Hardware, software, malware, ransomware...so many wares, ware to begin?

“Outdated systems tend to be more vulnerable to attack,” Paul Bischoff, Editor of Comparitech, notes in a FierceTech article.

Updates and reboots and releases, oh my!

System updates are often neglected by organizations where an IT team isn’t enforcing such processes on a regular basis.  Hardware and software can quickly become obsolete right under the nose of your team, causing unexpected issues, slowdowns, crashes or even cyber-attacks.

healthcare data hosting solutions

 

Another layer of complication arises when hardware that goes without updates is not supported by manufacturers, referred to as ‘end of life equipment’.  If a malfunction does happen it will be difficult to get support from the company, you purchased said hardware from due to likely agreements around required updates.

A general technology best practice is to purchase maintenance for your switches, firewalls and servers whether they are in-house or through a third-party. A good rule-of-thumb is to evaluate the age of your hardware every three to five years.

Firmware, "a software program or set of instructions programmed on a hardware device...provides the necessary instructions for how the device communicates with the other computer hardware,” according to TechTerms, can also cause issues when version releases are not installed.

Check out ImagineHostingTM, your trusted data center partner.

At the individual user level system reboots are also necessary. Consider implementing a company policy around required reboots that occur at least once a month. Weekly reboots are preferable, if your busines allows users to do so.

Just one, or all these vulnerabilities combined, can easily be used to gain access to a company’s system, exposing sensitive data. When in doubt, update and stick to a regular maintenance plan!

Physical security, bodyguard not included.

When it comes to technology, physical security isn’t typically top-of-mind for the average user.

The location of servers, in relation to disaster recovery measures especially, may ring a bell, but what about placement of workstations?

A hacker attempting to infiltrate a system will go to any length to access data, including onsite snooping.  Consider where monitors are facing and if your screen is visible through windows and to the eyes of outdoor onlookers.  While a privacy screen is not always necessary, it is a viable option for offices with many ground-level windows. Pay attention to the position of your team’s offices and consider slight adjustments to placement of computer screens.

Twofold, user profiles can present a kink in the physical security armor if not properly configured.  Regular timeouts, robust password configurations and frequent password changes are pertinent to enforce, preventing unwanted access to workstations. While the National Institute of Standards and Technology still recommends a minimum eight-character complex (mixed case, numbers, special characters) password length, longer (11-14 character) are strongly encouraged to significantly improve your security posture!

Users should be in the habit of locking their computers before leaving their desks, even for short window of time.  Not only could sensitive information easily be viewed, but someone could also maliciously infiltrate the system under your credentials which makes you accountable for any damage done.

Private cloud or on premise, assure you're protected.

Data hosting is a daunting task, especially in the healthcare realm.  Assuring PHI is totally secure puts pressure on practices and groups to regularly reevaluate their hosting situation and options.

Do you have unwavering faith in your current data center?

Assure these boxes are checked and your data center is more than just a physical home for your data:

  • 99.9% uptime guarantee

Never lose time or deal with the frustration of system downtime.

  • SOC II and PCI DSS certified

Healthcare and payment specific security certifications validate that proper protocols are in place.

  • 24/7 monitoring

Whether it’s an internal IT team or a third-party constant watch is necessary.

  • Disaster recovery

Servers should be geographically separate from your office in case of natural disaster.

  • Daily backups and updates

Preventative maintenance is key to the lifeblood of your servers.

  • Physical security

A guarded data center is a happy data center.

Author

Anthony Brown

Tony leads the Information Technology and Security Teams to facilitate the success of our clients and the enterprise through technology. His team has responsibility for providing consultative infrastructure support to those clients using our products on-premises, our data centers supporting our hosted clients, and enterprise infrastructure and solutions, in addition to cyber and physical security. He brings 40+ years of deep and varied technology experience, having spent over 30 of those years with some of the largest RCM organizations in the USA leading technology, privacy, security, and operations. He is a Certified Computing Professional and holds degrees from Delta College and Northwood University in Computer Information Management.