news Archives - ISG Technology

Posts

3-2-1 Backup Rules Best Practices

November 4, 2016/in Blog, Cloud Hosting, Continuity, Storage /by ISG Technology

Companies that backup to tape as their offsite backup often aren’t aware of what recovering from tape looks like until they unfortunately have to live through it. Depending on the nature of the failure and the extent of the data involved, that type of recovery can take days to restore “business as usual” functionality.

What Backup Is… and What It Isn’t

Data backups are critical for data protection and recovery, but they should not be a substitute for other important parts of your IT strategy:

Backup is for data protection and targeted item recovery:
It is not for archive. Archives ideally will be indexed for search, have a managed retention policy, and will be stored on less expensive storage mediums.
It is not for disaster recovery. It is nearly impossible to test a full environment recovery scenario when relying on this method. It will often require 100% more equipment overhead to have the empty equipment in standby, equipment not providing any usefulness or return on investment
It is not a failover solution. Recovery times with this method should be measured in weeks, not hours.

Snapshots are not backup:

Snapshots can be used as one part of a backup strategy, but provide no protection on their own in scenarios where the storage devices have failed or are no longer available
Snapshots are usually not very granular and are commonly the recovery method of last resort
Snapshots are not disaster recovery on their own, only a part of a comprehensive plan

The untested data recovery plan is both useless and a waste of time to create:

Make time for testing, it will always be worth it.
Do not let the single point of failure be a human, involve many members of the team in the process so that when the time comes to execute your plan it does not have to wait for the only one who knows how.

The presidential debate and the future of American cybersecurity

September 28, 2016/in Blog, Continuity, Security /by ISG Technology

Cybersecurity is becoming less of an individual problem and more of an issue that entire states need to deal with. Due to the importance of this issue, both presidential candidates were asked in the recent debate to discuss the current state of cybersecurity within the U.S. as well as what they plan to do when they get into the Oval Office. Their responses – as well as their previous actions – could very well foretell the future of America’s cybersecurity efforts.

Both candidates need to study up

During the debate, moderator Lester Holt asked the candidates about their opinions concerning the current state of U.S. cybersecurity. Hillary Clinton was quick to jump on Russia as a major antagonist. In fact, she went so far as to blame Putin himself for the hack levied against the Democratic National Convention. She also took a very hard line against anyone considering a cyberattack against America, saying that the U.S. would not “sit idly by” and allow foreign entities to breach private American data.

That said, Clinton has certainly had trouble with cybersecurity in the past. She set up her own private email server against State Department regulations, which was eventually compromised by a hacker.

Donald Trump was also adamant that America needs to improve its defenses, although his response was slightly different. As Government Technology’s Eyragon Eidam pointed out, Trump brought up the uncertainty of cyberattacks like the one that befell the DNC. When discussing this attack, the candidate said it could have been anyone from Russia to Iran or even “somebody sitting on their bed that weighs 400 pounds.”

While it’s certainly true that America’s enemies are no longer visible on a map, broadly painting hackers as obese people downplays the importance of this issue.

New federal CISO’s job hangs in the balance

Although both of the candidates will continue to duke it out, the current president has decided to take action. President Obama has created the position of federal chief information security officer, and he’s appointed retired Brigadier General Gregory J. Touhill to the post. Touhill has more than 30 years of experience in the U.S. military, much of which was spent within IT. He’s also been awarded the Bronze Star Medal, according to his biography on the Air Force’s website. This position is meant to come up with a uniform cybersecurity plan for federal government organizations.

“The federal CISO is an appointed position.”

While it’s certainly good to see the White House attempting to tackle the widespread security problems present across the government, the federal CISO is an appointed position. This means the current president is allowed to choose who can fulfill the role, which puts Touhill in a tenuous position. The next president will enter office on January 20, 2017, which means Touhill has around four months to implement some changes.

Whether the next president keeps Touhill will depend entirely on who wins. If Trump is voted into office, he’ll most likely want a fresh slate and appoint his own CISO. There’s a good chance that Clinton will do the same – however, she’s probably Touhill’s only hope at job security. He’ll have to make some huge leaps in the next few months if he hopes to impress.

Could a network assessment have saved Southwest from major downtime?

September 23, 2016/in Blog, Continuity, Networking, Other Industries /by ISG Technology

Southwest Airlines has been having a pretty turbulent few weeks. First, starting on July 20, the organization had one of the largest IT outages ever to affect a major airline. Now, two unions associated with the company are demanding that CEO Gary Kelly step down or be fired, according to David Koenig of The Tribune of San Luis Obispo.

Although it was originally estimated that the downtime cost as little as $5 million, one Southwest representative stated that it’s most likely going to be “into the tens of millions.” With so much money being lost to a technical failure, the question remains: How did this happen, and was it preventable?

One router started all the trouble

Koenig reported that all of these IT issues stemmed from a single router. Basically, this piece of equipment failed in an unpredictable way, which eventually led to other systems being knocked offline. Southwest is keeping specific details about this undisclosed, but the scale of this particular outage suggests that the network associated with this router was not properly set up.

“Companies need multiple points of failure to accommodate for a singular outage.”

As their name implies, these devices route information to their intended destinations. Data generally is bounced between multiple locations before arriving where it’s being sent. Generally, this means you have multiple points of failure to accommodate for a singular outage. If it’s true that one router’s downing caused this event, then Southwest most likely had a poorly engineered network. FlightStats stated that around 8,000 flights were affected in this incident, and a single router simply should not have the ability to affect that many planes.

The conclusion to be made here is that Southwest should have tested its network more rigorously. Network assessments are incredibly important in order to determine weak points within a particular IT system, such as how one router could be made accountable for thousands of flights. Simple tests such as these could have easily uncovered this point of failure, allowing Southwest to take actions to mitigate the risks of such a catastrophic outage.

Network assessments can prevent more than downtime

Although downtime is certainly something businesses should work to avoid, it isn’t the only problem that network assessments can unveil. These tests also help companies determine their preparedness in terms of cybersecurity. Perhaps the best recent example of this is the massive heist levied against Bangladesh Bank.

At its most basic, hackers gained access to a global banking system and basically tricked financial institutions into sending money to fraudulent accounts. When all was said and done, the criminals involved in this got away with $81 million, according to Serajul Quadir of Reuters. After some investigation, it was discovered that the bank was relying on $10 network switches for the banking system. On top of that, Bangladesh Bank had no firewall protecting private financial data.

This is one of the biggest heists in history.

IT companies are generally surprised to hear when small businesses don’t have firewalls, so the thought of a multi-billion dollar corporation lacking these most basic of cybersecurity tools is simply mind-boggling. To top this off, the heist could have been so much worse. The criminals were originally trying to get closer to $1 billion dollars, but their plans were foiled when they accidentally misspelled the name of a financial institution.

Simple mistakes such as those made by Bangladesh Bank are exactly what network assessments are designed to catch. IT employees at these organizations often need to focus on keeping systems running, and cybersecurity can sometimes take a backseat. As this incident shows, this can often have disastrous results, and companies need to be aware of the consequences of letting something like this go under the radar.

Let ISG Technology help preserve your company’s image

Clearly, missing even the smallest detail in your network’s setup could seriously affect both your company’s finances and its client-facing image. No one wants to put their money in a bank that can’t keep it safe, and consumers certainly don’t want to spend money on an airline that has a history of leaving passengers stranded. As such, it might be time to have your company’s IT infrastructure checked out by an experienced professional.

ISG Technology’s experts have spent years investigating and solving some of the most complex network problems out there, and we can help make sure your company’s name isn’t dragged through the mud. If you’d like to find out how you can benefit from a free consultation, contact one of our representatives today.

How can your company benefit from hyperconvergence?

September 22, 2016/in Blog, Cloud Hosting, Professional Services, Storage /by ISG Technology

Computing resources are very often mismanaged within the business world. Considering just under one-third of all servers haven’t processed data within the last six months, it’s clear that there are a lot of inefficiencies within enterprise IT. This kind of ineffective model is exactly what hyperconvergence is meant to solve.

Combining all computing, storage and other IT resources into a singular device is allowing companies to get more creative with their technology solutions. To that end, let’s take a peek at what the average organization can get out of hyperconvergence:

Simplify IT operations

One of the great benefits of hyperconvergence is that it helps IT employees immensely cut down on the number of individualized resources they need to deal with. A hyperconverged infrastructure allows workers the unique opportunity of handling all of these components through a centralized platform. This increases efficiency and enables staff members the ability to treat IT resources as if they were a singular system.

Scale up efficiently

Another great advantage of working in a hyperconverged environment is the fact that these systems can be very easily scaled up or down according to a company’s needs or desires. Organizations need to be constantly growing and innovating in order to continue operations, and scaling up IT needs is simply a requirement of modern business. Due to the fact that hyperconverged infrastructure growth simply requires the acquisition of new nodes, the employees can rest assured they’ll have the resources they need to get the job done.

“Hyperconverged systems can be very easily scaled up or down.”

What’s more, companies from all over the world are seeing just how easy it is to grow under a hyperconverged model. A study conducted by ActualTech Media found that 42 percent of IT workers thought it was easier to scale up within their hyperconverged infrastructure than it was to do so in other IT schemes.

It would appear that many within the business technology community don’t know about this benefit. The same study also found that only 6 percent of respondents stated that scalability was a driving force behind the switch to hyperconvergence. Clearly, this topic needs to reach a wider audience.

This is of course only a taste of what a hyperconverged infrastructure can give to the modern business. That said, this technology has far-reaching implications for many organizations, and its benefits should be carefully studied by those wishing to increase efficiency.

Data dilemma: Where does police body camera footage go?

September 21, 2016/in Blog, Government, Professional Services, Security, Storage /by ISG Technology

As recording technologies get smaller and cheaper, giving police officers cameras to wear on their bodies at all times is quickly becoming a reality. These devices have incredible implications, both for average citizens and for officers, as they allow the courts to cut through all the drama and hearsay in order to get to the truth of what exactly happened. That said, there are a few obstacles standing in the way of widespread body camera deployment.

One of the biggest issues currently facing departments wishing to bring these gadgets to the field is the storage of the video itself. Having a camera running at all times during an officer’s shift creates a lot of footage, and simply deleting this because “nothing happened” isn’t an option. After all, an officer could have recorded something of import without even noticing it. So how extensive is this storage problem, and what can police departments do to ease such a transition?

How much data can a police department generate?

Before delving into the more nuanced discussions of data storage, it’s vital to first understand exactly how much data the average police station can create. Each department will obviously have its own special needs, but a good place to start is the analysis of the Chula Vista, California, police department’s data storage given by Lieutenant Vern Sallee in Police Chief Magazine.

Sallee stated that his station had 200 sworn police officers that were using body cameras in their daily rounds. After playing around with their current setup, Sallee’s department found that a 30-minute video demands around 800 MB of storage. Accounting for all officers with cameras, Chula Vista could generate around 33 TB of data annually. To put this in perspective, Sallee stated that this is roughly the same size as 17 million photographs.

Again, it’s important to remember that this is a rough estimate for a single town. Chula Vista has just over 265,000 citizens, making it larger than the average American city. That said, such a population pales in comparison to the 8.5 million people living in New York City, and implementing a police body camera initiative in this kind of metropolis would be a whole different ball game. What’s more, these larger cities are the ones that need body cameras the most, as they generally have more violent crime requiring forceful police intervention. Clearly, simply finding a place to put all this data is going to be a challenge.

Privacy and security are huge concerns

Another major concern with these body cameras is the privacy of the people involved in the recordings. As stated, departments can’t delete a video until they are absolutely sure that nothing on it could possibly be useful in the future. This means that the actions of a lot of innocent people are going to be recorded and stored, and this has certain civil rights groups worried.

In fact, a coalition of the National Association for the Advancement of Colored People and the American Civil Liberties Union presented some guidelines to legislators in 2015 attempting to govern how these recordings are treated. The group wanted to prevent an overreaching use of facial recognition software, as well as ensure officers were only allowed to watch their videos from the day after filing a report, according to CNN.

“Police officers have the right to discuss personal matters without being listened to.”

On top of that, it’s important to remember that police officers have rights, too. These men and women will be recorded at all times during their shift, which means any private conversations they’ve had with their partners could easily be viewed by a third party. These people have the right to discuss personal matters without being listened to after the fact, and officers shouldn’t live in fear that their superiors will eavesdrop on some conversation that they don’t agree with.

Finally, and perhaps most importantly, all of this is for naught if police departments can’t keep the video files secure. A malicious individual or group could do a lot of damage with the ability to map out an officer’s day-to-day duties, and departments must therefore do everything in their power to ensure these criminals are kept at bay.

Partnering with the right company is crucial

Clearly, there are a lot of challenges to overcome when implementing a body camera initiative. That said, the pros definitely outweigh the cons if police administrators are willing to find the right partner for the job. Any officials looking for a company to assist them in their transition should definitely check out the data storage services offered by ISG Technology. We have years of experience storing information for companies from all kinds of industries, and we pride ourselves on our ability to keep our clients’ data safe. Contact us today and find out what an ISG Technology solution can do for your department.

What does an ISG network assessment look like?

September 21, 2016/in Blog, Professional Services, Security /by ISG Technology

Business technology has become incredibly complex in the past few years. Companies often fall victim to their own success, growing so quickly that the IT department can’t keep up. This can often lead to the network infrastructure being put on the back burner while employees work daily just to keep operations afloat.

Organizations often don’t have the time or expertise to evaluate their own infrastructure, which is why ISG Technology offers comprehensive network assessments. But what do one of these examinations look like, and what can companies get out of them? Let’s take a look:

“No two companies are going to have the same needs.”

What’s the first step?

The problem with laying out a first step for such a complex process is the fact that no two companies are going to have the same needs. A network assessment could mean checking the local compute environment, but it could also have to do with looking at a business’s circuit load. One section of the assessment could be as simple as determining whether or not a physical system has single points of failure.

This is why ISG recommends that companies that come to us looking for a network assessment should first determine what their end goals are. Administrators may not be able to completely vocalize what they need, but they should at least have an idea of what they’re after. Basically, the point of this exercise is to get the organization from its current state to its future state. If we know what a company’s intended future state is, we can recommend clear and decisive actions officials should take in order to get there.

What kinds of issues does the average company run into?

Although each organization is going to have its own unique situation, there are some pretty common problems that our engineers run into on a regular basis. One of the most apparent has to do with mobile devices and their use for work purposes. The Pew Research Center found that just under 70 percent of American adults currently own a smartphone, which means a majority of office workers currently have such a device in their pockets at all times.

Due to the advanced capabilities of these devices, workers are increasingly using their smartphones to access company data. The problem with this is that these employees very rarely take any measures to protect their phones. An infographic from Consumer Reports found that 34 percent of smartphone owners didn’t take any sort of security measures with their phones, and that’s including a screen lock with a four-digit password. Therefore, companies that aren’t taking proactive steps to secure private data from stolen or lost phones are at significant risk of a data breach.

Another major issue we often see is businesses not controlling network physical access in the right way. Many companies are now relying on voice-over-Internet-protocol technology, which allows workers to speak to clients via the Internet. It’s an amazing technology with multiple uses, but IP phones can also be an access point for criminals. These devices require a cable connection in order to get on the Internet. This means that anyone with the ability to get into the office could potentially plug a laptop into one of these cords and instantly access the entire network.

Cybercriminals often break into offices to steal data.

This is of course a very specific example, but it shows that companies often aren’t thinking of network security correctly. The reality of the situation is that hackers really don’t care how they gain access to a business’s information. Whether it’s by stealing an employee’s phone or dressing up as a janitor to plug into the network after hours, a criminal with enough initiative will find whatever holes exist in current security standards and exploit them.

ISG has the experience needed to do the job right

An ISG network assessment has one major component that sets us apart from other companies: experience. The average ISG engineer has been with the company for eight or nine years, which means they know our network assessment playbook backward and forward. They’ve seen all the classic mistakes – as well as some unconventional ones – and they know what the modern business needs to solve these problems.

When you work with ISG, you can rest assured that you’re dealing with some of the most experienced professionals in the field. If you’d like to see what this wealth of knowledge can do for you, contact an ISG network expert and set up your free IT infrastructure assessment today.

What can health care get out of data mining?

September 21, 2016/in Blog, Healthcare, Professional Services /by ISG Technology

Data is being created and stored at a rate unparalleled by any other time in human history. As such, the analysis of this information in order to discover trends has never been as important as it is now. This is especially true within health care, an industry that quite literally deals with life-or-death situations on a daily basis. Mining the data created by both patients and medical professionals has major implications for the field.

With that said, what can health care facilities get out of data mining, and what challenges stand in the way of this trend?

Efficiency while still being effective

As with most other industries, the main benefits of proper data mining are increases in both efficiency and client satisfaction. Knowing how consumers act and what they do can help employees better service them, while also decreasing time spent in areas that aren’t as productive. In health care, a good example of this is the mining of Medicaid data by the Wyoming Department of Health.

Officials from this agency decided that they were spending too much money on certain payments, and worked with Xerox to properly analyze the information they had been collecting for some time. This mining proved fruitful in many areas, but the most important one was emergency room visits. The analysis revealed that there was a sizeable portion of Medicaid patients that were going to the ER more than 10 times per year, according to Healthcare IT News contributor Erin McCann.

ER doctors are very busy and don't have time to deal with repeat visitors.

Two or three trips to the ER is just a bad year, but more than 10 visits means that something has gone wrong. This prompted Wyoming Medicaid employees to call these patients, verifying their status and taking steps to increase their level of personal care at home. The state also instituted a 24/7 nurse hotline to allow Medicaid patients to call in for medical help rather than going to the hospital. This enabled Wyoming to lower the costs of Medicaid ER visits by more than 20 percent, showing just how effective proper health care data mining can be.

The human element is the main disadvantage

“One of the biggest snags data mining has run into is human error.”

As it always is with technological innovations, one of the biggest snags data mining has run into is human error. Something as simple as accidentally including an extra data set due to sleep deprivation can have a major impact on the usefulness of the analysis. In fact, this problem is so apparent that an entire scientific paper sponsored by the Systems, Man, and Cybernetics Society was written on the subject.

The report – which was co-authored by Cheng-Jhe Lin, Changxu Wu and Wanpracha A. Chaovalitwongse – stated that researchers wishing to do away with human error must take a two-pronged approach. First, officials must take a top-down approach for implementing behavior modeling. These administrators must show employees what is expected of them if they ever hope to properly mine data. After this, analysts must take a bottom-up approach in order to determine who is making the most errors, as well as how many mistakes each person will most likely make in the future.

Data mining may have some hurdles to overcome in terms of human error, but this certainly won’t stop the process from continuing to work its way into health care. The medical industry is all about efficiency, and proper analysis of big data sets can help doctors and nurses improve patient care. What’s more, as the Wyoming Medicaid example shows, data mining can also help administrators determine where resources and time are being wasted, therefore giving them the ability to make changes to improve overall productivity.

Office 365 and the value of cloud-based solutions

September 16, 2016/in Blog, Cloud Hosting, Professional Services, Security /by ISG Technology

Microsoft’s Office 365 has made a huge splash within business IT. In fact, a study from security firm Bitglass found the service to hold 25.2 percent of the enterprise market in 2015, which was a 300 percent increase over the previous year. This even beat out Google Apps, hoisting Office 365 above the competition and showing just how valuable this solution is.

That said, many organizations are hesitant to make the switch to cloud-based platforms for a number of reasons. To that end, we’d like to dispel some rumors about Office 365 and get to the heart of what makes this service great.

Cloud-based solutions make sense for multiple verticals

“The cloud’s many advantages simply cannot be ignored.”

The cloud’s many advantages simply cannot be ignored at this point. The technology’s ability to increase innovation and flexibility while also keeping costs low is an incredibly central part of its selling point. In fact, Matthew McClelland of Blue Cross and Blue Shield of North Carolina has stated that these exact reasons were the drivers behind his organization’s switch to Office 365.

“We were often stuck in the old way of doing IT,” said McClelland, who is the manager of the information governance office at BCBSNC. “Slow waterfall-style projects that took a lot of time to roll stuff out. When you add up the cost of everyone’s time, impact to our operations, the impact on the day-to-day work of users, it’s expensive.”

Of course, health care isn’t the only sector seeing the benefits of cloud-based solutions like Office 365. Fortune quoted Curt Kolcun of Microsoft as saying that the number of Microsoft Cloud for Government users is around 5.2 million, which includes Office 365 as well as other cloud services.

Regulatory compliance is a must

Of course, many sectors have more to worry about than cost and flexibility. Regulatory standards, such as those imposed by the Health Insurance Portability and Accountability Act, come down hard on institutions that can’t follow the rules. In fact, a violation of HIPAA carries a maximum annual penalty of $1.5 million.

Again, this is where Office 365 shines. McClelland also reported that HIPAA used to be a “hurdle” for medical cloud migrations. However, Office 365 is now HIPAA-compliant, ensuring McClelland’s organization stays on the right side of the law.

ISG Technology can help with your transition

While Office 365 clearly has many benefits for all kinds of institutions, making the transition can sometimes be difficult. To that end, it makes sense to partner with an experienced company that knows all about what a move to the cloud means for an organization. ISG Technology is more than happy to be that partner for you.

Our trained professionals have the experience necessary to help you navigate the tricky waters of transition, both in terms of overall cost and regulatory standards. We know how important this move is to you, and we’re here to help you every step of the way. Contact an ISG Technology representative today and find out what your organization can get out of Office 365.

Lessons learned from the Bangladesh Bank hack

May 11, 2016/in Blog, Cloud Hosting, Continuity, Finance, Security /by ISG Technology

Years ago, bank robberies were a very physical affair. Criminals donned ski masks and shot automatic weapons in the air, shouting for tellers to step away from the silent alarm buttons. That said, it would appear thieves have decided that this is just a little too much work. Hacking banks in order to steal money allows for the same reward without having to deal with a hostage negotiator.

In fact, the most recent cyberattack levied against Bangladesh Bank shows just how lucrative these schemes can be. The hackers involved in this scenario made away with around $81 million, which is more loot than any ski-masked thug could ever carry away. However, perhaps the most interesting part of this whole debacle is that this is nowhere near what the culprits originally intended to get. Investigators have discovered that the original plan was to take close to $1 billion when all was said and done, according to Ars Technica.

Unfortunately for the individuals involved, a simple typo wrecked what could have been the biggest criminal act of all time. A transaction meant for the Shalika Foundation was spelled as “Fandation,” which tipped employees off that something was afoot. Regardless, this is still a massive undertaking that demands intense review.

“Bangladesh Bank isn’t completely free of blame.”

How did they get in?

To understand how this whole scheme began, it’s important to comprehend how Bangladesh Bank sends and receives funds. Institutions like this rely on SWIFT software, which basically creates a private network between a large number of financial organizations. This lets them send money to each other without having to worry about hackers – or so the banks thought.

Gaining access to the transactions within this network was basically impossible, unless someone were to be able to compromise a bank’s internal IT systems. This is exactly what the criminals did.

However, Bangladesh Bank isn’t completely free of blame here. The only reason that hackers were able to gain entry was because the financial institution was relying on old second-hand switches that cost about $10 each. Considering how much was at stake, pinching pennies in such a crucial department seems incredibly irresponsible in hindsight. What’s more, the bank didn’t even have a firewall set up to keep intruders out.

Once hackers bypassed this low level of security, they were given free rein to do as they pleased. Accessing Bangladesh Bank’s network allowed them to move on to SWIFT, as the cheap switches didn’t keep these two separate. However, the really interesting part of this whole criminal act was how they took the money without anyone noticing.

Why weren’t they discovered sooner?

In order to make off with the cash, the criminals had to access a piece of software called Alliance Access. This is used to send money, which allowed the hackers to increase transactions in order to make a profit. However, Alliance Access also records transactions. This was a big problem for the thieves, as they couldn’t make money if someone knew they were stealing it.

To fix this, the hackers simply inserted malware that disrupted the software’s ability to properly regulate the money that was being moved. On top of that, this malicious code also modified confirmation messages about the transactions. This allowed the criminals to continue to operate in obscurity, racking up millions of dollars without anyone being the wiser. In fact, they would have gotten close to $1 billion if one of these altered reports didn’t have a spelling error.

A small error cost these hackers hundreds of millions.

However, understanding so much about how Bangladesh Bank’s system worked has pointed investigators to the notion that this was an inside job. In fact, The Hill reported that “people familiar with the matter” know that a major suspect is a person who works at the bank. No one has been named yet, but getting an employee in on the job certainly makes sense.

Network assessments are a must

Regardless of whether or not this turns out to be an inside job, the fact still remains that Bangladesh Bank was incredibly vulnerable to a hack like this. Relying on cheap network switches is bad enough, but not having any sort of firewall is a major hazard that modern institutions simply cannot allow.

This is why every company should consider receiving a network assessment from ISG Technology. Our skilled experts know how to spot glaring vulnerabilities such as these, and can suggest fixes to ensure the security of private data.

How ISG handles HIPAA compliance

May 10, 2016/in Blog, Cloud Hosting, Healthcare, Security, Storage /by ISG Technology

Health care data is heavily monitored in the U.S. The Health Insurance Portability and Accountability Act has very strict regulatory standards about how this kind of information can be handled. One wrong decision could result in some hefty fines, even if the person or organization didn’t know they were making a mistake. The American Medical Association has stated that even accidentally violating HIPAA could cost a medical facility up to $50,000 per violation.

Clearly, making a mistake when handling medical records isn’t an option, which is why ISG Technology works with health care providers to ensure they don’t stumble. But what exactly can ISG do for you?

“Accidentally violating HIPAA could cost a medical facility up to $50,000 per violation.”

Issues with security aren’t always apparent

The main advantage of partnering with ISG is that we can help you get ready for an actual HIPAA compliance audit by zeroing in on problems you might not even notice.

One of the main issues our engineers run into when assessing a hospital’s network is the fact that security credentials often aren’t taken as seriously as they should be. Basically, employees who only need to view certain kinds of data are often able to access information they shouldn’t be able to see. In an average hospital network, only about two or three employees should be given admin privileges. However, ISG experts often come into an assessment and find that 100 workers in a 700-user system will have domain admin accounts.

This is a problem because it creates a huge number of entry points for a hacker who can socially engineer her way into accessing one of these accounts. According to past experience recounted by security firm Social-Engineer, more than two-thirds of employees will provide a stranger with their information such as their birthday, Social Security number or their personal employee ID. A hacker could easily call into this hospital and use this information to trick a staff member into giving them login credentials to an admin account, thereby allowing the criminal free reign over a network.

Hackers use social engineering to get data.

ISG can help you fix these problems and pass an audit

HIPAA audits are extremely comprehensive, and getting a perfect score is next to impossible. In fact, as the above example shows, health care facilities often have numerous issues that they don’t even know about, which can decrease an organization’s standing if an auditor were to discover these problems.

ISG can help these facilities decrease the number of red flags to a manageable and reasonable number, thereby increasing the chances of passing an inspection. Health care data is extremely private, and ensuring its safety should be a top priority.