Posts by Dan Roberts

A Real-World Example of Social Engineering

A Real-World Example of Social Engineering

A social engineering test presents a challenge to your IT security team like no other.  Typically, advanced systems can manage technical points of entry into your environment with firewalls, logging, SIEM systems, malware scanners, etc.  However, when the point of entry into your system is user error, things become much more difficult to manage. During one of our network vulnerability assessments, we were engaged to perform a social engineering test.  We decided the most effective test would be a spear phishing attempt.  Spear phishing is a modified form of phishing where the attacker...

Read More

How to protect yourself from ransomware.

How to protect yourself from ransomware.

You have a top-flight antivirus solution deployed and managed on your system. Your hardware firewall is automatically updated and continuously monitored by a great security team. You’ve blocked access to all known malicious and questionable web sites. Your email and web surfing is filtered by the best service money can buy. You just paid $1,000 worth of Bitcoin to somebody you’ve never met in a country you’ve never heard of.

Read More

Protecting your virtual infrastructure just got easier.

Protecting your virtual infrastructure just got easier.

With the release of version 8, Veeam introduced Cloud Connect. This new feature allows you to easily send your backup data off-site to a third party data center. As opposed to on-line backup systems like Carbonite or Mozy, Veeam allows you to maintain complete control of your data. If you’re in a highly regulated network environment like a bank or credit union, it’s in your best interest to know where your data is stored. Having your data “in the cloud” isn’t a good enough answer for your examiners.

Read More

Can you afford HIPAA non-compliance?

Can you afford HIPAA non-compliance?

According to the American Medical Association, your company may be fined up to $1.5 million per year for HIPAA non-compliance. The first step of HIPAA compliance is making sure all of the companies who have access to your systems are, themselves, compliant. If you have a managed service provider keeping your systems up to date and secure, they must have enough access to your systems in order to perform their job. In general, that level of access places your MSP into the HIPAA Business Associate category. What is a HIPAA BA? A HIPAA Business Associate is any company who has the potential to...

Read More

More regulatory oversight of HIPAA is coming. Are you ready?

More regulatory oversight of HIPAA is coming.  Are you ready?

The Office of Civil Rights has delayed the implementation of Phase 2 of the HIPAA audit program until 2015 due to complications with their new web portal.  While this may be a welcome reprieve from the threat of an OCR audit, you should use your time wisely.  Phase 2 of the HIPAA Audit Program will include Covered Entities and Business Associates. If your office must comply with HIPAA, that means your service providers may also be subject to supervision. By doing business with them, they are considered HIPAA Business Associates if they provide services related to any HIPAA or HITECH...

Read More