This is like securing your whole house, locking all doors and windows, and then going to sleep with the garage wide open.

This doesn’t just point the finger at small businesses either. The study showed that even big-name companies such as Amazon Simple Storage Service (Amazon S3) had inadvertently exposed one or more of these services to the public.

The scary thing is that the previous survey showed this was occurring only 40% of the time. Now, this number has grown to 53%.

This study was conducted in 2017 between the months of June to September. Within those two months, they found that businesses are not only exposing their own data but they are also neglecting vulnerabilities in their cloud. When you ignore these things, you put not only your customers at risk but also the livelihood of your company as well.

What Are You Exposing?
The report shows that businesses weren’t solely leaking data such as customer information, but incredibly dangerous information such as access keys and other private data as well.

These cyber-attacks commonly expose data such as personal health information, financial information, passwords and usernames, trade secrets, and intellectual property. With two million new malware attacks launching every day, it’s more important than ever to stay in a constant state of vigilance.

Ignoring Vulnerabilities
A common misconception is that it’s the service provider’s responsibility to keep cloud data safe – this is not true. Most of the damage caused by ignoring vulnerabilities can be prevented by training.

If your staff is trained to recognize weaknesses, then they can be more proactive in fighting against them. More than 80% of businesses are not managing host vulnerabilities in the cloud. Vulnerabilities include insufficient or suspicious credentials, application weaknesses, and inadequate employee security training.

Complex Attacks
Not all the attacks and vulnerabilities are the fault of the business. Some of these attacks are far more complex than most businesses are prepared for, including big-name companies. These sophisticated attacks not only know and bypass the company’s vulnerabilities but also various application weaknesses.

What Can You Do About It?
The first action you can take against attacks is recognizing suspicious IP addresses. Have a policy in place for identifying, flagging, and isolating suspicious IP addresses. Spending a few extra minutes of your time could save months of recovery and downtime.

It’s important to pay attention to mistakes that others have made so you don’t suffer the same consequences. Be sure to train and certify the IT staff you already have. Cyberattacks are guaranteed, but what isn’t guaranteed is how prepared your business is to thwart off those attacks.

Virtual Private Networks: What, Who And Why

jared-stemeye

Jared Stemeye is a Help Desk Technician at Tech Experts.

In our modern world, it is tough to come by anyone born within the last two generations who doesn’t use a smart phone, tablet, or other personal computing device daily.

With the ongoing tech revolution comes continuous news of hacked users, mass data collection, and online tracking reported by mainstream news outlets.

This is the reason Virtual Private Networks (VPNs) are becoming a necessity as computer users conduct more and more of their day-to-day lives online.

What Is A Virtual Private Network?
A VPN is a group of computers or networks linked together over an Internet connection. All the information sent or received over the Internet is automatically encrypted when connected to a VPN.

Typically, VPN services offer the highest forms of encryption to protect said data, providing peace of mind for anyone conducting personal or business-related tasks where sensitive information may be present.

As the technology has evolved, VPN applications have become very easy to install and operate. Many of the popular personal-use VPN software developers have made it as simple as installing the app and turning the VPN service on.

Premium VPN services even allow users to choose to mask their IP address, making it appear as though you are accessing the Internet from an entirely different country, which can be quite useful if you do not like your web activity tracked by ad-targeting websites like Facebook or YouTube or your Internet Service Provider.

Who Most Commonly Uses VPNs?
Many different individuals and organizations use VPNs for varying reasons, but the need for a strong layer of security is the fundamental purpose for everyone.

From a business standpoint, VPNs can be easily set up and maintained so that employees can securely access company resources and tools from anywhere on any network or Internet connection without the fear of having sensitive information intercepted.

Further, this encompasses all aspects of a business’ need for security of payroll information, employee and customer information, scheduling, and any other confidential company documentation.

The population of personal VPN users has expanded dramatically in the past year. VPNs are the perfect solution for frequent travelers and those who value their privacy, which has become increasingly difficult to maintain.

Why Should You Use a VPN?
Most of us consider ourselves law-abiding “digizens,” using networks for entertainment, communication and knowledge – but other net users may not be so nice or trustworthy.

A VPN can protect you by concealing your web activities from those with prying eyes under layers of encryption that makes all of your web traffic nearly impossible to intercept or track.

This is especially relevant if you are a frequent user of public Wi-Fi networks, such as your favorite lunch spot or coffee shop. The act of accessing vital information on your devices through a public network is easier than most realize.

Given this, I highly recommend the use of a VPN for your daily Internet use, whether it is personal or professional.

Joining the privatized world of VPNs is an easy and extremely beneficial process.

VPN providers are generally friendly and typically on hand to help should a problem arise.

If you are just getting started with VPNs, consider acquainting yourself more in-depth through a Google search of the top VPN applications and their different features.

The Basics Of HIPAA Compliance

Michael Menor is Vice President of Support Services for Tech Experts.

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is federal legislation that created national standards to protect the privacy of patients’ medical records (including electronic records) and other personal health information.

The legislation makes organizations and individuals who collect and manage personal healthcare data legally liable for its security, including health care providers, health plans, health clearinghouses and business associated with any of these. Consequences of negligence and misuse of private information can include civil and criminal penalties.

As a result of HIPAA, the Department of Health and Human Services created specific regulations for the handling of Protected Health Information (PHI), including electronic or digital forms (ePHI). HIPAA has two main sets of requirements related to privacy and security.

The HIPAA Privacy Rule governs the saving, accessing and sharing of health-related and other personal information, either oral or written.

This rule defines the guidelines safeguarding the confidentiality of PHI. Standards for identifying and authenticating people and organizations requesting PHI are outlined in this rule.
The HIPAA Security Rule more specifically outlines national security standards to protect health data created, received, maintained or transmitted electronically.

This rule primarily focuses on the technological measures used to enforce policies keeping ePHI out of the wrong hands. Failing to comply with these rules can result in penalties for not only organizations, but for the responsible individuals.

Any entity that deals with protected health information must make sure that all the required measures are established and continuously observed — physical (actual data center server access), network, and process security (audits, policies and staff training).

While the legislation is clear on the privacy, security, and accessibility requirements for organizations, over 91,000 violations were recorded between April 2003 and January 2013. These resulted in 22,000 enforcement actions (which included settlements and fines) with 521 referred to the US Department of Justice for criminal investigation.

HIPAA Compliant Best Practices
1. Review and evolve your policies and procedures. HIPAA is not a “set and forget” proposition; compliance must be a living, changing process that is regularly audited for effectiveness and legality. A lot has changed since 1996 and organizations’ policies must reflect those changes.

2. Accessibility rights are as important as rights to privacy. HIPAA gives patients certain control over their healthcare information, including the right to access it on demand and the right to revoke authorization to store their data. Organizations must act quickly when patients ask for their PHI.

3. If you store your data with a third party hosting provider, make sure that they are HIPAA compliant. The Security Rule hands down many stringent administrative, physical and technical requirements for such providers. Make sure that a full-scale risk assessment of the provider is performed on a regular basis and that a process is in place for monitoring compliance.

Apply common sense to your technology platforms. Shut down computer programs and servers containing patient information when not in use, and don’t share passwords among staff members.

The US Department of Health and Human Services has found that storing patients’ information in a HIPAA compliant cloud server can be safer than using a localized server or paper documents, so consider this option for increased security.

A HIPAA violation can be as small as a health care worker discussing a patient’s private health information in the elevator or as large as a $1.2 million fine for not erasing PHI from photocopier hard drives before returning them to the leasing agent.

More than ever, common sense and sound corporate governance must be applied to the technologies and processes that manage confidential data. Protecting that data will protect clients and the organization as well.

Effective Ways To Increase Your Privacy Online

c610923_mWith the increased hacking and account infiltration attempts, protecting people’s privacy has become extremely important.

While online, you can minimize your exposure by browsing privately or completely anonymously.

Private Browsing
You can browse the internet privately, by turning on the private browsing feature. It will prevent the history tracking of pages you visit. The feature is found in the main browser menu.

In Internet Explorer, the feature is called ‘Private Browsing,’ in Firefox, it is called ‘Private Window’ and in Google Chrome, it is called ‘Incognito mode.’

However, there are limits to private browsing: Any files you save or websites you visit will have your IP address as well as unencrypted data you send.

For greater privacy, there is Sandboxie, an application which prevents other programs from saving any data to your disk.

Protect Personal Data
It is good practice to use unique usernames and passwords for each computer user, including guests.

This will help to reduce unwanted access to your files. You could also encrypt your hard drive by enabling Bitlocker which will encrypt your entire drive, making it inaccessible to anyone without your Windows user password.

In case you don’t have Bitlocker built into your OS, TrueCrypt is another free alternative that will secure your files. When you need to completely delete your files, use a utility like Eraser which will ensure they can never be recovered.

Use a Private OS
The best way to ensure complete anonymity and privacy, you could work in an entirely different operating system from your regular OS through virtualization.

A wall is set up around the virtual computer to prevent anything you do from leaving files on your normal Windows file system.

This is an entire operating system devoted to privacy, and is installed on a DVD or USB to run on any computer.

Nothing is written to the computer’s main drives and your browsing activity is completely anonymous.

(Image Source: iCLIPART)

Can Employers Ask For Your Facebook Login Info?

A current case that is attempting to define privacy in the era of social media deals with the question of whether your social media account should be visible to current and prospective employers.

The next time you’re asked the typical “name your greatest weakness” interview question, remember it could be much worse: Job seekers applying to Maryland’s Department of Corrections were asked for their Facebook logins and passwords.

Savvy employers already check an applicant’s “digital footprint.” Some companies, like the Maryland Department of Corrections, have gone even further, requesting or even demanding individuals’ social media passwords to look at data not open to the public. Whether this practice is legal remains unclear.

The ACLU filed a written protest in the Maryland case, and the corrections department stopped asking for the information. They then had job candidates log into their Facebook accounts while the hiring manager looked over their shoulder at the Facebook content hidden behind privacy filters.

The officials at the Maryland Department of Corrections said that they did this to make sure job candidates didn’t have any gang affiliations.

The agency told the ACLU it had reviewed the social media accounts of 2,689 applicants and denied employment to seven because of items found on their pages.

One state is banning the practice, and at least 10 other states have bills that have been introduced. A few courts have ruled that such requests violate the federal Stored Communications Act, but the US Supreme Court has not addressed this issue. This legal uncertainty leaves many workers on shaky legal ground.

It’s always good advice to carefully manage the public information posted to your social media sites. For anyone looking to change careers, a review of your privacy settings and friends list is also good advice.

Ensure any sensitive things are limited to your friends (or even a group of just very close friends). It might make sense to have only your basic contact information available to non-friends.

Employers will undoubtedly rely more and more on Internet searches and social networking sites to screen job seekers.

Senators Charles Schumer (New York) and Richard Blumenthal (Connecticut), are planning to ask the Department of Justice to investigate whether employers demanding access to Facebook accounts are violating the law.

In the meantime, review your privacy settings, update so that only the things you want to be available can be seen by the general public.