Luckily, the solution is equally simple: don’t abbreviate 2020.
The reason? Scammers could easily alter a date reading 1/1/20 to read 1/1/2000, 1/1/2021, or even 1/1/2099.
Ira Rheingold, the executive director of the National Association of Consumer Advocates, says scammers could use this method to attempt to cash an old check or establish an unpaid debt.
“Say you agreed to make payments beginning on 1/15/20. The bad guy could theoretically establish that you began owing your obligation on 1/15/2019, and try to collect additional monies,” Rheingold told USA Today.
“In the future, post-dating could be a problem too. For example, a check dated 1/1/20 could become 1/1/2021 next year, possibly making the uncashed check active again,” Rheingold says.
The solution, again, is simple: write out the full date. Instead of 1/18/20, use 1/18/2020 or January 18, 2020.
Want to know more about protecting your business from fraud? Call us at 678-389-6200 or contact us online.
If you don’t have proactive security measures in place to protect your IT network, it’s only a matter of time before it will be attacked. Enforce managed security is our unique 6 layered security approach that will ensure your business has the protection it needs to avoid a devastating data breach.
Enforce UTM – a fully managed perimeter security appliance that never goes out of warranty or end of life and is updated daily. The appliance is a full intrusion detection and prevention system that also offers bandwidth optimization, content management, and unlimited VPN connections – no extra licenses needed.
Patching Enforcement & Endpoint Security – Included in our Enable program, our utilities make sure system patching is automatically handled and provides a full featured endpoint security platform. Gives you access to our Help Desk.
DNS Security – this layer requires Layer 2 and monitors outbound browser destinations against a database of known “bad sites” to limit potential exposure when a user navigates to a bad link – intentionally or unintentionally.
Profile & Protect – Monitors machines relative to a template profile assigned to each user in order to calculate risk score. It essentially magnifies any weakness in the profile as the machine use drifts in and out of compliance so that action can be taken. This later includes Layers 2 & 3.
Detect & Respond – Monitors machines for suspicious behavior. The Security Operations Center (SOC) attempts to isolate, remediate, and lock down any issue before it spreads. In the event you get to the point of ransomware, should it slip through, recommendations will be made for recovery.
Penetration Testing – We do thorough security assessments, compliance-related testing, and then put all security measures to the ultimate test – Penetration Testing. Also known as ethical hacking, we think like the “bad guys” and attempt to access your servers as a hacker would. We’ll issue a report of our findings and recommendations to fix any vulnerabilities. Get details.
Most business owners think nothing will happen to their network. Until it does. Call us now at 678-389-6200 or contact us online.
If users in your organization use Google Chrome, there is a high chance that several of those systems are creating an opportunity for hackers to install malware. Google recently identified a major security flaw with its Chrome browser that impacts Windows, Mac, and Linux-based devices. Although Google has released a security patch to correct the security vulnerabilities, the patch fixes two separate problems.
One of the security vulnerabilities Google identified is Chrome’s audio component. The other vulnerability is tied to the browser’s PDF library. Both allow unwanted modifications or corruptions to memory data. This allows hackers to elevate privileges on the device or within applications installed on the device. If someone is able to gain administrative access to a system or software on a system, the individual could make unwanted changes or wreak havoc on the device’s operating system. There is also a high chance that a hacker could install malware or execute malicious code on the device.
The version of the browser that fixes the security issues is 78.03904.87. Although the Chrome browser may be configured to automatically update itself in the background upon launch, it is a good idea to manually check each device. The browser can be manually checked by selecting the Help menu and then “About Google Chrome.” If there is an update available, the browser will automatically search for it and find it. The browser’s version will also be displayed in the “About” section. If the listed version is 78.03904.87 or later, then the device has received the necessary security patch.
If there are problems with the browser updating, it may need to be removed from the system and reinstalled. Some organizations have an automatic process to uninstall and reinstall applications from the server once the devices connect to the organization’s network. Reports can be run to see which systems still have outdated versions and technicians should manually check those systems to diagnose why automatic updates are not going through.
A system that is not receiving automatic updates from Google Chrome may have other issues. Technicians should check for the following:
Is the anti-malware program up to date and running correctly?
Is the OS receiving approved updates and are these updates installing?
When was the last time the system pinged the network?
Has the system been restarted recently?
If the system has been disconnected from the organization’s network, how long has it been offline?
Has a malware scan recently been run? Were any malicious items identified and removed?
Are there are any suspicious executables or unauthorized programs installed?
Sometimes wiping a system and completely reinstalling the OS are the best courses of action. Signs that a device may be too infected, corrupted, or outdated include the presence of unauthorized or suspicious applications, more than 100 pending OS updates or a previous update date that is more than a month old, and an anti-malware program that will not update or run a scan correctly. Before wiping a system and reinstalled the OS, a technician should check for and back up any user data that may be installed on the device’s hard drive. However, the data should be carefully scanned for any malware infections prior to transferring it back onto the system.
Have questions about vulnerabilities within your system? Call us at 678-389-6200 or contact us online.
The U.S. Secret Service and the Cybersecurity & Infrastructure Security Agency, (both are under the oversight of The Department of Homeland Security) are offering their annual tips for staying secure online this holiday season. With U.S. retail e-commerce spending expected to top $135 billion this season, online criminals will be looking to take advantage of unprepared consumers and businesses alike.
Tips For The Consumer
Keep operating systems and antivirus software up-to-date.
Change passwords for online retailers regularly, and take advantage of multi-factor authentication if available.
Use credit cards online instead of debit cards – credit cards typically offer better fraud protection to the consumer.
Never shop online using public wifi.
Avoid opening attachments and clicking on links from senders you do not recognize.
When shopping from your phone, use only apps from trusted businesses, and only download apps from your device’s designated app store.
As always, if it’s too good to be true, it probably is.
For The Online Merchant Or Business
In addition to utilizing the above recommendations for the consumer, be sure to:
Segregate your payment system processing from other network applications such as email
and non-payment system related processes.
Use firewalls and properly configured and monitored intrusion prevention and/or detection system for added defense of your network.
Remote access into your network should be limited, secured and monitored for unusual activity.
Utilize Payment Card Industry Data Security Standards (PCI DSS) protocols for your online
transactions. This includes encrypting (SSL encryption) your customer’s payment card data whether it is being stored, processed or transmitted. In addition, verification of the cardholder’s address and requiring the Card Verification Value 2 (CVV2) code (3 or 4 digit number on the front or back of the card) can help authenticate the transaction and validate the cardholder and account.
Online holiday shopping is fun and convenient –– as long as you don’t put yourself or your business at risk! For more information about keeping your information secure, call us at 678-389-6200 or contact us online.
Neglecting to conduct a HIPAA risk assessment could cost you.
In the first week of November, the Office of Civil Rights (OCR) announced two big HIPAA penalties.
A $3 million settlement with the University of Rochester Medical Center for HIPAA violations in 2013 and 2017.
A $1.6 million civil penalty imposed against the Texas Health and Human Services Commission for HIPAA violations between 2013 and 2017.
In both cases, the organizations failed to perform an adequate risk assessment beforehand, according to the OCR’s parent department, the U.S. Department of Health and Human Services.
Failure To Comply Results In Big Penalties
The Texas Health and Human Services Commission is of particular interest. A data breach occurred when one or more employees moved an internal application from a private, secure server to a public one. The application included a security flaw and the ePHI (electronic protected health information) of more than 6,600 patients. When moved to a public server, the flaw exposed those records to the world.
The department responsible for the breach filed a report with OCR in 2015. This triggered an investigation, which revealed the organization also failed to:
Conduct an enterprise-wide risk analysis
Implement access and audit controls as required by HIPAA
These are costly, time-consuming, and embarrassing mistakes – and they erode trust with clients and patients. Luckily, an ounce of prevention goes a long way toward avoiding these violations.
Free HIPAA Risk Assessment Tool
OCR recently announced an update to its HIPAA Security Risk Assessment Tool. This tool is designed for small-to-medium sized businesses and is free to download.
It walks users through a series of modules and questions to help evaluate and document potential threats and vulnerabilities to ePHI in their organizations.
Users enter lists of important items, such as assets, vendors, and business associates. Items can be entered manually or uploaded via CSV.
A series of questions walk users through the process of identifying threats and vulnerabilities, scoring their likelihood of occurring, and their impact if they occurred.
A summary report provides risk scores, areas for review, and a total number of vulnerabilities identified as applicable to the organization.
The tool is worth a look – especially for smaller healthcare organizations and their IT providers.
One way or another, you must complete a security risk assessment to comply with HIPAA. For more information, call us at 678-389-6200 or contact us online.