Social media has taken the world by storm, but there are many instances when it has been used inappropriately to abuse privacy. Hospitals, especially, are in danger of this – the privacy levels required in a hospital are high and social media breaks down all barriers of privacy. Social websites like Facebook and Twitter, video websites like YouTube and even blogs have made it easy to pass on information, and since there is no one policing the information, boundaries are crossed easily. The HIPAA Security Rule can be easily broken. Social media security has become very important. Information Security policies are required for HIPAA risk requirements.
Imagine a situation where someone is ill and has to stay in the hospital for a few days. Or where someone is diagnosed with something that people treat as particularly embarrassing, or that holds the threat of death. All it takes is for one person to post a message or a picture taken in the hospital of the patient, and in minutes, the whole world will be able to access the information. If malicious things are said about this patient and they get to hear about it, it might harm their health further. A HIPAA security assessment would be required after such a data breach.
Hospital employees in particular need to be extra careful, because they can easily break the HIPAA Security Rules and get into legal trouble. Blogs where hospital employees meet are a great idea for them to discuss their work, but these same blogs can easily cross boundaries and find themselves discussing a particular patient. The hospital employee can be fired and sued. The hospital itself is in particular danger of being sued.
Social media has changed the way we communicate but we need to know when it’s appropriate and when it is not. In hospitals, in can be especially damaging if used in the wrong way. To stay out of trouble, hospitals need to have a clear policy on social media and how their employees use it and have consistent HIPAA risk assessments.
With the popularity of WordPress, and the support it gets from the development team, it’s easy to think that your installation of WordPress is secure. Since you didn’t code it from scratch, you might assume that it is hardened and you don’t have to do any further tinkering with security. Well, you may just want to put some effort into locking down your WordPress installation. As with any website, you need an IT Security Policy, walk through an IT Security Checklist
There are several methods that are generally used in an attack on a website. First you have mis-configurations. This can mean everything from leaving the ‘wp-config’ file readable to the world to allowing any kind of file to be uploaded in a form to weak password security. The second type of access can usually be gained through bad coding techniques. If you add a Plugin or write your own code to add to the WordPress installation, this can possible allow and attacker to take advantage of bad code to break into your site. And lastly you have can lump other attacks into infrastructure attacks. Maybe you don’t have a firewall running, or intrusion prevention service running to stop attacks. Or you are hosting you website on a shared service like Godaddy or Hostgator and someone else’s website is vulnerable, leading to a compromise of the whole hosted server.
For now, lets address some easy things you can do to reduce configuration weaknesses that could lead to a hacked website.
1) Password – no matter how many times you say it, people still use weak passwords that can be guessed or broken with brute force attacks. There are several free and paid login protection plugins you can use.
2) File Permissions – this is a bit trickier if you do not know how file permissions works. You can get an easy primer from the WordPress help file, http://codex.wordpress.org/Hardening_WordPress Its also provide a lots of details for the more technically savvy.
3) Monitoring – you should know what is going one with access attempts or changes in your files and configurations of your WordPress site. There are a number of tools you can search for monitoring and logging activity. Its especially important to monitor for healthcare IT security.
4) Security Testing – even if you have installed security plugins and have configured your website correctly, you should still periodically test the security for vulnerabilities. You can pay third party companies to do penetration testing or you can try some of the plugins on your own. Testing is important to risk management and assessment
There are lots of different tools you can use to secure your site. The first step is to know that it will not stay secure without you actively implementing security measures.
As the Internet and technology advances at increasing speeds, the concerns over security are keeping pace. New threats to security emerge every day. Check out the National Vulnerability Database . With access to the Internet expanding to various devices other than the laptop or desktop, there are more opportunities for attacks. With the ever increasing connectedness of our society, it is important to look at the Internet security trends 2013 and be prepared.
Each time you access the Internet, you are putting yourself and your technology at risk by exposing it to the security risks, known and unknown. The security trends for the coming year are looking to focus around a variety of threats including cyber conflict, ransomware, madware, social software and cloud-based cyber attacks. Like it or not, these concerns aren’t going away any time soon, so it is best to gain a baseline understanding of them so that you’ll be able to protect yourself in the coming year.
As you can see, each of the Internet security trends of 2013 pose a real threat to your security online. Now is the time to take serious steps to protect yourself from these emerging trends so that you will be able to start the new year off right. It may seem like these things will never happen to you, but usually these attacks come when you least expect it. Just like home invasion, if you’re an easy target, you’re more likely to get hit by any one of these threats. The best defense is a good offense and in this case. For help in cloud, network and social media security, contact us at KRAA Security.
|Skirmish||Home users receiving spam and phishing attacks and scams||Corporate users seeing more phishing attacks, attackers going through Linkedin profiles|
|Protest Actions||Users might complain to attorney generals, or write nasty messages about Microsoft Adobe or Apple security weaknesses||The IT department is inundated with help desk calls. Companies have the ability to complain to ISPs or event countries about originating attacks.|
|Negotiations||There really isn’t anyone to negotiate with. Writing on your Facebook wall will not do a darn thing.||Companies definitely do not want to negotiate. But will see blackmail more and more.|
|Failed Negotiations||The home user is bascially screwed anyway.||Succumbing to blackmail will only lead down a bad path.|
|Declaration of War||This is a defacto state with the home user. They are at war whether they know it or not.||Companies have to take a proactive approach to security versus reactive. Anticipate the next types of attacks and have a budget to address it.|
|Launch Attacks and Defend||More defend, get your anti-spyware, antivirus, personal firewalls and encryption up to speed. But after that, understand how attackers use Social Media.||Spend massive amounts of money on understanding how so fight in the Social media landscape, security hardware and software are not enough.|
|Allies Join the War||The home user can only rely on the Social media companies for basic security.||Their will be more collaboration between companies and governments. Perhaps together they have a fighting chance. Regulations are also going to force changes.|
|Years of Conflict – Never Ending||Whats the next thing after Facebook and Twitter? Whatever it is will have its own security challenges. But by that time the home user will probably have given out every bit of personal information on all the Social Media venues anyway.||A company can only rely on the right process to secure their social media usage. As technologies change and new sites go live, a good process and social media security policy is all you can rely on.|
|Winner||The ISP, they get to sell bandwidth.||The VCs who fund companies like Facebook and Twitter.|