Five for Five: 5 Updates You Can Read in 5 Minutes
Check out these 5 highlights from August!
It's Time to Take Control of Your Passwords
Likely someone reading this has a password "Summer2021" or "Fall2021" or something along those lines. It’s a joke, but it is true. And as an IT provider, hearing this is scary.
It should scare you too.
If you own your business, or are one of the leaders, you should be terrified. It only takes one person to have a weak password like this for something truly bad to happen. Don't let that happen to you. Read more about a simple way to take control of your password security.
Why Are Backups Not the Same as Disaster Recovery?
You are too smart to risk losing your data and you are taking all the necessary precautions to make sure it is protected. You have all systems backed up both locally and offsite. You are prepared. Suddenly, an unfortunate disaster strikes: A power surge comes through the building and takes out your servers destroying all data, including the backup server. You have an offsite copy of your data, but what happens next?
Having backups is a critical component to Disaster Recovery, but they are only that: a component.
If you don’t want to be caught off guard, make sure you have an answer to these questions:
What data is most critical to the business?
How long could your business survive without that data?
What steps will be taken to get your data back in production and who will complete each step?
When it comes to your technology, as a physician you are facing five common issues. What are they?
You are a big cyber target.
Your staff is your biggest cyber weakness.
Your reimbursements are shrinking.
Patient engagement is crucial to your success and positive outcomes.
Your EHR was developed 20 years ago and is hindering you from all four of the above.
If you are a physician reading this, it's time to think about what you can and need to be doing to address these issues head on. As a physician you cannot change the fact that the sensitive data you have makes you a big cyber target. But you can make sure that you are taking the proactive steps to be a hard target.
The security holes in most law firms, make their organization a hackers dream. If cyber criminals can take this security holes and use them as a way to get in- they have a party on their hands. We know that is something you want to avoid.
We've listed 10 major security holes we see in almost every law firm. Read them and identify how many of them apply to your firm. If you have even one of these security holes, it is time to take action.
No defined security permissions on file shares.
Users have local admin rights without separation of privileged accounts.
No two-factor authentication (2FA) for M365 and VPN.
No conditional access on M365.
No email logging and security event management.
No security event management on the VPN and firewall.
No end-point detection system.
No ongoing security awareness testing and training.
Lack of Internet Content Control and DNS Level Filtering.
Lack of policies and procedure, and the requisite testing of those P&P is an issue.
Just as much as you don't want cyber criminals throwing a party at your expense, we don't want them throwing a party at your expense either.
The goal is to think/assume incident/breach. Don't be naive in assuming you can stop it – instead assume it will happen, and put all of the pieces in place to: mitigate, respond and recover.
At The IT Company we love having the opportunity to be part of our community! This month we are celebrating the Grace Christian Football Team. We are proud to sponsor the Grace football program and wish them the best of luck this season!