Wilson Technology Group and More

Your One Stop IT and Telecommunications Firm

Monthly Archives: September 2014


by Leave a comment

Types of Cyber Attacks

Adware – is designed to display advertisements on your computer or mobile device
Botnets – Hackers create botnets by successfully attacking your computer or other device and turning it into a “zombie computer”
Denial of Services – a special form of cyber attack that focuses on the interruption of a network service
Malware – any computer code that has a malicious intent
Phishing – hacker puts “bait” in front of you hoping that you’ll “bite” so they can “hook” you
Ransomware – takes control of your system, holding your information hostage until you pay the ransom to your attackers
Spyware – monitors or spies on its victims, records keystrokes
Trojans – sneaky kind of malware, look harmless or even beneficial and trick you into installing them on your system
Viruses – infect a computer, survive by attaching to other programs or files.
Worms – replicate themselves many times to fulfill a nefarious purpose

Find out more by visiting: http://www.wilsontechgroup.com
Find us on LinkedIn and Facebook


by Leave a comment

Are You A Safe Internet User?

If you answer “Yes” to any of the following, you may be at risk.

1) Do you visit websites by clicking on links within an email?
2) Do you follow add links from a WEB site?
3) Do you reply to emails from companies or persons that you are not familiar with?
4) Do you bank/shop online?
5) Do you replay to emails that offer deals/coupons or request your opinion?
6) Would you provide your personal/banking information as a result of an email notification?
7) Is your Firewall/antivirus software out of date?
8) Do you use a non-secure logon and password?
9) Is your data unencrypted?

Find out how you can protect yourself by going to: http://www.wilsontechgroup.com
Find us on LinkedIn and Facebook


by Leave a comment

Technical Considerations in Developing Policy for Mobile Devices

Is your company technically mature enough to enforce the policies it is writing? What technical issues need to be considered?

1) Mobile device encryption
2) Pass code requirements
3) Enforce screen lock timers
4) Enforce no jail broken phones
5) Enforce an enrollment system for remote wipe
6) Enforce application and OS update policies
7) Data classification (no all data has the same value – separate it)
8) Data isolation (you cannot protect everything so separate it)
9) VPN (keep services off the open internet when possible)
10) Use 2 factor authentication

Find us on LinkedIn, Facebook and www.wilsontechgroup.com


by Leave a comment

Policy Drafting Considerations for Mobile Devices

Regulators are focusing on mobile devices, particularly regarding HIPAA and HITECH compliance. Many policies affect BYOD and include:
1) Acceptable use policies
2) Security policies
3) Social media policies
4) Remote access policies
5) Litigation hold policies
6) Remote working policies
7) Incident response policies
8) Breach notification policies
9) Privacy policies

Include the appropriate team members in developing policies:
1) Senior management
2) Chief IT officer (sets the strategic direction including policy)
3) IT staff (implements policy/strategy)
4) Legal/regulatory (subject matter expertise/enforcement)
5) Human resources (enforcement)

Find us on LinkedIn, Facebook and www.wilsontechgroup.com


by Leave a comment

HHS Office of Civil Rights

Since the compliance date of April 2003, Over 89,045 HIPAA complaints were received in the HHS Office of Civil Rights. What were the results? Nearly 22,000 complaints were resolved through investigation and enforcement. Close to 10,000 complaints were investigated where no violations were founded and nearly 52,000 complaints were closed and were not eligible for enforcement.

The HHS Office of Civil Rights spends most of its efforts investigating the following:
1) Impermissible uses and disclosures of PHI (Personal Health Information)
2) Lack of safeguards of PHI
3) Lack of patient access to their PHI
4) Uses or disclosures of more than the minimum necessary
5) Lack of administrative safeguards of ePHI

Some of the problems identified in the above include:
1) Failure to conduct a Risk Analysis (RA) in response to a new environment
a) BCBSTN – changed offices
b) WellPoint – installed software upgrade
2) Failure to conduct an accurate and thorough RA that incorporated all IT equipment, applications, and data systems utilizing ePHI
a) New York Presbyterian Hospital
3) Workforce Members
a) Failure to train and/or train on an ongoing basis
b) Failure to “apply appropriate sanctions”
c) Failure to install security measures to monitor unauthorized access
i. UCLA case – workforce members repeatedly snooping on patients between 2005-2008
d) Failure to implement appropriate policies and procedures for authorizing access to patient data base
4) Technical/Security Failures
a) Failure to take inventory of equipment that accesses PHI
b) Failure to implement processes to assess and monitor the equipment that accesses PHI
c) Failure to implement appropriate security measures
d) Failure to follow existing policies and procedures on information access management
i. New York Presbyterian Hospital

Why have a policy?
a) Protect clients/patient rights
b) Instill professionalism throughout your enterprise
c) Protect your organization from liability
d) Protect your employees from liability

Find us on LinkedIn, Facebook and www.wilsontechgroup.com


by Leave a comment

Health and Human Services (HHS) Supports Mobile Devices

Recognizing the proliferation of mobile devices, HHS has strongly advocated using them. Their reasoning includes:

1) Improving public health outcome (and reducing costs)
2) Helping with chronic disease management
3) Reminding people to take medications
4) Reaching rural areas
5) Empowering people through education

 

Find us on LinkedIn and Facebook

http://www.wilsontechgroup.com