Category: IT Security

J. L. Kenneally & Company (the parent company of Kenneally Technology Services) will be inducted into the Baltimore County Chamber of Commerce Hall of Fame on Thursday, November 19th and will join well-known area businesses and organizations such as:

  • AAI Corp.
  • Advance Business Systems
  • Verizon Maryland
  • McCormick and Co.
  • Towson University

For more than 30 years, J. L. Kenneally & Company has provided quality tax, accounting and business consulting to closely-held businesses and their owners. Our firm’s experience and expertise are backed by an extraordinary dedication to providing a superior level of client service.

www.jlkcpas.com
www.baltcountycc.com

Security update for Windows: November 10, 2015

Causes Microsoft Outlook to crash, network sign-in issues and Windows desktop black screens.

The security patch (KB 3097877) which was part of the November 10th list of Windows updates is part of security bulletin MS15-115, a “critical update,” in Microsoft’s lexicon, designed to prevent remote code execution triggered by malicious fonts.

It appears to have caused multiple issues including causing MS Outlook to crash, preventing network sign-ins and black screens with no other icons or backgrounds.

If you are experiencing these issues after Tuesday, November 10th, re-run Windows update and apply all of the latest updates.

You can do this in one of two different ways:

Access CONTROL PANEL from your Windows computer and choose to view the control panel with the “small icons” view (A drop down option in the upper right-hand corner of the control panel window). Access the Windows Updates icon and once you have opened Windows updates click on “Check for Windows Updates” on the left-hand side. Choose to apply all of the available updates and reboot when they have finished being applied.

Your computer may also have a Windows update button in the system tray which is the list if icons in the bottom right-hand corner of your Windows desktop next to the system clock. If you hover your mouse pointer over this icon it will state Windows updates. Click the small icon and proceed to apply the updates that are available.

In some instances, you may be required to uninstall the security update in question (KB 3097877) prior to re-applying the new version of the update which resolves the issues.

To do this, access the CONTROL PANEL and Windows Update much in the same way as mentioned above. Choose “Update History” or “View Installed Updates”. Sort the list of security updates by date by clicking on the date column header. Search for (KB 3097877 from November 2015) and double-click to uninstall. Reboot your computer after the update has been uninstalled and the follow the directions at the top of this bulletin to re-apply the resubmitted version of this security update.

If you would like some guidance or assistance with this issue please contact us.

Mag7 Business Networking Event

This event brings a great group of people together that encourages relationships that last; business and personal. It’s all about the “know, like and trust” relationships that are met at the Magnificent 7 Event.

We’re pleased and excited to sponsor this event for the second time at the Richlin Ballroom this year. The event will be held November 11th, 2015, from 5-8pm. Prepare your palate for delectable hors d’oeuvres, food, refreshments and a discounted cash bar! No Mag 7 event is the same; bring a smile, business cards and a guest or two and see what this year is all about!

DETAILS:

Richlin Ballroom – Edgewood, MD
As always, this is a free event
November 11th, 2015 – 5pm-8pm – Mix, mingle and exchange business cards!
Delectable hors d’oeuvres, food, refreshments and a discounted cash bar!
Sponsor Videos – GOLD Sponsors are given the opportunity to highlight their business and let attendees know what kind of leads they are looking for through videos that will be playing throughout the event.
Door Prizes – Everyone has an opportunity to win; simply drop your business card into the bowl!

 

 

Whether it be stolen private business data, a ransomware incident or a Payment Card Industry
Data Security Standard (PCI DSS) data breach, if your business is unfortunate enough to have one of these happen, you can expect to incur significant expenses.

The cost of a data breach for a small business merchants averages $36,000 and can far exceed $50,000.
Your exact costs can depend on the following factors:

• If you have had a PCI DSS related breach, a mandatory forensic examination would be required. You will need to hire an outside examiner to conduct the investigation which may last weeks.
Estimated cost – $20,000 to $50,000

• If your breach was a PCI DSS breach, the payment card association and/or your bank may levy PCI compliance fines against your business.
Estimated cost – $5,000 to $50,000

• According to the State of Maryland’s Personal Information Protection Act (PIPA), if a business experiences a security breach where personal information that, combined, may pose a threat to a consumer if misused, that business must notify any affected consumers residing in Maryland. Remediation steps could include mailings, credit card monitoring or even establishing a call center for you customers.
Estimated cost – $20,000 to $50,000

• Of course you will need to remedy the issues or shortcomings of your digital systems that were found to have allowed/caused the breach.
Estimated costs – $5,000 to $50,000

• One of the most valuable thing that you have as a business owner is the trust of your customers. Once you have lost this, word will spread quickly and you will have the difficult task of regaining their trust.
Damage to your business reputation…….Priceless!!

You can easily see how being proactive about IT and data security is less costly than being reactive.

“Healthcare as an industry has not taken seriously security in the past, to the extent that other kinds of industries have taken security and privacy, and has not bothered to put those security components into place that would protect the privacy of that information,” says Kibbe in an interview with Information Security Media Group. “They are trying to play catch-up now, very desperately.”

Recent breaches in the healthcare sector, such as the cyber attack on Anthem Inc., which impacted nearly 80 million individuals, show that “information is in these giant repositories, and is quite vulnerable to the bad guys breaking into that information and making use of it,” he says.

“It’s worse in healthcare than it is in other industries that have hardened their security practices as a result of these hacks,” he says. “We’re starting to see healthcare institutions and organizations being hacked because they’re easier targets.”

Kibbe recently testified at a Senate Committee on Health, Education, Labor and Pensions hearing about the state of secure information exchange in the healthcare sector, which is often hindered by intentional “information blocking” (see How to Unblock Secure Info Exchange) .

That includes information blocking caused by interoperability issues between electronic health record systems from different vendors, as well as situations in which healthcare providers incorrectly use the HIPAA privacy rule as an excuse for refusing to share patient information with other healthcare entities.

There are several important steps that healthcare entities can take to improve the overall protection of health data, as well as safeguard patient information that’s being exchanged with others, Kibbe says. That includes implementing strong encryption for data at rest and in transit; using multi-factor authentication; and building much better awareness of security and privacy throughout the healthcare sector.

Healthcare entities need “to take privacy and security very, very seriously beyond their own enterprises,” he urges. “We now live in a world where health information, as well as other personal information, exists in the cloud and people need to be very wary. They can put moats around their own information resources, servers, but you have to think about everybody else’s servers at the same time.”

In the interview, Kibbe also discusses:

The security and privacy challenges faced by health information exchange organizations that handle and store large volumes of patient data;
A progress update on the use of Direct secure messaging in the healthcare sector;
DirectTrust’s plans to unveil in 2016 Direct-based secure texting and “chats” for use on mobile devices, such as smartphones, in the healthcare sector.
Kibbe, a physician, is founding president and CEO of DirectTrust, a nonprofit alliance that created and maintains the security and trust framework for using the Direct Project for secure e-mail in the healthcare sector. He is also senior adviser to the American Academy of Family Physicians. Kibbe in 2014 was named a top 10 Healthcare Information Security influencer by Information Security Media Group.

This article was published in August 14, 2015 edition of DataBreach Today.

http://www.databreachtoday.com/interviews/how-neglect-made-healthcare-no1-target-i-2840?rf=2015-08-18-edbt&mkt_tok=3RkMMJWWfF9wsRolsqvLZKXonjHpfsX67%2BUtX6G3lMI%2F0ER3fOvrPUfGjI4ETMpkI%2BSLDwEYGJlv6SgFSrXEMbp407gPWBY%3D