Cyber Security Advice for Medical Practices

The sudden increase in cyber attacks happening all around the world is not without its reasons. More than 80% of information – including private details about ourselves – are now stored digitally. Every information is valuable to attackers, which is why we are now seeing more attacks as well as new forms of attacks targeting individuals and large corporations.Cybersecurity for medical practice

For medical practices, information security is essential. Patient information and details about the practice’s operations are too valuable to handle carelessly. There are ways to improve cybersecurity throughout your medical practice and we are going to discuss some of them in this article.

Follow the Standards

The healthcare industry is highly regulated down to the last letter and information security is no exception. The HIPAA medical information security guidelines are something that every healthcare service provider must follow.

Fortunately, most solutions available to the industry already take HIPAA compliance very seriously. You know you can count on the software, devices, and other solutions that comply with HIPAA to safeguard your information. Following the correct security standards is a great first step to take.

Secure the Equipment

Using the correct, well-secured equipment is another must. You can’t count on poorly secured equipment, especially in today’s world where attacks to IoT and electronic devices are more common than ever. Similar to choosing software and solutions, there are standards to follow.

According to Rishin Patel Insight Medical Partners’ President and CEO, newer equipment is designed to be more secure from the ground up, especially compared to older alternatives. His company provides easy access to the most advanced products and technologies so that medical practices can remain safe and protected.

Have a Backup Routine

To have a strong information security foundation, the third thing you need to add is a good backup routine. Maintain on-site and off-site (cloud) backups of sensitive information so that your medical practice can recover from catastrophic cyber attack seamlessly.

In the event of a ransomware attack, for instance, you can wipe your computers and restore essential data from various sources. When hardware fails, there is still a cloud backup to turn to. Adding a good backup routine to the practice’s everyday workflow completes the equation and provides your medical practice with a good security foundation.

Train the People

Once the foundation is laid, it is time to tackle the biggest information security challenge of them all: the people. Bad habits like using a weak or common password, exchanging login information or user access with coworkers, clicking URLs from illegitimate sources, and copying data to a flash drive and then not handling it properly are still the most common causes of cyber attacks.

It is imperative that the people involved in handling information know how to handle information securely. Information security trainings are great for changing some of the more common bad habits quickly. As an extra layer of security, putting in place a set of security policies is also highly recommended.

There are still so many things you can do to protect your medical practice from cyber attacks, but these first steps are the ones to take to get started. Be sure to implement these measures immediately before your practice becomes the victim of a cyber attack.


Data Loss: The Impact It Has On Businesses

There are no boundaries to data loss, it happens to companies of all shapes and sizes, from large corporations to small startups. The main issue with data loss is the fact that it can strike at any time, resulting in a domino-like effect of serious consequences for the business.

Wondering how data loss can impact your business? Below are some examples of the seriousness that a loss of data can cause for a company. Data loss

Productivity disruption

Should your organization lose data, one of the first things to suffer will be workplace productivity. Whether the loss of data has been caused by a computer hacking, network outage or failure of software or hardware, it can have a serious impact on your business’s productivity, as it can take hours, or sometimes even days to get your lost data back. However, should you choose to invest in and use a professional data backup service like MySql data recovery, you can make the process of getting your company back up and running after a data loss, much easier.

Reputation damage 

Of course, one area of your business that it’s less easy to fix after this kind of disaster is your reputation. In the digital world, news travels fast, so if your company ends up on the news due to its website being down or files being missing, you will have customers asking questions about what’s happened, and your answers may cause long-term damage to your company. When data loss occurs, customers feel let down, because it’s their private and confidential data that is on the line, as well as yours. So when your company loses that data, it puts your reputation on the line and can have a long-lasting impact on your business and its success in the future.

Loss of customer loyalty

After a data loss event, customer loyalty is often also tarnished. You customers feel like they can’t trust your business with their sensitive information, and so they choose to take their money elsewhere. Once word spreads about this, you may struggle to find new clients, which could have a huge impact on your business and its success. This is something that no one wants to happen, as it can have such a huge impact on your business’s success. Of course, while you could lose customers as a result, you could also be creative and find ways to win them back, as Virgin did after their big data loss in 2017. They apologized, put better safeguards in place for data, and offered everyone affected a cheaper deal on their services.

While data losses can be a total nightmare for businesses of all shapes and sizes, suffering a data loss doesn’t have to mean the end of your company. It simply means being smart about the next steps that you take, and making sure that you find ways to retain your customers and gain new ones, despite the breach in security and the lack of customer confidence in you and your brand.


5 Website Basics for Your Company

Building a website can work wonders for your SME. It provides a platform for your business to showcase its services and/or products on a global scale, where there are limited borders to cross and populations to reach. Your products or services are attainable for the many, instead of the few.

However, how is the elusive customer going to find your product or services? In the global marketplace, it is hard to make a stable stance amongst the competition. For every product or service that you offer, there are possibly thousands, if not millions, of comparable service providers. You must make yourself top of the game, and adapt to new rules to stay on top of it. Here are basic rules that you must adhere to:

  1. Make your site responsive

More than half of online searched are conducted and completed via mobile devices; therefore, your website must provide a flawless online experience for the customer. Hire a reputable website builder, use a trusted web hoster, and test your website’s functionality on a regular basis.

  1. Place your logo left to right, or right to left

Your website must have your logo clearly on each page to strengthen your brand. Research has shown that 89% of users remember the logo when it is placed on the top left-hand side of the page, however, this is relevant for pages written in languages that read from left to right. For languages that read right to left, make sure to cater to their reading habits.

  1. Include your contact information

You must have a clear way for your customers to contact you, and the more options available, the better. Not everybody is comfortable using computers to conduct business or buy products, and prefer to speak to a real person. Although many millennials would prefer to email or Tweet companies, previous generations may prefer the phone. Make sure you provide a telephone number, so you do not miss out on any potential business opportunities. Also, ensure that your contact information is easy to find as people will not exert themselves to find the contact details.

  1. Include details of all the products/services

If this is the first time a potential customer has visited your site, they will not have any loyalty to your business. As soon as they land on your website, make sure you show them what you offer, so no efforts are wasted on both parts.

  1. Include content that is relevant

The content that you include on your site must be relevant to the products or services on offer. By ensuring that it is relevant, clear and concise, you are creating an opportunity to increase your audience to people that have accidentally come across your page via search engines, rather than specifically searching for you.

SEO professionals at clickintelligence.com, understand that carefully selected keywords, anchor texts and relevant content can improve your website traffic rates. Your content is your secret weapon against the competition, and if managed successfully, could turn your website from a product service platform into a lucrative mine of opportunities. For example, run a blog alongside your products or services; offer tips, how-to’s and updates through pertinent content.


Connecting local Active Directory Cloud (AD) and Azure

Active Directory Cloud Enablement

Connecting local AD to Azure

Active Directory Cloud Simplifies user Access (Microsoft)With the deployment of more and more Office 365 services, managing separate AD instances can be daunting. Fortunately, Microsoft offers great tools to get your Active Directory Cloud initiative working. Azure’s AD is the backing AD for the Office 365 services. In this article, I am providing a summary of the key points to remember when connecting to Azure’s AD.

Microsoft provides a very powerful set of tools to easily connect a local Active Directory to Azure. There are also some advanced options available if you decide to use Azure as a full-blown AD server for your organization. However, it is important to be very careful. Here is what can happen if the connection isn’t done right: most if not all of the users will be locked out of their account. That means, no email (Outlook), no SharePoint, no OneDrive.

 The key is to configure the ADD connect the tool with a custom setting in order to make sure that the local domain doesn’t take over the Office 365 domain. The following steps assume that you have Office 365 deployed for your main domain. For example, NewPush.com is our main domain. 

Quick summary to connect the Active Directory Cloud 

1)    Check that all your local users have their email address set up properly in the “mail” attribute of your local AD. At this stage, you should also make sure that you have an Office 365 account set up with Global Admin privileges, and on the default Microsoft domain (e.g. globaladmin@yourdomain.onmicrosoft.com.

2)    Installing the ADD. This is straightforward, however, make sure to not finish the install with the defaults, as we modify the sync rules in the next step. If you already installed, and have the wrong settings, you need to uninstall, reboot and reinstall.

3)     Select custom synchronization setting and select the mail attribute as UPN for sync which results in your main domain remaining the one used on Office 365. 

References for Active Directory to Azure Connection

1)      http://www.microsoft.com/en-us/download/details.aspx?id=47594

2)      https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-get-started-custom   Custom installation of ADD connect Start to end. 

 Please let me know if you found these instructions helpful, and do not hesitate to send me feedback.


NewPush Recognized as Top 20 VMware Cloud provider 2016

CIO Review recognition

NewPush started using VMware technologies from its inception in 1999. At the time the first dot com boom was just heating up. Many virtualization technologies were emerging for the Intel platform. Over the years we kept focusing on providing enterprise-grade infrastructure. Meanwhile, we have kept increasing the role of VMware as we understood that for Intel-based hardware VMware provided the most reliable enterprise solutions. As a result, we have moved the use of VMware from our development labs to our production systems and data-centers. Since the 2010’s we are formally a VMware partner providing VMware Cloud solutions. Most noteworthy, the last few years have shown a tremendous growth in the capabilities VMware Cloud delivers. Therefore it is our pleasure to announce that CIO Review has recognized NewPush as a top 20 VMware technology provider.
20 most promising VMware Cloud solution providers - 2016

VMware Cloud Solutions

Important milestone for NewPush

This recognition is a milestone that is important to us. We have worked hard to pioneer and to be successful in deploying state of the art VMware based cloud technologies. Our recent work focuses on NSX, vSAN, and the vRealize suite. As we continue our quest to provide the best cloud services to our customers, we look forward to deploy the new Docker and Hadoop enablement technologies.

Looking ahead

Cloud technologies keep changing at an ever-increasing pace. Companies who stay ahead are going to continue to have a competitive advantage, by providing a better customer experience. By partnering for technology decisions with NewPush, you can spend more time with your core business, while ensuring that you have a trusted partner with a proven track record to help you keep a competitive edge on the IT front. If you would like the NewPush advantage for your company, please do not hesitate to get in touch today. We are here to help 24 hours a day, seven days a week.


Email Hosting: cPanel (Exim) email loop – Too many “Received” headers – suspected mail loop

Email Hosting Issue: email looping on cPanel (Exim)

When your server’s email flow stops, it is like the lifeblood of a company that stops. As soon as an email issue appears we have to jump on them immediately and get to the core of the problem. Smart trouble-shooting is key. At this point, we have to look under the hood of cPanel. cPanel (WHM) is an email hosting and website hosting automation control panel.

Every now and then, you get a cryptic bounce message that drives you to dig deeper. In this case, we first saw “potential email loop” in the bounce message. However, that was not enough. We had to then look at the email logs on cPanel. The place to look was “Track delivery.” Meanwhile, the customer’s email is bouncing, and the pressure is mounting. In the end, we were able to fix the issue quickly.

Problem: email loop detected on email hosting server

You see the following symptom. You send mail to a user on cPanel, and the following error is displayed in the “Track Delivery” section of the users cPanel account:
Too many "Received" headers - suspected mail loop

Solution: fix MX settings of the email hosting control panel (WHM cPanel)

  • Go to the MX record section of cPanel.
  • Reset the delivery method to local.
  • If the method is already set to local, make sure you change it to “backup”, save, and then back to local.

What else can cause a mail loop? Make sure that you do not have a conflict in domain forwarder or email forwarder.

Background

cPanel uses Exim. On Exim, the destination domain is in /etc/localdomains. If the email is stored on a remote server, list the domain in /etc/remotedomains. The steps to take in the solution section act on the MX record editor of cPanel. These steps force cPanel to properly populate these files.

If you have similar issues and have a hard time figuring out the solution, let us know. We are happy to help with any email system, cPanel, Plesk, Domino, or Exchange. Contact us at support at newpush.com, or through the contact us page.


Domino 8.5 SELECT Failure, Cannot Select Mailbox: Entry Not Found in Index

Problem opening IMAP INBOX with Domino 8.5

If you are getting an error

Mail was unable to open this mailbox on the server “domino-server.yourdomain.com”.

The server returned the error: SELECT failure, cannot select mailbox: Entry not found in index

Most likely the IMAP INBOX for that user has been corrupted. The solution is simple and quick even on large mailboxes

  • Disable IMAP NSF support for user’s mailfile by issuing the command: load convert -e- …mail/usermail.nsf
  • Enable IMAP NSF support for user’s mailfile by issuing the command: load convert -e ..mail/usermail.nsf

Cognos 10.1 install on CentOS 6.3 64 bit

  1. yum update (then reboot if kernel has been patched)
  2. yum install glibc.i686
  3. yum install openmotif
  4. yum install libgcc.i686
  5. yum install openmotif22
  6. yum install openmotif22.i686
  7. yum install xauth
  8. yum install libXtst
  9. tar xvzf bisrvr_linuxi8664h_10.1.1_ml.tar.gz
  10. cd linuxi38664h/
  11. ./isetup

CSF / LDF user / IP lock out info

Where can we view the lock out triggers / logs?

There are a few ways to do it.

The log itself is in /var/log/lfd.log – this provides you with all the information about what lfd is doing. lfd is the process that keeps track of many things: login failures (technically it is called the “login failure daemon”) but also other irregularities on a hosting platform: long running processes, user-run script executions, root logins, things like that.

Another way is to look at the output of the ‘csf -g’ command.
Its full use is: csf -g ip.address.goes.here

This will show you real-time whether or not a certain ip is accepted or dropped (denied). If the IP does not show up when searched this way, then csf/lfd have no blocks or accepts on the IP in particular, at which point server-wide firewall settings will still apply; for example a server-wide deny to a certain port.

To manually unblock, you can use the ‘csf -dr ip.addr.here

More usage information on csf is in the output of the ‘csf‘ command, as well as the author’s website at http://configserver.com/cp/csf.html .


Setting up FileZilla for connecting to the server (first time only)

 

  1. Start FileZilla. I’m using FileZilla 3.5.0 for this tutorial, but the steps should be the same in any recent version.
  2. We will start by creating a new site in FileZilla so that we won’t have to fill the credentials every time we would like to connect to the server. Open File > Site Manager… and click on the New Site button on the left. Edit the name of the site so it’s easy to recognize.
  3. Fill in the form on the right with the following information:
    • Host: [hostname/IP addess]
    • Port: [FTP port]
    • Protocol: FTP File Transfer Protocol
    • Encryption: Require explicit FTP over TLS
    • Logon type: Account
    • User: [your FTP username]
    • Password: [your FTP password]
    • Account: [the domain name for the user in Windows Server] Click on Connect to test the FTP connection.
  4. An Unknown certificate window will pop up. This means that FileZilla recognized that we are using a secure connection and asks whether the information in the certificate is legit. If it is, then click on *OK-. (You might want to check “Always trust certificate in future sessions” so that FileZila won’t ask this again.)
  5. Wait a little until the server processes the login request – it shouldn’t take more than 10 secs on a decent connection. If everything went right, the folders/files will appear on the right pane of FileZilla.

After this, you can use the FTP software as usual for downloading/uploading files to the server.

Connecting to the server

The next time you would like to access the FTP server just…

  1. Start FileZilla.
  2. Open up the Site Manager from the File menu.
  3. Select the saved site from the left and click on Connect.

FileZilla already knows the details of the connection from the steps above, so it should log in without any problem.