How Frequently Should I Do a Review or Assessment of My IT Systems?

...this then puts all the burden and stigma on Alvaka, our engineer and our NetPlan program.  That fuels some of the debate we have with some clients.  I remember two separate debates with a controller at a 20 year long client.  He said he “should not have to pay for us to check our own work.”  I have two answers for that objection:

1.        He has two of his own guys that work on his IT system, along with other vendors.  His employees can do things unintentionally, etc.  This is not about checking on our Alvaka engineer.  It is all about checking the overall integrity and operational state of his IT system, which has changing needs over time and changes due to different people touching it.  It is simply a matter of doing a periodic review to make sure nothing is getting missed or looking for things that need to be done a different way.  Changing and updating tape/disk backup jobs to accommodate new servers and software is a classic example.  Without review these jobs don’t often get updated and that leads to tragic results down the road.  I have seen it way too many times in 30 years.  It is preventable.

2.       Even if a client does not have their own IT staff, it is prudent to periodically check IT systems to make sure everything is working right, that the current needs are being met and that important requirements/practices are not getting overlooked or wrongly....

2014-12-04T16:00:00-08:00December 4th, 2014|

What Should You Do About IT and Network Security in 2015?

So what should you do at your company?

1.       Identify your most valuable IT systems within your company.  What is the most important data that resides there?  Determine your obligations to protect that data and how important is it that those systems are up-and-running.

2.       Do you have a current network/information security policy in place?  Once you determine which systems and data are most important to protect, developing your policy becomes much easier.

3.       Discover where you are most at risk.  A quick and easy solution is to have someone perform a vulnerability assessment on your system.  Alvaka Networks can help you with this.  Vulnerability assessments are our most common security service we provide.  It makes your work easy.  We will help you match the protection needs of your most important IT assets with the vulnerabilities identified in the vulnerability assessment.  From there you can easily create a roadmap for what you should do to protect you, your company and your IT assets from cyber-attack.

2024-10-09T05:08:03-07:00December 3rd, 2014|

Key Questions to Answer After Getting CryptoWall or CryptoLocker

1.       What date did you get infected? 

You might only have a few days to pay the ransom until it goes from $500 to $1000.  After 30 days you might not be able to decrypt the files at all.

2.       What type of files got infected and what do they mean to your business?

If the files are not worth $500 then don’t pay the ransom.  If the files are worth $5 million then you better be very careful and thoughtful about what you do.  The decryption process might not even work and if so....

2024-10-09T05:22:40-07:00October 15th, 2014|

What Do I Do if I have CryptoWall or CryptoLocker?

I am surprised how many people are still calling with CryptoLocker problems.   I have gotten three calls in the past two days from people who have had infected/encrypted Cryptolocker files for as long as three months and they are just now dealing with the issue.  At this point in time I am not even sure paying the ransom will work for victims as the CryptoLocker network was taken down a couple of months ago by international law enforcement and with CryptoWall users only have 30 days to comply with the ransom demands.

So what options do you have if you are like these recent callers?

2014-10-13T21:22:18-07:00October 13th, 2014|

Electronic health records ripe for theft

The only difference in healthcare is that the large breaches have not gotten the sensational, but appropriate coverage credit card breaches have gotten.

Three other interesting quotes:

1.      As health data becomes increasingly digital and the use of electronic health records booms, thieves see patient records in a vulnerable health care system as attractive bait, according to experts interviewed by POLITICO. On the black market, a full identity profile contained in a single record can bring as much as $500.

2.      “Criminal elements will go where the money is,” said Wah, who was the first 

2014-07-15T01:03:09-07:00July 15th, 2014|

HIPAA consulting and the channel’s ethical responsibility

Kevin is a featured writer for TechTarget.  Here is is latest column: _________________________________________________________ A few months ago, I wrote an article about the practice of non-attorneys consulting on HIPAA business associate agreements. After talking with scores of people about the [...]

2020-06-09T23:54:19-07:00July 8th, 2014|

HIPAA business associate agreement consultations could be unlawful

Here is a controversial article written recently by Kevin McDonald for TechTarget. ------------------------------------------------------------------------------------------------------------------------------------- Under federal law, the Health Information Portability and Accountability Act (HIPAA) Privacy Rule extends to a class of business entities (i.e., health plans, health care clearinghouses and [...]

2020-04-29T22:44:01-07:00June 30th, 2014|

Schnuck’s Might Be in Big Security and Insurance Trouble, Can the Same Be in Store for Your Firm?

Is it better to insure than secure?  Maybe not.  You better dust off those old insurance policies that most of us look at all too infrequently.  Schnucks has been notified by their insurance carrier that they don’t plan to cover them for the lawsuits.

The problem that likely exists with your current insurance policy is that they were designed and sold in a pre-Internet era.  Data is not considered....

2023-08-10T23:36:44-07:00August 23rd, 2013|