search.noResults

search.searching

note.createNoteMessage

search.noResults

search.searching

orderForm.title

orderForm.productCode
orderForm.description
orderForm.quantity
orderForm.itemPrice
orderForm.price
orderForm.totalPrice
orderForm.deliveryDetails.billingAddress
orderForm.deliveryDetails.deliveryAddress
orderForm.noItems
A layered approach that uses diverse solutions from various providers will increase the likelihood of stopping the attack at one of the layers.”


—Daniel Marcellus, SkyPort IT Inc. ■■


the dynamic, the extent and speed of interaction and these failures. I always point out that technology automates processes, but if you have a dysfunctional process, “IT only makes a bad process run faster.”


Layer 2—24/7 System Monitoring The second layer of protection for your patients’ data and your busi- ness is an ongoing system moni- toring of your computer network. This includes keeping an eye on the operational status of internet- related systems and alerts from the local or cloud systems that “some- thing” has transpired. In addition to the importance of tracking system alerts, it is criti- cal to have a persistent and active method to monitor your system patches, security software and sig- nature controls. This includes mon- itoring the more well-known and accepted methods of network secu- rity such as applications for anti- virus, anti-spam and web filtering application control.


Layer 3—24/7 Patch Management and Remediation


The third layer of protection is Patch Management and Remediation.


A


common mistake many businesses make is to ignore the software patch- ing alerts that come from the oper- ating system or third-party software companies whose products you are using. These patching alerts should be attended to immediately for your net- work to operate safely and efficiently.


Layer 4—Expert Analysis The fourth layer of protection is hav- ing constant access to hands-on sup- port, whether remotely or onsite. There is nothing more frustrating for ASC staff than to have a computer or net- work issue emergency that needs to be tended to at the office and not being able to connect with IT support to help. Not only should a service provider be available by phone for general ques- tions and issue resolution, they also should have a technician available to come on-site for installations, special projects or consultations.


18 ASC FOCUS JANUARY 2018 |www.ascfocus.org


Layer 5—Social Engineering There are “canned” solutions to cover most of the layers needed to protect yourself. The one overlooked the most is the one where you are your own worst enemy. Training and testing your staff’s understanding of social engi- neering is essential to survival. Social engineering is one of the greatest threats that organizations encounter and refers to psychological manipulation of people into perform- ing actions or divulging confidential information. Social engineering can include technical attacks, non-techni- cal attacks or a combination of the two. Examples include:


■■ ■■


phishing attacks via email that lead to a ransomware situation,


a friendly voice on the phone who pretends to be your bank to verify your account information, or


someone pretending to be a tech- nician from your managed service provider arranging an on-site visit to work on your network, then boldly walking through the door and steal- ing valuable passwords and account information in person. All the technology in the world cannot stop an employee from trusting someone who is communicating electronically or in person with the sole purpose of pro- viding them with what they want. This is your last layer of defense and should be treated with the utmost care. The good news is that you can protect your busi- ness from social engineering by imple- menting a phishing testing and training program with your staff. Data security services providers use tools to assess your employees’ phishing tendencies through a simulated attack, train those who respond, and then, provide reports to monitor the progress of the re-educa- tion and reduction in responses to phish- ing attempts over time.


Leveling the Harsh Playing Field Considering that a hacker can come from anywhere in the world, we rec-


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34