Top 9 Ways to Increase Security and Pass a HIPAA Audit

  1. Use Something Better than 12345. Choose strong passwords with letters, numbers, and special characters to create a mental image or an acronym that is easy for you to remember. Create a different password for each important account, and change passwords regularly. Read http://triadanet.com/is-your-password-12345/ for more information. Consider using a password manager like 1Password or LastPass.
  2. Use Protection!… I mean software protection. For home users or very small businesses, we recommend downloading the free Microsoft Security Essentials http://www.microsoft.com/security_essentials.For businesses, we recommend using a centrally monitored end-point protection product, whether you do your own monitoring or your IT Company does it for you.
  3. Keep Your Software Up to Date. Every first Tuesday of the Month Microsoft releases fixes to bugs they and others find. These bugs are exploited by malicious software and can compromise your computer. Patching eliminates the known flaws to programs. Include Windows, Office, Adobe Acrobat, Adobe Flash, Java (if you really need it), Quicktime, or any other “plug-in” software.
  4. Give yourself and your employees minimal rights. It’s tempting to remove all controls and grant yourself and your staff full access to your computers because otherwise it’s a hassle. However, it’s best to have a separate account to do any “administrative” work.  Only give access to the ePHI an employee needs to perform their tasks. Check out the Health IT Access control checklist: http://www.healthit.gov/sites/default/files/security-checklist-practice-4.pdf
  1. Be careful of where you compute. It’s great to go to a coffee shop to get some work done. It’s also a great way to get your information stolen. Although your bank provides a secure way to do business with them online, it is best to do that from your home network rather than the open network at a café or airport lounge.
  2. Use Good Hygiene. Don’t open unsolicited emails especially if they have attachments, or links to reset a password that you didn’t request. Consider the websites you visit. Don’t put in random USB drives or CD’s you have found or been given. To this end, install a business-grade firewall and limit network access. Good hygiene is not only healthy for your body but it’s healthy for your computer systems too!
  1. Backup All The Time! Implement a system that security backups online whenever you have a connection whenever you make changes to a file. Not having an automatic offsite backup is a sure-fire way to forget to do it. Plan for the Unexpected.
  1. Protect your sensitive data. There are tools that can encrypt your hard drive so that if someone finds your computer they won’t be able to pull data off of it unless they have your password. Limit exposure of ePHI by limiting thumb drive use, unencrypted email, and carrying data on laptops, phones, and tablets.
  1. Educate yourself, your colleagues, and your staff. Most people want to do the right thing. But many times barriers are put in front of them to do their jobs. Without proper explaining the reasons why and the risks involved, participants won’t buy-in to your policies.

As you can see, some of the items on this list are things that you can install onto your computers to help protect you from the bad stuff, the others are things behaviors that if followed would greatly reduce your risk.

Internet Abuse is Sapping Productivity and Putting Your Company at Risk.

Inappropriate Computer UsageUsing the internet for personal purposes in the workplace reduces employee productivity and costs you money. Internet abuse is a problem because browsed content can raise ethical questions and typically the kinds of sites visited would be a violation of company policy. This is in addition to the fact that the time and frequency of accessing the internet compromises productivity. Many inappropriate sites are infected with malware either directly or through advertiser networks, causing a greater risk to company data, information integrity, and network performance.

What constitutes internet abuse?

Workplace internet abuse is a significant risk factor for employer liability, costing employers’ valuable hours of work. Internet abuse ranges from viewing pornography in private offices to spending hours on social sites, playing online games, shopping online and paying bills through the company internet. Other consequences of improper internet use include litigation issues, such as sexual harassment, hostile work environments and discrimination.

Revoking network privileges

One way to deal with this problem is to entirely remove internet access. Unfortunately, such a decision has the negative effect of punishing those who don’t abuse the privilege. In addition, it’s impossible to completely banish personal internet usage when the business relies heavily on Internet for communication, research and up-to-date information.

Monitoring internet usage

One way to reduce employer liability is to monitor and filter employee internet use. Although there are disagreements about the principle behind internet monitoring, many employers agree that it is a necessary ‘evil’. This solution requires some investment and changes in the networking infrastructure but can provide an almost immediate Return on Investment (ROI). It is also necessary to draft an Acceptable Use Policy (AUP), implementing specific rules of personal internet before implementing such a change.

How strict you would like to run your network is up to you. We’ve worked with banks and medical offices that only want their employees to visit specific sites that are related to work and nothing more, not even search engines. The other end of the spectrum (where most companies lie) are businesses that allow full access. At the very least, you should request that your IT service provider filter sites distributing viruses and other malware, pornography, and hate speech.  This will provide your business some reduction of risk without completely stifling the freedom you allow your employees.  However, its not uncommon to go further and block video sharing or streaming websites (watching the Olympics or the Final Four can sap your Internet bandwidth!), social media, and/or shopping.

 

If you want to discuss internet monitoring solutions for your business, please give us a call and we will provide you with a free network report card. We’ll also provide you a FREE Acceptable Usage Policy as a starter.

Free Network Review

If your office has 5 to 50 computers and would like a thorough review of your network please fill out the form and we will contact you
  • This field is for validation purposes and should be left unchanged.

Urgent Alert for Internet Explorer Users

Microsoft was alerted to a significant vulnerability in Internet Explorer, their web browser, by security company FireEye.  Microsoft has acknowledged this issue.

Here is what we know:

  1. All versions of Internet Explorer from IE6 to IE11 are affected
  2. As of April 28th, 2014 there is no Patch available and there will not be a patch available for Windows XP.
  3. The vulnerability leverages Adobe Flash in order to attack the flaw in Internet Explorer.

What You Can Do:

  1. Do not use Internet Explorer on any machines that you currently have. Use Firefox or Chrome. If you must use Internet Explorer, limit it to websites that require it and only browse to those websites directly.
  2. Remove Adobe Flash if you are using an older version of Internet Explorer (IE9 or older). IE10 and IE11 include Adobe Flash built in so it cannot be removed
  3. Managed customers will automatically get the patch once it is made available. There won’t be a patch for Windows XP. If you cannot upgrade Windows XP, then do not do any web browsing on those computers, especially with Internet Explorer
  4. Do not click on links that you receive in email. Go directly to the website that you wish to visit.

If you have any questions, please contact us.