Category Archives: Security

The Importance of HIPAA Network Security Assessments for Medical Organizations

Have you assessed your digital risk lately? With medical practices more reliant on technology now than ever before, there’s also more to lose from breaches, natural disasters, technical failures, and other digital threats. 

How Lack of Risk Analysis Can Hurt Your Business

Regulatory Consequences
The most straightforward potential cost of digital security failures for a medical practice is, of course, fines and other punitive measures resulting from regulatory violations. HIPAA network security is vitally important, and yet, a staggering number of small practices retain dated systems or practices which would result in fines if reported. HIPAA Risk Assessment

Negligent violations of HIPAA can cost anywhere from $100 to $25,000 per violation — and negligence doesn’t just include knowing carelessness, but failures that should have been identified. And that’s just for problems which might stem from your HIPAA network security. A network security assessment ensures you don’t have any of these basic failures of due diligence, which can cost you thousands of dollars in penalties. 

Recovery Costs
Recovery after a HIPAA network security breach, natural disaster or technical failure costs exponentially more in an unprepared system than it does in one properly safeguarded. With the proper measures in place, this means identifying the point of failure and rewinding the necessary components. Without proper measures, this can be an agonizing process of wiping systems, reinstalling and reconfiguring them and monitoring new systems to make sure you don’t reintroduce compromised data to your system.   

Civil Liability
Of course, let’s not ignore one of the biggest potential losses your business might face by not conducting risk analysis: civil liability. Breaches of the patient or employee privacy resulting from poor network security could open your organization up to any number of lawsuits. Risk assessments not only identify flaws that cause such breaches, but they also protect your organization against accusations of negligence; if you are diligence in your protection of records, then you have much less to worry about even if a breach were to occur. 

Loss of Reputation
The costs associated with a loss of reputation can be difficult to assess, but it’s potentially the greatest injury to your practice in the event of a security breach. Patients don’t like to hear the doctor they go to leaked personal information; medical professionals deal with some of the most private, sensitive information. Potential patients may associate your practice first and foremost with a data breach they heard about, and existing ones may seek care elsewhere. 

Safeguard Your HIPAA Network Security

A security risk assessment will analyze your existing HIPAA network security measures and identify areas of weakness. Network Security Associates also offer data protection services to ensure HIPAA compliance. Contact us at 702-547-9800 to learn more.

What Does a Security-Focused IT Services Company Look Like?

What You Can Expect from a Security-Focused IT Services Company

Discover how working with a security-minded IT managed service will provide you with the tools needed to keep your IT network secure and running smoothly.  

A lot of IT service providers are eager to tell potential clients about the exponential growth of cybercrime over the last few years. However, the good news is that while hackers do cause innumerable problems for many business owners, you don’t need to be afraid of them if you have the right tools to combat them. Generally speaking, cybercriminals look for easy targets and companies with good security standards don’t have to worry about breaches, ransomware attacks, phishing attacks and other forms of cybercrime. Good IT service providers know this and focus on security tools and training rather than fearmongering.

Network Security Must Be Your Top Priority

Following is an overview of what a security-focused IT service company looks like:

  • Ongoing employee training is made a priority because good IT service providers know that 90% of data breaches happen as a result of employee error.
  • A free, comprehensive security assessment is offered before a business signs up with the IT service provider. The security assessment not only looks for security vulnerabilities but also pinpoints problems that may be causing the IT system to run slower or less efficiently than it should. If your business needs to adhere to specific industry regulations such as HIPAA or NGC regulations, your security assessment will include a compliance assessment.
  • Weak log-in credentials account for 80% of all data breaches. A good IT service provider knows this and so sets up two-factor authentication for all employees. This form of authentication is not only surprisingly time-efficient but also extremely effective in deterring hackers.
  • Many good IT service providers also offer secure cloud storage solutions. Secure cloud storage not only protects valuable business data but also serves as a back-up of company information that can be relied on in the event of a ransomware attack.
  • Security-minded IT service providers use the best intrusion detection systems and anti-virus/anti-malware programs on the market. These programs are regularly updated to ensure constant security.
  • Security-minded IT service providers top-tier network security to ensure that all incoming and outgoing network traffic is authorized.

Security-Focus IT Support Company in Las Vegas

Network Security Associates has fifteen years of experience providing cutting-edge IT services to businesses throughout the state of Nevada. It is one of only three companies licensed by the Nevada Gaming Commission to work with the casino industry and has the skill set, tools, and certified experts on hand to expertly manage the IT needs of any industry. NSA offers free initial security assessments, free ongoing employee training, secure cloud services, automatic software updates, secure wireless network set-up and maintenance and much more. Get in touch with us at your convenience to discover how we can help you create the perfectly secure, efficient IT set-up you need to boost your business now and in the future.

The Ultimate Guide to Small Business Network Security & Privacy

Data indicates that approximately 43 percent of cyber-attacks specifically target small businesses. Small businesses are particularly susceptible to data breaches due to intentional or inadvertent mishaps regarding network security.

The financial costs related to a data breach extend beyond the steps necessary to correct the breach. Many customers also take their business elsewhere after a breach, due to concerns over network security. Estimates state 60% of small businesses cease operations within 6 months after a cyber-attack.

Steps to Take to Maintain a High Level of Network Security

1. Activate Two-Factor Authentication
Two-factor authentication should be enabled when possible to make it harder for virtual thieves to log into your accounts. Here’s how two-factor authentication works: once you input your password, you’re sent a unique code to a device or account only you have access to. 

For example, you might receive a text message to your mobile device. You then have to input the code to resume logging on. If a hacker can crack your password, two-factor authentication acts as a secondary layer of network security.

It also acts as a notification if someone is trying to log into your accounts. You’ll know something is wrong if you receive an alert or message regarding an account you aren’t trying to access.

2. Fortify Your Browser Privacy
You should take multiple steps to maximize the privacy of your internet browser. Not only does this make it more difficult for thieves to steal private information, but it also protects your browser privacy. 

Start by using a virtual private network (VPN) to keep your data secure when accessing the internet or sharing information via a potentially unsecured connection. You should also make sure that you only visit websites that start with “https.” This indicates the site has an SSL certificate to encrypt user activity and information, keeping them secure. 

Add a firewall to your devices. A firewall prevents potentially dangerous visitors from accessing your website; it does so by acting according to a set of rules and stipulations regarding visitor traffic that you provide. You can also use the firewall to protect your email account. 

3. Bolster Your Passwords
Make sure you password-protect all possible accounts and take steps to use strong passwords. Though a hard-to-guess password on its own doesn’t offer optimal network security, it’s a great first-level of protection. 

You should avoid using passwords that incorporate personal and easy-to-find information, like your hobbies, favorite sports team, birthdate, or social security number. A hacker who steals your info will likely be able to easily guess your passwords. See that your passwords use a combination of numbers, characters and letters. It’s also important to regularly change them. Avoid writing them down, and never share them with other individuals. 

Network Security Associates can help keep your data safe with ‘round-the-clock monitoring. We offer a variety of services to ensure you receive maximum network security at all times. Call 702-547-9800 to schedule a network security assessment today.

Improve Your Network Security with Strong Firewalls

Hacks and network breaches have become commonplace, with corporations around the world constantly feeling the threat of external entities attempting to steal information. As a result, you need to implement the highest level of network security. One of the oldest, most essential elements of your network security is a firewall.

How Firewalls Strengthen Network Security

Maintain Your Network Security with NSA

Software and Hardware Firewalls
There are two forms of firewalls your business may want to implement:

The first is a software-based firewall. This is part of a computer’s operating system and functions much like anti-virus software. It establishes a barrier around the computer that blocks external applications attempting to gain access to the computer. Essentially, it is a software gatekeeper to a computer. 

A hardware firewall is another type, but this kind of firewall runs between the internet and your network. As a business, you’ll want a business-grade firewall. Because you have such a large quantity of data and numerous work stations and computers, you’ll want a hardware firewall configured and setup. This is designed to prevent malware, viruses and other undesirable files from moving into your network. Once inside the network, these files can wreak havoc on the entire system and move not only between stations but within the data server itself. 

Multiple Defensive Positions
The hardware firewall will be installed to function as one of the primary points of defense. The business-grade firewall will oversee the flow of information into the network and protect individual computers from possible threats. When combined with the software firewall, which works separately on each computer system, the network and individual stations are protected with the multiple layers of protection. This way, if a computer has downloaded data and has it stored offline, this information is not at risk of being stolen. While not the only line of defense, firewalls provide important security measures for your entire business network. 

Schedule a Security Assessment

In addition to firewalls, a network security assessment can aid your existing security measures. Your systems will be analyzed to determine if there are any areas where security needs to be increased. This is an important proactive step to ensure all areas of your network are secure and protected. At Network Security Associates, we’ll not only perform a network security assessment, but we also provide managed IT services to monitor and maintain the safety of your data. Contact us at 702-547-9800 to learn more about our services today.

How to Manage the Hidden Network Security Risk of Local Admin Passwords

To ensure optimal network security for your organization, it’s essential to make sure you address areas easy to overlook. One frequently neglected area is your local admin passwords. It’s important to understand how these passwords work and the steps you should take to prevent them from posing a security risk. 

What to Know About the Local Admin Password

Be Strategic About Local Admin Passwords to Ensure Reliable Network Security

During the set-up process for a PC, it’s necessary to create a local admin password to provide manual access to the computer. Though most organizations don’t regularly manually access their PCs, manual access (and a local admin password) are necessary for device access if your network goes down or your organization faces other technological difficulties.

However, local admin passwords can compromise your network security. This typically happens when you use the same password for all of your devices. A hacker only needs to crack your local password once to have access to all of your company’s computers. Hackers know this is a potential vulnerability that many businesses fail to address. 

With the phasing out of Windows 7, many companies are rolling out Windows 10. Even though Windows 10 disables local admin access by default, many businesses must enable it to ensure that they always have local access to their devices. When you enable the admin access option, you need to make sure that it doesn’t threaten your network security. 

Options for Addressing the Security Risks Posed by a Local Admin Password

You have a couple of options for handling the potential security risks associated with a local admin password. Your first alternative is to disable this setting; however, if your network goes down or you face unexpected issues, you won’t have local access to your PC.

Another option is to check each PC has its own unique admin credentials. Though this solution does require more work, it ensures a single password doesn’t provide access to every one of your business’s PCs. 

Microsoft has a tool that simplifies the process of giving each machine its own password. The tool will generate random local admin passwords for every single PC and store them in an active directory. This makes it much more cumbersome for hackers to crack and utilize your admin passwords. 

If you decide to assign local admin passwords manually to your PCs, always use a different password for each machine. Make sure you change them regularly, and avoid reusing old ones. 

Boost Your Network Security

Network Security Associates offers 24/7 data protection and network monitoring. We serve businesses in a variety of industries, including medical facilities and casinos. Contact us at 702-547-9800 to learn more about our managed IT services and how our team will ensure you receive reliable network security.

What Is Two-Factor Authentication, and Does It Increase Your Network Security?

No business owner wants to deal with a cyber attack, but do you know how much damage it can really do? The average small business that experiences a network security breach spends close to $8,700 to repair the damage. And, if you don’t protect your customers’ data, you’ll lose their trust and likely their business.

There are many things you can do to improve your cybersecurity, and some are more complex than others. One simple solution is to add two-factor authentication to all of the websites accessed by you and your employees.

Two-Factor Authentication: The Basics

Two-factor authentication is also known as two-factor verification or 2FV. It adds a second layer of security to your accounts by requiring you to add another credential in addition to your username and password. 

In most cases, you’ll receive a code by SMS (text message) which is only good for a short period of time. Unless a hacker had access to your mobile phone, they wouldn’t be able to get into the site, even if they figured out your password. Some programs or websites use different methods for authenticating, including sending a code to other “trusted devices” or using an app like Google Authenticator. 

Is Two-Factor Authentication Worth It? 

According to the most recent Verizon Data Breach Investigations Report (DBIR), 80 percent of hacking-related breaches were caused by weak login credentials. 2FV significantly improves your network security by isolating access to individual users. As long as your employees have their phones locked down with security code, fingerprint or biometrics, it will be virtually impossible for someone to impersonate an authorized user and gain access when they shouldn’t.  

You might wonder whether adding 2FV eliminates the need for you to use a password manager. The answer is no. Long, complex passwords that are changed frequently are still your first line of defense. Using a good password management program helps you stay on top of this without having to store our passwords somewhere easily accessible by others. 

2FV Is Easier Than You Think! 

It’s easy to understand how some people would think that 2FV would be overly inconvenient. However, that couldn’t be further than the truth. Setting up 2FV only takes a few minutes and the login process is only extended by a couple of seconds. In many cases, you can also authorize certain devices, so you don’t have to complete the extra authentication as long as you’re logging in from that device. 

Increase your security game today by scheduling a Network Security Assessment. During this evaluation, we’ll evaluate your information security, data protection, compliance, and performance. Contact us at 702-547-9800 to learn more about how to bolster your network security

Security Training Is the Best Way to Prevent Computer & Network Security Breaches

What’s the biggest threat to your company’s computer & network security?

It might surprise you to learn that almost 90 percent of cyber-attacks are caused by human error – an employee mistakenly clicking on a phishing email or leaving their laptop out in the open is far more likely than a criminal cyber-attack. 

Once you understand the nature of the threat you’re dealing with, it’s much easier to address it. Here are some common issues that are easily avoidable:

Increased Threat of Phishing Emails

Phishing is the practice of sending an official-looking email in an attempt to get the recipient to enter sensitive information like login credentials, credit card numbers or even their social security numbers. The senders of these emails then use the information they’ve obtained to commit fraud. 

These emails have come a long way in recent years. They now look very official, and even highly-educated executives sometimes fall victim to them. In fact, several years ago, tech giants Facebook and Google were duped out of $100 million due to phishing scams! 

You can expect to see even more phishing scams coming to light over the next months and years. They’ll continue to get more sophisticated and the cost of dealing with the fallout will grow. As of today, it’s estimated that a phishing scam can cost the average medium-sized business around $1.6 million per occurrence. 

Other Common Cyber Security Errors

While phishing is a major concern, it’s not your only computer & network security issue. Many innocent employee behaviors can leave your company vulnerable and could lead to serious consequences. Some examples include:

  • Leaving work computers unlocked and unattended
  • Leaving notes, passwords and other sensitive documents out on your desk
  • Working remotely on unsecured networks
  • Failing to delete data from devices
  • Failing to encrypt data before sending

Security breaches caused by employees who are purposely engaging in malicious behavior are rare. In most cases, they’re caused by a lack of knowledge or simple negligence. You can address this by making frequent and consistent cybersecurity training part of your internal practices. 

The Value of Security Training

While firewalls, encryption and other security measures are critical for keeping your data safe, proper employee training is your number-one line of defense. The first step is to create a clearly defined written set of cybersecurity policies and rules and distribute it to all of your employees. The second is to institute a mandatory training program that occurs during onboarding and at least once per year thereafter. 

Some of the topics that should be addressed during a training session include:

  • Overview of threats (phishing, malware, etc.)
  • Password best practices
  • Safe internet habits
  • Social media safety and security
  • Device maintenance and security
  • Preventative measures

Between training sessions, regularly test your employees and require a remedial class for anyone who fails. This will help keep the information in the forefront of their mind all year long. 

Improve Your Company’s Computer & Network Security

The consequences of a security breach are serious and can devastate a small- to medium-sized business. Fortunately, most of the vulnerabilities are preventable. Network Security Associates can help implement systems and processes to bolster your computer and network security. Contact us at 702-547-9800 to schedule a network security assessment

Password Protection Is Easier Than You Think

On June 10, 2019, Network Security Associate’s, Jeff Wagner, spoke at the Henderson Chamber Members breakfast, his presentation on network security focused on Password Protection.

Below is a short summary on how to create a strong password.

  • The longer the better
  • A mix of letters (upper and lower case)
  • Numbers & Symbols
  • No ties to personal information (tough one)
  • No dictionary words
  • The secret is to make passwords memorable but hard to guess

Using a password manager such as LastPass is a great tool for securing all the different password you need to keep track of. LastPass simplifies your online life by remembering your passwords for you. Using a password manager will make it easy to have a strong, unique password for every online account and improve your online security.

Check to see if you have a  strong password by going to  haveibeenpwned.com this site will check to see if your password has been compromised.

To learn more about network security and  password protection check out our blog article on Password Best Practices.

3 Process Documentation Best Practices

Though comprehensive process documentation is beneficial for many tasks, it’s essential when implementing technology to enhance your network security. Your process documentation must report the required steps to successfully complete a task or project, and it should also state who is completing the necessary tasks to fulfill a process. Proper process documentation ensures there is a sense of standardization every time a task is completed.

3 Process Documentation Best Practices

If your organization is in the gaming or healthcare industry, efficient process documentation provides evidence that your organization strives to adhere to the guidelines set forth by gaming or HIPAA standards. Follow these best practices to thoroughly document your processes.

1. Implement a Variety of Tools for Documenting the Process

It’s important to integrate multiple types of media when documenting your processes for maximizing your network security and enhancing your technology. Don’t feel as if you must stick to written content when documenting or explaining a process. Videos, interviews, group collaboration, and photographs are just a few items that can assist with documenting how to complete a process and determine whether the proper protocol is being followed. If you feel like your process documentation is lacking, Network Security Associates can offer tips for enhancing your documentation procedures.

2. Check the Quality of Your Documentation

For process documentation to assist your company with bolstering its technology and network security procedures, it’s essential to use high quality documentation. Your documentation should be well-written, explain the purpose or goal of the task, and reiterate why the task is essential for a secure organization. You should also remove information that feels redundant or no longer applies to the process. 

Any documents and media should be well-organized; ideally, you should include a table of contents and written headers to make it easier for employees to efficiently use the document.

3. Re-evaluate the Process as Needed

Process documentation can also assist your company with revising or updating its procedures to boast a higher sense of network security. This makes it vital for your organization to periodically re-evaluate the process, using the documented procedures. It’s also wise to make sure your documentations contain only up-to-date information and don’t cover outdated or old procedures. 

You can eliminate or revise steps that aren’t efficient, or you might utilize steps that have proven themselves helpful in other processes. Thorough process documentation makes it easier to identify what is and isn’t working for your company.

Network Security Associates can help you develop or improve your company’s process documentation. Contact us today at 702-547-9800 to get started.

Social Hacks & How to Avoid Them

So-called social hacks, also known as social engineering, involves attacks on what is perhaps the most vulnerable, easily compromised component in any computer system: The user.

A social hack is any of a number of techniques, strategies, and tactics used to convince people to give up personal information, passwords, and all of the other information necessary to access private accounts without the technical knowhow or risk of true hacking. 

Social Hacks to Watch For

Social Hacks & How to Avoid Them

Here are just a few of the most common hacks you should look out for:

  • Pretext. Would-be social engineers will often wait for a pretext to reach out to a target or create one wholesale. For example, a power outage or internet outage at your building could give them an excuse to call or email you, pretending to be from your managed IT firm. 
  • Diversion. Some social hacks work via diversion of a target from legitimate points of contact to illegitimate ones. This includes tactics, such as phishing, where you are sent via email to a website identical to a real website you use, but wholly controlled by the hacker.
  • Baiting. Baiting relies on greed to get past your defenses. It can be a USB stick loaded with free stuff and a hidden computer virus, given to you at a convention or left sitting somewhere.
  • Authority. Feigning a position of authority to trigger a panic response and get you giving up answers is a favorite for social hackers. It’s most effective in large organizations.
  • Kindness. It’s easy to get complacent about security when someone is really nice to you—and hackers are happy to exploit that for all its worth. 
  • Vagueness. Some social hacks work on the power of assumption. Hackers may lead you to believe you’re talking to someone you know.

Avoiding Social Hacks

Don’t let emotional responses rush you. Fear, kindness, pity, and confusion all work for hackers, not you. 

Never assume something you don’t know for a fact. Do you know who this person is, truly? 

Trust your instincts. If something looks wrong, feels wrong or sounds wrong, it may be wrong. Taking a moment to confirm you’re on the real website or double check to make sure you’re answering a call from the real source can potentially save your company a lot of time and money.

Follow security rules. All the rules and guidelines your managed IT support team puts forth exist for a reason. Each extra security measure makes it exponentially more difficult for any hacker, social or otherwise, to compromise a system. 

Network Security Associates can secure your systems for you, help teach employees security best practices, and make it so a single successful social hack doesn’t get into your systems. Know the risks, know what to do about them, and make sure the human element isn’t the weakest link in your security. Contact us today at 702-547-9800 to learn more.