Healthcare IT Blog
Insights on advancing the business of care
Cyber Security – What Should I Really Be Afraid Of?
Sorting out the vendor narrative from reality.
If you have waded through the vendor ads in your email lately, you probably feel like there is nothing in technology that you shouldn’t be afraid of. You’ve seen them all: internal threats, email threats, online banking threats, application threats… and you may feel like they are ready to pounce at any moment.
While all of these threats are legitimate, and can cause a significant amount of damage, there is no need to panic. While vendors focus on the magnitude and potential damage caused by daily attacks, we will focus on the foundations of cybersecurity, and avoid the drama in the advertising.
Knowledge is power
The first step in any endeavor is getting the facts and honing your knowledge. Here are some of the key terms to become familiar with:
- Cybersecurity is a term much bandied about, but it can be boiled down to this: use appropriate tools to protect your computer devices, your network, and your data from abuse. Those tools should include monitoring agents, encryption, backups, and filtering.
- An attack vector is any place where your technology is vulnerable. Think of it as a weakness in your digital armor.
- Threat – anything (malicious or benign) that could cause a failure or loss within your digital world.
- Malware is malicious software. It comes in many varieties: viruses, Trojans, redirectors, macros, etc.
- Defense-in-Depth is a strategy to layer digital protection so that there is no single-point of failure in a digital environment. It is akin to having an outer castle wall, then a moat, then an inner bailey to protect your castle – if there is a breach in the outer defense, there are still layers to protect your data and systems.
Email and email attachments have been the universal venue for delivering malware, which is at the heart of many attacks. According to the FBI’s 2019 Internet Crime Report, BEC (Business Email Compromises) account for more than 26% of cyber security breaches and recently have shifted to payroll and HR targeting.
Malware, Spyware, Adware – these are the code/programs that worm their way into your computer system and network, doing terrible damage. Malware can be introduced into a network as an email attachment, a flash drive file, transported in the macro of a spreadsheet, or downloaded from a website.
Eavesdropping covers a range of attacks where the bad guys ‘listen’ to your communications. When network communications like email, shared files, patient data, account information, and browser connections are made in plain text, it is like saying your Social Security number out loud in a crowded room.
Browsers, websites, pop-ups – oh, my! Just like malicious programs, malicious URLs (websites) can carry bad code. Instead of sending malware to your computer, the bad guys are inviting your computer to a malicious website and downloading the malicious programs there.
Privilege escalation is when a user account achieves more rights than it was intended to have. Since attacks are almost always multi-step endeavors, a malware file must not just download but must be able to execute as a high-level user (admin).
The importance of patching and updating every system on a network cannot be overestimated! Approximately 60% of data breaches in 2019 were successful because of missing patches and updates.
Real Cyber Security Solutions
Do not be afraid of email – it is still a fundamental part of our communication. Instead, invest in a well respected email filtering service, like Barracuda. The right service will scan email to verify the sender, block spam, check the attachments for malware, and encrypt your email – so that eavesdroppers can’t invade your privacy.
Invest in strong edge devices – firewalls and other gateway systems are your first line of defense. These should sit at every point where your network can be accessed by the Internet and should be configured with data security in mind.
Ensure that every computer on your network has a strong antivirus/anti-malware (A/V) agent installed. This is the second layer of defense for email filtering – if any malware were to breach your email gateway, then it would be stopped by the A/V. Anti-virus tools have evolved to include behavior monitoring, ransomware prevention, URL blocking, etc., so they provide a lot of bang for the buck.
Employ encryption for any digital traffic that enters or leaves your internal network. Emails, file sharing, backups, and remote connections should have strong encryption to keep eavesdroppers from being able to ‘listen’ to your communication.
Monitoring all computers in business is a must, but there should also be monitoring of your Active Directory, where user accounts reside. If an account assumes greater privileges, then a monitor’s alert function can notify an administrator immediately, before serious damage can be done.
A comprehensive security solution must include backups, with at least one off-site repository. In case of a successful breach, backups can be used to restore files and data – and in extreme cases, image backups can be used to restore an entire system.
The most successful solutions begin with a true understanding of your current situation. This is the baseline posture of a practice, organization, or business, and it allows you to determine what steps need to be taken to reach a stronger state of cybersecurity. Although vendors may be ‘strongly advising’ you to submit your network to an intrusive one-time analysis, this falls short of real business security growth.
Alignment is a better option to achieve the best defensive cybersecurity stance. With alignment, a network is analyzed constantly, while it is in use. Each part of the network infrastructure is monitored within normal production which allows system administrators to tune it for both security and efficiency.
Alignment is a long-term strategy that addresses all the components of a network, to provide security solutions for every part – rather than just a single attack vector. Alignment also works to secure the spaces between the segments of a network – like strengthening the security of the remote connections between work from home staff and the internal network resources.
In an alignment environment, there is centralized management of all of the monitoring and alerts, so that patterns can be identified and addressed. Administrators can note, at a glance, that an email filter flagged malware and the firewall alerted a dangerous website – and can work to align a stronger firewall ruleset. Or an admin will see an unusual amount of out-going traffic after business hours and be able to block egress traffic to prevent data leaks. In short, alignment is a holistic approach to system and network security, that is neither vendor nor platform-specific, and it provides security in easy-to-implement steps.
So, what should I really be afraid of?
Nothing! Rather, be aware of the risks that your practice faces, and meet them head-on. Now that you have some more information, use it to defend your business castle. If the advertising that vendors have been pushing out has left you feeling wary, then take a step back and begin with the foundations: strong firewalls, good email filtering, powerful A/V, constant (and consistent) monitoring, encryption, timely patching, backups, and alignment.
For more information on IT efficiency for your medical practice, visit peaketechnology.com or call us at 866.37.PEAKE. Our team of Healthcare IT experts have perfected the PEAKE process to ensure our clients maintain seamless support from their technology and reliable technical support from our helpdesk.
by Elisabeth Happel
January 20, 2021
Maintenance Op Specialist
How can we partner with you?
Call 866.357.3253 to speak with a PEAKE Solutions Representative about partnering with PEAKE for your IT Support needs.