Blog

Archive for Pillar Post

How to Reduce Data Security Breaches Using an ‘Air-Gap’

 

Not all things need to be online. In fact, there are some systems and information that should never be online and instead be secured by a private offline network. This strategy is known as using an “air gap” between systems and the public Internet.

Improved Security Using Offline Systems

Using an offline network for critical path functions and data security reduces the risk of a data breach. This is an excellent strategy, however, it is not 100% secure. In any security review, the IT security experts look at outward-facing systems that connect directly with the Internet, opportunities to manage system networks offline to improve security, and the risk of “human engineering” hacking attempts. Human engineering security breaches come from the tricking people into doing something that allows a security breach. Using an air-gap strategy needs to be enhanced with increased personnel security, such as extensive background checks, limiting personnel access to systems, and physical security barriers to access sensitive data.

Offline Protection of Personal Data

Any organization that handles personal data, such as credit card information or medical records, has a severe obligation to make sure the data is protected. Access to this information should be managed on a need-to-know basis. For example, credit card data only needs to be used for secured transactions. If it is stored by a company that information should be stored offline and secured by encryption.

For medical records, there are severe penalties for data breaches under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). In some cases, these penalties have been in the many millions of dollars. This means anyone handling such data needs to protect it like they are guarding the gold at Fort Knox. This is the kind of information that benefits from offline storage using a private network, with point-to-point information tunnels that pass data from one place to another only when it is encrypted in order to only permit authorized access to the data.

Conclusion

The risk of experiencing a data breach when there is unnecessary exposure of data to the public Internet can be better managed by taking the sensitive data offline.

Consult with Sentree Systems about how to manage an online presence combined with a private offline network for better security. Every business of any size can benefit from this approach.

Share

Posted in: Monthly Security Brief, Pillar Post, Tech News

Leave a Comment (0) →

Data Breaches in the USA – Is your business next?

The U.S. Department of Health and Human Services maintains a database that tracks every data breach of medical records where more than 500 records have been compromised. SafeticaUSA reports that, during 2016, the data breaches were caused by improper disposal of memory storage (2.3%), loss (5.4%), theft (19%), hacking (31.8%), and unauthorized access/disclosure of information (41.5%) by employees, which happens sometimes by accident.

Misuse of this information obtained by a data breach is rampant. Criminals can use this personal data in many nefarious ways including blackmail and identity theft. Businesses that do not protect personal and private data are liable for its misuse. They can face fines and civil lawsuits in the multiple millions of dollars.

The SafeticaUSA study noted that the average cost for a single data breach is $7 million and that 100% of businesses share business data in ways that are not safe. When employees leave a company, 87% of them take company data with them increasing risk exposure.

Indiana’s Data Security Record

In the SafeticaUSA study of medical record data breaches, which reviewed the occurrences in 2016, California was the state with the largest number of incidents, followed by Florida, Texas, and New York. Indiana came in fifth place by having 12 major data breach incidences during 2016. In terms of the number of compromised private records, the state of Indiana, with 257,174 records breached, was in tenth place on the list of states with the highest number of data breaches.

Conclusion

Data breaches are a serious problem that puts every business at risk. Personal medical records are very vulnerable and the dangers are increasing. Proactive strategies to reduce this risk include conducting a data security audit, implementing a data loss prevention solution, and advocating that the best practices are used for data security by affiliates, contractors, and business partners.

Contact Sentree Systems for a Cyber Risk Analysis to improve security and reduce the chance of a serious data breach.

Share

Posted in: Monthly Security Brief, Newsletter Topics, Pillar Post, Tech Tips for Business Owners

Leave a Comment (0) →

Data Security Plans for 2018

The beginning of a new year is a great time to have a comprehensive data security analysis and to create a new strategic data security plan. There is plenty to be worried about when it comes to data security. Data security is something that needs to be constantly monitored in order to be effective. New threats are coming up every day.

Luckily, a small-to-medium-sized business does not have to go at this alone. In fact, having a service contract with a specialist in data security is probably one of the smartest things a business can do.

Here are a few significant things to consider when making a strategic data security plan for 2018:

Internal Security Breaches

It does little to stop a security breach if the entire focus is on external attacks and the security breach comes from within. Authorized users have been known to simply make copies of sensitive data files and walk out the door with them. Disgruntled employees can wreak havoc on data security when leaving a job.

Best practices include using high-quality background checks, restricting access to data on a need-to-know basis, and being able to immediately terminate access for any user.

Ransomware

Ransomware is a type of malware that when a user downloads it, it installs itself, and then encrypts the data on a system to lock the users out. An extortion demand is made for a payment in anonymous cryptocurrency like Bitcoins in order to get the encryption key to unlock the data. These extortion demands range from a few hundred dollars to millions. There is not even a guarantee that paying the ransom will get the data back.

Best practices to avoid this risk are to maintain real-time data backups that are made and then kept in protected storage offline. If a ransomware attack occurs, these backups can quickly bring the organization back to current working-status.

Two-Factor Authentication

All external-facing systems need to have a two-step authentication process using one-time use authentication code for the second step. The benefits of this strategy are significant in blocking unauthorized access. The way it works is an authorized user logs in with a complex password and then the second step sends a text message to a secured mobile device that is used by that person to complete the login process. If the mobile device is lost or stolen the second-step is canceled.

Sentree Systems Corp. is a highly-qualified data security consulting company that works with small businesses in Indiana, serving Indianapolis and the surrounding areas including Avon, Carmel, Fishers, Plainfield, and Noblesville Every business should assume they have either been attacked, are being attacked, or will be attacked. Fast detection and swift response are the small business owner’s only defense. Contact us today to learn more about these strategies at www.sentreesystems.com

 

See How Sentree Systems, Corp. can Help!!


Learn More!

Share

Posted in: Monthly Security Brief, Pillar Post, Tech News

Leave a Comment (0) →

Best Practices for Risk Management

Data Security is improved by taking a data-driven approach that addresses security issues that are uncovered by a review of security risk data. For example, allowing employees to continue to use software that has known vulnerabilities, which has not had the most recent security patch applied, is a risk that is unnecessary.

Here are a few tips to improve Data Security by using a data-driven approach:

Conduct a Security Assessment and Implement Its Recommendations

It is surprising when an organization goes to the trouble to conduct a security Assessment, which should be done on a regular basis and then does not implement the recommendations. Executives may think that since the security Assessment was done, the security is improved. A security Assessment demonstrates an Impact vs. Likelihood that your organization will have a compromise in the near future, but does not actually stop a breach from happening. It is important to take the next steps of implementing security upgrades as well.

Monitor Data Security News Alerts

By setting up Google alerts and keeping an eye on the latest Data Security News, helps increase awareness about security issues. An example of a Google alert is using the name of the software or IT service combined with the phrase “security flaw.” Moreover, there are industry security news systems that can be regularly checked for alerts such as the Security News notifications in the Security Education Companion.

Organizations that do not have sufficient internal staff for these Data Security issues do well by contracting with an outsourced IT data security company to monitor them on behalf of the organization.

Be Proactive About Advanced Persistent Threats

Advanced Persistent Threats (APT) are socially-engineered attacks that are occurring on a continual basis. Examples of APT attacks included phishing where websites are faked to get people to enter private information, email campaigns that cause people to download attachments that are malware, or websites that load malware when a person visits them.

Sentree Systems Corp. is a highly-qualified data security consulting company that works with small businesses in Indiana, serving Indianapolis and the surrounding areas including Avon, Carmel, Fishers, Plainfield, and Noblesville. Every business should assume they have either been attacked, are being attacked, or will be attacked. Fast detection and swift response are the small business owner’s only defense. Contact us today to learn more about these strategies at www.sentreesystems.com

 

See How Sentree Systems, Corp. can Help!!


Learn More!

Share

Posted in: Monthly Security Brief, Newsletter Topics, Pillar Post

Leave a Comment (1) →
Real Time Web Analytics