Category Archives: Data Security

Mozy Supports Key Management Interoperability Protocol

The MozyEnterprise service now offers another encryption key option, furthering Mozy’s commitment to data security. Mozy supports the Key Management Interoperability Protocol, at no additional cost to our customers. At this point, you’re probably asking yourself a few questions.

What is KMIP?

Key Management Interoperability Protocol—or KMIP for short—is a communication protocol that defines secure formats for the manipulation of encryption keys on key management servers (KMS). There is a general trend in enterprise IT toward the centralized management of encryption keys across multiple applications using KMS.

What does this mean to me as a customer?

Today, Mozy offers three encryption key options:

   •     Mozy default encryption key: Mozy assigns an encryption key to your users. This key is stored and managed by Mozy          for the most seamless experience.
   •     Personal encryption key: The user enters a passphrase that is used to create the encryption key. Each user manually          creates a unique personal encryption key.
   •     Corporate encryption key: The administrator enters a passphrase that is used to create the encryption key. Your Mozy          admin can create a key for all users in the company or a unique one for each user group.

With the introduction of support for KMIP, Mozy now offers a fourth data encryption method. Enterprises prefer that applications using encryption keys be KMIP-compliant so they can be managed via a KMS. KMS provides a secure, single point of encryption key management across multiple IT applications.

KMIP ensures the privacy of your data. An advantage of KMS for Mozy customers is that it enables backup admins to easily create and manage per-user local encryption keys. This provides finer encryption granularity (that is, increased at-rest data security) than a corporate encryption key while retaining its on-premises advantages.

Which Mozy products include KMIP?

KMIP is now in directed availability for the MozyEnterprise service at no additional cost. KMIP is currently only supported on the Windows platform. Mac integration is coming soon. On the KMS front, KMIP is currently supported on SafeNet’s KeySecure KMS. If interested in KMIP, please reach out to us via email.

WannaCry? You will if you don’t back up!

This blog was written by Jerome Bachelet, Mozy Systems Engineer; and Ela Moraru, Mozy Associate Systems Engineer 1

You’ve no doubt heard about the “Wanna” ransomware virus. Known by various names—including WannaCry, WannaBe, and WannaCrypt—this ransomware outbreak has spread globally and rapidly, affecting more than 250,000 computers in more than 150 countries in just a few short days. Individuals and businesses have been infected by the virus in the UK, Spain, US, and Russia.

What’s it do?

The Wanna ransomware infiltrates Windows machines and encrypts files, changing the extensions (for example, .wnry, .wcry, .wncry and .wncrypt) and makes files inaccessible to end users and applications. It impacts all Windows operating systems, from Windows XP to Windows 10, including the Server editions. Wanna uses a worm executable to spread further through local networks and the Internet, infecting any other Windows computers it can reach via the network. The scale of the attack prompted Microsoft to take the highly unusual step of releasing patches for unsupported operating systems, including Windows XP.

The goal of any ransomware is to incapacitate as many files and applications as possible, thus most ransomware is designed to infiltrate IT systems at the end user and then penetrate application servers.

It’s widespread and ongoing—and it’s paralyzing

Wanna is so devastating because it paralyzes any computer it can access and then causes application failures for systems that have a dependency on Windows OSs—like phone systems, email servers, and Microsoft SQL based applications. As of this writing, Wanna has infected more than 230,000 computers and has been identified in 150 countries. Wanna is so widespread that it has been localized into 28 languages.

Hundreds of victims have paid various amounts of ransom to bitcoin wallets in exchange for a decryption key that might allow them to regain access to their files. Unfortunately, decrypting files does not mean the malware infection itself has been removed from the computer. Even if your files are decrypted, there is no foolproof way to remove the ransomware, other than wiping your hard drive and reinstalling Windows.

How does it work?

Warning! A ransomware disaster usually, but not always, starts with a user clicking something they shouldn’t be clicking; for example, a suspicious attachment in an email.

There is a debate about exactly how the Wanna malware first broke out, but what is undeniable is that once virus gains access to a system it spreads unwittingly across unprotected SMB ports. Frustratingly, there has also been a spike of email phishing attacks based on the paninc caused by Wanna. In these cases, a user is directed to open an email attachment or visit a website where the ransomware is presented, masquerading as a legitimate attachment or download.

Upon execution, Wanna will kill several system processes that may be locking files and grants itself full permission to every user account on the system.

Wanna then scans all drives (local and network) for 170+ file types and encrypts all the files with a new extension. Next, Wanna hard-deletes all the original files (bypasses the Recycle Bin). Files that are stored in a share, or synchronized via Google Drive, OneDrive, Dropbox, etc., will also be encrypted. Sync tools will automatically propagate to the cloud storage and appear on any other devices linked to the sync service.

Wanna removes any Shadow Volume Copies, disables Windows startup recovery, clears Windows Server Backup history, and bypasses the Recycle Bin, thus preventing any recovery from the Windows systems itself. Wanna changes the end-user wallpaper and displays a pop-up dialog box with instructions to send $300 worth of bitcoin in exchange for a key that will theoretically decrypt the files. The ransom will increase at a regular cadence, and the end user has 7 days to pay the ransom.

How can Mozy help?

Although Mozy by Dell cannot prevent a ransomware outbreak, millions of customers rely on the Mozy backup service to help avoid ransomware disasters. When a ransomware infection occurs, restoration of an endpoint or server from a backup works best when you can easily select a moment in time from where to restore. Once you have identified the point of infection (user and file) and the time the malware was introduced to the machine, Mozy can restore all of the files for the given user from the point in time just before the malware was introduced.

It’s true that there are a few dollars to be made through ransomware exploiting desktop and laptop computers; however, the primary focus of hackers is to make their money at the application server level. More than 95% of all ransomware attacks occur at the edge (that is, desktop and laptop computers). That’s where Mozy can help victims become productive again.

In the case of the Wanna virus, once the ransomware infection has been removed, Mozy would be reinstalled and re-activated with the original account. From the Restore window, the user would use the calendar to select the last healthy version of the files, select all of the files, and then click Restore. Mozy will automatically restore all the files to their original location in their original state.

To learn how you can use Mozy as a second line of defense for your data and to prevent a ransomware disaster, visit Mozy by Dell.

Is Your Data Protected?

Did you hear about the company that was fined $2.5 million by the feds as a result of a HIPAA breach penalty? A laptop with protected health information for approximately 1,400 patients was stolen. Unfortunately, the computer was not protected with the safeguards required by the Health Insurance Portability and Accountability Act (HIPAA). As a result, electronic protected health information (ePHI) was compromised.

Although threats to business data are everywhere—think ransomware, hard drive failure, theft, user error, and more—you can prevent data loss (and avoid fines for non-compliance!) by backing up your data and ensuring that your backups are occurring on a regular basis.

First, let’s consider some of the threats. Next, let’s briefly discuss how Mozy can help you prevent a data disaster.

What could possibly go wrong?

If any of the following questions cause you want to change the subject or you’re just not sure of a proper course of action, be sure to read the next section!

   •     What would you do if your laptop were stolen? Do you have a process in place that allows you to recover your data?
   •     What would you do if your hard drive failed and you could no longer access the data on your computer?
   •     What would you do if you spilled coffee on your laptop and it suddenly died as a result?
   •     What would you do if you logged on to your desktop and saw a ransomware message indicating that your files were          locked and demanding a bitcoin ransom in return for a decryption key to allow you to regain access to your data?
   •     Do you handle ePHI, and do you know if that information is in compliance with the HIPAA Security Rule?


Prevent a data disaster

I just didn’t expect that
Maybe your laptop was stolen during a business trip, or maybe you forgot you placed it on the roof of your car while searching for your keys and then drove off. Maybe you liquidated your laptop with a large latte. Or maybe your hard drive just failed. With the Mozy backup service you can use Mozy’s restore manager to download all of your files (to your new computer!) from the safety of the Mozy cloud.

“Your personal files are encrypted! Pay!”

The last thing anyone wants to see on their computer screen is a message like, “Your personal files are encrypted! Pay!” In the event that your computer is infected by ransomware, Mozy offers a second line of defense. Mozy ensures that backups are frequent and reliable, so in the event of a ransomware attack, you can recover data to a point in time prior to the attack.

ePHI and HIPAA

If your business handles ePHI, you have a legal obligation to keep that information confidential and protected from those not authorized to view it. Mozy safeguards ePHI with strong encryption (which includes a required encryption key); your data is encrypted during backup and at rest. Your corporate encryption key or personal encryption key is known only by you.

We’ve got your back (up)

Using enterprise-grade encryption, Mozy protects the data you rely on to keep your business up and running and allows you to recover lost, damaged, or stolen data quickly. (A note about ransomware: It’s important to remember that simple backup is not enough to ensure your files are protected from ransomware. Mozy keeps up to one year of file versions. If you have identified the point of infection and the time the malware was introduced to the computer, Mozy can restore all of the files for the given user from the point in time just before the malware was introduced.)

For more information, visit Mozy by Dell.

Take a Multi-layered Approach to Ransomware Protection

Note: This is blog 4 of 4 in our ransomware series.

You already know your business should take steps to minimize the risk of a ransomware attack. But do you know how to implement multi-layered protection effectively? In January 2017, cybersecurity experts discovered a new type of ransomware called Spora. Now more than ever, it’s imperative business owners know their protection options.

Ransomware protection options

Decreasing your vulnerability is your most reliable option for ransomware protection. Here are a few ways to do that:

   •     Educate employees
   •     Implement employee monitoring          software
   •     Protect with endpoint technology
   •     Back up with the cloud

How these tools work

Spora, the latest ransomware rendition, is distributed as an email attachment disguised as an invoice. Once it is opened it must be unzipped. It then attacks the computer and sends a fake “unreadable file” error message to the user. So, what can be done? Consider the following four areas of action:

Employee accountability plays a major role, because visiting unauthorized sites and suspicious emails is detrimental. Implement a training program where employees will learn how to identify phishing emails and links.

Employee monitoring software connects all company devices on a single interface. Teramind, for instance, is software that lets employers monitor employee computer use and even implement rules and restrictions in real time. You can prevent employees from checking personal emails and visiting unsecured sites.

Endpoint cybersecurity is network protection for corporate-level businesses and servers. An endpoint program can block access between workstations across your network. New features, such as full-disc encryption and data leak prevention are added frequently. When many devices connect on one network, one infected device can put all the others at risk. Endpoint security decreases the chances of ransomware infecting other devices on the network.

Cloud backup is simple, affordable, and can be highly effective against ransomware; any files your company backs up on the cloud are copied over to a remote, independent server with a whole arsenal of cybersecurity protocols. 

If ransomware infects your device

If a computer is infected with ransomware, you have options. If you have a cloud backup, wipe and reinstall your OS on that computer. Afterward, you can recover all your files from your cloud service.

If you don’t have a cloud backup in place, a collection of companies exist to help you remove the ransomware for a fee. If you have an IT team or are tech savvy, you may attempt a recovery and removal yourself, though the process differs depending on your OS. Keep in mind, Windows machines are targeted more often than Mac or Linux operating systems.

Don’t ignore the very real, very risky dangers of ransomware. A multi-layered security approach trains employees, monitors them, scans files and emails using deep learning and endpoint network security and backs up data. Of course, the hope is you’ll never need to use your cloud backup, but it’s more crucial to have backups now than in any other time in history.

If you don’t have your backup set on a weekly schedule, now’s the time to change that.

Say no to ransomware disasters

Don’t fall victim to ransomware! Make sure your cybersecurity is truly multi-layered. Check out how Mozy by Dell can help your business confidently say no to ransomware disasters.

In addition, the following documents discuss how to protect your important data from ransomware:

   •     Ransomware: Frequently Asked Questions

   •     Preventing a Ransomware Disaster

Ransomware Prevention for Small Business Owners

Note: This is blog 3 of 4 in our ransomware series.

Cyberattacks pose a serious concern. Just as technology is in flux, so too is the way hackers gain access and scam unprotected businesses and private citizens. Ransom payouts make ransomware a popular alternative to hackers trying to drain a business account before it’s closed out. Small businesses can prevent a ransomware disaster.

Identify ransomware

To prevent ransomware, first know how to identify it. The three most common types of ransomware are scareware, screen lockers and encryption ransomware.

Scareware floods a computer or network system with pop-up windows that inform users the system has been infected with malware and the only way these malware programs can be removed is by paying a fee. This is a scare tactic—hence the name—and a simple scan from your antivirus should collect this scareware and quarantine it for deletion.

Screen lockers lock out users from the computer or network. When you boot up a computer with a screen lock on it, what seems like an official message from the FBI or Department of Justice will appear and demand payment for illegal activities detected on your network. Neither of the actual departments will ever ask for payment. The network and computers infected with this screen lock need to be completely reset, which means all data will be lost if it’s not backed up.

Encryption ransomware is when a hacker gains access to a network or computer and steals and encrypts these files. The hacker demands a ransom in exchange for the decryption key.

Educate employees to keep phishers out

Phishers typically gain access through email. Though it seems like this would be easily preventable, victims abound, including large companies. In 2016 hackers conned technology powerhouse Seagate and social media pillar Snapchat. A hacker posed as the CEO and asked for employee payroll data.

Humans are always the weakest link in phisher scams, so companies must teach employees what phisher emails look like, how they reproduce the look of official emails, and why no employee should ever click an email link when asked to update information on an official site.

While education can lower the risk, it doesn’t make companies immune to a hack. Mickler & Associates, Inc. uses Mozy’s backup services to restore and protect company data. Mickler used Mozy to recover a fully compromised system in a matter of hours. While preventive measures for ransomware decrease risk, they can never completely eliminate the threat.

Take preventive measures

Preventive measures for ransomware include employee education, antivirus programs and firewalls. Retroactive tools are available too, though are less effective than preventing in the first place.

Since email is the most common way ransomware infects a device, sender identification technology like Sender Policy Framework lets the recipient of emails easily approve and authorize specific domains and emails. An email will be flagged when an unauthorized email is delivered.

People are also scammed with ransomware via pop-up windows. Hackers ask for personal information in ways disguised as ads and error notices. Cut out this danger with a reliable pop-up blocker. Back up your files every day with a cloud backup service.

Develop a proactive plan for when you’re faced with having to take retroactive action in the case of a breach. Your plan should spell out how you’ll purge all the infected devices and restore your data from your cloud storage. While it’s a hassle, as long as you have a regular backup schedule, no important files will be lost.

Part 4 in our series, Take a Multi-layered Approach to Ransomware, will be published next Thursday.

For more information about protecting your data, read the white paper, Preventing a Ransomware Disaster.

Spora and the Future of Ransomware

Note: This is blog 2 of 4 in our ransomware series.

The first article in this series, “What Is Ransomware?” took a look at this latest form of cyberattack that the FBI is warning could cost victims more than $1 billion this year.

Ransomware, already a serious problem, worsened with Spora. A highly sophisticated form of Russian ransomware—Spora—released in January 2017 and within weeks spread from former Soviet republics to the rest of the world. Here’s a look at Spora, why it’s considered such a threat, and who’s at risk from this new form of cyberattack.

What is Spora?

Named from the Russian word for “spore,” Spora is a new family of ransomware that typically spreads through email spam. It arrives in the form of an email resembling an invoice. The email includes a ZIP file attachment with an executable file containing an HTA extension. The extension appears as a double extension such as PDF.HTA or DOC.HTA. For users with file extensions hidden, this makes the attachment look like a normal file.

Clicking on the file extracts a Javascript file named close.js to the user’s %Temp% folder. The folder then extracts an executable file to the same folder and runs it. The executable file uses a randomly generated name and begins to encrypt certain file types on the affected device. The file also extracts and runs a corrupted DOCX file, which displays an error message, tricking users into thinking the file has been damaged during the email process. Spora does this offline, so it doesn’t alert the user with any detectable network traffic.

After finishing encryption, Spora runs a CLI command to delete shadow volume copies, which are normally used to help restore files. It also disables Windows Startup Repair and changes the BootStatusPolicy settings, both normally used for the file recovery process.

When finished, Spora places a .KEY file on the user’s desktop and in other folders and displays a ransom note. To decrypt their files, the user must go to Spora’s online payment portal. On the payment portal site, the user must first enter their infection ID code to log in. They must then upload their .KEY file to synchronize their device with Spora’s site. Victims can choose from a number of ransom options with different price points, ranging from a freeware option to restore two files for free to a full restore, which is the most expensive option.

Fees are scaled based on the types of files the device contains, so that the attacker can charge more for computers containing business files or design files. Payments are accepted only in bitcoin. A chat box allows the visitor to send up to five messages requesting technical assistance. After paying, the victim receives a decrypter they can use to unlock their files.

The threat posed by Spora

Spora is more sophisticated than previous ransomware. Its use of a hidden file extension to infiltrate the user’s system, along with its online operation make it harder to detect. It uses a top-notch encryption program. Its payment portal is more advanced than any experts have seen so far, indicating the level of sophistication of today’s top cybercriminals. Finally, Spora is now being distributed through exploit kits and spam campaign tracking ID options, indicating that its creators are renting it out as ransomware-as-a-service to other criminals—a disturbing sign of an emerging trend.

Who is especially at risk?

The most at-risk users are those who are careless about opening emails and email attachments from suspicious senders. Users also expose themselves to greater risk if they don’t stay current on the latest versions of their operating systems, applications, security patches and antivirus updates. Users who don’t back up their files are also at risk.

Spora represents a new level of threat as far as its attack entry method, encryption strength and payment portal. The release of Spora raises the need for ransomware security to a new level of urgency.

Look for part 3 in our ransomware series, Ransomware Prevention for Small Business Owners, next Tuesday. Until then, check out how Mozy by Dell can help you prevent a ransomware disaster. In addition, the following documents discuss how to protect your important data from ransomware:

   •     Ransomware: Frequently Asked Questions

   •     Preventing a Ransomware Disaster

What is ransomware?

Note: This is blog 1 of 4 in our ransomware series.

As 2017 began, the St. Louis public library system found itself the latest victim of ransomware, which is shaping up to be the new dominant form of cybertheft. The attack froze the computer system for all 17 of the city’s library branches, shutting down patrons’ ability to borrow or return books unless the city paid $35,000 in bitcoin for the system to be restored. Fortunately, the library system’s IT staff was able to rebuild their system from backup files and avoid paying the ransom, but many ransomware victims aren’t so fortunate.

The FBI estimates that ransomware cost victims $1 billion last year, up from $24 million in 2015, and warns that attacks are expected to continue escalating. Here is what you need to know about ransomware, why it’s dangerous, and what can make you vulnerable to becoming a victim of this virulent form of cybercrime.

Trickery that leads to a malicious download

Ransomware is a form of cyberattack that holds the victim’s device “hostage” by blocking access to the device, operating system, applications or files unless the victim pays money to have it unblocked. Some attacks threaten to post the user’s files online unless money is paid.

Alternately, some forms of ransomware do not actually lock the user’s device, but only display a message purporting to be from an authority such as a government agency, claiming that device will be locked unless the user pays a fine.

Ransomware typically works by tricking the user into clicking on a link in an email or on an infected website. Clicking the link downloads a malicious code onto the user’s device.

In more sophisticated ransomware, the code contains encryption instructions that use a random key to encrypt the device’s data. The device owner then cannot access their data without obtaining the key from the attacker.

Most attackers require money to be paid through an electronic medium such as bitcoin. The average amount demanded in 2016 was $679, but some attacks on businesses demand thousands or tens of thousands of dollars. However, paying does not necessarily guarantee the attacker will unlock the device. In some cases, paying simply opens the victim up to additional extortion.

Why is ransomware dangerous?

While early types of ransomware could usually be reversed through simple means, such as a reboot or system restore, newer forms use encryption, making them much harder to counter. And where older forms of ransomware could be avoided by not clicking on suspicious emarils or websites, newer versions can hide themselves in infected code on legitimate websites.

Ransomware is also infecting targets that affect more people and cause more damage. Some attacks have been aimed at hospitals, banks, utility companies, government agencies and police departments.

Finally, the success of ransomware attacks has attracted more thieves and emboldened them. Seventy percent of businesses infected with ransomware have paid the ransom, making this is a lucrative racket. Thieves are now demanding more from victims, with the average amount extorted expected to pass $1,000 soon.

Who is especially susceptible to ransomware?

Anyone connected to the Internet is a potential victim of ransomware, but some users are more vulnerable. Users who don’t keep their software versions, security patches, and antivirus software updated are more susceptible to vulnerabilities that ransomware can exploit. Users who don’t take precautions before clicking on spam email links or attachments or suspicious websites expose themselves to a higher risk of ransomware.

Users who don’t back up their files are also more vulnerable to ransomware because they don’t have a way to recover without paying ransom. Finally, having macros enabled in programs such as Word and Excel can leave you vulnerable to ransomware, which is increasingly being delivered through macros.

Ransomware is a growing threat that can potentially infect anyone connected to the Internet. It can cost victims hundreds or thousands of dollars. Users who don’t follow sound security and file backup practices are especially vulnerable. Ransomware typically invades devices through links in spam emails and code on fake websites, but it can also hide on legitimate sites.

Recent forms of ransomware are increasingly sophisticated and dangerous, as we’ll see in the next article in this series: Spora and the Future of Ransomware. Look for it on Thursday.

Until then, learn how backing up your data with Mozy by Dell can help prevent a ransomware disaster in your future.

You Can Successfully Combat Ransomware

What do you know about ransomware?

You probably know that ransomware is a form of malware that can block access to a computer system. Only after the ransom is paid—usually in the form of Bitcoin—is a decryption key handed over to the victim, at which point the victim can theoretically unlock and access his files (though there is no guarantee that this will always be the case; after all, we are dealing with criminals).

Would you like to know more?

Ransomware is prevalent. There are literally hundreds of millions of ransomware variants. Ransomware is also extremely successful (for criminals!); estimates put the cost to businesses and individuals at $1 billion in 2016. The growing sophistication of malware in general and ransomware in particular means that no cybersecurity plan should be thought of as foolproof or a guarantee that data is safe and untouchable by cybercriminals. The odds are high that if your business has not yet experienced a ransomware attack it will—and sooner rather than later.

Because ransomware is so wide spread and profitable, businesses must do all within their power to protect their data in order to avoid a ransomware disaster, which cannot only cripple a business, but even put it out of business should decryption fail and mission-critical data be lost forever.

What can be done?

As part of a business continuity plan, the FBI recommends protecting your organization from cyberattacks—including ransomware—by being proactive in following these three steps:

  1. Back up data regularly.
  2. Verify the integrity of those backups regularly.
  3. Secure your backups.

That’s where the cloud plays an important role in protecting your organization from a ransomware disaster. Where ransomware is involved, restoration of an endpoint or server from a backup works best when you can easily select a moment in time from where to restore. Mozy by Dell keeps up to one year of file versions, meaning if you have identified the point of infection and the time the malware was introduced to the machine, Mozy can restore all of the files for the given user from the point in time just before the malware was introduced.

We’re here for you

We here at Mozy are serious about protecting your data and educating businesses of all sizes about threats to data. We’re putting the screws to ransomware! We know malware isn’t going away; however, we also know that there are tried and true methods to prevent a ransomware disaster that you can include in your business continuity plan.

To help you understand more about this form of malware and, more importantly, to help you know what you can do to protect your data, we’ve created a four-part blog series about ransomware. The first in our series will be published next week. (Update: Parts 1, 2, 3, and 4 have now been published.)

The more you know about ransomware and other threats to your business-critical data, the more you will understand that you don’t have to be a victim. With the right tools and preventive measures in place (including Mozy cloud backup), you can successfully combat ransomware as this consultant does on a daily basis.

In the meantime, be sure to check out these important assets about protecting your business against ransomware:

   •     Ransomware: Frequently Asked Questions

   •     Preventing a Ransomware Disaster

What You Need to Know About Phishing


Social engineering scams that use email or websites into tricking users to reveal personal information or install viruses on their devices are known as phishing scams. Phishing scams can look like bank emails, or other corporate communication, and are crafted to fool the users into believing that it is a legitimate message.

The content of a phishing email is intended to cause a quick response from the user. One common scam will try to convince you that you’ve won a lottery or a prize, with a link similar to a website you already know of. This page will then ask for your personal information, which you will happily provide because you think you’ve won money.

Types of phishing attacks

There are three types of phishing attacks that you need to be aware of:

Regular phishing: These attacks are not targeted, and attempt to manipulate the user to click a link where they will enter their credentials. This is a generalized attack and no “one” person is a target.

Spear phishing: These are targeted attacks. The attackers have studied the organization or person they are trying to defraud, and will usually try and impersonate one or more parts of that organization. They may use social media to find information about the organization, and use it to create an email that will convince the reader that it is from their own business.

Whaling: This doesn’t refer to hunting for whales, but instead phishing the upper management of an organization. Done in the same manner as a spear phishing attack, it targets the highest level of the organization and often includes messages that request transfers of large funds.

How to identify phishing attacks

According to Intel Security, 97% of people cannot identify a phishing attack. Here’s how you can be prevent becoming a victim.

Don’t trust email communication: We have been trained to use email as the main mode of communication, and as far as it does not require you to divulge personal information, that is fine. Treat with care any email that asks you to click on a link, or provide personal information. Even if you receive an email from what seems like your own company, asking you to make a fund transfer, just confirm verbally with the relevant person to ensure this is not a scam.

Don’t fall for emails that sound urgent: Many phishing emails attempt to scare you into believing you need to respond or react urgently, but you must take the time to confirm that the email is from a legitimate source before responding.

Confirm links before you click on them: When you receive an email that seems legitimate with a link for you to click on, go to the actual website and then navigate to the relevant page. At the very least, always confirm that there isn’t a minor change—for example, BankofAmerica vs BankAmerica—that is meant to fool you.

Beware of online forms: Do not enter confidential information through online forms or websites. But if you have to, make sure all data you submit is done via a secure connection; that is, https. This is especially important when entering credit card information online.

One of the most important things to remember is to report a suspicious email to management immediately. Only 3% of targeted users report malicious emails to management, which is scary when you consider that 95% of all attacks on enterprise networks are due to a successful phishing attack.

HIPAA and You: What It Is and Why It Matters

Adopted in 1996, the Health Insurance Portability and Accountability Act (HIPAA) was designed in part to facilitate the transfer of health insurance for citizens after leaving an employer, and to address the growing need for regulation and oversight of electronic protected health information (ePHI), also called individually identifiable health information, via the Privacy Rule. HIPAA is a substantive and often confusing piece of legislation, leading many companies to wonder if it applies to their business, what’s expected of them and how regulatory standards are enforced. Here’s a rundown of key HIPAA expectations and why they matter to your organization.

Who’s affected

First step? Determine if you’re subject to HIPAA regulations. As noted by the CDC, there are two key groups defined by the law: covered entities and business associates. Covered entities (CEs) consist of health plans, health-care clearinghouses and health-care providers. These CEs are responsible for appropriately handling ePHI by ensuring that an accurate record of all use and transmission exists, that all data is properly encrypted and that access is restricted to specific individuals such as patients, doctors or insurance providers.

The second group, business associates (BAs), are third-parties that work with CEs and occasionally handle health data. These may include lawyers, accountants, billing companies or IT developers, and are required to sign a written agreement with CEs stating that they will properly handle health data, use the information only for stated purposes and help the CE comply with certain aspects of the Privacy Rule.

Provisions

If your company is considered a CE or BA, how do you ensure HIPAA standards are being met? The Privacy Rule lays out several obligations, including:

   •     Notification of patients regarding their privacy rights and the specific use or disclosure of their ePHI.
   •     Adoption of internal privacy policies and procedures to prevent misuse.
   •     Training of employees to ensure they understand their role in using and transmitting ePHI.
   •     Creating contracts with BAs which specify their use and responsibility in safeguarding information.
   •     Establishing administrative, technical and physical safeguards—such as data access policies, data encryption and          long-term storage in secure facilities—to ensure information privacy.

Worth noting is that willful ignorance of the rule does not constitute an acceptable reason for compliance failure. For example, this means BAs using unencrypted data cannot claim that the relevant CE did not mandate this procedure—companies are expected to know and follow the rules if they handle health data.

Enforcement

HIPAA requirements are now being enforced with greater regularity and rigor by the Office of Civil Rights (OCR). Through 2016 and into 2017 the agency’s focus has centered around audits, both to evaluate the use of health documents and ensure companies can produce the necessary records to demonstrate the transmission and encryption of relevant data. Expect more in-depth audits to continue over the next few years.

The OCR has also been levying more fines for non-compliance. For example, a “Did Not Know” violation can cost between $100 and $50,000 for the first offense, while “Willful Neglect” (subsequently corrected) starts at $10,000. More worrisome are identical violations in the same calendar year: For any subsequent offense, the fine is set at $1.5 million.

Why does HIPAA matter to your business? If you’re a CE or BA under the law, you’re responsible for the security, storage and use of personal health information as described by Privacy Rule stipulations. Audits are becoming more common, and steep fines are the outcome if compliance standards are not met. Best bet? Leverage the expertise of trusted HIPAA security partners who can help you meet obligations and adapt to evolving HIPAA regulations.