Security

Hackers Start Beef with JBS Ransomware Attack

Last weekend saw a significant cyberattack waged against the world’s largest meat processor and distributor, JBS S.A., that completely suspended the company’s operations in both North America and Australia… and as a result, has impacted the supply chains associated with the company. Let’s examine the situation to see what lessons we can take away from all this.

What Happened to JBS S.A.?

Over the last weekend of May 2021, JBS’ global IT systems were targeted by a ransomware attack that completely shut down the meat processor’s operations in North America and Australia. Seeing as effectively each step of the company’s operations (from livestock procurement all the way to export and shipment) rely on some kind of technology, everything was put on pause.

Fortunately, JBS had implemented backups, and have therefore been able to restore their systems and are returning to operation. Furthermore, there has been no apparent evidence discovered suggesting that any customer, employee, or supplier data was compromised in the attack.

However, this does not mean that there is nothing more to examine surrounding these events. Let’s go into the major takeaways that need to be addressed.

First of All, Who’s Responsible, and Who is Involved in Fighting Back?

There has been no indication that any activist groups were involved in the attack. Rather, sophisticated cybercriminals—the sort that have been previously associated with Russian cyberattacks—have been assigned blame for this attack. Along with the Federal Bureau of Investigation’s interest in the cyberattack, the United States government has been in communication with Russia concerning these efforts.

The Australian Cyber Security Centre has also been providing their assistance, although they would not disclose what the nature of this assistance was, while the company was also working with both the Australian government and the Australian Federal Police to more assuredly identify the responsible party.

The Impacts of Ransomware and Other Threats

While ransomware is still relatively new in terms of mainstream threats, it has grown from a concerning eccentricity to a global concern in the few years it has been popularized. More than a threat that simply locks down a computer or network, ransomware now involves an element of exfiltration—not only is the target’s data deleted unless a ransom is paid, it is also stolen and sold unless a second ransom demand is also paid up. This form of attack is closely associated with exactly the groups that are suspected of conducting the attack on JBS.

Fortunately, JBS was smart and had protected themselves ahead of time by implementing a backup solution. This is precisely why we always encourage businesses to do just that: the backup serves as your business’ insurance policy should your operations ever be targeted by such an attack. Unfortunately, this isn’t unlikely as many such attacks are spread through automated phishing campaigns and other hands-off means of dispersing malware.

At Jackson Thornton Technologies, we’re committed to helping businesses resist cybersecurity issues of all shapes and sizes, along with helping you manage your IT in the operational sense. Start a conversation with us by calling 334-834-7660 today.

 

Four Considerations for Your Business’ Security

Millions of people find themselves sitting in front of a computer moving files around and corresponding with people over the phone, through email, or updating info in the company’s line of business app. What many of them don’t know, however, is that, at any time, they are only a couple of clicks away from causing major problems for their company. This is why it is extremely important to train your staff on what to look for and how to address those situations when they do arise.

To understand the desperate nature of this issue, you simply need to look at the global statistics. According to the Internet Society’s Online Trust Alliance (OTA), 2019 saw losses of over $52 billion as a result of cyberattacks, of which roughly 95 percent could have been avoided through simple, common sense actions and procedures. Additionally, these figures are expected to grow rapidly in the future.

That’s why it is essential that your business, aside from your dedicated network and cybersecurity strategy, comes up with a plan on how to properly train your staff with procedures that won’t stymie your business’ ability to be productive. How you go about doing that is up to you, but this month we thought we would share a few strategies on how to effectively get this done.

Get Your Employees to Understand

Educating a bunch of people (who don’t work in security) to learn about something as yawn-inspiring as network security isn’t impossible, but it takes a little creativity. If someone can relate to a victim, it’s easier for them to do things they wouldn’t typically do because they don’t want to be responsible for another. Use real world examples in your education materials. Chances are many of them have been the victim of identity theft or they’ve had their data leaked as a result of negligent behavior. Show them that many of the things they can do to protect the company are things that they already do to protect their own data. 

Create a Culture of Security

If history has taught us one thing about people, it is that people are impressionable. If they are constantly surrounded by a certain message, they will typically accept that message. Creating a company culture that is rooted in security will do a lot of the heavy lifting for you. If your company consistently pushes the need for comprehensive security, you better believe that most of your staff will get the message loud and clear.

Keep Training Consistent

Pushing security can go a long way, but without training that is designed to educate exactly what problems are being addressed by the procedures that are put in place, the whole thing is completely pointless. Employees need to understand:

● How to avoid becoming a victim of phishing

● What network resources they have access to

● The importance their role has in protecting company and customer data

● Solid password management and best practices

● What to do if they do make a security mistake

If every employee you have has a good handle on these five concepts, there likely won’t be a network security disaster coming from your staff in the near future.

Lead By Example

Obviously, in the average employee’s mind, network security, like physical security, is nothing they are inherently concerned with. If they follow procedure, there should be no problem. They figure that decision makers take the time and effort to address these issues and deploy the systems that are needed to protect the business. Not only that, many workers consider workplace security a C-suite issue. Firewalls, antivirus, multi-factor authentication, mobile device management, and intrusion detection are largely looked at in the same way as digital surveillance, access control, printer management, and a slew of other security systems that are controlled by people outside their expertise. In fact, many people look upon these systems as ones that serve to protect the business from them rather than working to protect the business.  

Leading by example means that you do the right things and expect that your team follows suit. Being more supportive than demanding is a good way to start. People that aren’t that strong with technology won’t always get it. Unfortunately, it only takes one instance to really create problems, so they must. Instead of being frustrated at their lack of understanding, create documentation and resources that will help them. Work with them to make them understand just how important it is that they need to follow these procedures. They don’t need to understand the workings of complex IT systems, they just need to avoid the big mistakes that could cause major problems for the company. 

At Jackson Thornton Technologies, we can help your business put together a plan to help you protect your business from end to end. Our IT professionals can help you put together procedures and a training plan that will give your business the resources it needs to stay secure. To learn more, call us today at 334-834-7660.

 

 

 

 

It’s Time to Focus on Data Privacy and Compliance

Most businesses have compliance regulations they need to meet. 2021 is becoming somewhat of a tipping point for some. Companies are dealing with the development of new data privacy laws that will surely add some responsibilities on top of already established regulations. This month, we thought we’d take a look at compliance and why it is important to stay on top of it. 

Before we get into regulatory compliance, we should mention that compliance with company-wide regulations (that presumably you’ve set up for a reason) are not exempt when considering your business’ compliance responsibilities. Understanding where your organization is in meeting both outside and inside compliance requirements can set you up for success, even as your business doesn’t look the same way it did in the past.

Outside Compliance Considerations

When compliance regulations are considered, typically these are the qualifications that need to be met. They are traditionally ethics-based regulations set up by legislators to help govern fair enterprise. Today’s business creates, collects, and uses data in new and exciting ways, and having to meet regulatory benchmarks becomes more and more crucial. Most of these regulations are governed by federal, state, and industry legislative bodies and organizations created to do that. If they are not met, it can cause some difficult problems for any business. These include fines, suspension of service, and more. 

Inside Compliance Considerations

The regulations you set up for your own business obviously don’t carry the risks inherent in meeting regulatory requirements, but presumably you’ve enacted these benchmarks and requirements to help manage and operate your business effectively, so meeting those standards is important. 

Massive Push For Data Privacy

For some time now, consumers have been more cognizant of how their personal information can be used against them. That doesn’t mean that many people have taken the steps to protect that data, but that is evolving. Typically, any regulations aimed at data protection have been made to keep organizations from taking advantage of stakeholders, but now, it seems, there is a fairly large section of people that are actively looking to help individuals protect their personal data. Unfortunately, many of the major technology companies don’t seem to be among them. 

The establishment of the General Data Protection Regulation (GDPR) by the European Union was a landmark day for individual data privacy. It held businesses accountable and gave individuals control over a lot of their personal data. Much of the same data was shared with impunity before the GDPR went into effect. Today, there are several data privacy laws on the books in the United States, with a federal data privacy law looking inevitable in the years to come. 

Compliance Tips

Outside of the GDPR (which affects any business that does business with European companies) most of today’s requirements have been in place for quite some time. Regulations like HIPAA and PCI DSS affect millions of businesses, so it is important to have a set of strategies in place to keep compliant. Here are a few tips:

1. Stay in Good Standing - You need a Certificate of Good Standing. Otherwise you can’t legally do business in most states. This is a certification that is issued by your state and requires your business to be registered as a legal entity, be current on tax filings, and meet other benchmarks or be suspended from doing business in that state. 

2. Be Aware of Any Laws that Govern Your Business - These days, the regulations and laws are always changing. Business in 2021 moves fast, so staying up on the latest regulations will help your business maintain good health and go a long way toward putting you in a position to maintain compliance. 

3. Keep Your Contacts Updated - It’s important to keep your business contacts list up to date. This strategy helps by having contacts on hand so that you can handle important issues that might arise.

4. Follow Best Practices - Complaint companies understand the best ways to stay that way. Typically, by following best practices, your business can maintain compliance more effectively.

If you need help staying compliant or understanding how to, give the IT professionals at Jackson Thornton Technologies a call today at 334-834-7660.

 

Ransomware Is One of Today’s Most Dangerous Threats

Ransomware has been a real problem for the past several years. Once known for breaching networks directly, the establishment of uncrackable encryption left hackers looking to change their strategies. Today, they use scams to get people to give them access to network resources. If they are successful, it can deliver more than headaches for a business. Let’s look at what makes ransomware so dangerous and how your company can combat the constant attacks that come your way. 

Ransomware

The experience of someone victimized by a ransomware attack is laced with terror. The fact that the situation you are dealing with—finding your files, drives, or even network resources are encrypted and inaccessible--is definitely one that would startle anyone. You then see the clock that is patiently ticking down, and you know that if you don’t comply with the demands, your files/drives will be deleted. It’s not a pretty situation.

Phishing

Phishing messages are usually delivered through email, but can also be received via a phone call, text message, or social media message. They are known as such because the scammer responsible simply distributes a message and waits for someone to take the bait. Scammers today are well-established and have gone to great lengths to concoct messages that could fool even the most vigilant user. 

Cybercriminals have taken to pairing these attacks together to help them take advantage of as many targets as possible. If a member of your staff incidentally clicks on a link or unpacks an attachment that is connected to one of these phishing emails—because it looks just like a valid email—you may be in some big trouble. Ransomware can move fast to encrypt data and drives, whittling your options significantly. 

What to Look for in a Phishing Email

There are some warning signs that a message is a phishing attempt. They include:

● Details are wrong - There are several details that you should check before you click anything in an email. Is the email address from the sending company? Are there misspellings and grammatical errors that you wouldn’t find in professional correspondence? Were you expecting an email from the company? If there are obvious inconsistencies, make sure to report it to your IT administrator before proceeding.

● There’s excessive urgency - Most phishing emails have desperate call-to-actions. Email is a useful correspondence tool, but very rarely are you directed to do anything that would necessitate you providing sensitive data. If an email’s message seems a little desperate, don’t proceed and report the message to your IT department.

● There’s a link or an attachment - If there is a link or an attachment in the email, and you weren’t expecting the email, you will want to reach out to the sender to confirm their legitimacy through another method of communication.

Phishing is today’s hacker’s go-to strategy. Ensuring that your staff is able to spot phishing attempts is the best way to ensure that ransomware or other malware payloads stay off your network. Call the IT professionals at Jackson Thornton Technologies today to talk about the strategies we prefer to ensure that our clients’ networks are left free of malware. You can reach us at 334-834-7660.

 

What We Can Learn from Coca-Cola’s Insider Trade Secret Theft

Your business’ data is perhaps its most crucial resource—which is why it is so important that it remains protected against all threats (including those that come from within your own business). Consider, for a moment, the ongoing trial of Xiaorong You, going on in Greenville, Tennessee. Accused of stealing trade secrets and committing economic espionage, You allegedly stole various BPA-free technologies from various companies—including Coca-Cola and the Eastman Chemical Company, amongst others—to the tune of $119.6 million.

Let’s consider how the implementation of insider threat detection methods could have minimized the damages that You allegedly inflicted on these companies.

You’s Story

Xiaorong “Shannon” You, a naturalized US citizen and PhD in Polymer Science and Engineering, has worked in the industry since 1992. From December of 2012 to August of 2017, she worked for Coca-Cola as a principal engineer for global research, moving to the Eastman Chemical Company to work as a packaging application development manager from September of 2017 until June of 2018, when her employment was terminated.

During her tenure at both companies, You had access to secrets that a limited number of employees were privy to. In the case of Coca-Cola’s secrets, You had retained them (despite affirming that she hadn’t in writing) and submitted them to the People’s Republic of China as part of her application for the country’s The Thousand Talents program in 2017. This program has been used before to introduce advanced technologies to China, with the Department of Justice having had some success in prosecuting these cases.

What Xiaorong You Allegedly Did

According to the case that You now faces, she retained this information by simply uploading data to her personal Google Drive account—or when dealing with particularly sensitive documents and physical lab equipment, she simply used her smartphone’s camera to capture images (bypassing the scrutiny of her employers’ information security teams). Once she had secured this information, You worked with a Chinese national named Xiangchen Liu to form a company in China that would use these trade secrets to generate its own profits, using an Italian BPA-free manufacturer to incorporate the stolen technologies onto their own products.

The theft of this technology has had an impact on various companies, including Coca-Cola and the Eastman Chemical Company, as well as AkzoNobel, Dow Chemical, PPG, TSI, Sherwin Williams, and ToyoChem.

Originally brought up on charges involving the theft of trade secrets in Tennessee’s Eastern US District Court in February of 2019, You was subject to another indictment in August 2020 that filed charges of economic espionage.

How You’s Employers Could Have Stopped Such Activities

Let’s take another look at some of the dates we just went over:

You’s employment at Coca Cola ended in August of 2017, while her indictment for crimes that allegedly took place during her time there didn’t happen until February of 2019. This suggests that the discovery of her activities at Coca-Cola didn’t occur until long after the fact.

This fact is indicative of two reasonable hypotheses:

1. Coca-Cola lacked the tools to detect such activities in real-time, making it far more difficult to prevent protected and sensitive data from successfully leaving the corporate environment.

2. Coca-Cola also lacked the policies that could have prevented non-authorized devices from entering the workspace or otherwise being kept in proximity to sensitive company data or infrastructures. While old-fashioned, the concept of taking photographs of such information is no less effective for its age.

By comparison, You’s considerably rapid termination from the Eastman Chemical Company would suggest that their data protection standards were much more robust than Coca-Cola’s were at the time, enabling the company to identify a security issue and properly investigate it much faster.

Just imagine how much the total damages—which now equate to about $119.6 million, as a reminder—could have inflated if Eastman Chemical weren’t able to catch You’s alleged activities so quickly.

It unfortunately goes to show how anyone given the opportunity in tandem with the right motivation—in this case, recognition and financial windfall—could become a serious threat to any company’s data. This means that every company should have the tools in place to prevent these activities as often as possible, as well as the means to catch them if they are to take place.

Jackson Thornton Technologies is here to help facilitate that. Our remote monitoring and management services can help catch any suspicious activity on your business’ network, preventing both internal and external threats from taking root. We can also help keep your data on a need-to-know basis, preventing more data leaks—accidental or otherwise.

Learn more about how our solutions can assist you by calling 334-834-7660 today. 

 

 

A Hacker Could Steal All Of Your Text Messages for a Few Bucks

We always picture hackers as these foreboding, black-clad criminals, smirking through the shadows cast in their dark room by their computer monitor. Hardened, uncaring individuals who don’t go outside very often, staring at code as if they were able to decipher the Matrix.

It’s time we give up this persona and stop mystifying cybercriminals. Why?

It only takes a few bucks and some spare time to truly hold an individual’s data hostage.

Cybercrime doesn’t require the skill of a computer programmer, any more than mugging somebody on the street requires the skill of a James Bond villain. It just takes a level of dedication and a huge lack of compassion. 

It’s So Easy to Have Everything Taken Away From You

Let’s keep the comparison of cybercriminals with street muggers in mind. That’s really what these people are. When my friend (we’ll call him Bob for the sake of this blog post) watched his online accounts systematically get broken into, he wasn’t dealing with a highly-skilled, Hollywood-portrayed hacker. He was likely dealing with a kid who found an easy way to take advantage of others.

Here’s the story:

Bob received a weird message from a stranger. That message had screenshots of a few of his online accounts—his Amazon account, Netflix, and a few others. This stranger was proving that he had access to Bob’s accounts.

A few minutes later, the stranger started to show text messages that were intended for Bob. He logged into Bob’s Facebook account and started messaging Bob’s friends and family. 

Bob’s phone wasn’t acting strangely. There was no evidence that it had been hijacked. His computer at home wasn’t showing any signs of malicious activity. Everything worked as normal.

This stranger was going through all of Bob’s online accounts and changing passwords, taking over, and locking Bob out. It wasn’t long before he found his way into Bob’s Paypal account.

How could this happen? There are actually several possible ways:

If you use the same passwords on multiple accounts, it’s easy for a cybercriminal to sift through sites and businesses that were breached and try your username and password on other services. Stolen information is often displayed and sold on the Dark Web, and for a few dollars, anyone can grab loads of personal, sensitive information like this.

Another way could be SIM Swapping, which is a term for when a criminal tricks a cell phone carrier to forward your calls and text messages to their own device. It only takes a confident criminal and a misguided support person at your carrier.

In this case, however, the criminal didn’t even go that far.

They used a legitimate service called Sakari, which is a text messaging marketing service that lets businesses perform mass communication to their customers or subscribers via text. 

Anyone can create an account with Sakari, and for a few dollars, seize another person’s phone number.

The victim doesn’t lose access to their smartphone. They still get calls and texts. The criminal, however, gets to see everything going on. Since many online accounts will text you if you try to get in without a password, the so-called hacker could intercept these messages and take the steps to gain control over your identity. Once they are in your text messages, they can quickly escalate into your email, and then control everything.

We’re likely going to see companies like Sakari increase their security to prevent this from becoming a widespread problem, but it just goes to show you that hackers can be resourceful without actually needing a lot of skill—just dedication to do wrong.

To protect yourself from this type of attack, be sure to use strong passwords and never use the same password on multiple accounts. Utilize 2FA that goes beyond SMS messaging, such as the Google Authenticator, Duo, Lastpass Authenticator, or a similar tool. Most importantly, never hesitate to ask your trusted IT experts what you can do to further protect yourself, your identity, and your business.

Want to discuss your cybersecurity? Give Jackson Thornton Technologies a call at 334-834-7660.

 

 

Cybersecurity Tools Every Business Should Have

We typically like to remind people as much as we can of the importance of staying up-to-date with your organization’s cybersecurity. There are plenty of things you can do to strengthen your grip on your network. This month we thought we’d go over some of the solutions we offer to help our clients secure their network and infrastructure. 

Your Network Security

To protect your network, you need to ensure that you have the proper solutions in place. Between network security appliances, virtual private networking (VPN) clients, and firewalls, any potential points of egress can be covered against issues.

These defenses will help to minimize the number of threats and other risk elements that enter your network. Once coupled with the following solutions provided by Jackson Thornton Technologies, you can know that your business data and network security are strong. 

Network Monitoring

In case any threats do manage to breach your defenses, you need to ensure that you are able to detect and identify them. By equipping whatever IT management resource you have with the tools to keep an eye on your network and its health, your security will be improved through vigilance. This is one of the best-known advantages of enlisting a managed service provider, as an MSP will take it upon themselves to proactively work to prevent threats by keeping an eye on your technology infrastructure and its health.

Mobile Device and Endpoint Management

As many people are working remotely, especially nowadays, the capability of your business to retain some control over its data is a necessity. Utilizing solutions like mobile device management and endpoint management can give you this control, enabling you to dictate the data and applications that these devices can access. This way, you can better ensure that your data is protected, and your resources are secured.

Security Training and Management

Of course, you also need to be sure that your team knows how to protect your business to the best of their ability, and that they understand how to respond to any threats that make their way in. This will require you to evaluate your team’s preparedness and test them in simulated events to ensure that they are able to protect your business. You’ll also need to figure out how to meet the compliance standards that your industry is beholden to, specifically in terms of the security that is demanded for you to uphold.

Threat Management and Detection

Finally, you need to do everything you can to minimize the amount of threats that materialize and catch those that have slipped by. Using the solutions available today, you can reduce the amount of threats that darken your door in the first place. There are also tools that can help you to locate any threats that have slipped past your defenses so that they can be mitigated.

Jackson Thornton Technologies is ready to assist you in implementing these solutions. To get started, reach out to our team by calling 334-834-7660.

 

 

 

 

Let’s Take a Look at the Data Breaches So Far in 2021

 

By now, everyone knows that businesses can be defined on how they approach cybersecurity. Unfortunately, even if your business makes a comprehensive effort to protect your network and data from data breaches, all it takes is one seemingly minor vulnerability to be exploited to make things really hard on your business. Let’s take a look at the major data breaches that have happened since the calendar turned to 2021. 

January

For the first ten days of the new year, there weren’t any major breaches, but on the 11th:

1/11/21

Ubiquity Inc. - One of the largest vendors working in the Internet of Things space, had their database accessed by unauthorized entities through their third-party cloud provider. Possible exposed items include customer names, email addresses, hashed passwords, addresses and phone numbers.

Parler - The former social media news app, Parler, after being removed from Amazon servers got some more bad news. It had its data scraped by a hacker and resulted in 70 terabytes of information leaked. This included almost every post to the platform, person-to-person messages, and video data. All of Parler’s Verified Citizens, users that have verified their identities with their driver’s license information were exposed.

Facebook, Instagram, and LinkedIn - A Chinese social media management organization called Socialarks suffered a data leak that exposed the PII (Personally Identifiable Information) of at least 214 million social media users from Facebook, Instagram, and LinkedIn. User’s names, phone numbers, email addresses, profile pictures, and more were exposed in the leak.

1/12/21

Mimecast - Cloud cybersecurity company Mimecast had their tools hacked, exposing around ten percent of their customers who currently utilize the Microsoft Office 365 email platform. 

1/20/21

Pixlr - The free photo-editing application had the user records of 1.9 million of their users compromised. Data that was leaked included email addresses, usernames, hashed passwords, and other sensitive information. 

1/22/21

Bonobos - Seven million customers of men’s clothing retailer Bonobos had their customer data stolen and posted on a hacker forum. Some of the data exposed included addresses, phone numbers, account information, and even partial credit card information.

1/24/21

MeetMindful - MeetMindful is a dating platform that was hacked and had 2.28 million registered users’ personal information posted for free on hacker forums. The data that was exposed includes names, email addresses, location, dating preferences, birth dates, IP addresses and more. 

1/26/21

VIPGames - The free gaming platform, VIPGames.com had 23 million records leaked for more than 66,000 users. The cause was explained as a cloud misconfiguration. Leaked user records include usernames, emails, IP addresses, hashed passwords, and the status of user accounts.

1/28/21 

U.S. Cellular - After a targeting phishing attack of U.S. Cellular employees, hackers were able to gain access to the company’s CRM that contained almost five million user profiles. U.S. Cellular is the fourth largest wireless carrier in the U.S. and admitted to only having 276 users be victims of the social engineering attempt. Records that were compromised included names, addresses, PINs, cell phone numbers, plan information, and more. 

February

2/2/21

COMB - Standing for a “Compilation of Many Breaches”, a database containing more than 3.2 billion unique pairs of cleartext emails and passwords that belonged to past leaks of Netflix, LinkedIn, Bitcoin, Yahoo, and more was discovered available online. In the searchable database, hackers were given access to account credentials, access to 200 million Gmail addresses, and 450 million Yahoo email addresses.

2/10/21

Nebraska Medicine - In the first major medical organizational breach of 2021, Nebraska Medicine was inundated by malware allowing a hacker to access and copy the medical records of over 219,000 patients. Information copied included names, addresses, dates of birth, medical record numbers, health insurance information, lab results, imaging, diagnosis, and more.

2/18/21

California DMV - The California Department of Motor Vehicles was hit with a data breach after one of their contracted companies, Automatic Funds Transfer Services, was hit with a ransomware attack. Information stolen included any CDMV information from the past 20 months including names, addresses, license information, and more. 

2/20/21

Kroger - A hack of a third-party cloud provider, Accellion, allowed hackers to steal HR data and other sensitive information from supermarket company, Kroger. Some of the records that were disclosed include names, email addresses, home addresses, phone numbers, Social Security numbers, and health insurance information for pharmacy customers. 

2/26/21

T-Mobile - An undisclosed number of T-Mobile customers were affected by hackers using SIM-swapping, a social engineering attack that allows hackers to gain control over a user’s smartphone. This allows them to steal money from their accounts, change passwords to hijack accounts, and even lock users out of their own devices. 

March

3/3/21

Microsoft Exchange - A vulnerability found in Microsoft Exchange Server email software allowed hackers to gain access to the email of 30,000 organizations from across the U.S. This allowed hackers to gain complete control over affected systems, allowing for data theft and positioned them well for further compromise. Microsoft has since patched the vulnerability.

3/9/21

MultiCare - A ransomware attack exposed the personal and medical information of over 200,000 patients. The attack provided access to names, policy numbers, Social Security numbers, dates of birth, bank accounts, and more. 

Millions of people every year are victims of some type of cyberattack. To keep your organization from dealing with this type of problem, contact the experts at Jackson Thornton Technologies today at 334-834-7660 to help come up with a strategy.

 

What Your Employees Need to Know to Keep Their Own Data Secure, Too

It is only too common for people to have very different personalities in the office as they do during their off hours, with different standards and practices to suit them. While there is absolutely nothing wrong with that on the surface, you need to be sure that they are at least upholding the kind of security best practices that you expect of them in the office while they are at home.

Let’s go into why this is, and what these practices should look like.

How an Employee’s Security Habits Impact the Business’ Security Overall

Okay, stay with us here—there are a few steps that we need to go through to get from point A to point B.

Chances are that your team members are likely somewhat lax in their security practices when their own data is concerned. This means we can confidently say that, without oversight, simplicity will likely win out over the admittedly less convenient best practices.

While you should be ensuring that all devices that connect to your business network are updated and abide by certain best practices, like password quality and the like, you aren’t exactly standing over their shoulder while they’re browsing from home.

With so many people now working remotely—potentially from devices they own, not the ones you’ve provided—this can quickly become an issue. With poorly managed and maintained devices accessing your business’ resources, you are exposed to greater risks.

Obviously, this isn’t acceptable. To help minimize the impact that lax security practices could potentially have, you need to reinforce the importance of properly adhering to what is recommended in the office while at home.

Best Practices That Your Employees Need to Abide by at Home, Too

Password Hygiene

● Don’t reuse passwords

● Update passwords somewhat regularly

● Use an approved password manager to help simplify this compliance

● Supplement your passwords with some form of 2FA/MFA

Precautionary Measures

● Avoid any publicly accessible wireless networks

● Think before you click when browsing the Internet or checking emails

● Use a Virtual Private Network (or VPN) to securely connect to your infrastructure

● Always keep an up-to-date antivirus and firewall installed

● Regularly update your software

Browsing Practices

● Avoid insecure websites (those beginning with “http” instead of “https”)

● Keep personally identifiable information (PII) private

● Understand what a phishing attack is, and how to spot them

● Keep work devices dedicated to work purposes

Interested in learning more about any of these practices? Give Jackson Thornton Technologies a call to discuss your options with us, along with any of your other business-IT related questions. Dial 334-834-7660 today.

 

 

Blockchain Technology is Advancing Health Technology

Healthcare is a hot-button issue regardless of where you live. As a result you’d think that the industry would be one of the first to implement new information technology. Unfortunately, the healthcare industry has sometimes lagged behind other industries on the deployment of new IT tools. One technology that is being used in the development of new IT tools for healthcare is blockchain. Let’s discuss how blockchain technology is being utilized and how it can change the face of patient care going forward.

The Decentralization of Electronic Protected Health Information

Healthcare data is one of the most private sets of information out there. Known colloquially as electronic protected health information (ePHI), it covers patient data, information shared with insurers, and any other data that has to do with an individual’s health record. Unfortunately, many of the same processes that have been used for decades remain, even with major advances in technology and mandates handed down directly from governments. The lack of innovation is mostly a result of a reluctance by healthcare providers to invest in the technology and risk inefficiencies caused by the implementation of new technology. 

As tools get smarter, however, healtccare administrators have started to acknowledge just how much value this technology can have for their organizations’ patients. Blockchain is one technology that is on the precipice of changing healthcare forever. It is beginning to be integrated into record-keeping solutions that will give people more control over their health data, and provide the kind of privacy that should be required when dealing with their sensitive information. 

Blockchain is an immutable and encrypted ledger technology that provides some of the following benefits:

● Information is decentralized - The data on a blockchain is not owned by a healthcare organization, but is more of a ledger of an individual’s health profile. 

● Data on the blockchain is encrypted - The data is secured and cannot be altered. If situations change with a patient, another node is created amending previous information, it isn’t changed.

● The blockchain itself is reliable - Once information is entered as a part of blockchain, it is on the chain in perpetuity. Any changes need to be created in a new block. Any piece of information about an individual’s health can be identified by looking back over the blockchain.

● The blockchain improves transparency - Providing patients the ability to track their own health information, rather than relying on insurers or providers to coordinate information if there are questions about it, can give people control over their ePHI and quickly work to provide doctors and nurses useful information they’ll need to provide the best care possible.

The technology that blockchain is most identified with is called an Electronic Health Record (EHR) or Electronic Medical Record (EMR). By integrating blockchain technology into these systems, individuals will have more control over their health information. As it stands, healthcare organizations and insurance companies have a monopoly over this information, leaving the patient relatively in the dark about the management of their own individual care. It’s not overstating one iota to consider blockchain technology a major step forward in healthcare reporting. 

Integrating blockchain also incentivizes healthcare organizations to provide better care, as there would be a great deal more transparency. Some other benefits of blockchain in healthcare include:

● Blockchain nodes cannot be altered, and the chain is traceable. Patients will be able to send records to who they choose without the fear of corruption or mishandling. 

● Blockchain’s encryption will keep all nodes (and information held within) secure until it is shared with the healthcare provider or insurer.

● Blockchain can incentivize healthy behavior as insurers and providers can set up benchmarks that patients could meet.

● Blockchain integration could lower healthcare and prescription costs as it would allow and incentivize the tracking of prescribed drugs, lowering supply chain costs.  

What do you think? Would you like to have more control over your health records, and your ability to secure and share that information with your doctors and healthcare providers? Do you think that your healthcare provider does enough to keep your health information secure?