tech blog header

Free Whitepaper

Follow Us

Your email:

Blog Topics

Current Articles | RSS Feed RSS Feed

4 Steps to Increased IT Security

IT Security, Compliance, IT Governance

IT Security is paramount to the uninterrupted running of network operations. Unfortunately, for many companies IT security means anti-virus or malware protection...and nothing else. It's easy to allow the news of hackers taking down mutil-billion dollar businesses with one calculated effort influence the security decisions your company makes. However offputting these scenarios are, remember that a strong IT posture is dependant on a multifacted approach to protecting your network. Here are four steps, that you can start today, to improve the overall IT security of your business.

Are There Hidden Benefits to IT Compliance?

it governance, compliance, pci compliance

Businesses today struggle more and more with IT compliance demands that are required of them from all areas. The fact of the matter is that these demanding regulations are here to stay. The bright side is that accomplishing compliance goals are relatively straightforward and once they have been implemented effectively, they contribute in enhancing and enabling the business in a big way.

IT Solutions for Compliance Timelines

IT governance and compliance

Businesses involved with the use or processing of credit card information must be sure that its systems are compliant with the payment card industry's data security standard (known as PCI Compliance).  This includes all companies that take credit cards as a form of payment.  When these companies begin to use IT solutions such as virtualization and cloud computing, remaining compliant with PCI DSS can become a much larger challenge. 

How to Derive Benefits From IT Compliance

IT Compliance and Governance

Businesses today struggle more and more with IT compliance demands that are required of them from all areas. The fact of the matter is that these demanding regulations are here to stay. The bright side is that accomplishing compliance goals are relatively straightforward and once they have been implemented effectively, they contribute in enhancing and enabling the business in a big way. The key is to understand what IT compliance can accomplish and how all its various areas can contribute to further enhancing and complementing business operations and reducing information related risks. The most notable benefits of having an IT governance strategy in place are not just to avoid fines and penalties but also to enhance and measure business performance.

7 Key Factors for Choosing the Best IT Governance Model

IT Governance and Compliance

At some point, your business may need to consider (or reconsider) an IT governance model. IT governance refers to a set of IT practices that align with your business strategies to ensure compliance and security.

Virtualization: Streamlining Compliance for Healthcare Providers

healthcare complianceHealthcare service providers have become more frequent targets of malware attacks in recent times. Why is this? Their databases possess valuable patient and client information, and are sometimes more vulnerable due to the volume of information stored in these databases. These files contain personal, financial, and other sensitive and private details that can be lucrative if stolen. This information is constantly transmitted in a variety of transactions, like email, making the data vulnerable to attack. When this information is stolen there can be significant legal and financial repercussions for the healthcare provider, which is why it is vital to keep all sensitive information secure.

To protect the privacy and integrity of this information, IT security administrators monitor systems for vulnerabilities, following HIPAA security compliance standards. When a system has a large number of devices to monitor, it provides more opportunity for intrusions to occur. Internal IT teams do their best, but manually auditing security processes may not be an adequate solution to the problem. It can take large amounts of time both to implement and then to maintain the measures to protect the organization adequately from viruses and other attacks. That is why many healthcare organizations decide to outsource in order to satisfy compliance standards. Outsourcing a business's security and streamlining the monitoring process also allows for a more effective and secure networked.

The first step for healthcare providers to become compliant is to ensure that their internal policies are in accordance with HIPAA standards. When these standards are followed, patient data is more likely to remain private and secure, and the healthcare provider is seen as a dependable, reliable, and trustworthy entity. To help maintain compliance, the use of virtualization can be a successful solution. 
Virtualization is the creation of a virtual (rather than physical) machine on an existing device, such as a hardware platform, operating system or storage device. Building a secure network and maintaining a vulnerability management program on fewer machines allows IT professionals to spend less time monitoring and maintaining the security of their devices. Through virtualization, a healthcare provider's IT department can efficiently:
  • Protect confidential data and critical IT systems, prevent loss of data, and automate an organization's compliance policies and processes
  • Develop solutions that increase a healthcare organization's business and IT agility
  • Automatically identify and protect databases and storage devices that contain sensitive and private data like social security numbers and credit card information
  • Create practical policies that ensure patient privacy
  • Secure IT systems while meeting compliance requirements

Implementing a virtualization solution for HIPAA or any other compliance can be time consuming for many organizations, especially those with limited resources. Outsourcing to an experienced IT provider can also help with the ongoing process of compliance by setting policies and making sure that they are followed by the organization as whole.

Failure to Comply: Why Breaches Occur due to Non-Compliance

frustration non-compliance

If your organization falls under any of the types of government compliance, it’s crucial that employees follow the proper protocol to be compliant with IT security policies. Executives designate the process of ensuring that compliance standards are followed to IT leaders generally. The IT department determines where there are compliance gaps and applies the necessary measures and policies. However, for these measures to work efficiently, everyone in the organization must follow them. Unfortunately, employee non-compliance with policies can happen and when it does, security breaches are possible.

Here are the top five causes of breaches due to non-compliance: 

  1. Employee exits: Employees often have access to sensitive information within an organization. When an employee leaves an organization, either voluntarily or otherwise, damage to confidential information can occur. Therefore, even when a trusted employee leaves, the same protocol must be followed – immediate removal of access to all areas of data, including networks, email, and company intranet. Though it may sound extreme, it’s better to be safe than sorry when critical information is at stake.
  2. Unintentional misuse of company data: While everyone wants to be helpful to both current clients and potential ones, sometimes that eagerness can have negative consequences. For example, providing confidential information to potential clients, vendors, or simply answering general inquiries can mean that sensitive data could be exposed. To ensure that sensitive data remains private, each department should regularly review security policies with its staff and encourage employees to ask when unsure.
  3. External attacks: Virus infiltration, spam, and other external attacks can easily threaten any area of a business and affect business continuity or access to data. Keeping a checklist of the tasks that need to be done to prevent against attacks, and also actions to take in the case of a successful attack, can help prevent or minimize intrusions.
  4. Insecure networks: Hackers seem to enjoy finding loopholes in networks and exploiting them in order to hinder a company's ability to function. In addition to attempting to prevent external attacks, an organization should constantly monitor its networks. Using server monitoring, an organization can understand the most likely areas for a breach to occur and proactively take measures to prevent one from happening.
  5. Phishing (Social Engineering): Brute force hacking isn’t the only way that hackers can access to networks. A special type of attack, called phishing, occurs when hackers send legitimate looking "emails" from someone in the network to employees, hoping that they will open them. This form of social engineering can allow access to a business's entire network through one click of an employee. By implementing specific email format standards, applying backend rules, and using virus scans, the number of phishing attacks that make it to the email stage can be dramatically reduced.

IT policies are only as good as the employees who follow them. Not following security policies can result in a severe loss of productivity, damage to an organization’s brand and reputation, and possible financial and legal repercussions. Aside from this accountability, implementing strong and customized solutions is paramount to the successful compliance and security of a business.

iCorps is a leader in IT and government compliance consulting, helping satisfy the unique IT needs of businesses in Boston, Philadelphia and New York. Don't let a breach due to non-compliance disrupt your business. Contact iCorps today for a free consultation, then read our whitepaper on data backup and disaster recovery.

Hacker News: Inside the Barnes & Noble Data Breach

Barnes and Noble

Hackers have stolen credit card information from 63 Barnes & Noble stores across the US, reported the New York Times yesterday.

How HIPAA and Email Encryption work together

Email Encryption

Healthcare is a necessary evil in most American's lives - if you're lucky enough to have it. With the possibility of manditory national healthcare on the horizon, it is imperative for IT departments and healthcare professionals alike to be aware of the link between HIPAA and email encryption.

Need for HIPAA

IT Compliance: SEC Guideline Changes for Cyber Disclosure

IT Governance and Compliance

The Securities and Exchange Commission, simply known as the SEC, has guidelines (also known as compliance standards) which tell companies when to divulge information on cyber attacks. This act is called Cyber Disclosure. Recently, the SEC has demanded that six high profile public companies divulge information regarding cyber breaches to their investors - Amazon Inc, Google Inc., Hartford Financial Services Group Inc., American International Group Inc., Eastman Chemical Co., and Quest Diagnostics Inc.

All Posts