Starting Again

After a few years away, I'm restarting a blog. Nothing fancy, just someplace to share things I find interesting, things that occupy my mind. In these pages, over time, you may find my explorations of and musings on: spirituality and faith, information security, technology, online privacy, family, health, fitness, athletics, personal growth, and who knows what else. I'll also probably re-post articles that I wrote for my company's blog.

Mostly this blog is for me, my online outlet now that I've extricated myself from the useless entrapment of the social media machines.

Anyway, enjoy...

Don’t use Internet Explorer, says Microsoft Security Chief

This article previously published at EagleConsultingPartners.com

Internet Explorer Browser Meme

Internet Explorer is a “compatibility solution” not a “modern browser”, explains Microsoft’s lead for cybersecurity in a recent blog post.

Do you use the Internet Explorer web browser on a regular basis? Does your practice or organization? Well, the message from a Microsoft cybersecurity leader is to STOP!

Chris Jackson is a Microsoft cybersecurity expert. In a post published on the Microsoft Windows IT Pro blog, Jackson put in writing what IT professionals have been quietly saying for years: Internet Explorer is not a modern browser. It is a big risk on the internet and exists only for use with legacy systems or applications that don’t work with newer browsers.

“You see, Internet Explorer is a compatibility solution. We’re not supporting new web standards for it and, while many sites work fine, developers by and large just aren’t testing for Internet Explorer these days. They’re testing on modern browsers. “

Maybe they should stop calling it “Internet” Explorer?

Jackson doesn’t comment on which browsers you should be using. He doesn’t even recommend Edge, Microsoft’s current “flagship” browser. I don’t recommend using Edge either, as Microsoft has been slow to update it and is soon going to kill the current Edge to completely rebuild it on the same underlying system that Google Chrome uses.

Which Browser Should I Use?

Internet Explorer Browser Meme

When it comes to default everyday internet use, there are only three real recommendations: Chrome, Firefox, or Safari. Since we’re talking about alternatives to Internet Explorer, I’ll assume you’re on Windows and ignore Safari for the rest of this post.

Chrome: Chrome is king right now in terms of overall usage, with an impressive 62% of web browsing happening via a Chrome browser (per Wikipedia, data as of December 2018). It is an excellent browser, fast, and easy to use. Chrome automatically updates itself, so users and IT admins don’t have to worry about running updates. Long story short: If you have no idea which browser to be using, just use Chrome.

Firefox: Firefox is neck-in-neck with Chrome in terms of overall quality and capabilities, though it has barely 5% of the browser market share. If you haven’t looked at Firefox recently, an extensive overhaul last spring transformed it into a serious Chrome rival. Firefox is my browser of choice, for what that’s worth. Consider trying it (especially if you have any concerns about Google’s ever-growing reach).

But I Have to Use Internet Explorer Because…

I know, I know – you have to use Internet Explorer because XYZ application on your network requires it or ABC website only works on Internet Explorer. I get it, and so does Chris Jackson. This is why Microsoft hasn’t completely removed Internet Explorer from our lives. These legacy and compatibility needs are out there.

Jackson’s point, and the one thing I want you to take away from this post, is that you should only use Internet Explorer for these compatibility purposes. Anything else is a security risk. For surfing the web, checking webmail, Amazon, Netflix, Facebook, Twitter, banking, and everything else you’re doing online, use a modern web browser like Firefox or Chrome. End of story.

Nota Bene:

  • For you Mac/Safari users: Safari is a perfectly fine browser. Carry on. Or consider one of the options above.
  • If you read this and said, “But Mike, what about Chromium, Opera, Vivaldi, etc.?!”, then you already know enough, so stop reading and go help others in your organization get sorted out!
  • For the technically-inclined, read Jackson’s post for his explanation of why Internet Explorer is so flawed. It is linked in the sources below.

Sources: Chris Jackson’s post on the Microsoft Windows IT Pro BlogZDNetWikipedia; Header Image; Image 2

More Health Data Breaches Coming, 2018 Data Suggests

This article originally published at EagleConsultingPartners.com

“The trend of at least one breach per day that began in 2016 is expected to continue in 2019.”

That’s one of the conclusions from the recent Protenus 2019 Breach Barometer report, published by healthcare compliance analytics company Protenus Inc. The report, which reviews health data breaches reported during 2018, emphasizes that organizations with Protected Health Information (PHI) still suffer from the same vulnerability areas and fall victim to the same attacks. Furthermore, the number of records impacted per breach is trending significantly upward. As of this writing, 68 breaches affecting 2.6 million records have been reported to the HHS Breach Portal during 2019. That’s more than twice as many affected records as the same period last year.

In short, the trends in the Breach Barometer suggest that the baseline risk of a health data breach is increasing across the board. Organizations with PHI – large and small – need to understand the importance of assessing and managing risks to the organization’s data.

Reviewing 2018

  • The total number of breaches (503) increased slightly from 2017.
  • However, breaches in 2018 affected over 15 million patient records, nearly three times the number from 2017.
  • The number of breached patient records increased every quarter during 2018, as shown in the chart from Protenus below.
Affected patient records by quarter, 2018 health data breaches (Protenus 2019 Breach Barometer Report)

Affected patient records by quarter, 2018 health data breaches (Protenus 2019 Breach Barometer Report)

Key Challenges

Insiders

  • Insiders accounted for 28% of the reported breaches.
  • Incidents in 2018 are fewer vs. 2017, but the number of patient records affected is substantially higher.
  • Insider error was a much bigger problem than insider wrongdoing, both in incident count and records affected. (See comparison below.)
  • “On average, 3.86 healthcare employees breach patient privacy per every 1,000 employees.”
Patient records breached by insiders, 2017 vs. 2018 health data breaches (Protenus 2019 Breach Barometer Report)

Patient records breached by insiders, 2017 vs. 2018 health data breaches (Protenus 2019 Breach Barometer Report)

Hacking

  • Hacking incidents accounted for 44% of the 2018 breaches.
  • Hacking exposed 11 million records in 2018. That’s a huge increase compared to the 3 million records hacked in 2017.
  • Phishing and other employee-targeted attacks continue to be a major problem.

Business Associates

  • Business Associate breaches accounted for 5.3 million records in 2018, about one-third of the year’s total.
  • This number emphasizes the importance of assessing third-party risk to an organization’s protected health information.

Paper Records

  • “89 incidents involved paper records. These incidents affected 586,728 patient records.”
  • Although many organizations are shifting to digital, these paper records remain an area for concern.

Incident Discovery

  • Organizations remain very slow to discover health data breaches, with a mean discovery time of 255 days. In other words, it took on average 5 months for organizations to discover they had suffered a data breach!
  • The worst of these included an insider incident that took 15 years for the organization to discover. Seven other breaches had taken over four years to identify.
  • On the (slightly) brighter side, the median discovery time was 28 days, so the majority of incidents were discovered in under a month.
  • Hacking incidents were generally discovered quickly, while insider incidents took organizations much longer to identify. Due to resource limitations, internal audit teams are investigating only a small fraction of potential violations. This suggests that many incidents are never identified.

Takeaways

Health data breaches are growing bigger and more common. Organizations with PHI continue to suffer the same issues and make the same mistakes, year after year.

Please do not become a headline in 2019. Assess your organization’s risks this year. Take steps to address issues.  Do it for yourself, because it’s good business, and for the good of the people you serve. Don’t become a statistic in the 2020 Breach Barometer report.

Need help with a security risk analysis for your organization? At Eagle, we pride ourselves on providing a thorough, useful, and action-oriented security risk analysis for our clients. Contact us today!

© 2019 Musings

Theme by Anders NorénUp ↑