Business Identity Theft: How You Can Protect Your Business

Did you know that in the U.S someone falls victim to identity theft once every two seconds?

In 2017 alone, 60 million Americans were affected by identity theft, with the annual cost of this kind of fraud in the U.S being a staggering $16 billion.

Of course, it is not just individuals who are at risk of having their identity stolen, businesses are just as vulnerable. Plus, if your business does become a victim of identity theft, not only can you lose money, you can also lose your livelihood and the trust of your customers.

Fortunately, there are steps that you can take as a business to protect yourself against identity thieves.

Keep reading to find out what they are and to ensure your business stays as safe and secure as possible.

What is business identity theft?

Business identity theft, also known as commercial or corporate identity theft, is when someone or a group of people illegally impersonate a business for criminal gain. Unlike with personal identity theft that only affects an individual, business identity theft can impact your whole business, from your employees to your customers.

It is worth noting that business identity theft is not the same as a breach of sensitive company information or the same as an employee or consumer theft. It directly involves the impersonation of your business.

How can you safeguard your business from identity theft?

Be vigilant of your credit reports

If you want to keep your business data secure, you need to ensure that you are informed and knowledgeable about your company’s credit reports, that way you will be able to immediately notice if something is amiss.

Utilize biometrics

Using biometrics to protect your identity as a business is a highly effective way of keeping yourself safe from increasingly sophisticated online criminals. Using a wide variety of techniques including fingerprint scanners, voice detection, facial recognition and retina recognition, the biometric authentication industry is estimated to be worth a whopping $1.5 billion by 2023.

Stay up to date with digital security practices

This is particularly important for small and midsized businesses that may not survive a security breach of this kind.

Some of the best security practices that you should be adopting include:

  • Having robust firewalls
  • Securing offsite data storage
  • Updating your software regularly
  • Installing VPN for outside access
  • Having scheduled malware scans

Look out for fake invoices

If you receive any invoice for a service or for goods that you did not order and never received, this should instantly set alarm bells ringing. The same goes for if you receive a duplicate bill that you have already paid.

Beware of unknown wire transfers

One of the more common phishing scams involves someone impersonating a CEO or other senior executive and requesting a wire transfer to an unknown account. If you regularly perform wire transfers or work with vendors overseas, you need to be particularly careful of this.

As a business owner, business identity theft is something that you should be taking extremely seriously.

Do not put off securing your data, as your customers, employees and business will be at risk if you do.

Follow the above practices, stay vigilant, and above all else, be consistent in your efforts.


Set up automatic updates for Brew on Mac OS X

Automated updates for the core OS has been available for several years now on Macs, and Apple has added the ability to update automatically apps you have added from the AppStore as well. However, if you have installed open source apps with Brew, chances are that you may forget to update them regularly. This is likely to create vulnerabilities on your system, allowing attackers to get in undetected by most antiviral and anti-malware software.

To close this loop, a very simple tool can be installed, similar to the auto-update function at the OS level. Here is the “cookbook recipe” to follow:

brew update
brew upgrade
brew install terminal-notifier
brew tap domt4/autoupdate
brew autoupdate –start –upgrade –enable-notification

These commands will

  • update the brew repository,
  • upgrade all the existing apps,
  • install the terminal notifier incase you don’t have it yet
  • install the autoupdate script
  • start the autoupdate to run on a regular basis

Don’t be like the picture below ? (Curtesy of xkcd.com)


4 Ways to Achieve Transparency in Healthcare

In recent years, healthcare providers and insurance plans have come under fire from criticism of every political angle. The biggest issue among patients is whether they are paying the right amount for the best quality of care; when such a large sum of money must cover medical fees, it is no surprise that they want more for their money. One of the best ways to reassure patients, and show that healthcare is looking out for them, rather than taking money from them, is to be transparent with them every step of the way. From the moment talk of costs comes into the equation, to the time they must go under anesthetic for a procedure, transparency is key.

Be honest about what costs a patient may incur

A lot of healthcare providers don’t sit down with patients to discuss costs before any medical processes go underway. In fact, patients are usually hit with a hefty medical bill that comes through the post a few weeks after everything has settled down. Not only can this cause stress for the patient, but can lead to a feeling of distrust between either them and the health insurance provider, or the hospital directly. As an insurer, any hidden costs should be talked about before any appointments are carried out, and hospitals should strive to give the best quality treatment for the price they are suggesting.

Let them know which medication has been used

Sometimes, a patient may not be aware of what kind of medication they have been given after an operation, or to control any health conditions. In the wake of the opioid epidemic that is sweeping the nation, there have been calls for better transparency over the medication that is issued to patients daily. Combatting this is as simple as printing out and going through proposed medical treatment with each patient to see if they are happy with it.

Go through the procedure with them

Much of a patient’s anxiety surrounding medical procedures is that they are unsure of the risks and benefits that can come about from a few hours on the operating table. They might not know which aesthetic is going to be used, or what exactly is going to be done to their body during the operation. Although sometimes knowing these facts can cause patients to panic, most of the time it is healthier to let them know, so that ambiguity can be removed from the process. Often, visiting trusted professionals like Rishin Patel Insight will make it easier for doctors to soothe any worries if a patient is aware that they won’t be in any pain.

Give patients a choice

 

When a patient is confronted with challenges in their health, they may often feel as though there is only one hospital or healthcare provider to turn to. Although initial appointments will usually have to be made at the local center, patients can still choose who they would like to see for any future appointments in areas such as physiotherapy or mental health therapy. Showing them that they have a choice in who they can see allows you to offer them the best care and support they need, rather than having it chosen for them.


Cyber Security Advice for Medical Practices

The sudden increase in cyber attacks happening all around the world is not without its reasons. More than 80% of information – including private details about ourselves – are now stored digitally. Every information is valuable to attackers, which is why we are now seeing more attacks as well as new forms of attacks targeting individuals and large corporations.Cybersecurity for medical practice

For medical practices, information security is essential. Patient information and details about the practice’s operations are too valuable to handle carelessly. There are ways to improve cybersecurity throughout your medical practice and we are going to discuss some of them in this article.

Follow the Standards

The healthcare industry is highly regulated down to the last letter and information security is no exception. The HIPAA medical information security guidelines are something that every healthcare service provider must follow.

Fortunately, most solutions available to the industry already take HIPAA compliance very seriously. You know you can count on the software, devices, and other solutions that comply with HIPAA to safeguard your information. Following the correct security standards is a great first step to take.

Secure the Equipment

Using the correct, well-secured equipment is another must. You can’t count on poorly secured equipment, especially in today’s world where attacks to IoT and electronic devices are more common than ever. Similar to choosing software and solutions, there are standards to follow.

According to Rishin Patel Insight Medical Partners’ President and CEO, newer equipment is designed to be more secure from the ground up, especially compared to older alternatives. His company provides easy access to the most advanced products and technologies so that medical practices can remain safe and protected.

Have a Backup Routine

To have a strong information security foundation, the third thing you need to add is a good backup routine. Maintain on-site and off-site (cloud) backups of sensitive information so that your medical practice can recover from catastrophic cyber attack seamlessly.

In the event of a ransomware attack, for instance, you can wipe your computers and restore essential data from various sources. When hardware fails, there is still a cloud backup to turn to. Adding a good backup routine to the practice’s everyday workflow completes the equation and provides your medical practice with a good security foundation.

Train the People

Once the foundation is laid, it is time to tackle the biggest information security challenge of them all: the people. Bad habits like using a weak or common password, exchanging login information or user access with coworkers, clicking URLs from illegitimate sources, and copying data to a flash drive and then not handling it properly are still the most common causes of cyber attacks.

It is imperative that the people involved in handling information know how to handle information securely. Information security trainings are great for changing some of the more common bad habits quickly. As an extra layer of security, putting in place a set of security policies is also highly recommended.

There are still so many things you can do to protect your medical practice from cyber attacks, but these first steps are the ones to take to get started. Be sure to implement these measures immediately before your practice becomes the victim of a cyber attack.


Data Loss: The Impact It Has On Businesses

There are no boundaries to data loss, it happens to companies of all shapes and sizes, from large corporations to small startups. The main issue with data loss is the fact that it can strike at any time, resulting in a domino-like effect of serious consequences for the business.

Wondering how data loss can impact your business? Below are some examples of the seriousness that a loss of data can cause for a company. Data loss

Productivity disruption

Should your organization lose data, one of the first things to suffer will be workplace productivity. Whether the loss of data has been caused by a computer hacking, network outage or failure of software or hardware, it can have a serious impact on your business’s productivity, as it can take hours, or sometimes even days to get your lost data back. However, should you choose to invest in and use a professional data backup service like MySql data recovery, you can make the process of getting your company back up and running after a data loss, much easier.

Reputation damage 

Of course, one area of your business that it’s less easy to fix after this kind of disaster is your reputation. In the digital world, news travels fast, so if your company ends up on the news due to its website being down or files being missing, you will have customers asking questions about what’s happened, and your answers may cause long-term damage to your company. When data loss occurs, customers feel let down, because it’s their private and confidential data that is on the line, as well as yours. So when your company loses that data, it puts your reputation on the line and can have a long-lasting impact on your business and its success in the future.

Loss of customer loyalty

After a data loss event, customer loyalty is often also tarnished. You customers feel like they can’t trust your business with their sensitive information, and so they choose to take their money elsewhere. Once word spreads about this, you may struggle to find new clients, which could have a huge impact on your business and its success. This is something that no one wants to happen, as it can have such a huge impact on your business’s success. Of course, while you could lose customers as a result, you could also be creative and find ways to win them back, as Virgin did after their big data loss in 2017. They apologized, put better safeguards in place for data, and offered everyone affected a cheaper deal on their services.

While data losses can be a total nightmare for businesses of all shapes and sizes, suffering a data loss doesn’t have to mean the end of your company. It simply means being smart about the next steps that you take, and making sure that you find ways to retain your customers and gain new ones, despite the breach in security and the lack of customer confidence in you and your brand.


NewPush Recognized as Top 20 VMware Cloud provider 2017

CIO Review recognition

NewPush started using VMware technologies from its inception in 1999. At the time the first dot com boom was just heating up. Many virtualization technologies were emerging for the Intel platform. Over the years we kept focusing on providing enterprise-grade infrastructure. Meanwhile, we have kept increasing the role of VMware as we understood that for Intel-based hardware VMware provided the most reliable enterprise solutions. As a result, we have moved the use of VMware from our development labs to our production systems and data-centers. Since the 2010’s we are formally a VMware partner providing VMware Cloud solutions. Most noteworthy, the last few years have shown a tremendous growth in the capabilities VMware Cloud delivers. Therefore it is our pleasure to announce that once again, CIO Review has recognized NewPush as a top 20 VMware technology provider.
20 most promising VMware Cloud solution providers - 2016

VMware Cloud Solutions

Important milestone for NewPush

This recognition for the second time in a row is a milestone that is important to us. We have worked hard to pioneer and to be successful in deploying state of the art VMware based cloud technologies, and we have worked harder even to maintain a leadership position in this crowded space. Our work continues to focus on NSX, vSAN, and the vRealize suite. As we continue our quest to provide the best cloud services to our customers, we look forward to deploy advanced analytics capabilities centered around Splunk Enterprise security essentials.

Forward-looking posture

Cloud technologies keep changing at an ever-increasing pace. In this year’s edition of CIO Review, we dive deeper in iGRACaaS, identity governance, risk and compliance as a service. Companies who stay ahead are going to continue to have a competitive advantage, by providing a better customer experience. By partnering for technology decisions with NewPush, you can spend more time with your core business, while ensuring that you have a trusted partner with a proven track record to help you keep a competitive edge on the IT front. If you would like the NewPush advantage for your company, please do not hesitate to get in touch today. We are here to help 24 hours a day, seven days a week.


Cybersecurity In Your Environment: How Concerned Are You?

Broken cybersecurity

Cybersecurity is complex and affects business.  If you are an executive, have you considered whether you are fulfilling your fiduciary duty through cybersecurity strategy?  If you are a CISO, have you taken a methodical approach to every increasing cybersecurity topic?  If you are a non-IT person, have you wondered whether your enterprise information is secure?

The Ugly Truth

100% security does not exist and cybersecurity is a journey: even if you truly minimize the threats today, these are ever-evolving.  Individual hackers get the power they didn’t dream of from IaaS (Infrastructure as a Service).  Organized hacking groups – state or private – execute hacking as a well-run software project: they do reconnaissance, design, plan, execute and lessons learned in a well-oiled project loop.  

It’s not only commercial proprietary information worth hundreds of millions which can get stolen, but government secrets causing prime ministers to resign.  The latest downfall has been Nawaz Sharif, the prime minister of Pakistan, whose downfall was caused by the country’s Supreme Court based on the information from the leaked Panama Papers.  While it may be argued that it’s good for some of the confidential information saw the light of the day, let’s also remember the Sony employees whose confidential records – social security numbers, medical records etc. – were published after the Sony hack in December 2014 or the massive WannaCry attack which paralyzed many companies, incl. UK’s National Health Service, putting life of patients at risk.  Ransomware has evolved to the point that some ransomware “providers” sell their products and even provide customer service to hackers who prefer to pay for 3rd party software than to write their own.

How should we minimize the likelihood of a successful security breach?

The old rule stating “your system is as secure as its most vulnerable component” still stands.  The challenge is that there are many components, and in the software area solutions contain subcomponents which may be difficult to identify.   A rule of thumb is to go through different areas of your environment, identify both the threat and its impact and then prioritize what to protect first. “Saving” on security measures is a classic component of being penny-wise and pound-foolish, as recovering from a security attack can be costly in financial terms or in reputation, as seen by some retail vendors.

Pre-requisites:

Get your environment into the ‘basic’ secure state:

  • Upgrade all of the operating systems, RDBMS and applications to the latest releases, execute regular patching policy and implement regular monitoring
  • Enforce adequate login policy with frequent mandatory password changes
  • Educate staff (webcast, testing which each staff member has to pass, simulated phishing attacks etc.)
  • Establish management dashboards and reporting
  • Make sure you have an adequate backup policy and your backups can be successfully restored
  • Consider Disaster Recovery (DR) for vital applications
  • Simulate incident response and monitor incident response performance
  • Implement security policy across the enterprise
  • Create KPIs to monitor the rationalized operations
  • Create regular “lessons learned” sessions based on real or simulated incidents and make sure your security policies are updated with these findings
  • Understand compliance obligations: as an example, if you are taking credit card payments you need to be PCI compliant.  If you store personally identifiable information, with health care data, you need to be HIPAA compliant. If you store data of EU customers, you need to comply with GDPR. Ignorance of the law will not be an excuse and will not decrease your liability.

If your environment has been compromised, you may need to execute “step 0” – establish a new environment and gradually migrate components from the old environment in a secure manner.  Independent tools like Bitsight may help give you a better picture of your security situation.

What components do you need to examine and what are the examples of actions you may need to take?

Network:  conduct perimeter analysis – e.g. network sniffing, log analysis, data flow diagram, network diagram.

Applications:

  • Create a Bill of Materials (BOM) per application.  BOM is defined as a table of a list of components – application name, release version, a list of subcomponents within the application (this can be other commercial or open source components) together with their release number, list of ‘external’ applications components and release numbers (e.g. RDBMS, operating systems).  Each component should be identified as “supported” or “not supported” by the supplier.  The support expiration date should be listed for the existing version and the latest “production” version of each component stated in another column.  Old components or subcomponents are often vulnerable to attacks, as witnessed by the hundreds of thousands of servers successfully compromised by WannaCry virus.
  • If you find that many of the applications are vulnerable, prioritize them.  A good example is 3 categories – vital to a business, important but not critical and the rest.  Harden the applications in this priority order.
  • Create an inventory of compliance for each application.
  • Segment your network so that applications are isolated, and vital applications are protected. The segmentation will also reduce the compliance burden.

Other:

  • Consider VDI
  • Review incident response process
  • Implement Identity Management.  Leaks of internal data can be more devastating than external attacks due to volume and importance, as seen on many occasions.

Final word

A Russian cybersecurity expert once said, “if I stop seeing attacks, it means that the attackers are already in.” Cybersecurity is everyone’s responsibility given the increase in cybersecurity crime.  It’s not a question of “if” you will be hacked, but “when.”  Being prepared consists of 2 steps: a) minimizing the chance of a successful attack, b) being able to recover quickly if such an attack succeeds. Examples provided in this blog illustrate the complexity of the task, yet being prepared optimizes cybersecurity expense and time, and it is critical to success. NewPush can help on this journey through cloud and cybersecurity offerings.


Connecting local Active Directory Cloud (AD) and Azure

Active Directory Cloud Enablement

Connecting local AD to Azure

Active Directory Cloud Simplifies user Access (Microsoft)With the deployment of more and more Office 365 services, managing separate AD instances can be daunting. Fortunately, Microsoft offers great tools to get your Active Directory Cloud initiative working. Azure’s AD is the backing AD for the Office 365 services. In this article, I am providing a summary of the key points to remember when connecting to Azure’s AD.

Microsoft provides a very powerful set of tools to easily connect a local Active Directory to Azure. There are also some advanced options available if you decide to use Azure as a full-blown AD server for your organization. However, it is important to be very careful. Here is what can happen if the connection isn’t done right: most if not all of the users will be locked out of their account. That means, no email (Outlook), no SharePoint, no OneDrive.

 The key is to configure the ADD connect the tool with a custom setting in order to make sure that the local domain doesn’t take over the Office 365 domain. The following steps assume that you have Office 365 deployed for your main domain. For example, NewPush.com is our main domain. 

Quick summary to connect the Active Directory Cloud 

1)    Check that all your local users have their email address set up properly in the “mail” attribute of your local AD. At this stage, you should also make sure that you have an Office 365 account set up with Global Admin privileges, and on the default Microsoft domain (e.g. [email protected]

2)    Installing the ADD. This is straightforward, however, make sure to not finish the install with the defaults, as we modify the sync rules in the next step. If you already installed, and have the wrong settings, you need to uninstall, reboot and reinstall.

3)     Select custom synchronization setting and select the mail attribute as UPN for sync which results in your main domain remaining the one used on Office 365. 

References for Active Directory to Azure Connection

1)      http://www.microsoft.com/en-us/download/details.aspx?id=47594

2)      https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-get-started-custom   Custom installation of ADD connect Start to end. 

 Please let me know if you found these instructions helpful, and do not hesitate to send me feedback.


NewPush Recognized as Top 20 VMware Cloud provider 2016

CIO Review recognition

NewPush started using VMware technologies from its inception in 1999. At the time the first dot com boom was just heating up. Many virtualization technologies were emerging for the Intel platform. Over the years we kept focusing on providing enterprise-grade infrastructure. Meanwhile, we have kept increasing the role of VMware as we understood that for Intel-based hardware VMware provided the most reliable enterprise solutions. As a result, we have moved the use of VMware from our development labs to our production systems and data-centers. Since the 2010’s we are formally a VMware partner providing VMware Cloud solutions. Most noteworthy, the last few years have shown a tremendous growth in the capabilities VMware Cloud delivers. Therefore it is our pleasure to announce that CIO Review has recognized NewPush as a top 20 VMware technology provider.
20 most promising VMware Cloud solution providers - 2016

VMware Cloud Solutions

Important milestone for NewPush

This recognition is a milestone that is important to us. We have worked hard to pioneer and to be successful in deploying state of the art VMware based cloud technologies. Our recent work focuses on NSX, vSAN, and the vRealize suite. As we continue our quest to provide the best cloud services to our customers, we look forward to deploy the new Docker and Hadoop enablement technologies.

Looking ahead

Cloud technologies keep changing at an ever-increasing pace. Companies who stay ahead are going to continue to have a competitive advantage, by providing a better customer experience. By partnering for technology decisions with NewPush, you can spend more time with your core business, while ensuring that you have a trusted partner with a proven track record to help you keep a competitive edge on the IT front. If you would like the NewPush advantage for your company, please do not hesitate to get in touch today. We are here to help 24 hours a day, seven days a week.