MSPNetworks Blog

Password changes, multi-factor authentication, and countless changes in policy and procedure can make daily workflows more and more complicated. Cybersecurity can truly be a pain—a necessary pain, granted—but a pain nevertheless, and one that can gradually lead to burnout if you aren’t careful. Let’s go over how to mitigate the likelihood of it.

Understanding Security Fatigue

Let’s put yourself in the shoes of one of your employees for a moment—although, if we’re really being honest, the following scenario could easily apply to anyone in your organization, including you.

How often have you sighed when asked to create yet another new password, or groaned when a multifactor authentication prompt +pops up, when all you’re trying to do is your job? Does news of the next security training make you roll your eyes?

You aren’t alone. Not by a long shot.

The truth is, modern cybersecurity—for all its importance—is a balancing act. While the human element is consistently one of the weakest elements of the average business’ security, the numerous policies, procedures, and protections intended to help mitigate the vulnerabilities your team members contribute to can backfire.

For instance, how would you feel if it consistently became more and more challenging for you to complete the same tasks you had always been responsible and accountable for, without the tasks themselves changing at all? Pretty frustrated, I’d assume, and motivated to do whatever you could to streamline these challenges…going so far as to cut corners or overlook whatever requirements you could get away with neglecting.

This is the phenomenon known as security fatigue—where there is so much emphasis put on security and the safeguards intended to ensure it, that your team becomes disinterested and behaves less securely as a result.

Some Signs that Security Fatigue Has Set In

You’ll want to be on your guard so you can spot some of the warning signs in both your own behaviors and those of your team members. For instance:

• Have you or your team members grown more lax with your password practices?
• Are you or your team members prone to connect to insecure networks without the added protection of a virtual private network, even when accessing sensitive accounts and data?
• Do you and your team keep an eye out for signs of phishing, or are most messages taken at face value?
• Are work devices commonly used for personal activity?
• Is IT kept apprised of incidents and issues promptly, or are such things only reported when the circumstances are severe?
• Do you or your team members frequently use workarounds to bypass your security?
• Are work devices kept appropriately up-to-date, or have updates been somewhat neglected?

If any of these sound familiar, you may have a bit of onset security fatigue.

How to Correct Security Fatigue

Fortunately, there are a few ways that you can counteract this phenomenon in your business. While we in no way are attempting to minimize the importance of security of all kinds for modern businesses, it is important to also keep in mind that too much apparent security can easily hurt your team’s productivity. Therefore, by helping to take as much off your team members’ plates as possible, through things like automatic patches, remote management, and password management systems, you can better strike a balance between productivity and security without short-changing either.

MSPNetworks is here to help you do just that. Let us shoulder your cybersecurity needs so your team can focus more on your productivity, without worrying that you’re left vulnerable as a result. Give us a call at (516) 403-9001 to learn more about what we’ll do, and how you could benefit.

The Health Insurance Portability and Accountability Act is a regulation passed by the US congress in 1996 to help streamline the healthcare system while maintaining individual ePI privacy over individuals’ health records. This regulation was put in place to allow people to transfer their health coverage, but also to minimize the risk individuals take on as far as fraud and abuse of their health records is concerned. This week we’d thought we’d discuss four ways your technology can help your organization keep its HIPAA compliance. 

Every organization that deals with healthcare information, whether they work in healthcare or just hold information on individual health insurance policies, needs to remain compliant with HIPAA. This can be a challenge for some companies, and that’s not a good thing. Fines can be massive for organizations that are found to be in breach of this mandate. That’s why it is essential your organization knows what to do and how to successfully deal with would-be patient data breach. 

The Role Technology Plays

Obviously, business success is largely contingent on their technology, and as far as HIPAA compliance is concerned, it’s mostly about keeping this type of data confidential. This becomes more of a challenge as organizations outsource their benefits and insurance to third parties. This is because this data, sent digitally, can be intercepted and therefore can cause major headaches for administrators. 

Let’s look at some easy-to-follow ways your organization can use its technology to maintain its critical HIPAA compliance:

• Secure communications - When sharing individual health information, you want to ensure you are doing it securely. This means no individual ePHI should ever be sent via text or instant message. These platforms simply don’t have the needed security and you can get yourself in hot water pretty simply by not considering what information you are sharing over certain platforms. 
• Use the cloud to your benefit - A lot of times people deride cloud platforms for not being as secure, but in the case of ePHI, cloud computing is generally thought of as one of the best platforms. This is because each user has secure access to the information without having to send it anywhere. This way there are no paper files to misplace (or get stolen) and there is very little risk of having the information intercepted in transit. 
• Keep passwords secure and updated - Passwords play a crucial role in the security of your business files, and play the same role for ePHI. You should implore your staff to routinely change their passwords, while creating complex passwords that use upper and lowercase letters, numbers, and symbols.
• Keep training - One way that businesses of all sizes can work towards data security is to keep training. Along with password hygiene, businesses should train on the best practices of data security, data privacy, and overall awareness. Keeping your staff trained up and aware is truly the only way that it is going to maintain the security needed to stay compliant with HIPAA or any other regulatory mandate your business operates under. 

Health information is some of the most sought-after by hackers and scammers. If you would like to learn more about implementing a comprehensive training platform for your business, or you would like to talk to one of our knowledgeable IT consultants about keeping your business compliant, give us a call today at (516) 403-9001.

If you have a computer, it has data on it that you’ve stored. Whether it’s the novel you’ve been working on in your spare time or pictures from your kid’s sixth grade graduation on your home PC, or the databases and applications that your business’ infrastructure supports, all of this data is generally stored in exactly the same way. Whatever your case, you should know that your data is terrifyingly fragile - far too fragile to ever be kept in just one place. Let’s dive deeper.

How is Data Stored on a Hard Drive?

A hard disk drive, better known as the traditional HDD, works a little like a record player. Your data is stored on small, magnetic platters that are all stacked together and spin. A small mechanical arm rests over these platters.

To give you a bit of perspective, a record player usually spins between 33 and 78 times each minute. Your hard drive spins about 7200 times in a minute.

This speed creates a cushion of air that keeps the head at the end of the arm from touching the platter as it spins around. The slightest touch could easily destroy the data contained on the drive.

As is true for anything mechanical, these drives are ultimately subject to failure.

Your car doesn’t last forever, and neither do storage drives. The drive’s motor might burn out, the arm might stop working, and many other complications can arise to make the hard drive inaccessible and cause the data stored upon it to follow suit. Everything you do makes the hard drive read and write data, so the stability of your drive is crucial to you.

In fairness, there are also SSD drives that store data without any moving parts. This makes them a little hardier, but these drives can fail, too.

Each day, we trust these devices with our data. Your workstation or laptop may have a couple in it, and the server you rely on almost certainly has many more. Some of us have external hard drives to help us move our data around. If these hard drives are mechanical, all of your data could be lost very, very easily.

So, the question we have to ask is…

Why on Earth Would You EVER Rely on a Single Hard Drive?

There is no gentle way to put it. If you only have one copy of your data that’s stored on a lone hard drive, it is at extreme risk. A single issue could happen, and it could all be gone.

On the other hand, it has also never been easier to prevent data loss. At MSPNetworks, we regularly help businesses establish and manage backup solutions that have been tested and proven to be trustworthy. That way, you can know that your data is safe and accessible, regardless of the circumstances. This involves storing at least one extra copy of your data elsewhere in the office on a separate device, as well as an additional offsite copy—usually in the cloud—that protects it from just about anything chance could throw at it.

Find out more about implementing a backup solution by giving us a call at (516) 403-9001.

2018 will be remembered as the year where data privacy was altered forever. From Facebook’s many problems to the launch of the European Union’s General Data Protection Regulation, data privacy has never been a bigger issue than it is today. Let’s take a look at how the GDPR has affected the computing world in 2018-19 and how the past year’s events have created new considerations in individual data privacy.

The GDPR

Before the introduction of the GDPR, individual data privacy was largely an individual’s responsibility. To be fair, in non EU-affiliated circles, it largely still is, but the launch of the GDPR brought to light a lot of issues that people have been talking about for some time: mainly the use of their personal information for corporate financial gain. The GDPR was a response to concerns that some organizations were playing fast and loose with individual’s data that included personal information like names, addresses, email addresses, as well as medical and financial information. In profiting off the capture and sales of this information, the largest corporate tech companies created revenue off the backs of people, creating situations that were simply unfair to consumers and users of these services.

For years leading up to the ratification of the GDPR, EU member states had been legislating their own data protection laws. This trend has been roundly rejected in the United States, but with the implementation of the GDPR, corporations that see themselves as members of the global economy had strict new guidelines to meet in order to be able to use individuals’ data in the same manner as it had been. The GDPR was an amalgamation of these laws and firmly required all businesses to report certain types of personal data breaches within 72 hours to a supervisory authority mandated by EU member nations.

Not only did it give the consumer a voice in the ongoing data collection and distribution scheme, it made businesses cognizant just how important their data management is for the people they depend on. Before the GDPR was in the news, not many organizations were thinking about how a failure to protect customer, staff, and vendor information could negatively affect anyone but themselves. This has led to a wholesale change in the way businesses view data management, the training of their staff, and security investments as a whole.

One Year In

Now that the GDPR has been in place for a year, the results have been mixed. Over 59,000 personal data breaches have been identified by companies that have resulted in notifying regulators. Since sanctions for failing to comply with GDPR mandates carry fines up to €20 million, or up to 4 percent of total revenue from the previous year (whichever is larger), you are seeing a more targeted and strategic approach to keeping data secure, and reporting it quickly when a data breach does happen. To take a look at the results the GDPR had in its first eight months, download the DLA Piper GDPR data breach survey, here.

The takeaway is twofold. Firstly, the GDPR has resulted in a major improvement in data breach reporting speed. Since the mandate gives companies up to 72 hours to notify breached parties, it sets a strict deadline. You likely won’t see situations like the Yahoo! breach where they sat on the information for a year before letting anyone that was affected know they had been breached. The GDPR has also resulted in nearly doubling the amount of reported incidents, not an insignificant number.

On the other hand, fines adding up to €55,955,871 have been levied against the companies responsible for the 59,000 reported incidents, a modest amount for the first year when you consider that about 90 percent of that sum was a single fine levied against U.S. tech giant Google. A French GDPR regulator suggested that this be marked down to more of a transition year than some type of long-term ineffectiveness of the law. It remains to be seen just how effective the law with be if regulators aren’t actively enforcing it.

Effects Abroad

Many U.S. companies do business in mainland Europe and fall under the GDPR regulator's jurisdiction, but domestically, there has been a major change in the way data privacy is viewed. Over the past year, a lot has happened in the U.S. on the individual data privacy front. Not only has the GDPR lit the fire of legislators, it has major tech firm CEOs, such as Apple’s Tim Cook, calling individual data privacy a “fundamental human right”.

While Mr. Cook seems to be in the minority of American tech company leaders (as can be seen by the €50 million GDPR Google fine), it is a step in the right direction. The state of California, not long after the GDPR went into effect, passed its own sweeping (and some would say hastily thrown together) data privacy law, the California Consumer Privacy Act, to protect the residents of the Golden State. Colorado, Massachusetts, and Ohio followed suit with privacy laws shortly after California’s CPA was ratified.

This is good news for individual privacy in the U.S. It’s a far cry from only a few short years ago that resulted in some pretty damning situations for online consumers. Federal lawmakers have balked at making waves of their own in regards to data privacy, but if history is any indication, when states begin passing laws that are outside the norm, the U.S. Congress typically acts to fill the breach.

If you would like more information about the GDPR, subscribe to our blog, or call one of our knowledgeable IT professionals at (516) 403-9001.

Business is never quite as simple as it’s made out to be, and nowhere is this more true than with your organization’s IT. Today we will be covering some of the most important parts of your IT’s decision making that will need to be addressed, questions and concerns included, especially in regard to business-critical functions.

Scrutinize Your Security

Before you implement a new solution, be sure to consider your organization’s cybersecurity needs. Ask yourself if it’s something that you can implement without compromising your organization’s security. Cyberattacks can create a considerable financial burden for your business. After all, a business is still a business, no matter what kind of data it stores or how large its workforce or client base is. It might lessen the damage done, but it’s certainly not any consolation for still exposing data to threats--especially because the data stored by businesses tends to be sensitive in nature. You need to do everything you can to make sure that any solution you implement can be done so without your data being placed at risk.

Consider Your Data, Too

You also need to be aware of what your data is telling you. If you leverage enterprise resource planning solutions to provide insight into your organization’s functionality, you can use this information to improve your operations. Therefore, you should pay attention to whether or not the solution you want to implement will actually be beneficial. You should still be careful, however, about leaning on your data to make all decisions, as there might be too many concepts in motion to provide accurate data. You might even wind up implementing a solution that does exactly the opposite of what you want it to do. In other words, you want to know which data is valuable and which won’t yield results.

Reflect On Your Business

Any new system you implement for your organization needs to fit properly from an operational standpoint. To this end, you need to understand your current systems and workflows. Consider how the solution you want to implement will benefit the current state of things. Will it resolve critical workflow issues? Will it save time and resources? Will it scale according to your future needs? All of this must be considered, as well as how accessible support is. The last thing you want to do is to implement a solution that doesn’t have support readily available when it’s needed most. Finally, be sure to consider how your employees will react to the new solution, as it will only be effective if your employees are able to leverage it to their advantage.

Consider All of Your Options

Before investing in any solution, be sure to consider not just what you have in your office currently, but other solutions on the market. After all, there’s no reason to purchase that new network switch if a better, more dynamic option will be available in three months. Of course, it’s not always this simple, as you need to consider the costs of new technology, implementing the solution itself, and any kind of operational costs that are associated with it. If waiting on the solution isn’t going to create a detriment to your business, then perhaps that is the more cost-effective option.

Of course, certain regulations might force your hand, and you can’t let an outdated solution put you at risk of failing a compliance audit. What we like to recommend is to lay out everything that’s needed to be known in a cost-benefit analysis. MSPNetworks can help you identify this important information. To learn more, reach out to us at (516) 403-9001.