Wednesday, June 19, 2019

Web Secret 577: Preparing for a cyber attack

Open Minds is a top notch consulting firm in the health and human service space.

Last month, they published an excellent article in one of their newsletters "Preparing For A Cyberattack — In Four Steps".

Here is a summary of key points:

Cyberattacks — an attempt by hackers to damage, destroy, or hold hostage a computer network, system, or data—have come to health and human service organizations.

The field has become a prime target for hackers. Health care now has twice the number of cyberattacks per day compared to other industries.

You can’t necessarily prevent a cyberattack, but you can mitigate its effect with a few fundamental preventive measures. Here are those preventive measures:

Understand state-specific plans for protected health information (PHI)—Protected health information is the term given to health data created, received, stored, or transmitted by HIPAA-covered entities and their business associates. Protecting this information is especially important and complicated because the federal government has rules, and each state have its own set of rules (including privacy regulations) that control access and security for PHI. It’s mandatory to know what data in your possession and what rules are governing how you handle that data.

Conduct a data risk assessment This assessment helps you identify at-risk, sensitive, or classified data, and the level of risk that it may be attacked, hacked, or breached. If you can’t provide a succinct answer to the question, “How vulnerable are you to data breaches” then chances are you are extremely susceptible. Running a risk assessment means assessing all your technology (hardware and software), your organizational processes for managing data, and reviewing the staff protocols and training for those who will use and have access to the data.

Build a data security strategy A data security strategy is your plan (including procedures, policies and protocols) for how you will protect your data from being compromised, breached, hacked, or held for ransom in any way. Provider organizations need both a strategy and an action plan to leverage the security potential of data encryption, standardized processes for authentication of user identification, defined policies about appropriate data access, and regularly scheduled audits of the databases. Once you have the tools, getting the processes in place will also mean training staff to use and protect your secure system.

Develop a data breach response plan A response plan is the approach organizations take to address and manage the aftermath of a cyberattack. It’s best to have a plan, including how to stop the hacking and report the incident. Having a slow response to either of those things will only compound the problem (and possible the financial repercussions with the feds). Your data breach response plan needs a leader, a team with clearly defined goals during the hack, and an incident response plan to guide the team through response protocols.

As always, if you do not have cybersecurity expertise in house, it pays to hire a pro.

Wednesday, June 12, 2019

Web Secret 576: Deadwood

In a 2014 article, the chief television critic of the New York Times, (and one of my high school classmates!), argued that the 3 season HBO show "Deadwood" - which first aired in 2004 - was the prelude to the 2nd golden age of television.

With the Deadwood movie coming out as I write this, I was inclined to see what the fuss was about and watch the series for the first time.

Deadwood is demanding of its viewers. The program is set in an 1870s mining "camp" in the Dakotas, where life is filthy, violent and profane. The plot is extremely complex and the characters are multi-layered. Their motivations are often obscure, and take many episodes to fathom. The show's creator extensively researched the language of the period and the protagonists speak with a great deal of vile language and use a turn of phrase that is very different from the way we express ourselves today.

For the first 4 to 6 episodes, I almost gave up on watching the show. I couldn't understand who the principal actors where and at times I could barely understand what any of them were saying. I turned on closed captions - which helped immensely - and got used to the dialogue. I finally got a lay of the land. And then I was hooked.

Deadwood is one of the most beautifully written TV shows I have ever watched. Perhaps the most beautiful.

I constantly want to pause to write down lines I have just listened to. Viewers often quote from the speeches of Deadwood principal character Al Swearingen to illustrate this beauty. But I prefer this exchange between theater troop leader Jack Langrishe and his friend and perhaps lover, the aged and dying actor Chesterton. The two speak in the hotel room where Chesterton is bed ridden:
JL: I am your Jack, Chesterton, but your producer too.
C: A rigor we've always sustained.
JL: To carry a performer through illness where recovery is in prospect is an indulgence one can sometimes justify, but support of idleness destined for the grave that, Chesterton, the narrow economy of our art does not permit.
C: You would have me die destitute?
JL: You will purchase your keep with that voice - intrusive and incessantly opinionated - no vagary of our past has yet stilled.
If you love Shakespeare, this is the show he would have written, if he had lived in the 21st century.

Wednesday, June 5, 2019

Web Secret 575: I Won’t Upgrade My Phone Until It Can Turn Into a Magic Pony

I occasionally come across an article that is so on point, I publish it in its entirety - abridged.

"Why I Won’t Upgrade My Phone Until It Can Turn Into a Magic Pony," written by Jessica Powell for Medium, an online magazine, is one such gem.

Here it is:

Of all the absurd things I’ve hoarded over the years, by far the stupidest collection in my closet is a box of old mobile phones. I’ve told myself ... if there were an apocalypse, I might be able to barter one away in exchange for food or water.

But in truth, I think I’ve just held on to them because they mark the passage of time...Plus, how often do we get to document, on such a personal level, the rapid evolution of a particular piece of technology?

When mobile phones were first introduced, they were elusive status symbols.... Their huge, brick-like size announced their worth: Look at me, they screamed...My father, a doctor who was often on call at the hospital, had one of these enormous phones, and none of us was allowed to touch it...

But luxury is defined in part by scarcity. Bit by bit, phones got smaller and cheaper and into the hands of more people. Having a phone was no longer a privilege reserved for the few...

I got my first phone in 2001. While it was nothing fancy, it was a wondrous thing that fit in the palm of my hand and made phone calls. It could also — well, no, that was really all it could do: make phone calls...

...I never once thought of these early-aught phones as status symbols the way I had back when phones were scarce — they were simply pieces of plastic and wire that helped me make calls from one place to another. They seemed about as unique to me as paper towels or USB sticks.

And yet, once smartphones rolled onto the scene, everything seemed to change. Overnight, it seemed that phones had once again become major status symbols.

Beginning in 2007, it was no longer a question as to whether you had a phone, but rather what kind of phone you owned. One’s choice of device spoke volumes — it fit you into a tidy categorization of wealth and interests. Having an iPhone meant you had money. A BlackBerry? Lots of money. An Android? Not so much. A flip phone? That was just kind of embarrassing.

It wasn’t just about wealth — your phone post-2007 said something about your lifestyle. iPhone users were the creative types. Android users were into tech. BlackBerry users — while those still existed — were men in suits who fired off angry, monosyllabic emails and probably made inappropriate comments to the secretaries in the coffee room.

There were now phones for any need or purpose. Even thematic phones had a decent run in some parts of the world. On a work trip to Jakarta, I picked up a special-edition “ladies-only” phone — a pink device sparkling with white plastic crystals...

All of which is to say that 10 years ago there was a wealth of phone options and a whole lot of competition...

But today there are essentially two operating systems — Apple and Android — and our phones all basically look the same and can do the same things...

But there’s a bigger problem that has nothing to do with the relative inconspicuousness of phones: incremental innovation. ..what are we really getting in exchange beyond a slightly better camera and screen?

Sure enough, the latest numbers show that people are upgrading their phones at a much slower rate than before...

If the companies want our money, they’ll have to build far more magical devices or figure out how to add some glitz and glam on the side. Bring us a gigantic phone we can swim in. Or a phone that will whisper compliments to us as we walk down the street. A phone that populates everything around us with AR-driven dancing ponies, or one that will double as a Swiss army knife in the event of the apocalypse I keep worrying about.

In the absence of all that, I’m sticking with my current 2017 phone until it breaks. I’ll spend my money on things that really show people who I am — like drinking raw water, putting jade eggs in my hoohaw, and raising chickens in my backyard biosphere.

And when that phone finally breaks, I’ll do something really radical — go phoneless.

The ultimate status symbol, of course, being someone who is so superior to everyone that they don’t need to communicate with anyone.