Who to sue?

Posted on by Excelsior Staff

Recently word that a US casino was suing a cybersecurity company for failure to protect the assets of the casino. Writing for ‘The Hill’ Katie Williams writes: “Affinity Gaming hired Trustwave, a Chicago-based cybersecurity firm, to investigate and remedy a 2014 breach that compromised credit card information for around 300,000 customers”. Traditionally the stakeholder of an organization…in many cases the customers…lawyer up if there has been a breach and the PII of that customer has been stolen by hackers.

ca

In this case, the organization is suing the cybersecurity firm for failure to protect the organization. This should serve as a reminder to everyone who has a vested interest in cybersecurity that security is a serious business and is a shared responsibility by all parties. Individuals need to protect and monitor their PII to ensure that it is being handled properly by those entrusted with it, as well as see to their own personal protection (ie…not spreading your PII all over social media, or keeping your system updated). Organizations need to exhibit due diligence in protecting data entrusted to them and adhering to best practices. They must also be very particular in what organization they contract with if they outsource their cybersecurity. Failure to do so will surely bring about the interest of the FTC. And obviously organizations that contract to protect the assets of a company need to be sure of their people, their knowledge and their ability to deliver the protection they assert they can.

Cybersecurity is a serious business and needs to treated as such. It is also a shared responsibility in which everyone involved with a particular digital system must perform to their utmost potential in the protection of the assets on that system.

Learn more about cyber liability and protecting businesses at the National Cybersecurity Institute.

Sources

Khandelwal, S. (2016, January 15). Casino Sues Cyber Security Company Over Failure to Stop Hackers. The Hacker News. Retrieved from http://thehackernews.com/2016/01/casino-hacker.html

Law.com (2016, January 19). Casino Sues Cybersecurity Firm for Woefully Inadequate Investigation. Retrieve from http://www.law.com/sites/articles/2016/01/19/casino-sues-cybersecurity-firm-for-woefully-inadequate-investigation/

Williams, K.B. (2016, January 18). Hacked Casino Sues Cybersecurity Firm. The Hill. Retrieved from http://thehill.com/policy/cybersecurity/266103-hacked-casino-sues-cybersecurity-firm

Office of Civil Rights HIPAA Privacy, Security, and Breach Notification Program

Posted on by Excelsior Staff

On March 21st the Office of Civil Rights (OCR) announced the launch of Phase 2 of the HIPAA Audit Program. Phase 2 of the HIPAA Audit Program will review the policies and procedures of the covered entities and their business associates to meet selected standards and implement specifications of the Privacy, Security, and Breach Notification Rules.

cyber & healthcare

These audits will primarily be desk audits, with some on-site audits.OCR will post updated audit protocols for the audits on its website.  The audit protocol will reflect the HIPAA Omnibus Rulemaking and can be used as a tool by organizations to conduct internal self-audits as part of their HIPAA compliance activities.

Sequence and scope:

  1. The address verification letters will be sent out
  1. The second step will be the mailing of the Entity Questionnaire
  1. Conduct 200 desk/onsite audits
  1. Desk audits will be completed by the end of CY 2016
  1. Results and lessons learned will be shared publicly and will be used for the framework of the permanent program
  1. Security Assessments and Gap analyses are not the same in the eyes of the OCR.  A comprehensive Security Assessment  must include all forms of PHI (not just EHR data).
  1. Patient Right of Access will be included in the audit protocol
  1. Audit Protocols will be released in the near future

To learn more about OCR’s Phase 2 Audit program, please visit their website found in sources.

To learn more about HIPAA check out our wide variety of material from webcasts to blogs, and training opportunities at the National Cybersecurity Institute.

Sources

U.S. Department of Health & Human Services (n.d.). HIPAA Privacy, Security, and Breach Notification Audit Program. Retrieved from http://www.hhs.gov/hipaa/for-professionals/compliance-enforcement/audit/index.html

Kicking Bad Habits

Posted on by Excelsior Staff
Dilanthi Graham, Student Success Coach
Dilanthi Graham, Student Success Coach

Breaking a bad habit is never easy.  Even more difficult is being able to identify those habits which are weighing you down as you try to move forward.  There are the usual suspects like procrastination or not paying attention to deadlines.  Any behavior or attitude that creates a barrier to your success can potentially be problematic.  Many Excelsior College students lead busy lives and do not have a lot of time to reflect on what’s working and what’s not.  When life gets hectic and with the demands of school, we focus on just getting through it all.  How many times have you resorted to telling yourself you would power through your work or studying?  Is this doable?  Yes.  A smart and effective choice?  You decide.  I encourage you to strategize your way to the end of the tunnel.  Start small and transform these habits into skills that will serve you better.  Think of it as a short term sacrifice for the ultimate long term reward—your college degree!

Take a mental snapshot of your life.  What small changes can you make today that will make your tomorrow even better?  Do you need more sleep?  Are you spending too much time on Facebook?  Usually one bad habit creates a domino effect, which can have an impact on your effectiveness as a student and in other areas of life, like work and family.  Explore your options.  There may be a happy medium, where school work comes first and then you can indulge in whatever makes you happy.

Sometimes the smallest change can have the biggest impact.  So do what works best for you.  If that means kicking bad habits to the curb cold turkey, go for it!

Webinar: Mentoring Women and Minorities in Cybersecurity – Discovering Your Role

Posted on by Excelsior Staff

On April 4, the National Cybersecurity Institute (NCI) hosted a webinar on Mentoring Women and Minorities in Cybersecurity.

In today’s global workforce, technology plays a key role in almost every corner of decision-making. Executives continue to be challenged with the security of information, government regulations to maintain compliance, and staff training to prevent insider threats. Many careers are being built, and strong relational networks are being formed.See webinar in full screen

The webinar discussed questions like: Where do you fit in this new matrix of skills? How do you access the people that can help you solidify your career path in Cyber Security?

This webinar is part of a new series on Women and Minorities in Cybersecurity.

The webinar was presented by Tasha Phelps. Tasha is nothing short of a seasoned professional in the IT industry. She has over 20 years of professional and academic experience writing, developing and implementing technical solutions for businesses, and governmental agencies.  In her 19-year old company, Phelco Technologies, she has been fortunate in serving clients nation-wide, with the support of a team of application developers, graphic designers and project managers.  Her strengths exist in being able to understand (and apply) technical security functions for clients.  Tasha is able to communicate, very well, to the C-suite of decision makers, by helping them understand the impact of making decisions about technology.  She says that the credit of the success in her business should be given to her staff because they are committed to achieving results, rather than just crossing a task off the list.  Moving forward, she looks to be of significant thought to government agencies as they consider employing stronger technical defense tools to secure information.

 

Fraudulent LinkedIn Profiles

Posted on by Excelsior Staff

CEOs and high profile staff are often targets for LinkedIn fraud. The fraudsters develop fake profiles, with fake photos. They sometimes cut and paste from real profiles. The photos may be of a legitimate LinkedIn member, or a stock photo. Some of the fraudulent member profiles are very good, listing real companies, real positions and even endorsements. Symantec, a security company, noted in a December 2015 blog that they have seen an increase in fake profiles.

Social media savvy essential for corporate cybersecurity
Social media savvy essential for corporate cybersecurity

Why a Fraudulent LinkedIn Profile

Hackers are looking for ways to get personal information including your business email address. They want to know who you are connected to, especially within your company and your peers. The fraudsters take the information gleaned from your profile and enhance it with other stolen or public information. They may try to send bogus emails from your compromised account to request wire transfers out of your business accounts. They may try to implement an elaborate scam leveraging your business. They may try to access your company’s network system using your email account and password hacking.

The Internet offers numerous ways a cyber-criminal can attempt to extort money from you or your business, or leverage personal information to gain access to networks owned by your vendors or customers. The creativity of criminals is amazing. For a fascinating true story, visit this blog by a patent attorney.

Tips on what to look for

  • Consider the likely age in relation to accomplishments, length of experience, type of experience. If she looks under 30 but has 20 years’ experience, it may be worth investigating.
  • Photo looks like a stock photo. Does she just not look real for the position? There are not a lot of civil engineers that look like runway models. Is the expression suitable for the industry? This is a business network, not a dating site. Some hackers seem to have a sense of humor and use photos of deceased famous people.
  • Question why the person wants to connect with you. Put your ego aside for a moment and think if there is a reasonable business reason this person reached out to you. If she is out of your geography, not in your industry and didn’t go to your college, you might want to research this person.

How you can protect yourself

Even the most skeptical person can be victim to high quality fake profiles, but here are some ways to check out those doubtful invitations.

  • Use Google Images to search the web for other occurrences of the photo. If it appears some place strange, or with multiple names, it is probably a borrowed image. for information on how to use Google’s reverse image search see sources below.
  • Check potential connections via an Internet search. Look at the mentioned employers, schools and associated degrees. One example is a fake profile with an engineering degree from a medial university.
  • Investigate recruiter profiles via an Internet search. Call the recruiting employer and ask to speak with the LinkedIn requester, if her picture is not on the website.
  • If you have an active business Twitter account, is the person following you and if so, what are his tweets like?

Other tips include:

  • Periodically search LinkedIn for people who list your company as an employer. Contact LinkedIn Help for anyone incorrectly listing your company.
  • When you invite someone to connect, take a few seconds to write a personal note. Why you want to connect with him/her, what you have in common, or where you met. Most fraudsters don’t take the time to personalize their invitations. Chances are good your recipient will appreciate your personal touch.

Learn more about how to protect your small business or nonprofit by attending our specialize training specific to your needs. Details, schedule, and registration can be found here.

Source:

Google. (n.d.). How Reverse Image Search Works. Retrieved from https://support.google.com/websearch/answer/1325808?hl=en

McCabe, M. Jr. (2015, December 28). IPethics & Insights. Retrieved from http://ipethicslaw.com/attorneys-at-grave-risk-for-online-fraud-linkedin-meets-the-nigerian-letter-scam/

Narang, S. (2015, December 2).Fake LinkedIn accounts want to add you to their professional network: Scammers copy information from real LinkedIn profiles. Retrieved from http://www.symantec.com/connect/blogs/fake-linkedin-accounts-want-add-you-their-professional-network

UPDATED – History at Excelsior: Advice about Your Course, Career, and Graduate School Options

Posted on by Excelsior Staff

 

*Update: The recording of this webinar is now available: https://connect.excelsior.edu/p36hs8fho5c/

 

Are you a History major, do you have a depth in History, or are thinking about focusing on History? Do you wonder what career options are open to those with a degree in History? Are you considering applying to graduate school?

If so, please join us for a live webinar on Monday, March 21 from 12-1pm EST:

“History at Excelsior: Advice about Your Course, Career, and Graduate School Options”

Log-in to https://connect.excelsior.edu/mberkery/ to view*

*the webinar will also be recorded for later viewing

Panelists answering your questions include:

Robin Campbell, PhD, Excelsior History Faculty member, adjunct instructor at the University at Albany, and former Chief Curator of the New York State Office of Parks, Recreation, and Historic Preservation Bureau of Historic Sites in Waterford, NY

Jennifer Lemak-Buff, PhD, Excelsior History Faculty member and Chief Curator of History at the New York State Museum in Albany, NY

Jennifer Cole, Excelsior History Faculty member and Director of Operations, CPNE at Excelsior College

Alicia Audino, Assistant Director of Career Services at Excelsior College

Ben Pearson, PhD, Historian and Faculty Program Director of the Masters in Liberal Studies Program at Excelsior College

Moderator:

Mary Berkery, PhD, Excelsior History Faculty member and Faculty Program Director of History Program at Excelsior College

Mary Berkery, Faculty Program Director, History
Mary Berkery, Faculty Program Director, History

Hey, take care of yourself!

Posted on by Excelsior Staff

When was the last time you did something for yourself?  Besides taking courses and exams, many of our students are managing multiple commitments like work, family, and personal time.  That’s right, we said it, “personal time.”  Some of you may be laughing at this and thinking that you have no free time.  The idea of stepping away to relax may even create stress.

iloveyoucouchWe want you to have a goal to relax.  Whether it’s by binge watching an entire series on Netflix (House of Cards?) or taking a 10 minute nap, you may find that this will help you to refocus and replenish your energy levels.  You also may find that your stress level decreases.  This week and in future weeks we encourage you to TREAT YO SELF!  Excelsior College students are some of the most hardworking and dedicated students on the planet and we want to make sure you get the rest you deserve.

Your Success Coaches,

Savannah & Hannah

FDA Draft: Postmarket Management of Cybersecurity in Medical Devices

Posted on by Excelsior Staff

The FDA recently released new guidance for managing cybersecurity in medical devices. The guidance emphasizes the manufacturers need to monitor, identify, and address cybersecurity vulnerabilities and exploits. This document is guidance and does not establish legally enforceable responsibilities.

Cybersecurity is essential to our health.
Through this document as well as the premarket cybersecurity guidance, the FDA encourages the use of the National Institute of Standards and Technology (NIST) Cybersecurity Framework. The cybersecurity framework core consists of five concurrent and continuous Functions—Identify, Protect, Detect, Respond, Recover. When considered together, these functions provide a high-level, strategic view of the lifecycle of an organization’s management of cybersecurity risk. These five elements should be included in the manufacturer’s cybersecurity risk management program.

The manufacturer, working with the stakeholders can greatly enhance the security of medical devices by implementing a comprehensive cybersecurity framework. This framework should include timely mitigation of identified vulnerabilities and exploits.

Learn more about cybersecurity training for healthcare here by reading chapter 3 in Protecting Our Future (Vol 1).

Source:
FDA (2016, January, 22). Postmarket Management Cybersecurity in Medical Devices: Draft Guidance for Industry and Food and Drug Administration Staff. Retrieved from http://www.fda.gov/downloads/MedicalDevices/DeviceRegulationandGuidance/GuidanceDocuments/UCM482022.pdf

Talking to Your Doctor: Never Too Much Information

Posted on by Gary McClain

Gary McClain, PhD, is a therapist, patient advocate, and writer who specializes in helping clients—as well as their family members and professional caregivers—deal with the emotional impact of chronic and life-threatening illnesses.

Nancy made a list of things to let her doctor know about at her next appointment. It included a few unfamiliar symptoms, some changes she had made to her diet, and a new medication prescribed by another physician.

While she was in the waiting room, Nancy took a look at the list she had made. It seemed kind of long, and she knew her doctor was having an especially busy day. Out of concern that she might waste his time, Nancy reviewed the list she had made. As she went through each item on the list, she started asking herself if it was something she needed to bring up, if it could wait until some other time, or even if it was something that might make her seem overly concerned, or a hypochondriac. She crossed out more than half the items on the list.

As her appointment with her doctor was coming to an end, her doctor said, “Before you leave, anything else going on?”

Nancy felt like she had mentioned everything she had decided was important from her list. So she answered, “I brought a longer list with me, but decided most of it would be a waste of your time to hear about.”

“Nancy,” her doctor said, “how about if you let me make that decision?”

To tell or not to tell

What about you? Do you tell your doctor anything and everything that might be relevant or important? Or, like Nancy, do you hold back out of fear of being a time waster or labeled a high-maintenance patient?

Here are a few things to think about when it comes to keeping your doctor informed:

Write it down and bring it in. Keep an ongoing list of anything that concerns you—symptoms, diet changes, additional medications, and anything else that’s been on your mind. Bring it to your appointment with your doctor. Don’t talk yourself out of having it handy to go over with your doctor. You’re helping your doctor do his/her job when you’re prepared with information they may need to know about.

To read more, please visit Diabetic Connect.

The White Hat Women Pipeline: Solve Today’s Problems for Tomorrow’s Cybersecurity

Posted on by Excelsior Staff

Cybersecurity has dominated the news as of late and is considered a major pain point for both consumers and corporations. Black hat hackers have become the veritable villains of the cyber world, calling into question the integrity of digital infrastructures. Their altruistic counterparts – white hat hackers – are few and far between. This is only compounded by the fact that very few organizations had made solid investments in durable cyber security until after they were hit by cyber threats.

Women in cybersecurity professions are just as, if not more, tricky to find. Consider this: 77 percent of females claim that not a single high school teacher or counselor encouraged them to pursue cybersecurity. Moreover, a mere 33 percent of women understand what a cyber security job would entail, and 52 percent don’t even believe there are courses in cybersecurity for them.

As it stands today, women make up only 10 percent of the cyber security workforce. The reasons listed above are only a few of the roadblocks preventing more women workers in the field of cybersecurity. The workforce needs more women to pursue data protection jobs. In just one year, the world will need nearly 2 million more white hat hackers.

Women could potentially provide a valuable perspective to this profession considering to this point the field has been so male-dominated. The first step towards more female inclusion in cybersecurity will involve the restructuring of perceptions surrounding cybersecurity. These positions aren’t for isolated hackers; they are fit for educated professionals with an interest in policy and process training.

Data security leaders need to start treating professionals in cybersecurity as the valuable and capable employees they are. There need to be major improvements in workplace relations as well as the reinvention of job postings.

For women interested in cybersecurity, Excelsior College has an extensive database of female roles models. Check out the National Cybersecurity Institute’s Initiative for Women in Cybersecurity today for all your training and career guidance needs.

Webinar: Cyber Liability Insurance

Posted on by Excelsior Staff

On March 28, the National Cybersecurity Institute (NCI) hosted a webinar on Cyber Liability Insurance.

According to the Identity Theft Resource Center, there were 781 data breaches reported in 2015 alone, compromising nearly 170 million private records. As these numbers continue to skyrocket, the prevailing question has become not if you will experience a data breach but when. Developing a strategy in this rapidly changing environment presents significant challenges. Correspondingly in the last year there has been a surge of cyber liability insurance adoption, and with it an influx of new questions.See webinar in full screen

This webinar explored the role cyber liability Insurance plays in risk management strategy including discussion of questions like: Do we need cyber insurance? How does it fit into our risk strategy? What is the right coverage, and how do we prepare for a cyber-intrusion or data breach incident?

The webinar was presented by Steve Lobel. As an entrepreneur, Steve Lobel spent his formative years starting and growing several business ventures. For the last 18 years he has been Vice President at Anchor Agency, Inc., a full service independent insurance agency in Albany, NY. Since the early days of the internet, Steve has specialized in insurance products and services that address the complex and rapidly changing risks associated with E-commerce and Information Technology. He has developed a holistic suite of services designed to enable both start-up and mature businesses to manage risk and function effectively in the electronic age. His specialties include: Cyber Liability, Errors & Omissions, Professional Liability, Alternative Energy, and other niche markets. He has attained the professional designation CIC (Certified Insurance Counselor).

 

Webinar: President Obama’s National Cybersecurity Action Plan of 2016

Posted on by Excelsior Staff

On March 24, the National Cybersecurity Institute (NCI) hosted a webinar on President Obama’s National Cybersecurity Action Plan of 2016.See webinar in full screen

As part of the President’s FY-17 Budget, President Obama seeks to establish improving the nation’s cybersecurity posture as one of the legacies of his administration. This webinar examined the details of the proposal and assessed the possibility of enacting significant improvements in U.S. cybersecurity.

The webinar was presented by Dr. Kevin Newmeyer. Currently the Senior Operations Director for the CREATE™ project of the DoD High Performance Computing Modernization Program, Dr. Newmeyer has successfully held a variety of positions in the military, academia, international civil service, and the private sector. His research focuses on international policy issues in cybersecurity. Along with his Ph.D. in Public Policy from Walden University, Dr. Newmeyer’s educational career is highlighted by his selection as an Olmsted Scholar which enabled him to earn his MA in International Relations from the Instituto Universitario Ortega y Gasset in Madrid, Spain. He holds additional degrees from Escuela Diplomática of Spain (Diplomado de Estudios Internacionales), George Mason University (MBA), and the US Naval Academy (BS). Dr. Newmeyer is also a fellow at the National Cybersecurity Institute.