We see many ads on TV about protecting our personal information. But what about protecting your business? Protecting your business is just as important. So treat your business like a modern-day castle. Review this Q&A for a quick education on how you can do it.

• How can my business be attacked?
• How do these attacks impact my organization?
• How can I protect our network from hackers?
• How can I build a wall for our 'castle'?
• How can I lock the gate of our 'castle'?
• How can I train staff to guard our 'castle'?
  
  

---

How can my business be attacked?

• Ransomware
• Hackers encrypt your files
• Work comes to a stop
• Potentially a permanent file loss
• Even if you pay, no guarantees

• Cyber email/extortion
• Very common as part of ransomware attacks now
• Steal your files and release them on the dark web if you don’t pay

• Access your computer system
  • Steal intellectual property or company secrets to sell to competitors
  • Gain access to your bank account; transfer funds
  • If you store/process confidential information, they can sell:
    • Financial – average $6/record
    • Medical – as much as $259/record

How do these attacks impact my organization?

• Ransom cost to recover data
• Competitor access to your company secrets
• Federal/State fines due to loss of confidential information
• Negative impact on the reputation of your company
• Criminal negligence charges from State governments

 

How can I protect our network from hackers?

Think of your organization like it’s a castle from the olden days. What would you need to protect your castle? A high wall, a locked gate, and armed guards inside might help?

 

How can I build a wall for our 'castle'?

• Modern and managed firewall
• Wi-Fi password changed regularly
• Separate guest and business Wi-Fi with different passwords
• Antivirus on your servers, laptops and desktops
• Email protection

 

How can I lock the gate of our 'castle'?

• Passwords
  • Require them, change them often
  • Employ multi-factor authorization (MFA)
• Physical security
  • Lock server and network equipment rooms
  • Encrypt computers/laptops in case of theft
• Appropriate access
  • Limit access to need to know
  • Extend minimum access necessary
• Data backups
  • Keep backups of your backups somewhere safe

 

How can I train staff to guard our 'castle'?  

• Provide ongoing training, not just for new employees.
• Conduct phishing awareness training and exercises
• Train staff on response to suspicious emails, websites, and computer behavior
• Prepare an incident response plan (IRP) in case you are a victim of an attack

If you need help protecting your castle, get in touch for an IT assessment today.

Are you a small or midsize business (SMB)? Most skilled nursing and senior living organizations find themselves in this category and like all other SMBs, cyber security should be a top concern given that 60% of companies impacted by cyber attacks go out of business. If that gets your attention, you'll be interested to see these related stats.

The onus is on business owners to create a culture of cyber security across the workforce. Make staff feel part of the team when it comes to blocking out attackers -- train them to recognize and avoid threats. Many companies now offer phishing resistance training, which is a great tool to have in your belt.

Lastly, we can't stress enough the importance of password management. It's estimated that 60% of employees use the same password across multiple work and home applications. Educate them on creating better ones, automate your password expiration policy and consider multi-factor authorizations (MFAs).

If you're feeling vulnerable, take our cyber security self-audit to see if you've got cyber security basics in place. If you've got weaknesses, we can help.

• IT Assessment Service
• Bait & Phish Employee Training
• primeCLOUD IT Service Suite

In an April 19 article, Ransomware ‘bull’s eye’ grows, clouding telehealth’s rise in long-term care, McKnight's Long-Care News recapped suggestions from Prime Care Tech's Mark Owens.

• Providers pursue a multipronged approach to data protection, with a "modern and managed firewall" with:
  
  • Geo-blocking to limit access to out-of-area attackers
  • Access that is restricted to specific users and departments
  • Backups that are stored on separate servers in different locations.

• Facilities require repeated employee training about IT security, keeping in mind the going rate for resale of medical records is about $250 per record.

---

Related resources:

• On-Demand Webinar: Want to Avoid Cyber Sharks? Swim with the School
• Cyber Security Audit: 10-Point Check
• Willis Towers Watson: Insurance Marketplace Realities 2021 Spring Update – Cyber risk
  
  

Long-term care cyber-attacks are on the rise. From single-location facilities to nationwide organizations, the long-term care industry is facing cyber threats like never before.

How can you keep your long-term care organization safe from attacks? The first step is to know what you’re dealing with.

Threat Type #1: Email Phishing Attacks

By far the most common cyber-attack, email phishing is when a hacker attempts to gain protected information (usually passwords) through deceptive means. Often, victims will receive an email from a trustworthy individual or organization insisting that they click a link or fill out a form. As soon as they do, the hacker captures their information and can use it however they wish.

Phishing attacks are dangerous because they rely on human error, not software loopholes or vulnerabilities. The emails often seem credible. For instance, your staff might receive a bulk email from you stating that their passwords have been reset and that they must enter their login information to confirm. They click the link in the email, which takes them to a landing page that looks exactly like software your organization uses. Since it looks legit, they enter their information, and the attackers now have access to your systems.

Staff training and vigilance can reduce the likelihood of a successful phishing attack, but it only takes one slip-up to compromise your security.

Threat Type #2: Ransomware / Malware Attacks

Malware attacks are viruses, worms, Trojan horses, spyware, or any other type of malicious software application that a user downloads to your system. The programs themselves can do anything imaginable to your network. Some malware simply hides or deletes information. Other programs shut out users or make certain applications totally inoperable.

A malware attack becomes a ransomware attack when the hackers offer to reverse the damage they have caused for a monetary payment. Larger organizations have paid ransoms in the millions of dollars just to get their systems back online.

Malware and ransomware attacks are initiated through clicked links or file downloads. Once downloaded, the program attaches itself to different files and gets to work. Email filters and other scanning programs help, but hackers are finding more and more ways to get these files onto your organization’s computers.

Threat Type #3: Social Engineering Attacks

Phishing isn’t the only cyber-attack that relies on human error. Other types of cyber-attacks take a different, yet still personal, approach to stealing information.

Baiting is a type of cyber-attack that promises a desirable good in exchange for a user’s information. For example, a website might offer free music downloads for providing your email login and password.

Pretexting is all about the story. The attacker creates a plausible pretext for requiring the information they ask from you. For instance, they might ask for your full name, social security number, and mother’s maiden name to confirm your identity. In reality, they’re using that information to commit identity theft.

---

In the end, your best defense against cyber-attacks is education. Talk to your staff about cyber-attacks and make sure they understand what’s really at stake.

Beyond your employees, consider partnering with an IT provider to secure your long-term care organization’s data against cyber-attacks. For instance, Prime Care Technologies offers a highly secure Tier III+ data center as well as a separate disaster recovery center to its clients.

It’s not a question of if you’ll be the victim of a cyber-attack — it’s when. And when it happens, don’t you want to be ready?