The importance of cybersecurity has become increasingly prevalent in media, conversations, and business. Major software companies have been hit with fines from breaches and millions of users data has been exposed illegally. This year marks the 15th anniversary of National Cybersecurity Awareness Month. Here at HHS Solutions, we have pooled together some resources that we […]
A massive computer virus called WannaCry has infected thousands of computers worldwide as of last week. What makes WannaCry distinct is that it does not need to have users click on a link for it to infect your machine. Some security researchers are pointing the source of the virus to the Shadow Broker’s leak of […]
[cmsms_row][cmsms_column data_width=”1/1″][cmsms_text] Beware of Email Attachments We received an email this morning from what looking like a person wanting to apply for a position within our company. It is not out of the norm to receive legitimate emails from open job positions. What made this email stand out is that it did not specify the […]
HIPAA security has changed since March of 2013. The new rules change the way everyone deals with electronic Protected Health Information (e-PHI) as well as the networks and vendors the companies use to view and transfer these documents. Under the new rules, you can be fined up to $1.5 Million per year if you are not in compliance, and up to $50,000 per violation. Also now business associates can be held responsible for data breaches and if that were not enough: you now you have to prove that you haven’t had a data breech instead of the opposite. Under the new rules they assume that you have had a security breech unless you can document otherwise. For companies that have policies and procedures for HIPAA that are older than 3 years: You may want to read through your Business Associate Agreements (BAAs) and your policies to make sure the new rules are put into place.
Visit HHS.GOV here for the actual specifications/requirements: http://www.hhs.gov/ocr/privacy/hipaa/understanding/srsummary.html
In short it is important to make sure you are in compliance to these new rules and that your IT vendor/department is aware of these requirements.
Phishing Attacks:Phishing is when attackers send you emails or have links in websites that are tailored to look legitimate, but when an unsuspecting person clicks on a link or opens a file within an email it harms the computer. Also, Spear Phishing is an even more targeted attack, in which the hacker gathers info about you to tailor a personalized email message just for you.
Man in the Middle Attacks:Man in the middle attacks intercept data between two points and attempt to steal and decrypt the information. This can be done by spoofing a “trusted” network that your device has connected to in the past. You may see this if you are at a hotel and your phone tells you that you are connect to your home network?!?!
Buffer Overflow:Buffer overflow is when an attacker breaks a program by giving it too much information (like a really long username). The attacker can then insert code into the website or software that goes where it should not and gain access to a system. This is a high level of attack and difficult to prevent
Brute Force Attacks:Brute force attacks can be very effective against systems that have weak user names and passwords. A brute force attack will try thousands if not millions of usernames and passwords to try to find the right one. More sophisticated attacks use “dictionaries” of the most common passwords to quicken the process.