Hardware, software, malware, ransomware...so many wares, ware to begin?
“Outdated systems tend to be more vulnerable to attack,” Paul Bischoff, Editor of Comparitech, notes in a FierceTech article.
Updates and reboots and releases, oh my!
System updates are often neglected by organizations where an IT team isn’t enforcing such processes on a regular basis. Hardware and software can quickly become obsolete right under the nose of your team, causing unexpected issues, slowdowns, crashes or even cyber-attacks.
Another layer of complication arises when hardware that goes without updates is not supported by manufacturers, referred to as ‘end of life equipment’. If a malfunction does happen it will be difficult to get support from the company, you purchased said hardware from due to likely agreements around required updates.
A general technology best practice is to purchase maintenance for your switches, firewalls and servers whether they are in-house or through a third-party. A good rule-of-thumb is to evaluate the age of your hardware every three to five years.
Firmware, "a software program or set of instructions programmed on a hardware device...provides the necessary instructions for how the device communicates with the other computer hardware,” according to TechTerms, can also cause issues when version releases are not installed.
Check out ImagineHostingTM, your trusted data center partner.
At the individual user level system reboots are also necessary. Consider implementing a company policy around required reboots that occur at least once a month. Weekly reboots are preferable, if your busines allows users to do so.
Just one, or all these vulnerabilities combined, can easily be used to gain access to a company’s system, exposing sensitive data. When in doubt, update and stick to a regular maintenance plan!
Physical security, bodyguard not included.
When it comes to technology, physical security isn’t typically top-of-mind for the average user.
The location of servers, in relation to disaster recovery measures especially, may ring a bell, but what about placement of workstations?
A hacker attempting to infiltrate a system will go to any length to access data, including onsite snooping. Consider where monitors are facing and if your screen is visible through windows and to the eyes of outdoor onlookers. While a privacy screen is not always necessary, it is a viable option for offices with many ground-level windows. Pay attention to the position of your team’s offices and consider slight adjustments to placement of computer screens.
Twofold, user profiles can present a kink in the physical security armor if not properly configured. Regular timeouts, robust password configurations and frequent password changes are pertinent to enforce, preventing unwanted access to workstations. While the National Institute of Standards and Technology still recommends a minimum eight-character complex (mixed case, numbers, special characters) password length, longer (11-14 character) are strongly encouraged to significantly improve your security posture!
Users should be in the habit of locking their computers before leaving their desks, even for short window of time. Not only could sensitive information easily be viewed, but someone could also maliciously infiltrate the system under your credentials which makes you accountable for any damage done.
Private cloud or on premise, assure you're protected.
Data hosting is a daunting task, especially in the healthcare realm. Assuring PHI is totally secure puts pressure on practices and groups to regularly reevaluate their hosting situation and options.
Do you have unwavering faith in your current data center?
Assure these boxes are checked and your data center is more than just a physical home for your data:
- 99.9% uptime guarantee
Never lose time or deal with the frustration of system downtime.
- SOC II and PCI DSS certified
Healthcare and payment specific security certifications validate that proper protocols are in place.
- 24/7 monitoring
Whether it’s an internal IT team or a third-party constant watch is necessary.
- Disaster recovery
Servers should be geographically separate from your office in case of natural disaster.
- Daily backups and updates
Preventative maintenance is key to the lifeblood of your servers.
- Physical security
A guarded data center is a happy data center.