Home » security-first

Tag: security-first

File Integrity Monitoring Could Save Your Company

File Integrity Monitoring and How It Could Save Your Company

With the increase in data breaches, the data security world is a much scarier place today. According to the most recent stats from ITRC (Identity Theft Resource Center), 2017 was a record breaking year for data breaches, and 2018 is already on pace to be more of the same. So with threats coming left and right, what steps can you take to better protect your assets? Enter File Integrity Monitoring.

Seconds of Damage, Months of Recovery

In many cases, you may not know for a long time you have been compromised. According to CNBC, most companies aren’t aware of a breach until weeks after it has happened. This is likely due to the speed in which the incident occurs. The attacker is there and gone in seconds. Verizon’s 2016 Data Breach Investigations states that 93 percent of cases where data was stolen, systems were compromised in minutes or less, but in over 80 percent of cases, victims didn’t find the breach for weeks or more. This kind of damage to your business and reputation can take months, if not years, to repair.

Hackers Often Leave a Trail

So back to File Integrity Monitoring and why it is so critically important. File Integrity Monitoring (FIM) is the first line of defense of any organization wishing to protect its assets and data. To explain further, once a breach is under way in your network, the attacker will often do one or more of the following.

  • Modify critical systems, application binaries and configuration files
  • Access or modify data files
  • Modify or delete any log data to hide their tracks

The research done by Verizon analyzed more than 100,000 incidents and 2,260 breaches. They found that more than 90 percent of the breaches will fall into this same pattern. By having a FIM system in place, you’ll be able to monitor for these subtle changes and be instantly alerted if any of the above events have been detected.

File Integrity Monitoring Sniffs Out the Breadcrumbs

File Integrity Monitoring is such a valuable tool that we consider it a vital part of the Advanced Security Package. FIM will run every day at an inspection time determined by you and will watch for any changes within your network. A digest of the inspection report can then be emailed to you on a daily or weekly basis. Additionally, another helpful feature is a heatmap data visualization, which helps you quickly assess the state of your network. Events on this heatmap can be filtered by severity in order to help you focus on the most important events in your environment.

You Don’t Need a Fortress

A further quote from the Verizon study really drives this home. “There’s no such thing as an impenetrable system, but often even a half-decent defense will deter many cybercriminals — they’ll move on and look for an easier target. Sadly, many organizations fail to achieve even that modest ambition.”

Sometimes, it’s not about the size of your castle. It’s more about the size of your moat.

Put FIM in Place Today

File Integrity Monitoring is something that is available to all Wind River customers as part of the Advanced Security Package. If you’re interested in learning more or you’re an existing customer looking to get these tools in place, feel free to contact us today. We believe in creating Security First environments and delivering these capabilities in a way that saves you money.

Does-Data-Security-Keep-You-Up-At-Night-2

Does Data Security Keep You up at Night?

Data security has caused its fair share of sleepless nights for IT departments. A recent survey of 1,600 full-time IT professionals compiled by Trustwave in their 2017 Security Pressures Report shows us exactly what’s got them tossing and turning.

6 Biggest Worries About Data Security

  1. Theft or Loss of Customer Data (30%)
  2. Data or Systems Access Restricted by Ransomware (18%)
  3. Loss of Intellectual Property (16%)
  4. DDoS Attacks/Website Offline (14%)
  5. Reputation Damage or Loss (12%)
  6. Fines or Legal Action (3%)

There are a number of interesting perspectives to be drawn from this information. First, almost half of the data security worries are focused on two key areas: data loss or theft and in-system access issues. Both these worries tend to have a common root source – being attacked. Typically those attacks come via either hacking or someone planting or accessing malware, and as we mentioned before, data breaches were up 44.7% last year.

Are you a 7%-er?

At this point, an astute reader may have noticed the above percentages only add up to 93 percent. So what about the other seven percent, you ask? Interestingly enough, the Security Pressure Report indicates that seven percent of IT professionals do not think they would be the victim of a breach.

When you realize that only seven percent of the 1,600 IT professionals surveyed believe their data security makes them “safe” from a data breach, it begins to hit home just how high the risk has become. The goal can no longer be just compliance; it is has to be about being Security First.

What’s the Impact to My Organization?

In another section of the Security Pressures Report, the survey group was asked what repercussions they fear the most if their organization was breached. Two answers dominated their answers and accounted for 80 percent of the total responses. Coming in first with 42 percent was reputation damage to the IT professional and their company, followed closely by financial damage to the company with 38 percent.

In both cases, the impact can be attributed to another core concern – customers. When a breach happens, customers lose confidence. They may also be personally impacted, resulting in the loss of their business. Perhaps not surprisingly, the ability to weather the storm created by a breach seems to be inversely related to the size of the company. The smaller the company, the less likely they are to survive.

Why Security First?

In order to combat these issues, organizations need to take a proactive posture. Part of the answer is to always be reviewing your readiness. Another is to leverage key tools and expertise to help minimize exposure. Security First means thinking about data security and its implications as a business priority.

At Wind River, we aim to arm all of our customers with additional ways to keep both themselves and their customer or patient data secure. A key first step to maintaining this Security First mindset is by leveraging the capabilities of our Advanced Security Package (ASP).

If you are interested in learning more about what ASP has to offer, contact us or check out the package’s 13 tools to help make you more secure.

 

What-Are-My-Odds-of-a-Data-Breach

Seriously, What Are My Odds of a Data Breach?

Unfortunately, your chances of experiencing a data breach are growing each year. In fact, the trends and shifts in awareness pertaining to data security are frightening to watch unfold. I read a recent study that polled adults in the US, UK and Australia that asked if the number of criminals trying to steal personal information is increasing. Not surprisingly, the survey indicated that 85% of respondents felt that it was.

We recently discussed why having a “Security First” mindset and approach is important, and as we look at what is happening with breaches, the importance is highlighted even more.

According to the ITRC (Identity Theft Resource Center), cyberattacks and breaches have grown both in frequency and in the amount of losses sustained. Here are some of the statistics as noted in their 2017 Executive Summary.

  • Breaches again hit a new record in 2017, with 1,579 breaches tracked, up 44.7 percent from 1,091 in 2016, as businesses and government entities move toward timely reporting
  • The number of records exposed rose to about 179 million, compared with 37 million in 2016
  • Businesses saw 870 breaches (55% of the total)
  • Medical/healthcare organizations were affected by 374 breaches (23.7 percent of total breaches)
  • Banking/Credit/Financial saw 134 breaches (8.5%)

For a more detailed breakdown, you can see the year-over-year data breach numbers by sector and category.

Another key statistic from the report indicates that 59.3% of breaches were from hacking. Hacking includes methods such as phishing, malware and skimming.

With the number of breaches increasing and hacking being the number one method, it is clear that one area of your defense strategy needs to focus on identifying and mitigating the damage as quickly as possible.

Part of our “Security First” approach is to help arm all of our customers with additional ways to keep their customer or patient data safe. Our goal this year is to educate our customers about data breach risks and how they can start down the path to be “Security First.” An important component of that process will be encouraging them to take advantage of the security and monitoring tools in our Advanced Security Package.

If you’d like more information about other issues we see becoming more prevalent in the market, feel free to contact us or read about the dangers of ecommerce malware.

Is Being PCI DSS Compliant the Same as Being Secure?

Is Being Compliant the Same as Being Secure?

I was reading a study published by Javelin the other day, and a few details really stood out to me.

“The rise of information available via data breaches is particularly troublesome for the industry and a boon for fraudsters.” (Al Pascual, Senior Vice President, Research Director and Head of Fraud with Javelin Strategy & Research)

One of the implications of this statement is that fraudsters are being even more aggressive and looking for data, all kinds of data. While being PCI DSS compliant at any given point in time may seem comforting, the reality is the fight is ongoing, and it will take a higher level of diligence to not have you or your customers impacted.

How Safe Are We

The study included a frightening statistic that really emphasized current security issues.

“16.7 million Americans were victims last year, up from 15.4 million last year, the previous high.”

These are only the confirmed victims, not those with compromised information that hasn’t been used yet.

It’s Not Just Card Data

Just as sobering was the fact that the fraudsters aren’t just looking for card data.

“Large-scale compromise of existing non-card accounts in 2017 was clearly facilitated by poor controls as fraudsters capitalize on weak authentication.”

Even in the card data arena, the focus is changing.

“Card not present fraud is now 81 percent more likely than Point of Sale (POS) fraud.”

As card present counterfeit fighting capabilities improve with chip cards, the fight starts to shift online.

Compliance is the Wrong Goal

These types of statistics make it clear that the goal of being “compliant” is too small. Being PCI DSS compliant does not equal being secure. To combat these issues, organizations will need to adopt a “security first” mindset and approach, as opposed to the “finish line” approach.

Is there a silver bullet out there? Unfortunately, no.

As with most things that can be complex, it is about being diligent. Part of the answer is to always review your readiness. It also means leveraging key tools and expertise to help minimize exposure.

Are You “Security First”?

A “security first” approach can be hard, as many organizations have IT staff that are already stretched thin and aren’t able to make security their primary focus. Understandably, their role has been to focus the majority of their efforts on keeping your organization’s systems and technology running.

Advanced Security Package: A Strong Step

At Wind River Financial, we see a need to help our clients by bringing a “security first” approach. It is for this reason that we engaged with Trustwave and put together the Advanced Security Package (ASP) as strong steps toward this goal. It is too important not to take these steps.

The benefits of partnering with us and going down this path are many. It allows us to provide tools and capabilities that not only reduce your risk but save you time and money.

It’s Not Always Good to Wait

If you have not yet heard about the Advanced Security Package, you will soon. Our goal for 2018 is to reach out to every customer in order to help them in this endeavor.

This isn’t something that can wait. If you have not been contacted yet, feel free to read the details of ASP and then contact your Relationship Manager.

We look forward to helping you become “Security First.”

7 out of 10 patients preferred providers that accepted their healthcare payment on mobile

Take Action on Healthcare Payment Trends

In the ever-changing world of healthcare, we’ve seen several new trends emerging when it comes to how patients pay their medical bills and how providers process and collect these payments. For example, according to a recent survey published in Becker’s ASC Review, more than 95 percent of patients said they’d pay online if given the option. Healthcare providers who take action on trends like this are better positioned for success.

Not sure where to start? Here are three ways to act on the latest healthcare payment trends:

1. Give patients seamless options to pay their bills

Advancements in technology continue to change the way hospitals interact with patients and their finances. Nine out of 10 hospitals reported traditional collection solutions are negatively impacting profit margins. Providers must look for innovative, seamless solutions for patients to pay their bills. Integrating payment processing technology with patient portals, such as MyChart and Allscripts, and electronic health records, like Epic and MEDITECH, provides patients with the option to pay their bills online and makes the collection process more seamless.

2. Ensure your digital and mobile payment offerings are secure

In today’s digital world, consumers are used to having the world at their fingertips and receiving instant feedback. The same goes for healthcare payments. In the first half of last year, 62 percent of medical bills were paid online, and seven out of 10 patients said mobile pay and billing alerts improved their satisfaction with a provider. With online and mobile payments becoming consumers’ preferred option, it’s important to ensure that the technology being used to offer these services is safe and secure. Implementing solutions with a “security-first” mindset, such as advanced security packages, will help prevent data breaches (another emerging trend in the healthcare world) and keep patients’ financial information secure.

3. Streamline the reconciliation process and cut costs

Rising healthcare costs was a hot topic in 2017, and it isn’t just impacting consumers. The top challenge for 83 percent of physician practices is slow payment of high-deductible plans. As patients face higher co-pays and deductibles, providers’ collection and reconciliation process often becomes more time-consuming and expensive. Look to streamline your reconciliation process and remove costs by simplifying your payment options. A key to streamline both processes is consolidating your payment processing technology into a single platform. By making it easier for patients to pay, payments will be made faster and staff will spend less time with billing related questions.

Listen to your consumers and look at your payment processing systems to find ways you can improve with the latest healthcare payment trends. Maybe it’s adding the option of mobile pay or an online portal, maybe it’s integrating your payment processing technology with your EHR. Whatever it may be, Wind River Financial can provide the expertise for a customized solution that fits your health system.

Ring In the New Year with the Right Payment Processing Solution for Your Hospital

If there’s one thing we can all agree on, it’s that 2017 was a crazy year for health care. As the industry continues to transform, how is your payment processing technology evolving to compliment those changes? Looking toward the New Year, here are a few questions to ask when deciding upon the best payment processing solution for your health system, hospital or clinic.

Does it simplify and positively impact revenue cycle management (RCM)?

The right customized, streamlined payment processing solution will reduce steps in the RCM process and make it easier for patients to pay their co-pays or medical bills. Providers will spend less time collecting reimbursements and more time on their passion: helping people through practicing medicine.

Does it increase cash flow and days-cash-on-hand?

When it comes to financial stability, every detail counts. By using payment processing technology to receive reimbursements more quickly and to minimize expenses associated with the collections process, providers can easily increase cash flow and days-cash-on-hand.

Does it improve the patient experience?

Going to the hospital can be an intimidating process for many, and figuring out how to pay the bills that follow can be even more daunting. In fact, research shows providers’ scores on patient satisfaction surveys tend to drop after patients receive their bill(s). Healthcare-specific payment processing solutions that focus on the patient payment experience are key in this consumer-driven world.

Does it implement a security-first approach?

The growing number of data breaches is another trend that has disrupted the healthcare industry. Payment processing solutions that focus on security first rather than just checking off the boxes necessary for PCI compliance are better positioned to protect patients’ financial information.

Does it include an all-star support team?

Industry professionals recommend forming “symbiotic relationships” between healthcare organizations and payment processing partners. Look for a vendor that provides around-the-clock support, dedicated relationship managers and flexible contracts with regular program reviews.

Implementing a customized, streamlined payment processing solution will create a snowball effect that benefits patients, providers and frontline staff. A payment processing solution matching your organization’s unique needs and goals will lead to happier patients, greater financial stability, and more efficient and secure payments. If you’re interested in our customized, healthcare-specific payment processing solutions, please contact me at juselman@windriverfinancial.com or 1-800-704-7253 x4238.