Mannassi IT Solutions

Blog

What's happening.

Posts tagged security
Keeping an Eye Out

Video surveillance may now common place in just about every part of the world, but for the longest time the technology never managed to keep up with the rest of the tech world. The cameras were big and bulky with low resolution images, connected via co-ax cable all leading back to some box in a closet that was forgotten, abused, and generally abandoned. When it came time to view the recording because of an incident, it was often discovered that some or all the cameras had stopped working a long time ago, and effectively the cameras had become nothing more than visual deterrent and the box a paper weight. Even when the cameras did work, when thieves broke in what was the first thing they stole or destroyed? That old box with the security camera’s recordings.

Fast forward to the 21st century, and cameras have flourished. New equipment is small, sleek, high definition, connected over a network via CAT6 cable or wireless, and most importantly, their recordings are now stored in the cloud. Security footage is now kept for years as opposed to the ancient days or weeks, and now also can also be sent directly to law enforcement. No bypassing the security cams by trashing the tapes nowadays!

The biggest bonus of the advancement in video tech? What used to cost a pretty penny to set up can now be achieved with a much more reasonable financial investment. Or bypass all the legwork entirely and go for a Video Surveillance as a Service (VSaaS) solution. For one monthly fee get cameras, software, cloud storage, and support without the headache of monitoring it yourself.

Got questions about adding video to your security roundup? Drop us a line on Twitter or Facebook!

Don't Get Bit by HIPAA

Fun fact: HIPAA, the 1996 healthcare legislation that covers the security and privacy provisions for your medical information, is a lot more intensive than you may have believed. Do you know if your business is a covered entity or a business associate? Not knowing these answers could mean big fines.

HIPAA governs security for the obvious: hospitals, private practices, and medical providers. But it also covers the more unexpected: health insurance brokers, your HR department, and even your IT team. Since we began working on HIPAA compliance with clients in early 2017, we’ve found many gaps where business owners didn’t know they were required to be compliant.

If you’re sharing personal client information with a HIPAA compliant entity, even if your business has nothing to do with healthcare, you’re a business associate and you must also be HIPAA compliant! Compliance is also easy to breach; from one unlocked laptop left unattended while its user is at lunch, to not regularly changing your passwords, HIPAA can get really complicated really fast.

Here's the actual rule, straight from the HHS department: “The Privacy Rule requires that a covered entity obtain satisfactory assurances from its business associates that the business associate will appropriately safeguard the protected health information it receives or creates on behalf of the covered entity.” Do you know if your business associates are HIPAA complaint?

Don’t get too far into 2018 without double checking your security requirements. Remember, protected health information (AKA PHI & ePHI for its electronic cousin) covers any potentially identifiable information from phone numbers to official diagnoses and everything in between.

We’re happy to talk HIPAA with you any time. Follow us on Twitter & Facebook & reach out with any questions you might have!

Do You Have A Krack in Your Wifi?

The latest dent in network security is the recent announcement that hackers have figured out a way to breach Wi-Fi connections on almost every single Wi-Fi enabled device. The Krack attack is a major blow to mobile security, but the good news is that iOS and Windows are not vulnerable because of the way Apple and Microsoft implement the security handshake. If you’re an unlucky Android or Linux user however, you are vulnerable.  What it all boils down to is that millions of devices are affected, including embedded devices (otherwise known as the Internet of Things). To protect yourself you need to research all of your wi-fi devices and confirm if they are on the attack list. If they are make sure to download the most recent patch, or immediately take them out of service.

Of course, you can probably tell this can be a labor-intensive process. If it’s too much to handle you can always drop us a line for assistance or advice.

As always, follow us on Twitter or Facebook for the latest tech updates from around the globe.

We Hear You Knocking, But You Can't Come In!

A vital element of network security for any company is to have a business or enterprise class firewall protecting their network. The primary firewall role, of course, is to protect computer assets and data from attack by hackers. What many people don’t realize is that hacking is going on twenty-four-seven! , Many breaches could be prevented, if only you were aware that a person or persons unknown has spend the last two weeks  attempting to break in. Just like in a heist movie, any lock can be picked given enough time, so your firewall needs to be constantly monitoring for intruders.

You need a firewall that is either setup with an intrusion prevention system (IPS) that sends out notifications when it detects significant activity on the the firewall, or the firewall is managed and monitored 24x7x365 by a security operations center, which is known as a managed firewall or security as a service (SaaS). Building a wall alone isn’t enough, hackers can be working to disassemble it brick by brick while you’re asleep!

Mannassi IT Solutions can deploy a range of firewalls from Cisco, Fortinet and SonicWall with IPS, plus we offer security as a service as part of our managed services portfolio.  Contact us to learn more about what options might be right for you.

Follow us on Twitter or Facebook to keep in the loop on the latest security updates.

3 Little Known Security Secrets that Can Make A BIG Difference

If you’ve been following us long you know that we’re always harping on about security here at Mannassi IT Solutions. We firmly believe that a solid offense is the best defense, especially when it comes to protecting your data and by extension your business. The big threats most everyone is aware of; malware, ransomware, phishing scams etc. But what are the most overlooked security threats? Here’s three security vulnerabilities that are oft forgotten.

1: Where’s that WiFi coming from?
Ever sent a personal email over the coffee shop WiFi? It’s not secure! One of the top ways hackers can break into your laptop or cell phone is by using a public wifi connection. Not to mention, if you’re required to be HIPAA compliant, sending an email that contains ePHI over an unsecured WiFi connection is a big no no.

2: Calling all charging ports!
You’ve probably been stranded in an airport at some point in your life, with your cell battery running low and so many work emails to answer. Many airports have provided a simple solution, USB charging ports. But these ports are often home to those with nefarious purposes! A USB is a simple way to break into your device, so plugging in to a public USB connection is kind of like wearing a sign that says “KICK ME”.

3: Ma, don’t write down your password!
One of the top ways someone can get into your computer is when you’ve written down your password & stuck it to your monitor. We’ve even seen laptops with passwords stuck to the outside! Why don’t you give the neighborhood thief the keys to your car while you’re at it? Your password is your first line of defense, and should be strong as well as secret. If you really can’t manage to remember all you passwords consider using something like Keypass, which allows you to securely store the keys to everywhere your tech takes you.

There you have it! Are you guilty of any of these security faux pas? Tweet us @MannassiIT & tell us your security stories.

Nothing Can Stop This Road Warrior!

Nowadays there’s no excuse for not being able to work while you are traveling. Yes, I know, we all love to use travel as an excuse to kickback and have a little “me time,” however with all the complicated employee travel laws requiring you to be paid while traveling, your employer is likely expecting you to maximize this time to use on work.

Gone are the days of “I will answer your email once I get to my hotel.” We now have the option to work on the plane, of course that’s if your airline has wifi available onboard. If not, it’s time to consider flying the friendly skies with a more connected airline! With in-flight wifi you’re enabled to answer email, answer calls on your soft phone, do a skype call (make sure to use your earbuds or the background noise is an issue), or even prepare for that all important meeting you are en-route to.

Most airports will provide you with free wifi, however this can sometimes be extremely slow, so also look at options with your cell phone carrier. Keep an eye out for plans that include a hotspot, as this will enable you to turn your cell into a wifi connection for your laptop. I often do carpool trips with my partner and I have found this a great option, as we can do a full business meeting while driving and pull documents as we need them from our office.

Word of warning, when traveling, double-check with your IT department that your laptop is encrypted and has a tracking option enabled in the event it gets stolen or misplaced. Also, check that your email is encrypted. If, for example you are sending confidential information like the kinds of records protected under HIPAA requirements, you need to be using encrypted email in order to stay compliant. Otherwise you’ve breached HIPAA requirements just by sending a single email over public wifi!

Lastly if you find yourself constantly looking for a power outlet for your laptop, consider some newer models, many can last 10+ hours on battery power. While newer aircraft do provide you a power outlet at your seat, be extremely careful about using the public USB charging stations at airports as this is a well-known point of contact for hackers intent on compromising your mobile devices.

With just a few precautions you can be a real road warrior, saving the day from your airplane seat!

Check out our twitter @MannssiIT, and our facebook for regular tips about staying secure while on the road.

Thought Your Mac Was Malware Safe? Think Again!

One of the most often applauded perks of Macs is their invulnerability to viruses. Well, the bubble of virus-free Apple products has officially burst.

A recent outbreak of the highly invasive malware “fruitfly” has been wreaking havoc on Mac users for the past six months. The sneaky virus went undetected for years, and allows the controller of take complete control of your Mac—from files to your keyboard, from your webcam to your mouse.

Apple did recently release security patches to fight the “fruitfly” but new variants have emerged. Since Mac malware is so rare, it’s been particularly difficult to corral.

A report on CBS news follows some of the techies working to combat this “fruitfly” but it seems reigning it in is proving to be difficult, especially since no one knows exactly what the malware does or why it would be implemented.

So what can you do to protect yourself? Here’s three tips:

1. Make sure all your software is up to date. Security patches can only help you if they’re updated regularly and your system matches their requirements.

2. Always back up your computer regularly. Don’t get caught without your important documents in the event you’re infected.

3. Take security precautions seriously: have a strong password (your cat’s name is not usually a safe bet), don’t click links within emails, minimize your downloading activity, and use a pop-up blocker.

With a little due diligence you can do a lot to prevent a malware attack from crippling your tech. Don’t wait until it’s too late!

Follow us on Twitter @MannassiIT or like us on Facebook for more security in the news.

The Wild West of HIPAA!
LAAHU's annual conference was western themed this year, hence our wild west attire!

LAAHU's annual conference was western themed this year, hence our wild west attire!

This past week Mannassi IT Solutions was an exhibitor at the annual conference for the Los Angeles Association for Health Underwriters (link).  We were showcasing our new HIPAA risk analysis services.  Many of the brokers we spoke to were very surprised to hear about the ramifications of not having their network meet HIPAA compliance standards, as required by the Office of Civil Rights (OCR).

What we discovered was that there is very little education about HIPAA outside of major hospitals about compliance standards for what the OCR calls “Business Associates”, people or businesses that interact with information protected under HIPAA but who are not doctors or nurses. The risks business associates run but not keeping their tech HIPAA compliant is huge. A single data breach can cost millions of dollars in fines, not to mention the client trust lost. Many people also don’t realize that the OCR can audit you at any time, even if you’ve never had a data breach.

The bigger picture is that HIPAA compliance is not a “one and done” process.  The dynamic and ever-changing nature of information technology means that not having an ongoing plan to monitor your network is, as the National Law Review called it in an article last week, “a plan to fail”.  Once you’ve got your systems up to HIPAA standards you need to keep a constant eye on the network, and monitor alerts for when it falls out of compliance. From a two-person office to a major hospital, keeping tabs on your security systems is a very real need.

We’ve been working on expanding our offerings, and now provide a solution called HIPAA as a Service.

With this service, you’ll have the peace of mind that you’re under 24/7 lock and key without having to man the battlements yourself. Plus, you’re provided with everything you need to prove your compliance should the OCR decide to audit you. It really does take the headache out of HIPAA compliance!

Visit our HIPAA page to learn more about how we can help you, or drop us a line at info@mannassi.com. We have limited time offers for getting started with HIPAA as a service right away.

Follow us on twitter @MannassiIT for daily updates about tech, healthcare, & everything in between!

What's my Password Again?

We’ve all been there, ready to login and get to work on a server only to realize you don’t know the password. The only reset relief is in the brain of your IT guy, who just happened to pick this moment to go on a Bora Bora vacation. You’re stuck.

Documentation of a network is critical to business operations and disaster recovery. I’m sure you can imagine the headache and cost of having to rebuild all or some of your network after a major outage without comprehensive documentation. It’s true what they say, you can’t go home again and you’ll never be able to rebuild a network exactly the way it was before.

A centralized network documentation system is a live-saver. You have all the information you need in one place, easy for you to access without having to call every member of your IT department. A centralized system also makes things easier when you need to branch out and have IT consultants perform work for you; they can see all the moving parts understand your system’s unique architecture so they won’t step on any land mines while working. Be the master of your own IT domain!

So, where do you start with a centralized documentation system? Coming soon in 2017 from Mannassi IT Solutions is Documentation as a Service. Providing you with a secure, encrypted, cloud based repository for all your documentation, passwords, and diagrams. Never get locked out again!

Follow us on twitter, @mannassiIT for the latest news and updates, including when DaaS is launched!

3 Tips to Make Sure Your Security is Up to Snuff.

Cybersecurity is all over the news at the moment: every day there seems to be a new security breach or ransomware attack. So how can you make sure you’re protected from the bad guys? Here are three tips to keeping your security strong.

It’s a marathon, not a sprint. Security is an ongoing process. You need constant monitoring and adjustments just to stay ahead of the game. Hackers are constantly changing their methods to match updates in technology and you’ve got to be ready to adapt ahead of the curve and make sure your security steps stay current.

It’s like an onion, layered. There’s no “one size fits all” approach. Start with a business or enterprise class firewall with intrusion prevention enabled and build from there to anti-virus and anti-malware endpoint protection software.

Watch for the enemy within. A lot of security breaches come from the inside, so no firewall or anti-virus software is going to protect you. Manage your passwords effectively with company-wide best practices for complexity, length, and duration. Don’t forget to cancel access for employees who have left your company! Former staff with unfettered access is one of the most common security gaps.

Your security mantra should be making security a way of life, not just a footnote. Staying on top of your security needs can save you a big headache in the long-term. Security as a service is a great option for the not-so-security-savvy among us. Letting a pro take the wheel can save you time, money, and let you get back to business.

Drop us a line to hear more about our security as a service options. And make sure to follow us on twitter @MannassiIT for updates on the world of cybersecurity.