In the past week, we have seen increased occurrences of elaborated scam emails with attempts to collect Office 365 credentials, so we find important to share tips on how to spot these threats.
Always verify the sender is valid. Specially the domain suffix. If its not a .com or .us there is your red flag.
DO NOT click on attachments or links. If you are in doubt, forward the email to your IT department or MSP provider. On the above sample, links were pointing to a site that looked identical to the Office 365 login page, it did have a valid SSL Certificate so it was deemed as secure but it was designed to steal office 365 logons. As of 10-27-2017 the set had been taken down already.
Why would someone want to gain access to random email addresses you may ask. A few examples:
A few steps that help protecting your systems against this threats are:
For more information or if you would like to get a FREE network assessment for your company. Please contact iEple LLC at (630) 634-5700 or make an appointment at http://book.ieple.com
We appreciate comments and questions.
Phishing is the most effective way hackers have nowadays to seed viruses and malware to corporate networks for the following reasons:
Can we avoid phishing emails?
In theory yes; spam filters are constantly looking for signs of phishing at the binary and heuristic level, however a good percentage of messages can still go through.
Another risk is the ability for users to review their spam folder; then phishing messages that may look "legit" can lead us to think it was sent to spam by mistake.
So here are our quick 4 things you and your employees should be trained to watch on every single email that comes across:
1. ALWAYS check full details of the sender:
The example above shows "Paypal" on the list of senders; just click on the details of the sender to reveal the real email address. In the example you can see it's not coming from Paypal at all.
2. DONT CLICK ON LINKS before you verify them:
If you are prompted to click on a link to "Verify" or "login" STOP and check that link. Simply hover the mouse on the text or button to reveal where they are trying to take you. In the example above notice how the link would take you to "service-infos.com" which is completely unrelated to Paypal.
3. DO SOME READING
Spammers take advantage of our global inability to pay attention to detail; we unconsciously validate information when we look familiar logos.
Honor your junior high grammar teacher's dream and notice language that you wouldn't expect from a professional. See the example above and watch for simple mistakes that simple don't look good with the context.
4. MIND ATTACHMENTS, scan them first
We receive attachments every day and technology give us the comfort to open them right from our email client or webmail page. Before opening the attachment ask yourself:
The most common attachment extensions are
The most common file extensions used for malicious software sent by email are:
Whether is a common file and coming from a trusted sender, always download the file, rather than opening them; then right click on it and select the option to scan with your default antivirus.
Again, any company should have a solution in place for Spam filtering and threat detection. If you don't it is time to get one. Call us to find out how easy is to implement and the many benefits your company will gain.
Thanks for staying with us so far, we hope this information is valuable. If you'd like to learn more about security for your business computers, managed antivirus and other ways we can help to prevent threats on your network, please contact us and we'll be ready to assist and provide guidance.
During last weekend's movie night we watched Big Hero 6 (for the 10th time) with the kids; this time with critical eye I realized how Disney is able to portrait many common practices of medical facilities that are not HIPAA compliant.
At some point during the movie, Baymax (the good guy)projects Mr. Kabuki's (the bad guy) diagnostic chart to a crowd of people. The conversation denotes the medical scan was taken without authorization and viewers of the chart are assumed not to have a Business Associate Agreement.
- Every computer at a medical facility must have password lock and idle time out;
- If people other than the clinical employee can see the screen it is suggested to put a privacy cover that prevents prying eyes from seeing the screen from an angle.
Employees or associates being exposed to PHI must have a signed BAA
- Every person accessing PHI should be able to be traced with systems established by the practice.
Unencrypted PHI Containers:
Some scenes show how Baymax's hard drive is easily removed, plugged into a computer and read without needing a password.
- Rules dictate computing systems containing PHI must be locked down or stored in an area where they cannot be easily stolen.
- Mobile systems such as laptops and tablets must be encrypted and password protected.
Lack of Backup:
Spoiler alert; Baymax gets destroyed at the end of the movie, so is the medical data it carried within.
Medical facilities have the obligation of keeping medical records for a set number of years.
A backup solution managed by an Information Technology professional company is the best option (like iEple LLC) as they will monitor backup jobs and ensure systems can hold the data securely.
In summary, think about improving your practice security by taking care of these 3 simple steps, one at the time.
1. Protect Medical Records from prying eyes: Privacy shades on monitors and idle time out.
2. Encrypt your computer systems and set passwords for each employee
3. Obtain a backup solution adequate for your practice.
Call iEple today and finally get the peace of mind and savings your practice need.
1 (866) 781 4009
If you run your own Medical Practice, chances are, you spend quite some time figuring out which EHR and EMR was convenient for you, and among the options for Cloud (hosted somewhere else) or your own server; you had decided to host it in your own server for different reasons:
But how about Security?... yes, at this point you are hating this post as HIPAA, Meaningful use and all compliance nightmares may wake u up again; but let's embrace it, You need to know about this things and review it once in a while. Think of all your patients you wish they have taken the initiative to get a routine check instead of coming to your practice half dead and expecting you to bring them to their early twenties.
As I.T. Professionals with years of experience helping Medical Practices and I.T. Security, have come across several EMR and EHR plataforms hosted on premises at Medical Practices and we are sad to tell you, they are not safe out of the box; there are many loose ends that need to be covered in your network to try to stay away from data breaches that EMR and EHR developers not even consider because is not their responsibility.
We don't intend to say you will be fully protected and not liable by following this guide, but at least we try to cover the most typical areas where most common attacks are targeted.
Call us at 1-866-781-4009 for a free consultation and free no obligation on-site inspection.
Deploy dozens of computers in minutes with iEple's BioGreenPC
Enterprise I.T. Support for ALL