Thursday, July 13, 2017

Computer Security

There has been plenty written in the news lately about hacks and cyber-attacks, but relax, we are going to stay out of politics in relation to this topic. As keepers of personal identifying information, we, in the medical and health care professions, are often targets of Internet schemers and scammers. The hackers are extremely inventive and persistent, constantly coming up with new ways to get past our defenses. However, there are some things that we can do to limit exposure to cyber-attacks, which is more than can be said about our exposure to politics.



Hospitals and medical centers are perfect targets for Ransomware. Ransomware is a nasty little file that gets uploaded into a computer when the user clicks on a link or attachment. The infecting file goes into action, encrypting files and rendering them inaccessible. The Ransomware blackmailer then threatens to make hacked information public or offers (for a fee) to remove the encryption and restore access to the computer. Because of the critical nature of health care, hospitals tend to pony up the blackmail fee to get their computers back up and running as soon as possible. Having to pay money for restoring the use of your own computer is simply deplorable but, unfortunately, Ransomware, Malware, phishing, and other pernicious social engineering scams are here to stay.

The adage "If it looks too good to be true, then it probably is too good to be true" is certainly applicable to any e-mails you may receive. Use some common sense:  There are not millions of inheritance dollars in Nigeria, you did not just win a tricked-out Lamborghini, and your Facebook fiancĂ© may not really be the drop-dead gorgeous lead singer of the Flaming Yams. Yet, despite the obvious, it is surprising that scammers still find people to scam. But it's really not a question of gullibility as scammers have increasingly become more and more sophisticated in their techniques.


Scammers replicate logos to make emails look as if they came from your bank, doctor, credit card company, or a website you commonly use such as Linkedin, Paypal, Google, or Facebook. The text message may refer to a problem with your account, an unauthorized intrusion, or some other ruse designed to get you to click on a link or otherwise furnish an ID, password, or bank account information. The sophistication involved is designed to get users to set aside his or her mistrust, and unwittingly let the scammer enter the computer system. 


Here at Rexpert, we  monitor our servers and update our security software regularly. However, we cannot monitor the individual PC's and laptops that log onto our system. So, here are a few things that you can do on your end, to help prevent a cyber intrusion:
  • Make sure that the operating system of the PC or laptop you use to log into the Rexpert Windows server has all the needed security updates so as to minimize the likelihood of getting infected by malware. 
  • Update and run your security software early and often. If you're not sure how to install security software or where to get it, please contact Client Services via the Feedback button.
  • Use security software that scans all incoming e-mails and attachments before opening them.
If the above recommendations are not in your job description or qualifications, then work with your IT department to effect all of the above.

When it comes to attachments, follow the advice of that great computer security guru Elmer Fudd: "Be vewy, vewy careful":
  • Be cautious of any e-mail attachments that you are not expecting. 
  • Take time to contact the person sending an e-mail before opening anything. 
  • Be very, very wary (vewy, vewy, wawy?) of any links contained in the body of an e-mail. 
  • Learn to fear buttons, too. Pressing a button icon can cause malicious code to be uploaded.
  • Check the validity of a link contained in an e-mail text by hovering over it (see explanation below)
You can check the link for a URL by hovering over it. For instance, if you hover (place your cursor) over:

You should see the URL, either in a pop-up display or as on our computers, at the bottom of the screen:
 https://gvt-rexpert.blogspot.in/

But if I wanted to take advantage of your trusting nature, I would send you this link which still looks like the link to our totally awesome blog:

But now, when you hover on it, you will see:
https://www.fbi.gov/scams-and-safety/common-fraud-schemes

Now, if I was really scamming you, the link would go to a malicious site instead of the FBI page on common fraud schemes (which is good reading, by the way, on what we have just skimmed the surface of on this topic). So, the point is, check the validity of  links before clicking on them. That's it for now and back to getting wascawy wabbits, and good luck avoiding the politics (or powitics, as Elmer Fudd would say). 

No comments: