3 County Boards in 1 Week Fall Victim to Cybercrime

Over the past few months, we’re seeing a growing list of Ohio County Boards of Developmental Disabilities and DD-related organizations and businesses falling victim to cybercrime. In fact, we’ve seen THREE such boards and a business fall victim to phishing attacks, in particular, over the past weeks alone. None of them were our clients, but the result did impact them, as it did with many others throughout the State, and saw us implementing our standard security response measures to lessen that impact. Technology is evolving, and nowadays, everyone needs to be aware of the potential risks associated with malware, ransomware, and other types of viruses. Hackers are targeting governments, individuals, and businesses alike with sophisticated, coordinated forms of attack. What’s next? Well, unfortunately, we can expect to keep seeing attacks on the news unless we, as a society, ramp up our efforts to stay safe.

Our Biggest Recommendation to County Boards? Invest in a Good Technology Partner…

Often, County Boards of DD think they’re saving money when they choose to work with a cheaper managed IT services provider (MSP), but in reality, they’re opening themselves up to risks beyond their control. A good technology partner tends to charge a bit more. Why? Because they invest in enterprise-grade tools and technologies to keep their clients running productively while maintaining security of sensitive data.

GO Concepts, for instance, isn’t necessarily invulnerable, but we make tremendous efforts to not allow breaches to happen to our clients. We’ve been through multiple HIPAA assessments ourselves. In fact, we’ve done so well, they wrote a whitepaper about us. Here’s a recent case regarding a County Board we recently brought on that was working with an MSP who led them to believe they were safe. In reality, they weren’t safe at all…

  • Their main server was running Windows Server 2003, which reached its end of life in July, 2015.
  • Their desktops weren’t encrypted and neither were their backups, which weren’t copied offsite.
  • Their password policy consisted of requiring employees to create a 7-character password – a fairly unsafe practice.
  • Their scanners used a gmail account to send documents containing sensitive data to emails.

Pretty scary, isn’t it? We trust our MSPs to provide the utmost protection, along with the guidance we need to alter our internal processes and procedures accordingly. A cheap MSP simply doesn’t have the means to offer this level of expertise.

How Can You Stay Safe Against Cybercrime?

You may have a firewall and antivirus software installed, but that’s not enough to keep you safe from cybercrime. Here’s our top 4 tips:

1. Keep your data backed up and test those backups on a regular basis

If you have on-premise servers, your data should be backed up onsite on an appliance and offsite in the cloud with backups occurring automatically at regular intervals. You should also test your backups to ensure recoverability on a regular basis. An even better option is going to a cloud-based server setup, like our Virtual Datacenter in our Private Cloud, which not only includes a complete backup, retention, and disaster recovery solution, but is designed specifically for County Boards of DD.

2. Put procedures in place for wiring money and other sensitive transactions

Make sure you have controls in place that outline and enforce the systems, policies, and procedures required to wire money or perform other sensitive transactions in a safe and secure manner. This will prevent fraud and detect errors that could lead to noncompliance.

3. Follow best practices in regard to access controls and/or passwords

Nobody should have access to sensitive information unless it’s imperative for their job role. In addition, you should have a policy in place requiring employees to use either complex passwords that combine letters, numbers, and characters or the most current recommendation of long-is-stronger passphrases. You should also consider having a 2-Factor Authentication (2FA) solution, as well as a password security management system.

4. Conduct cybersecurity awareness training as often as possible

All employees should undergo a comprehensive cybersecurity awareness training program that teaches them how to use business technology properly without exposing data, how to identify and respond to threats, and what to do when an incident does happen. It must be current, engaging, and ongoing to truly be effective. Breach prevention and HIPAA compliance should be a focus of any modern County Board of DD.

GO Concepts is the premier information technology solutions provider in Ohio for agencies, independent providers, and county boards for the developmentally disabled. Call (513) 934 – 8235 to learn more.

Like this article? Here’s a few more:

 

GO Concepts Sponsors the SHIFT Music + Art + Mindset Event

 

How Can You Turn Your Weakest Link Into Your Strongest Defense?

 

Edoc Service… A Chat With CEO, Jim Mullaney