IT consulting and tech support blog
The most destructive computer viruses – infographic
Published October 05, 2015
Supreme Systems IT put together this infographic about the “most destructive” computer viruses of all-time. It gives a broad overview and history of computer viruses and malicious software.
HIPAA security – keeping data secure
Published July 24, 2015
If you are a "covered entity" under the HIPAA Security rule, then you already know that your company (and thus your employees) collect a lot of protected health information (aka PHI). PHI is basically information about another person that is not for public knowledge but needed in order to conduct business. What business? Information that insurance companies need to process claims and health care professionals need for continuity of care.
Due to more recent mandates, healthcare entities have been required to use electronic health records where patient information is entered, accessed, stored, and distributed through computer and web based programs. The HIPAA security rule simply states that all data that pertains to PHI must be secure and not accessible by persons that do not need to know or by persons that intend to harm.
When we think of breeches in data we first think of “hackers.” According to Symantec, the healthcare industry is a hot target for hackers because medical records contain valuable personal information such as social security numbers, birth and death dates, billing information, etc. Criminals use this information to buy medical equipment, drugs that can be resold, or combine a patient number with a false provider number and file made-up claims with insurers.
Background systems managed by good IT Management firms (like NRC) can reduce the hacker threat. Now your agency is left to face the bigger threat of human error. According to USA today, 80% of the breeches that occur are rooted in employee negligence, by human error or the less frequent rogue employee. According to hipaajournal – 31% of the breeches reported are due to lost or stolen devices, 29% to criminal attacks, 8% to a malicious insider, and 29% to employee errors.
There are some simple steps each employee can take to minimize errors:
- Stolen or lost devices (including removable media) should be reported to the Security Officer immediately.
- Protect your passwords – don’t write them down, post them, or share them.
Tip: develop a password based on a phrase, song, or poem that you know well!
- Log off computer when not in use – if even for a minute.
- Have a guest visiting your office? Close up your machine (ctrl + l should do it).
- Don’t let others use your computer.
- Don’t download programs on your computer without talking with IT (some of those programs look fine but are actually designed to glean information).
- Be careful to whom you send that email! If you have to send email, encrypt it.
Administrator tips:
- Limit BYODs unless there is a solid system for protecting information such as Windows 8.1 Enterprise solutions and Office 365.
- Don’t let guests on your network! Set up a guest account!
- Track activity! Watch out for rogue employees.
- Immediately disable access to systems when employees leave the agency.
- Have a solid policy in place that addresses how company equipment, software, and access is used.
- Limit employees’ ability to use removable media and disable printing where it makes sense.
How will users upgrade to Windows 10?
Published March 18, 2015
Microsoft seems to be (mostly) following Apple’s OSX strategy by making its own upcoming OS “Windows 10” a free upgrade. According to Thurrott.com, “Microsoft says it will deliver the final version of Windows 10 to 190 countries sometime between June 21 and September 23, 2015.” The update will be available to existing Windows 7, Windows 8.1 and Windows Phone 8.1 customers.
Here is how users will be able to get this free upgrade:
More information from Microsoft regarding Windows 10 can be found here.
5 Ways to Avoid a Phishing Attack
Published March 05, 2015
Here at New River Computing, we like to share interesting infographics as we come across them. Our main goal is to try and disseminate intricate IT related information quickly and clearly, to as many users as possible.
This particular one from AVNET's Behind the Firewall deals with Phishing Attacks. And offers the following five recommendations
- Determine who the real sender is.
- Check the salutation.
- Use you mouse hover to check links before clicking.
- Examine the footer.
- When in doubt, delete.
Craigslist resume scam spreads Trojan virus
Published February 27, 2015
Reports of "Craigslist résumé" viruses have skyrocketed in recent months. Some of our clients here at New River Computing have unfortunately fallen victim to this recent outbreak. Thankfully, we've been successful at cleaning up the aftermath, but often the remediation process is long and arduous due to the sophistication of the malware.
This particular malware campaign has been enjoying a fair bit of success because the attacks are specifically aimed at businesses that use Craigslist for job recruitment. Cyber-criminals search for job postings, then send a fake response to the ad with the attached résumé (often in the form of a Word document) which serves as the delivery method for the virus. Once the message is read, the user, thinking the sender is a legitimate job applicant, opens the attached “fake résumé” file, triggering the malware to install and compromise the computer. This particular virus associated with this malware campaign is called "Trojan-Downloader:W32/Wauchos."
Deep Dive:
Trojan-Downloader:W32/Wauchos is known to be distributed as disguised executable files attached to spam e-mail messages. If the attachment is run, the malware will attempt to contact multiple remote servers. If successfully contacted, it will then download additional malware onto the system, such as Trojan:W32/Cridex or Trojan-Spy:W32/Zbot.
Words of Wisdom:
No antivirus software can keep businesses 100% safe from all forms of viruses and malware. Unfortunately it takes antivirus companies an average of about six hours to update their malware definitions, once they know about the malware. Recent catch rates from top antivirus software run at best between 80% – 90%. This means that user education still remains the BEST first line of defense against malware. Be cautious and NEVER open a file that you aren’t 110% positive is from a trusted source.
Safe Surfing!