Mannassi IT Solutions

Blog

What's happening.

Posts tagged data security
Don't Get Bit by HIPAA

Fun fact: HIPAA, the 1996 healthcare legislation that covers the security and privacy provisions for your medical information, is a lot more intensive than you may have believed. Do you know if your business is a covered entity or a business associate? Not knowing these answers could mean big fines.

HIPAA governs security for the obvious: hospitals, private practices, and medical providers. But it also covers the more unexpected: health insurance brokers, your HR department, and even your IT team. Since we began working on HIPAA compliance with clients in early 2017, we’ve found many gaps where business owners didn’t know they were required to be compliant.

If you’re sharing personal client information with a HIPAA compliant entity, even if your business has nothing to do with healthcare, you’re a business associate and you must also be HIPAA compliant! Compliance is also easy to breach; from one unlocked laptop left unattended while its user is at lunch, to not regularly changing your passwords, HIPAA can get really complicated really fast.

Here's the actual rule, straight from the HHS department: “The Privacy Rule requires that a covered entity obtain satisfactory assurances from its business associates that the business associate will appropriately safeguard the protected health information it receives or creates on behalf of the covered entity.” Do you know if your business associates are HIPAA complaint?

Don’t get too far into 2018 without double checking your security requirements. Remember, protected health information (AKA PHI & ePHI for its electronic cousin) covers any potentially identifiable information from phone numbers to official diagnoses and everything in between.

We’re happy to talk HIPAA with you any time. Follow us on Twitter & Facebook & reach out with any questions you might have!

3 Little Known Security Secrets that Can Make A BIG Difference

If you’ve been following us long you know that we’re always harping on about security here at Mannassi IT Solutions. We firmly believe that a solid offense is the best defense, especially when it comes to protecting your data and by extension your business. The big threats most everyone is aware of; malware, ransomware, phishing scams etc. But what are the most overlooked security threats? Here’s three security vulnerabilities that are oft forgotten.

1: Where’s that WiFi coming from?
Ever sent a personal email over the coffee shop WiFi? It’s not secure! One of the top ways hackers can break into your laptop or cell phone is by using a public wifi connection. Not to mention, if you’re required to be HIPAA compliant, sending an email that contains ePHI over an unsecured WiFi connection is a big no no.

2: Calling all charging ports!
You’ve probably been stranded in an airport at some point in your life, with your cell battery running low and so many work emails to answer. Many airports have provided a simple solution, USB charging ports. But these ports are often home to those with nefarious purposes! A USB is a simple way to break into your device, so plugging in to a public USB connection is kind of like wearing a sign that says “KICK ME”.

3: Ma, don’t write down your password!
One of the top ways someone can get into your computer is when you’ve written down your password & stuck it to your monitor. We’ve even seen laptops with passwords stuck to the outside! Why don’t you give the neighborhood thief the keys to your car while you’re at it? Your password is your first line of defense, and should be strong as well as secret. If you really can’t manage to remember all you passwords consider using something like Keypass, which allows you to securely store the keys to everywhere your tech takes you.

There you have it! Are you guilty of any of these security faux pas? Tweet us @MannassiIT & tell us your security stories.

What’s a Hybrid Cloud & What Does it Want?

I’m sure by now you’ve caught wind of the cloud storage trend. Organizations big and small have been moving to the cloud or thinking about it for some time now, and it’s been touted as the wave of the future for data management. Certain more security concerned businesses, however, have been reluctant to move into this brave new world of storage. With their reluctance, new solutions have had to be found. Flash forward to now, and the hybrid cloud infrastructure is the talk of the town. But what the heck is it?

Contrary to the name, it is not some half chicken half monkey monstrosity. Hybrid cloud really just refers to the process of using multiple clouds all connected to your data center. Instead of having only one option for cloud storage you have several, and their use depends on the type of data they’re meant to keep.

Using a hybrid cloud setup you’d be able to store your privileged data (your EPHI if you’re required to be HIPAA compliant for example) on a private cloud, while still being able to utilize the public cloud (like Amazon Web Services) and all its extended resources. Because these multiple houses store varying levels of protected data your exposure threat is minimal; the most sensitive information is stored privately away from potentially prying eyes.  The tricky bit then becomes how to get them all to work together!

If you’ve been thinking about moving your storage into the cloud, or upgraded the cloud services you’re already using, reach out to us. We can help make the process much smoother.

As always, follow us on Twitter @MannassiIT or Facebook for daily updates.

It’s 11am, Do you know where your data is?

With the advent of Bring Your Own Device (BYOD) and Internet of Things (IoT) keeping track of corporate data is getting more and more difficult every day.  Employees want to get company email on their personal cell phone and tablets issued for field work often have access to and/or store company data.  Even Internet enabled devices such as hand scanners have potential to store data and credentials!  In this brave new world of connected devices, mobile device management (MDM) becomes a must. 

Having the ability to wipe data remotely from a personal device is essential to stop data leakage in its tracks.  There is a growing market for IT tools that can manage devices on the IoT.  Cisco Meraki Mobile Device Manager and VMware Airwatch are just a couple of products distinguishing themselves in this arena.

Unless you’re an expert, planning, designing, and implementing these new tools can be a major headache: taking up your valuable time trying to figure out how to fit together the puzzle pieces. Mannassi IT Solutions to the rescue! Give us a call and let us help you protect the crown jewels of your computer network.

Plugging potential leaks before they spring!

Many companies automatically setup a new employee’s personal smartphone with corporate email, but when the person leaves it seems that there is frequently not as much due diligence to make sure that any corporate email or data is wiped from the device. The same goes for file share and sync programs such as DropBox; confidential data can easily ‘leak’ from a company if procedures are not put in place early to make sure all corporate data is wiped from personal systems immediately upon an employee leaving the company. 

Technology such as Mobile Device Management software can bring you that level of control: it not only remotely wipes data, but is an essential tool for tracking and managing company issued mobile and portable systems.  But this software only works if you remember to use it! This is why there should be clearly documented standard operating procedures for all exiting employees.  A company like Mannassi IT Solutions can work with your HR department to design and implement onboarding and offboarding procedures for staff, making it easier for you to keep track of who has the keys to what!