Categories
Industry Insights IT Solutions Managed IT Services

Exposing bad passwords. What is your password?

 

Passwords should be long, strong and secure however here is an example of how people can be manipulated into giving details about their lives to get the information.

Recently, Jimmy Kimmel has done a great job at this by sending a reporter out to the streets to ask people a very simple question, “what is your password?”  This experiment was simple, find out what people use to create passwords and then get them to reveal details to make it possible to guess their password.

The late night show has shown how people use their easy to remember information such as a pets name, a memorable date or school.  Security experts agree that using a date in your password is weak as it is actually easy to guess. The big problem for most people is that passwords are hard to remember and good security involves many aspects including non-dictionary words, long sequences and special characters.

Many people use the same recurring password on multiple different services such as Facebook, Instagram, Gmail and many other services however the problem here is if one of those websites get compromised or anyone finds out your password, they will have access to everything online.

Here are five steps to create a secure password:

  1. Use length to your advantage. Create a password that has eight or more characters as the longer the password the more secure.
  2. Form a “random” sequence of words and/or letters. Create a unique phrase or series of letters that is seemingly “random” but is easy to remember.
  3. Add numbers to the password to make it more secure. By adding numbers, you are making your password more unique and secure. Try to avoid special dates as the numbers used.
  4. Use punctuation and symbols. Add random punctuation or symbols to your password.
  5. Use upper and lowercase letters. Use capital letters to your advantage and take advantage of the security it creates.

365 iT SOLUTIONS is a leading IT consulting firm in Toronto providing industry leading Managed IT ServicesIT Support ServicesIT Outsourcing ServicesTech Support Services and Cloud Services.

Take advantage of our Complimentary Network and Security Assessment by 365itSolutions.com

Categories
Industry Insights IT Solutions Managed IT Services

Can your business pass a Healthcare IT audit?

 

Is your company in the healthcare industry or do you work with insurance carriers, healthcare insurance or group benefits providers? How does your IT infrastructure measure up to their security requirements?

What is Health information technology (HIT)?

Health information technology (HIT) is the entire IT management including design, development, implementation and maintenance of an IT infrastructure in healthcare industry.

How has healthcare IT infrastructure been modernized?

Like managed IT services, the healthcare industry has followed many other industries by using automation of their healthcare information systems to lower costs, improve efficiency and reduce error all while providing better consumer care and service.

Many healthcare organizations are also using electronic health record (EHR) applications as their key business component which holds an individual’s official digital health record or electronic medical record (EMR) which is an individual’s health record within a healthcare provider’s facility including their personal health record (PHR). This information is shared by many organizations however how secure is your network?

What do insurance and healthcare providers look for?

Insurance and healthcare providers are always concerned with security of information.  When dealing with these organizations, they usually audit third party systems to verify your organization is doing everything possible to protect the privacy of information.

The IT consulting team has put together a quick list of some items they look for in an audit.

  1. Describe your security policies including who is responsible for security including documented responsibilities and organizational chart of your IT infrastructure security information.
  2. Provide a complete list of corporate security policies, procedures and standards.
  3. Has your organization used a reputable independent third party IT consulting firm reviewed your organization’s information security program, practices or technology of your service IT infrastructure?
  4. What is the geographic location of your IT infrastructure including servers, workstations and backups?
  5. Describe the physical security around the servers including hosted facilities. You must include provider name and all certifications.  This should include security controls including locked doors, access control system, security cameras and other security matters.
  6. Describe your IT procedure to managing access to your IT infrastructure including how data is controlled, monitored and audited including your corporate password policy.
  7. Describe what type of end point security your organization uses including anti-virus, firewalls, USB Port lockdown and any other security procedure.
  8. Describe your IT security logging including full audit capabilities that track events and changes.
  9. Describe retention of information including data backup process, location of backup site and who manages your backup process.
  10. Indicate what encryption algorithms are for your data backups used to protect the data including tracking and corporate data destruction process.
  11. List if you use a third party IT consulting firm, cloud services or any other IT related services. You must include company name, services outsourced and if there is a Non-Disclosure Agreements (NDA).  You should also list if any encryption algorithms are being used including AES-256 or 3DES for encryption of data at rest and SSL-128 or SSL-256 v3 for protection of data while in transit.

 

From what you can see, insurance and healthcare companies take security extremely important.  They invest heavily into their IT infrastructure security and also want to ensure that all partner companies do the same.  The biggest challenge now for companies has been how to secure their networks while using automation to increase productivity and profit.

Using the latest technology and tools, 365 iT SOLUTIONS has helped many companies pass these audits using our leading IT consulting portfolio including Managed IT ServicesIT Support ServicesIT Outsourcing ServicesTech Support Services and Cloud Services.

If you are interested in learning more about how to secure your network to work with a healthcare or insurance carrier, contact our IT consulting team and take advantage of our Complimentary Network and Security Assessment by 365itSolutions.com