Risk Level: HIGH
Offsite and web enabled access from anywhere is creating significant security holes.
Type of Threat:
We are giving Authorized user access to almost everyone we work with, supplying corporate information or valuable data from anywhere on mobile devices, apps, or through public WIFI. The opportunity exists for countless bugs and virus to gain access, not to mention the risk of a loss of a mobile device with connectivity settings intact. It’s more common than you think!
Why this is so important:
Personal devices are not usually monitored, whether personal or company owned. This opens up huge risks to your secure data just from typical user behavior, which includes personal web surfing, pornography (viruses), torrents, movies, personal email, apps, software / malware and more. End users believe connections to the corporate are protected, but what is not clear is what else is watching and logging that activity. With no protection on the end-point it’s impossible to know how extensive the threat.
At risk employees:
Desktops and Laptops contain user logon information to what matters; Data, company drives, bank information, credit information, identity. It’s a risk just to have Authorized users accessing this info, but potentially ten-fold risk if they do it from home on their own PC’s or Laptops. Quite simply a simple USB insert of a kids homework paper can introduce all sorts of stuff on the PC.
How to mitigate:
Simple as it sounds, you need a usage policy that requires any device accessing the network to have on it policy enforcement both on the network and off, period. We can debate legal infringement all day, but it boils down to having the privilege to access company information remotely requires a security cost. DLP end points that enforce last known policy regardless of connection to the Internet is a must. Technical Recommendations – We recommend software that loads on each workstation and enforces policies of data-loss, internet access, usb usage, attachment scanning and more to be in effect at all times both on the corporate network and off. This becomes even more important for work remote employees and contractors. DLP end point is a simple and easy managed software that we recommend.
The Department of Health and Human Services known as HHS released even more safeguards for patients health information. The primary change is the Omnibus rule, which says any improper use will be considered a breach and would result in mandatory notification requirements. The omnibus rule also extends the requirements of HIPAA privacy to all business associates of physicians and all subcontractors doing business with physicians. The official deadline for the omnibus rule is March 26, 2013. Proper policies and technologies should be implemented immediately to ensure compliance. Some helpful technologies for HIPAA that BorderLAN Network Security supplies are:
- Email Encryption – Helps physicians communicate with contractors third-party medical facilities, hospitals, and even home healthcare practitioners about patients securely.
- Intelligent antivirus – enterprise level AV software to watch not only known threats but help prevent emerging threats and zero day attacks.
- Desktop security software – helps prevent leaks occurring from end-users loading of programs, malware knowingly or unknowingly.
- Bring your own device – enterprise server that can accept and remember guest connections to Wi-Fi, and ensure those devices are scanned according to policy before being allowed on the network.
- Proper web filtering – high-capacity servers that mitigate users web activity and help prevent web-based threats, downloads, Hotmail and other potential holes and breaches for HIPAA.
- USB prevention and data loss prevention – software that enforces security policies to end points both on networking off network.
See Products from BorderLAN http://borderlan.com/products/ for more information or Contact us
Protecting Those Who Need It Most
Kids come first — that’s the motto of the Children’s Memorial Hospital of Chicago, one of the nation’s leading pediatric facilities. Illinois’ only freestanding hospital exclusively for kids, Children’s Memorial Hospital is home to more than 1,100 pediatric experts in 70 specialities. It’s the training ground for the prestigious Feinberg School of Medicine of Northwestern University.
Since it first opened its doors in 1882, Children’s Memorial Hospital has provided top quality care to its patients while respecting their privacy. That tradition continues today, and the hospital has carefully put in place security measures to safeguard the personal health information (PHI) of those seeking medical assistance.
“Our patients and their families have put great trust in us,” said Ron Isbell, Information Security Administrator for Children’s Memorial Hospital. “We do everything we can to ensure their PHI remains private.”
Protecting sensitive data a priority
One of the security tools the Children’s Memorial Hospital has implemented is ZixCorp® Email Encryption Services. The hospital’s 7,000 employees can encrypt sensitive data to ensure compliance under the Health Insurance Portability and Accountability Act (HIPAA), as well as its own stringent security measures.
Another key reason Isbell chose ZixCorp was that it offered a simple yet powerful email encryption solution that he doesn’t have to manage internally. “I love the fact that it’s a turnkey service and a great one at that,” he said. “The whole process is easy—from installation and implementation to support and service. It’s extremely seamless and very well-managed. We have to do very little—ZixCorp takes care of it all.”
Archbold Medical Center is comprised of ﬁ ve hospitals and four nursing homes, with more than 800 beds in and around Thomasville, Georgia. In business for over 81 years, it employs more than 2,500 people and has a medical staﬀ of more than 200 qualiﬁed specialists.
Martin Slusher is the senior network administrator for Archbold, overseeing 2,500 PCs; 3,100 users and 180 servers across 60 locations.
Until April 2007 Martin’s group was using Symantec Enterprise Edition for antivirus protection. However he was soon on the lookout for a better solution, with a few objectives in mind:
- Find a more eﬀective antivirus
- Find a more cost eﬀective solution
- Resolve the complaints from network users about sluggish computers (most of them had new PCs, so he knew the current AV must be a resource hog)
“I ﬁrst heard about ESET from a local IT shop who mentioned it to me. I researched it and tested it at home before I brought it up to our CIO and other network administrators.”
Then Martin and his team evaluated other AV companies but decided not to move forward for various reasons, including price, sales people and installation help.
“Ultimately we decided to go with ESET NOD32 Antivirus Business Edition because of its ease of use and heuristics,” said Martin. “It found infections in our environment that had previously gone undetected. We were able to observe all of this with a 90-day trial copy.”
Archbold purchased ESET through a reseller – Classic Networking. “Classic oﬀ ers ‘Rip and Replace’ service that removes all versions of Symantec and installs ESET NOD32. This was a huge help considering we have a small IT staﬀ . These guys were great! They helped us create a group policy on Active Directory to run the custom script and then they gave us training on the product.”
gateProtect provides central security in the virtual network of the North Rhine-Westphalia association
The Johanniter-Unfall-Hilfe e.V. is part of the Protestant Order of St. John. It is involved in various social and charitable activities ranging from outpatient care for the elderly to working with children and young people to aid projects on an international scale. In Germany alone, the Johanniter-Unfall-Hilfe e.V. has around 8,500 permanent employees, more than twice as many volunteers and over a million members providing financial support.
The North Rhine-Westphalia regional association based in Cologne is one of the largest in the national Johanniter association. The organisation manages 15 of the total of 60 retirement homes throughout Germany and four of the fifteen Johanniter hospitals. There are also dozens of day nurseries for children, emergency services and domestic services such as Meals on Wheels.
Decentralising the use of central IT resources helps to cut costs and improve productivity. This applies particularly to sectors such as social services, which are growing quickly, but must withstand the huge pressure of rising costs. The North Rhine-Westphalia regional Johanniter association decided therefore to allow as many users from the branch offices as possible to access data and applications at headquarters in Cologne. As this is sensitive personal data, data protection was given the highest priority when the retirement homes and seven other sites were linked in via VPN. And, as the users also need Internet and e-mail communication, the firewall had to offer more functionality such as virus protection, spam protection and content/web filtering like a UTM solution.
The GPX 800 solution from gateProtect has been in operation successfully since 2003. Since then, the retirement homes and other sites have been connected by VPN to the central network and employees can use data and applications from headquarters. When senior regional association managers are on the road, they can also access the IT resources in Cologne, which is where most of the IT infrastructure is located. Approximately 50 users have access to core applications such as management software for outpatient care and homes, bookkeeping software, programmes for planning menus and excursions etc. The hardware – servers, desktop PCs, Notebooks etc. – is all supplied by Hewlett Packard. Only the head office has its own IT department; the other sites are supported by external IT administrators as required.