Rise of Ransomware

Rise of Ransomware

From a technology standpoint, there’s never been a better time to be alive. Chatting with people for free all across the world or opening your front door at home while in a business meeting, it seems that our interconnected world has unlimited possibilities. Sadly, that can go really wrong when people with less than pure motives take advantage. Viruses and other threats are on the rise, and there is one word whose very mention sends shivers down the spine of mortal cybersecurity professionals everywhere: ransomware. 

 

Ransomware is so frightening because of how quickly it is becoming a major issue across all systems worldwide and how devastating it is for businesses. Today, we will be discussing this threat and what you need to do to keep it out of your business.   

 

Know Thy Enemy 

What exactly is ransomware and why should you care? Like other computer threats (think viruses or trojan horses), ransomware has a colorful name that aptly describes what it does. In fact, it’s exactly what it sounds like: someone holds your data or computer access hostage until you pay a ransom. Depending on the circumstances, this can range from a relatively small sum to well over $1,000,000. 

 

These attacks rarely occur on their own. Most often they are part of an email phishing scheme. As criminals have become more and more sophisticated, attacks like these — that only suckers used to fall for — are becoming common even among seasoned professionals. 

 

The Rise  

Ransomware has grown to by one of the top cyber threats your company faces. To put this in perspective, in 2018, we saw a 300% increase in ransomware attacks from the year before. So far in 2019, we’ve seen even more attacks than all of last year. 

 

Why the increase? Frankly, because it works. While the ransom can be quite high, most hackers consider the size of the company and value of the data. In most cases, they set the price cheaper than manually restoring the data, so many companies just pay the ransom and hope if they don't have a proper backup. The FBI recommends not paying so as to not encourage the hackers, but they also recognize that this may actually be the only option for many organizations without the proper security protocols in place. 

 

(In)Famous Status 

Ransomware has been popular in the news lately because hackers are targeting governments of all sizes, in addition to businesses.  For instance, in the state of Florida alone, seven municipalities have been victims. In April, the city of Tallahassee paid $500,000 to get access to critical systems and data after an attack. They paid for the attack by diverting funds from employee payroll. The city of Riviera Beach paid over $600,000 in Bitcoin for a similar attack in May after an employee fell for a phishing scam! 

 

National governments are also falling victim! The government of Ecuador said that have seen over 40 million attempts to hack into their system. A few have been successful, resulting in expensive ransoms. 

 

What Does This All Mean? 

Saying that “ransomware is here to stay,” would be a massive understatement. However, there is a bit of good news about this. While ransomware itself is a relatively new threat, it uses old standbys to enter your computer in the first place. Ransomware affects your system after hitching a ride on another threat, such as a virus or phishing attempt. Think of it this way. In the past few years, zika, a dangerous virus passed on by mosquitos has been on the rise. Because it’s transmitted by a known pest, we can use the same precautions we’ve always used against mosquitos to prevent infection. This would include repellent, avoiding standing water and wearing long clothing. 

 

Similarly, the best way to avoid ransomware is to protect your network against many of the same threats we’ve always faced with computers. This means being proactive and keeping your system safe before the ransomware can have access to your vital data. In the event of a breach, you also need to have a viable back-up to seamlessly rollback before the attack. 

 

How well does your current system protect you from ransomware and other cyberthreats?  

 

Contact us today to prepare you for this very real and rising threat. 

Windows 10 and HIPAA Compliance

Windows 10 and HIPAA Compliance

With the coming Windows 7 end of life, owners of computers that use the popular OS will need to take action of some sort. We’ve heard plenty of reasons why people have been dragging their feet, everything from financial burdens to just plain stubbornness, but there is one very real reason for some to be reluctant to upgrade: HIPAA compliance.  

What is HIPAA? 

For those who aren’t aware, HIPAA stands for Health Insurance Portability and Accountability Act. Passing as a law in 1996, it covers a wide range of healthcare-related issues. However, for this article, we’ll focus on the privacy aspects. 

In essence, the law states that healthcare providers at every level need to do everything reasonably possible to keep patient information private. This is the reason why you can’t just call a hospital and ask for someone’s medical condition. On the surface, this is completely reasonable and almost taken for granted, but the administrative workload to stay compliant can be burdensome. Also, being out of compliance in any way can result in severe fines and even the loss of licenses. For this and other ethical reasons, it’s understandable why healthcare providers are overly cautious about making sure they follow HIPAA regulations to the letter. 

Where Does Windows 10 Fit into This? 

Anytime patient data is at play, extra care must be taken to safeguard the information. For instance, printed forms and files containing medical records must be shredded, and any hardware that holds sensitive information must be certified HIPAA compliant. What sometimes gets overlooked is the OS these data storage systems run on. While other versions of Windows have been HIPAA compliant, Windows 10 isn’t — at least not out of the box. Microsoft has gone out of their way to not give a direct answer about Windows 10’s compliance, though with other products —such as Office 365 — they’ve made a point to advertise the compliance. It appears that even when customers wanted more information about this on their online forums, administrators would delete the threads.  

The main issue at hand is the new(ish) requirement to have a Microsoft account tethered (through the cloud) to each copy of Windows 10. For the average user (especially blog writers) there are numerous benefits to having an account that is integrated into the cloud. For instance, OneDrive is designed to automatically save documents as they’re being created, which is a great safety net if your computer were to crash midway through writing a document.  But you don’t want that function if you’re dealing with sensitive patient information. To compound that issue even further and to enhance the customer experience, Windows 10 sends information from the computer to their servers to learn more about you and your interests. That way, news articles and other features designed around your interests are presented to you. This can involve private information being sent to a third party, even if the user is unaware. An important thing to remember about HIPAA compliance: ignorance is not an excuse. 

What’s the Bottom Line? 

Given the above reasons, it’s understandable why medial offices are slow to upgrade to Windows 10. However, some modifications can be done to bring an updated computer into compliance. 

Use a Local Account 

When you first set up the computer, the default setting will be to use a Microsoft account. As previously mentioned, while great for some users, it should be not be done for computers used in healthcare. Creating a local account will alleviate this problem by not giving Microsoft's servers the ability to link with your documents, calendars and other programs that may contain private information. Keep in mind that you’ll get a lot of pushback at first from Windows for doing this, but it is possible. 

Disable “Wi-fi Sense” 

This is one of the new features in Windows 10 that can come in handy for some but needs to be turned off for HIPAA compliance. Wi-fi Sense is a way to allow other computers to access the wireless internet network without a password. You can send it to someone right next to you or even your Facebook friends. However, once someone has access to the network, they may have access to private information. 

Disable Sharing of Private Information with Apps 

Newer versions of Windows, like most modern technology, utilize apps for countless purposes. In fact, Microsoft now has its own App Store. Many of these apps require that user information be shared with them. While this creates an obvious problem, most medical office computers probably wouldn’t be using these apps in the first place, so it shouldn’t be an issue for most users. But it’s still something to be aware of. 

 

Be Careful with Shared Crash Information 

When most computers crash nowadays, information is automatically sent to the servers of the operating system (usually Microsoft or Apple) who use this information to both get you back to where you were before the crash and to collect information to see if perhaps an update is in order. While transferring this information, patient data may be sent along as well. For this reason, be sure to select only ‘basic information’ or ‘none at all’ be sent in the event of a crash. 

It should be reiterated that Microsoft has been deliberately silent on this matter. The above tips are only suggestions by experts and not to be treated as the final word regarding HIPAA compliance in Windows 10. If you have any questions about this, especially if you’re running multiple computers and servers in your company, contact your IT professional so they can certify HIPAA compliance on your network to protect both your patients and your company. 

Security Features in Windows 10

Security Features in Windows 10

One of the most commonly used reasons to upgrade to Windows 10, preferably before the Windows 7 End of Life, is the updated security it contains. But what exactly does that update mean? This isn’t just said to scare people into action, and it truly is in everyone’s best interest to upgrade to Windows 10 if they are currently using Windows 7. In this blog, we'll go over some of the benefits of upgrading to Windows 10, as well as clarify what the Windows 7 End of Life really means to your business. 

New Windows 10 Security Features 

Do you remember where you were and what you were doing ten years ago? What about the clothes you wore or the music you listened to? While that might not seem so long ago, both you and the world have changed quite a bit since then. That’s why many of the features from Windows 10 might seem so wild and new to those who are still on Windows 7, which also came out ten years ago. Here are a few of the major changes. 

Microsoft Passport 

The Microsoft ecosystem is vast and covers everything from Office to Skype. This is compounded with various apps available for Microsoft devices as well. Instead of creating a series of weak passwords (or rather, easy to remember), Passport allows you to use one strong password that will rule them all. The hope is to mitigate login time at the office to promote increased productivity. 

Windows Hello  

This is similar to Passport but geared more toward business. The most notable feature of this program is two-factor authentication, either by email or text, making sure that you need more than just a password to get access to your account. Get used to using two-factor authentication as it will become integrated into more logins from this point on. 

Secure Boot 

This is a great feature that is used when the computer is booted up. Upon start-up, Windows will only recognize programs with either Microsoft or the computer hardware’s signature. Even if you’d downloaded a bug somewhere along the way, once you reboot your computer, the malicious program, because it lacks credentials, will not be able to run and attempt to corrupt your computer. 

Enhances to Defender 

Windows Defender has been around for several years now, but in Windows 10 it gets some serious teeth. While we don’t recommend this and it’s probably not a good idea, many users have discontinued running a third-party anti-virus software and instead relied solely on Defender. In recent years, Defender has even gone so far as to include ransomware protection, which, if you follow the news, has become hugely important lately. As long as updates are done, Defender does a fine job of keeping the bad guys out. Though it’s not perfect by any means, so a second-party cybersecurity system is recommended. 

Now that you’re up-to-date on some of the new features for Windows 10, let’s take a look at how Windows 7 EOL can affect your business. 

End of Life 

The upcoming Windows 7 End of Life is a bit confusing for some as the term sounds more sad than informative. In a nutshell, this term means Microsoft is done with Windows 7. Since it first came out in 2009, Microsoft has released regular updates and patches for the software as well as allowing their tech support to assist in the event of any problems. Starting in January of 2020, that will no longer be the case. Although they will offer support at a charge for a few months after that date, there will be no more upgrades or patches. 

That being said, while you don’t have to upgrade, it would be a really bad idea not to.  This is where things start to get scary. 

Do I Really Need to Upgrade? 

There’s a reason why people don’t want to upgrade their Windows 7 machines other than money — they work great! After a string of failures, Windows 7 was lauded as fantastic because Microsoft finally got their act together and gave the public what they wanted. It also doesn’t help that the successor to Windows 7 — the cleverly named Windows 8 — was another dud that made adopters of 7 hold on tightly, until now. 

Asking a question like “what’s the worst that can happen if I don’t upgrade?” is like asking “what’s the worst that can happen if I don’t wear a seatbelt?” While chances are you won’t have a problem on a quick drive to the store, if you were to get into an accident, what would normally be an inconvenience could end up as a tragedy.  

Even with all the protections Windows 7 has now, people still get hacked. Just imagine what will happen once security flaws are no longer patched and hackers find ways around obsolete firewalls. It could realistically be a matter of weeks before a flood of viruses come streaming in to take advantage of the computers that are still running Windows 7. Currently, that’s 36% of all operating PCs that will be completely vulnerable come January 2020. That’s a target hackers will find too tempting to resist. 

It’s time to stop trying to recall what you were doing and where you were going ten years ago, and start asking yourself, “What’s going to take me ten years into the future?”