Login 

Call Us Now:

Weston Technology Solutions Blog

  • Home
    Home This is where you can find all the blog posts throughout the site.
  • Categories
    Categories Displays a list of categories from this blog.
  • Tags
    Tags Displays a list of tags that have been used in the blog.
  • Archives
    Archives Contains a list of blog posts that were created previously.

Security

CCleaner Hacked – What You Need To Know

Posted by on in Security

ccleanerYou may have heard the news that the immensely popular CCleaner disk cleanup tool was hacked. Most IT guys (and many consumers) have used CCleaner to free up disk space (combined with the third-party CCEnhancer, it can clean up a lot of extra files that standard window Disk Cleanup won’t get). That being said, if you’re running CCleaner 5.3.3, you are potentially at risk and it is recommended you upgrade (older versions and newer versions are not affected – the 5.3.3 version was available on their site for a month).

Tagged in: Security Virus Windows

Remember the Basics to Prevent Data Breaches

Posted by on in Security

seccompModern technologies are certainly making it easier for an organization to minimize risk and detect and prevent security breaches when they occur. Between intrusion detection systems, next generation firewall systems, threat management solutions, data encryption solutions, there are a lot of ways to help your organization. However, the basics of security are just as important. If you look at the HIPAA data breach portal, you’ll find a pile of examples of breaches caused by simple errors and security mistakes.

While the FTC doesn’t cover enforcement of HIPAA-covered entities, their latest blog post for business is a must read for your business, no matter if you’re HIPAA-regulated or not. Start with Security: A Guide for Business covers the following aspects of data security in an easy-to-follow format:

  1. Start with security.
  2. Control access to data sensibly.
  3. Require secure passwords and authentication.
  4. Store sensitive personal information securely and protect it during transmission.
  5. Segment your network and monitor who’s trying to get in and out.
  6. Secure remote access to your network.
  7. Apply sound security practices when developing new products.
  8. Make sure your service providers implement reasonable security measures.
  9. Put procedures in place to keep your security current and address vulnerabilities that may arise.
  10. Secure paper, physical media, and devices.

While this is an especially important issue to regulated industries, the advice is good for any business to follow.

NIST Updates Password Advice

Posted by on in Security

securityThe National Institute of Standards and Technology (NIST) has updated its Digital Identity Guidelines (see NIST Special Publication 800-63B). The guide includes a variety of recommendations that can (and many times should) be implemented to improve the security on your network.

One of the things that this update covers is two-factor authentication, which we went over recently. We recommend using it whenever reasonably possible.

They suggest a minimum of 8 characters in your passwords, but they encourage much longer passwords of 64 characters (within reason) and that use of UNICODE, special characters, and spaces should be allowed in passwords. While spaces doesn’t necessarily add to password complexity, it does help folks begin using passphrases instead of passwords (there is a difference). Passphrases in general are much harder to break with brute-force automated techniques, but are easier to remember by users.

Long story short, make sure your password policies are kept up-to-date and that they are secure. Contact us for more information on running a network assessment on your environment to see how your policy is setup (among many other items that we look for). 

Mobile Device ManagementAs a business owner, you’re likely familiar with locking down the data on your corporate-owned computers. With technologies like disk encryption and strong password policies and other security measures, you can assure that it will be pretty difficult to access data that shouldn’t be accessed.

But what about those computers in your employees’ pockets, the fancy smartphones they carry around? Have they ever used them to access company email, files, documents, calendars, or contacts? It is certainly very convenient and can increase productivity to have access to that data with you at all times. What would happen if they were to lose that phone or if the employee left? Would your data or access to your company’s data fall into the wrong hands?

Not if they were secured by WestonSecureMobile, powered by IBM MaaS360. Previously, if you wanted full control of your employee’s mobile access, you’d have to buy them all phones and lock them down. With WestonSecureMobile, you can allow them to bring their own personal devices and you won’t have to worry.

WestonSecureMobile uses industry-leading technologies to allow your employees to access company resources on their mobile devices securely without putting their personal or your corporate data at risk. WestonSecureMobile is a suite of secure applications that gets installed on your phone that keeps your corporate data access secure and separate from the personal data on your phone. It provides centralized management of the devices, allowing you to selectively control access to corporate data, much as you would with your Windows Server back at the office.

If a phone is lost or an employee leaves, you can wipe and lock down portions of the phone that were accessing that data so the user’s personal data is left alone. It also allows tracking of the devices if they are lost or stolen.

It’s certainly cheaper to allow your employees to bring their own devices. With WestonSecureMobile, you can be assured that bringing their own device won’t compromise your company’s data or put it at risk. Contact us today for more information and pricing.

healthcareIT2The U.S. Department of Health and Human Services (HHS) has launched a revised breach portal (or “Wall of Shame” as it’s known in the healthcare industry). The newly designed tool can be found here. According to Healthcare Informatics, This redesign features improved navigation for both those looking for information on breaches and ease-of-use for organizations reporting incidents. What that means for you is that, yes, your life as a HIPAA security officer will be easier as you’ll be able to submit breach notices easier. However, as a clinic manager, it also means your patients can find breach notifications easier, making it easier to find out if you messed up or are currently under investigation by the Office of Civil Rights.

It’s best to keep yourself from ever being on the Wall Of Shame in the first place, and Weston can help. We have a variety of HIPAA-friendly services that will help secure your environment, train your employees, assess your compliance and vulnerabilities, and keep you from hopefully ever having to visit that site.