alt tag

Security Posts


Key Strategies to Boost IT Security in the Workplace

Wednesday, June 20th, 2018

Businesses have more to worry about than ever when it comes to dealing with new forms of cyber-attacks. The shift to a BYOD workplace adds even more challenges to protecting your digital assets. While hardware and software solutions continue to improve as a first line of defense against nefarious IT threats to your company, you can’t fix the human element with software patches.

Creating a workplace culture that takes IT security seriously on all levels is the best way a business can prepare its second line of defense against unpredictable and constantly changing attacks. Specifically, it’s essential to emphasize the importance of the human element in IT security. Here’s how.

Take Action: Develop and Implement an IT Security Culture Plan

Keeping an IT security-focused culture in your business requires constant care and work — you can’t just plant the idea and expect it to take hold. The process has to be ongoing with existing employees, but also needs to be ingrained into the hiring, training and employee exit processes. The mentality starts from the top, so C-level and IT staff should lead by example. Your business should develop a plan for staff that contains ongoing training and communication between security leaders and the rest of the staff.

Remember IT Security is Holistic

The responsibility for secure IT in the workplace belongs to everyone — not just the staff in leadership roles.

While employees that work with confidential data need to be the most vigilant about security, your security plan needs to emphasize that everyone is important. Holding regular training events for all staff and sending out newsletters related to current threats helps keep security on employees’ minds.

Keep everyone in the loop: Transparency and willingness to answer questions will go a long way.

Get Staff Excited

Creating rewards and recognition for your staff related to IT security can help keep the culture at the forefront of your business. Your business may find your staff responds well to gamification techniques for both training and real-world behavior. Take the time to notify staff when a breach occurs or let them know how your team thwarted an attempted breach when it happens. Also, recognize performers who prevent breaches, possibly with cash rewards. Public recognition can be a major motivator.

Pick Your Battles

If you ask too much of your staff your plan will fail. Your business should choose its battles wisely. At least when you’re starting your culture plan, aim for both the most important threats and the issues where staff can make a big difference with little effort.

  • If your workplace is big on BYOD, focus on encouraging employees to be responsible in keeping their devices secure. Employees will need to keep software updated to avoid malware exploits and may need to encrypt their devices to protect data.
  • Train your employees to always change the default credentials on a new piece of hardware or IoT device to combat DDoS. Hackers exploit the default settings to create botnets for attacks.
  • Train your staff to identify spear phishing attacks, which aim to steal credentials or information from an employee in a personalized attack.
  • Teach your staff to use two-step verification whenever possible to protect accounts. Educate employees about developing secure passwords for cases where more secure protection isn’t available.

If your Bay Area business is looking to improve its IT-security culture, the IT consulting experts at MPA can help. Contact us today.

Which Industries Are Most Likely to be Targeted with Cyber Security Threats?

Monday, May 21st, 2018

To understand why some industries are targeted in cyber attacks more often than others, it’s important to understand what drives hackers and what makes a target appealing. Of the two, hackers are easier to understand:

According to a Verizon data security report, roughly 70 percent of attacks are financially motivated, and around a quarter of attacks are for espionage purposes. The rest tend to fall under the categories of personal grudges, ideological attacks, and “just for fun.”

A prime target for an attack will have some of, if not all of, the following qualities:

  • Works with important, confidential data
  • Possesses valuable information (not just financially)
  • Service disruptions require urgent action to restore access or information security
  • Target has substantial financial assets
  • Target has the financial means to pay a ransom

Businesses in the following industries often find themselves on the receiving end of a security attack because they are considered high-value targets.

1. Finance

As the financial industry works with money, it should come as no surprise that it is the most popular target for hackers. This industry is the target in 24 percent of all attacks, which are almost exclusively financially motivated. These attacks often try to compromise credentials so hackers can steal money through a second-step. Businesses in the finance space should make IT security a priority because attacks are less a matter of if and more a matter of when.

2. Healthcare

Hackers often look to exploit the urgency in the healthcare industry for a financial payout: This industry receives 15 percent of all attacks. In particular, ransomware accounts for 72 percent of all malware attacks on hospitals. The healthcare industry is singled out because disruptions to data access could put patient lives at risk, and hackers could be looking to exploit legal penalties for underprepared businesses losing data.

3. Public Sector

The public sector is a popular target because of the information it stores: Around 12 percent of all attacks are on this industry. Financial motivation only accounts for 20 percent of attacks on the public administration segment of the industry; instead, espionage is the motive in 64 percent of cases. Hackers are often trying to steal confidential information from government operations, but they still may try to go after schools with ransomware to earn a quick payout. Criminals may also target public sector operations because they believe the organization is under-resourced in IT security.

4. Retail and Accommodations

When combined, the retail and accommodations industries comprise another 15 percent of cyber attacks. In particular, 96 percent of retail attacks are financially motivated. These attacks often target payment and personal information that can be used to either directly steal money or play a role in identity theft.

5. Everyone Else

Just because your business isn’t in the four largest targeted industries, you shouldn’t fall victim to a false sense of security. Other businesses still account for 34 percent of attacks. In fact, overconfidence in existing security practices can make the difference between a failed or successful breach.

The IT experts at MPA Networks can help your Bay-Area business secure its internet-facing operations to help keep your information safe. Whether you’re in finance, healthcare, or another industry, MPA’s experience can improve your defenses. Contact us today to learn more.

7 Ways to Keep Work Secure on Employee Personal Devices

Monday, May 14th, 2018

Technology improvements have made it easy for employees to get work done on their personal devices from anywhere. However, that freedom comes with additional security risks and requires extra diligence to keep data secure. Safeguarding information is a combined process of utilizing technology and educating staff. The following considerations will help your business keep work secure on employee personal devices.

1. Always Update/Patch Software

Hackers invest time trying to find new ways to bypass security or take advantage of personal apathy and laziness.

According to PC World, failing to install the latest patches and updates for software is the top security risk for both business and private use.

Hackers can look for known exploits that the software creator closed and use them against people who haven’t updated the software to close that security hole. Unlike with business-owned devices, your business really can’t force employees to install software that will prompt updates, so it becomes a matter of training.

2. Use Cloud Apps

Cloud applications for both computers and mobile devices offer some excellent security benefits for your business, especially when your employees access them on personal devices. Cloud apps shift much of the data security burden to the server side, which alleviates many of the security problems that could come from traditional apps run on employee devices. Cloud email is an excellent example of this because the server can handle scans for phishing, malware and other malicious attacks before the content ever makes it to the employee device. Cloud apps generally run the most current software versions, so your business won’t have to worry about employees running updates.

3. Encourage Strong Antivirus and Anti-Malware Practices on All Devices

While employees don’t need to use the same security software your business runs on their personal devices, they do still need quality security software. There are many free and low-cost security programs for personal users that provide excellent protection. Your IT staff can help make recommendations for employees on personal devices.

4. Train to Avoid Phishing Scams

While security software and cloud apps do a great job of catching phishing scams, some still might slip through. That’s why it’s important to train your employees in how to identify and avoid phishing scams.

5. Use Strong Passwords, Password Managers and 2-Step Verification

Employees should also keep their accounts secure by using sophisticated access credentials. This means using 2-step verification for all accounts and programs when possible and using password managers to protect their credentials. Employees should be trained in creating strong passwords in the event that more advanced security techniques don’t work.

6. Practice Public Wi-Fi Safety

In general, employees should avoid using public Wi-Fi when working with confidential information. If employees are going to do work on Wi-Fi outside of the home or workplace, they need to be trained in identifying fake access points and how to tell if a library, restaurant or other business’s network is secure.

7. Consider Using Remote Wipe or Lock Software

As a final effort, your business should encourage employees to install software that allows them to remote wipe or lock mobile devices and laptops they are going to use for work purposes. That way if someone steals that device, the damage will be limited to the financial loss of the hardware and not related to a data security breach.

The IT consulting experts at MPA Networks can help your business implement both software and training practices to help keep your data safe when employees use their personal devices for work. You can read our previous blog on tips for managing remote employees for even more information on keeping data safe. Contact us today to learn more.

Cybersecurity and C-Level Execs: Protecting Data While On the Go

Monday, March 26th, 2018

While all employees need to be mindful of security, the nature of C-level executives makes them more attractive targets for hackers. That means it’s necessary for them to take greater precautions.

According to TechRepublic, C-level executives are more vulnerable than other employees because of the mobile tendencies of their work, and they are higher-value targets because of their access to confidential information. Hackers often use lower-level employees as a way to work up to C-level executives to get the information they’re looking for.

Because of their vulnerabilities and target value, C-level executives need to adhere to the strictest security practices.

Internet Access Security Risks

Hackers can do a lot of damage with little effort if executives connect their devices to unsecured networks. C-level executives tend to travel frequently, which can expose their devices to vulnerable Wi-Fi networks. Coffee shops, airports, hotels and exhibition centers are among the largest and most vulnerable network threat locations — and all are places executives tend to frequent. Executives may be working on unsecured Wi-Fi or even worse: hacker-implemented Wi-Fi masquerading as a legitimate access point.

Your company’s best defense against vulnerable public and private networks is to avoid the “penny wise and dollar foolish” mindset: Pay for an unlimited mobile data plan with tethering support for your executives. Using mobile 4G internet on the go eliminates the risks of using out-of-office networks, and tethering support will allow C-level executives to connect their devices that don’t have built-in 4G mobile network access. Your company can also invest in network tunneling, VPNs and other security measures.

Executive Data Access Is an Attractive Target

Consider this hypothetical example: Bob from H.R. has access to everyone’s Social Security numbers, while Janet from accounting has access to the company’s financial records. But Sam the CEO has access to all that information and more. Because of this, hackers view executives as the biggest fish in the sea, and they will target executives over all other potential targets. This is an even bigger problem on outside networks than within the office network because executives don’t have all the security technology that the office provides protecting them.

In addition to preventing the attack, it’s also wise to limit the amount of data access an executive has on devices they use when traveling — especially for international travel.

Executives should use “burner” laptops/phones that only have the information they need for the trip in order to limit data exposure in the event of a hack. For example, don’t store a payroll spreadsheet containing every employee’s Social Security number on a travel laptop.

A stolen device is also an important risk to consider, so your business should always use encryption and secure passwords on executive devices used when traveling.

Email Is a Primary Attack Avenue

Email security needs to be a priority: It’s everywhere, so it’s irrational to think executives will only read and reply to emails in an office setting. C-level executives are primary targets in “whaling” attacks — high-value targeted email phishing scams. The main concern is man-in-the-middle attacks, where a hacker poses as a trusted individual in a conversation. Technology can only do so much to safeguard against whaling scams. Hackers may learn a great deal about a specific target and tailor their methods based on that information — unlike a standard phishing scam that involves throwing out a generic net to see who falls for it.

IT security is important at all levels, but lapses at the executive-level can have disastrous results. The IT consulting experts at MPA Networks can help your business implement strong security practices so your company can avoid catastrophic security breaches. Contact us today to learn more.

New Phishing Technique Hijacks Legitimate Conversations

Tuesday, October 24th, 2017

A new spear phishing technique, being used in a hacking campaign called FreeMilk, takes advantage of a Microsoft Office vulnerability in order to hijack existing email conversations to spread malware to high-profile targets. This new technique phishing technique is particularly bothersome because it hits people where they least expect. Imagine you’ve been having a conversation with a coworker about posting pictures from last week’s company outing. However, when you receive the email from your coworker including the link to the Dropbox account containing the images, you instead receive a link to a malware downloader. This new technique and exploit are being used in a wide scope attack, targeting high-profile targets all over the world.

How It Works

The hacker is spear targeting a high-value target and has decided a direct attack is not the desired course of action. This is likely because the high-value target is well protected. Instead, the attacker aims to steal the email account of a regular email contact, who may not be as well protected through a credential theft technique.

Once the hacker compromises an email conversation on a participant’s account, the hacker can pose as the original sender undetected. Next, the hacker will continue already existing conversations with the intended target and embed links or attach files to trick the target into downloading malware. The hacker can also use the compromised account to target other individuals in the same business network with the goal to spread malware.

Why It Works and Who Should Be Concerned

The strategy works on the premise that the high-value target would not expect a phishing scam to come through a conversation with a trusted colleague. Because of the sophistication and high level of customization necessary to pull off the proxy-attack technique, high-profile targets like C-level executives and government employees are the ones that need to be worried about these attacks as opposed to the general public.

What It Means

The bad news is that compromised account spear phishing attacks mean that phishing scams don’t just come through unrecognized accounts or new conversations with hackers posing as legitimate interests, but from existing conversations with trusted individuals as well. The FreeMilk campaign showcases the need for software-based phishing interception; since IT security is a shared responsibility, the anti-malware, antivirus, browser, ISP, email client, and other involved programs need to be on the lookout for bad links. Additionally, people will need to examine URLs for legitimacy in all conversations.

The attacks also reinforce the notion that software updates are essential. The specific exploit which takes advantage of Microsoft Office vulnerability was patched back in April of 2017. This is another example of how hackers were able to take advantage of a closed security hole that was identified months ago, just because users put off updating. However, even with the patch, the indirect spear phishing technique can be used through other security holes.

The experts at MPA Networks are ready to help your San Francisco Bay Area business implement the email tools that will best help protect your business from email intrusions and keep your computers safe through implementing software updates as they come out. Contact us today.

Alternative Employee Device Security: Fingerprints, Facial Recognition, and Iris Scans, Oh My!

Tuesday, October 17th, 2017

So far, 2017 has been an eventful year for increasing access to password-alternative smartphone and laptop unlocking techniques. Notably, Samsung added Face unlocking to the Galaxy S8 line and Apple introduced Face ID on the iPhone X. Of particular note, facial recognition is a convenient alternative to the traditional password-entry methods because all a device owner needs to do is look at the screen to unlock the device.

Security or Convenience?

However, these password alternatives still require a master password, so they’re really less about increasing security and more about making it more convenient to sign into a device. Alternative unlocking methods greatly range in security potential, so it’s prudent for businesses to determine whether each meets reliability standards.

Face Scanning: The New Front-Runner

Face scanning, as its name implies, uses one or more cameras on the screen-side of the device to “scan” the user’s face to determine if the person is allowed to access the device. Unfortunately, face scanning isn’t off to a great start as users have found easy ways to trick the Samsung Galaxy Note 8’s facial recognition with a photograph of the owner. This is a pretty common problem with two-dimensional facial recognition technology.

However, three-dimensional scanning has a much better track record. The iPhone X uses depth scanning on its various tracking points so a photo won’t fool it. According to Apple, the chance two people will have matching Face IDs is one in a million. Depth-based scanning is also available on Windows 10 PCs equipped with an Intel RealSense 3D camera.

Iris Scanning

Iris scanning is a lot like facial recognition scanning except it uses just the eyes instead of the entire face. Found on phones going as far back as the Galaxy S6, Iris scanning has similar security strengths and weaknesses to facial recognition scanning.

However, Iris scanning isn’t as convenient because it requires a closer view, may not work as well in high-light conditions and can have issues with glasses.

Fingerprint

Fingerprint scanning has been available on smartphones since 2011 and much longer on laptop computrs: it’s the established common alternative to a typed password. It’s reasonably convenient and offers satisfactory security: Apple argues their system has a 1 in 50,000 chance of two people have a matching print. These scanners are commonly used on phones via the “home” or “center” button, while newer phones like the Galaxy S8 sport a scanner on the back of the device.

However, fingerprint scanners have a reputation for being easily fooled. For example, someone could make a “key copy” of the owner’s fingerprint using a dental mold and Play-Doh. While it’s unlikely someone who steals a device through a crime-of-opportunity will be able to unlock the fingerprint, it is an issue for specifically targeted high-value employee devices.

If your business is looking to review its device security practices, the IT consulting experts at MPA Networks are ready to help. Contact us today! We work with businesses throughout the entire San Francisco Bay Area including San Mateo County, and all East Bay and South Bay cities.

Equifax Breach: What does it teach us about IT security?

Tuesday, October 3rd, 2017

The 2017 Equifax hack is teaching a painful lesson about the necessity of businesses keeping up with software patches for IT security and to avoid catastrophic damage. The hack, which resulted in potentially exposing the financial information necessary to steal a person’s identity for 143 million U.S. customers, could have been easily avoided if the company had applied a patch to fix the exploited software vulnerability. This event highlights the importance of patching software in IT security. Applying an update which takes relatively little time can make the difference between business as usual and potentially bankrupting your company.

What Happened?

According to CNN, Equifax failed to apply a software patch to a widely-used tool called Apache Struts, which the company uses for its online dispute portal. The patch in question addressed an established, known security exploit in the software. Running software without applying existing security patches is widely considered the number one biggest cybersecurity risk for both businesses and consumers because hackers know just where to hit.

Hackers took advantage of Equifax’s lack of speed in applying the patch and had a two-month window to break through the company’s online defenses and steal confidential information. The exact information the hackers stole from each customer varies but included items like Social Security numbers, driver’s license numbers, addresses, and birth dates — all of which could be used in identity theft.

Why Should My Business Care?

  • A hack can financially destroy your companyAccording to TechRepublic, Equifax is looking at a $20.2 billion price tag for repairing the hacking damage, which is a full $8.3 billion more than the company’s market valuation.
  • Lawsuits may follow: As of mid-September 2017, Equifax is facing 23 class action lawsuits over the hack. One of the lawsuits is seeking $70 billion in damages.
  • Executives may lose jobs: In the case of Equifax, a CIO and a CSO are retiring or otherwise leaving the company because of the security breach.

Patch Software for IT Security: Current Changes as a Solution

Unfortunately for those looking for a quick fix, the solution doesn’t come from the machines, but rather the people who use and maintain them. Major hacks like the one against Equifax are a reminder that businesses need to hold IT staff accountable for patching software: it’s not something done when convenient, but on a regular schedule or as soon as possible.

If your business doesn’t want to end up like Equifax, your IT staff should make patch implementation a priority. Making security a higher priority means paying closer attention to when your vendors and software providers issue updates. Your staff can ease the process by applying automatic patching whenever possible and picking a light workday to run regular updates on all machines.

The IT consulting experts at MPA Networks can help answer your questions about IT security and how to keep your business safe. Services like desktop support and management emphasize protecting your staff’s devices from security threats through regular patch maintenance. Contact us today! We work with businesses in San Francisco, and throughout the East Bay and South Bay.

Adobe Flash: The Rumors of My Death Have Been Greatly Exaggerated…Until 2020

Tuesday, August 29th, 2017

Adobe Flash, the web content standard the Internet loves to hate, will soon meet its ultimate demise: Adobe will finish phasing out the platform in 2020. Flash, first introduced in the early 2000s, has been on a gradual decline for almost as long as it was on the rise. Fortunately for your company’s IT security, this shift will make your computers safer at the expense of losing support for older web content. Here’s what you need to know about Adobe Flash ending.

Trends in Design

While Flash provides rich content for desktop and laptop computer users, the multimedia software platform received its terminal diagnosis when trends shifted towards the mobile web. Flash’s relevance continued to decline as web sites moved away from running separated desktop and mobile sites by adopting a singular “responsive design which requires Flash-free content.

The Slow Death of Adobe Flash

Late Apple Co-Founder Steve Jobs, who played a major role in creating much of the popular computer technology in use today, is credited with signaling the beginning of the end with his public letter, “Thoughts on Flash.” Instead of weening iOS devices off of Flash content, Apple opted to avoid supporting the standard altogether on iPhones and iPads in favor of HTML5 and H.264.

While mobile devices were the first to abandon Flash, desktop devices kept it on life-support for a few more years. Google followed suit with dropping Flash from Android devices in 2012 and YouTube switched to HTML 5 as the default video player for all devices in 2015. The standard took more hits in 2016: both Chrome and Firefox started blocking Flash by default, forcing users to “opt-in” to enable any Flash content.

Performance Issues

Flash isn’t great for device battery life or SEO-friendly web design. Flash content is typically CPU intensive and inefficient, so it forces the device to do a lot of work even after downloading content. For example, Flash video can eat through a device’s battery life twice as fast as the same content encoded in H.264. Flash content is also notoriously poor for SEO because search engine crawlers can’t properly examine the content. Additionally, Flash-content can take several times longer to load which translates into a large share of the audience abandoning the page due to speed.

Security Issues with Adobe Flash

Unfortunately for Flash, security issues create a situation where leaving the plug-ins installed on a computer to continue supporting content leaves the device vulnerable to attack. Flash is riddled with security holes. Even after Steve Jobs called out Adobe for the security problems back in 2010, Adobe’s vulnerability patches continue to be met with newly discovered vulnerabilities. Symantec observed and reported Flash vulnerabilities in 20142015, and 2016. Hackers frequently exploit Flash’s security shortcomings to upload malware onto devices.

Is your business ready to operate in a Flash-free world? MPA Networks can help through IT Managed Services and desktop management by helping your business phase out lingering Flash-required software and removing Flash installations on your devices. Contact us today to learn more!

The Internal SMB IT Security Threat: Overconfidence In Cyber Security Preparedness

Tuesday, August 15th, 2017

According to a 2017 published study by Advisen and Experian, one of the biggest threats facing small businesses comes from within, such as overconfidence in the organization’s ability to protect itself and recover from cyber security attacks. While businesses in the survey aren’t claiming to have exceptional cyber security plans and policies in place, there is a disconnection on how well prepared companies  believe they are compared to third-party security experts. Modesty is an often overlooked virtue in business cyber security; knowing that your business needs to continually evolve and improve practices is a defense mechanism of its own.

The People Problem

email-1903444_1920

Hackers are shifting their attention to a different part of the system when trying to break in: the human aspect. Hackers are using increasingly sophisticated phishing scams through email, web-linking, and phone calls to trick humans into handing over information instead of dealing with strong technical security implementations.

According to the Experian survey, “80 percent of legal experts and 68 percent of brokers were concerned, versus just 61 percent of risk managers”, pertaining to employees able to successfully identify and avoid phishing and social engineering attacks. Businesses, then, need to emphasize employee education on avoiding phishing and social engineering attacks.

Internal Vs. External Perspectives

According to the Experian survey, on a preparedness scale of 1-to-5, business risk managers rated their employee education programs 3.36. However, legal experts and data brokers gave those same programs 2.91 and 2.57 scores respectively. This disconnect is important because it shows that businesses tend to realize that they have a lot of room for improvement but they undershoot how far their practices need to grow.

Fortunately, firms aren’t as off-base when it comes to assessing preparedness versus other businesses: 54 percent of companies report that their IT security preparedness is better than their competition. Employees further removed from the metaphorical front-lines may be more confident. According to a Deloitte study, 76 percent of business executives are “highly confident” in their firm’s ability to respond to a cyber security attack.

Looking Ahead

Different businesses face different challenges. According to a FICO survey, telecommunications businesses were the most confident whereas healthcare organizations were the least confident in their company’s cyber security protection. However, the healthcare industry perspective could stem from hackers narrowing-in on the hospitals and healthcare providers as the top target. The legal industry and financial service industry businesses are also major targets for cyber attacks.

The silver-lining in the Experian survey is that businesses and security experts are in agreement on what their biggest security concerns should be: phishing for personal/financial information, ransomware attacks, and IoT vulnerabilities. Is your business looking to improve its cybersecurity practices? The IT consulting experts at MPA Networks can help. Whether it’s through desktop support and management or disaster recovery solutions, your company can always work to improve cyber security. Contact us today!

Addressing the Unique Ransomware IT Security Issues in Healthcare

Tuesday, August 8th, 2017

Ransomware, a type of malware that holds a computer hostage and tries to force the victim to pay money to recover access, is a nightmare for any business, but the healthcare industry faces the more severe side of a ransomware attack. The healthcare industry receives a whopping 15 percent of all ransomware attacks across all industries. It’s therefore essential to look at why the healthcare industry is such a prime target so businesses can adjust their IT security strategies to keep both information and patients safe.

ecg-1953179_1920

Why is the Healthcare Industry a Prime Target for Ransomware?

While the malware family tree is fairly expansive, the ransomware branch alone is responsible for 72 percent of all malware attacks in hospitals for 2016. Even though industry experts say victims should never pay the ransom, one study found as many as half of victims have done exactly that. Unfortunately, this pattern persists because it works. The healthcare industry, with an emphasis on hospitals, exhibit three behavioral patterns that make them prime targets:

  • Hospitals have a reputation for running on older operating systems with known vulnerabilities hackers can exploit. Hospitals may need to use outdated operating systems to work with vital, legacy software. Alternatively, it could also be an IT oversight. Even Macs are vulnerable to ransomware.
  • Healthcare operations may need access to specific computers and files immediately or they risk losing a patient’s life, so this makes them a prime target to pay the ransom. When faced with paying a $500 unlock fee or risk a patient dying, there’s not enough time to look at other options.
  • Hackers assume healthcare operations are financially well off and can afford to pay the ransom.

Phishing with Spears, Not Nets

Since healthcare operations are such a prime target, hackers are going as far as creating ransomware-infection mechanisms that emulate specific software. For example, the ransomware infection mechanism may create a window that’s designed to look like a common patient information window. However, instead of closing the window or saving changes, the window forces the computer to download malware. These attacks are often aimed at specific employees with top-level-access.

What the Healthcare Industry Can Do

  • Backups Are A Lifeline: The more often your business runs data backups, the less information it stands to lose. Frequent backups allow your business to access versions of files just a few hours to days old, which minimizes the damage ransomware can inflict.
  • Emphasize Keeping Software Up-To-Date: Ransomware rarely reinvents the wheel and instead relies on exploiting known security holes that vendors have already patched up. Making sure every program on every computer in your business updates to the latest version as soon as possible will offer exceptional ransomware protection.
  • Use the Cloud: Ransomware has a very difficult time seizing data from applications run through the cloud. Therefore, switching to a cloud platform offers additional security.

While the healthcare industry is a prime target for malware, all businesses need to be concerned about the many types of ransomware in the wild. If you would like to learn more about how your healthcare business or other type of company can protect itself from ransomware, contact the experts at MPA today!

You might also want to read: The “Seven Deadly Sins” of Ransomware.