Archives for;

Vulnerability

Deception as a Security Tool

In an ever-changing threat environment how can we protect both PHI and other sensitive information? One method that is rarely used outside of large corporations is the art of deception.

Utilizing deception as a tool for defense in the practice is easily done and costs little. One of the most commonly probed areas of your practice is wireless networks. Most practices will have an internal wireless network and a separate public “Wi-Fi” network. Generally these are extremely easy to differentiate for a threat actor (bad guy).

A simple method to use deception in protecting the wireless network is to add a third network. FOr example:

  • Smith Dental Patient Wi-FI: This is a segregated wireless network for patient use.
  • Smith Dental Employee Wireless: THis is a second segregated network that is simply a standalone access point.
  • PamsSalon : This is your actual employee/internal wireless network.

Why Deception works

How does this work? An attacker will ignore the Patient Wi-Fi  and dedicate the attack to what appears to be the employee network. Substantial time and effort will be used against the decoy network instead of the true internal network which contains sensitive data.

In the event an attacker should breach the decoy network, the only damage done would be to the decoy access point which holds no sensitive information. A more advanced deception tactic is to place an obsolete workstation or server on the decoy network. Naming the machine “Practice Server” or another attractive name and then monitoring it for attacks, giving you early warning while risking no real data.   In the Information Security arena this is called a “Honeypot”.

Whatever your practice’s strategy is for network defense, consider adding a little deception to the mix.

 

The Internet of Things (IOT) and Your Practice

The Internet Of Things …. It’s the latest term showing up in both tech and regular media. IOT is simply a term that refers to connected “devices” that are not  what we normally refer to as “computers” but communicate with each other. What are Internet of Things Devices IOT devices include TV’s, Blue Ray Players, refrigerators, […] Continue reading →

What Say it isn’t so- Criminals dishonest?

Dishonest Criminal  Criminals dishonest is showing.  Here is a specific instance of a Kansas Cardiology facility has been hit with Ransomware. After paying the ransom, the criminals involved said  ummm…send us more money. For the Original Article Click HERE. Excerpt from the original article below. “According to the report, hackers got access to the system and locked up the […] Continue reading →

Minimize Risk of Getting Hit With Ransomware

The number and severity of ransomware attacks has been increasing. Companies and individuals who have been paying the ransoms have enabled the criminals that create these malicious programs, to ramp up development and make the attacks more sophisticated. Risk Will Always be there While it is impossible to completely eliminate the risk  of getting a […] Continue reading →