Not All Cloud Storage is a Backup

We tend to use the terms data storage and data backup interchangeably. It can be a costly mistake.

Cloud storage is all about easy access to files. It’s not only your access, but also collaborative access that allows teams of people to work on projects together without the need to email various versions. Cloud storage servers such as Microsoft OneDrive, Google Drive, and Dropbox allow team members to be online at the same time and see changes to files in real time. They also allow a single user to access files from anywhere in the world where you can get an internet connection.

Stored files typically are not encrypted or protected with any special technology, and that makes them vulnerable to theft and ransomware attacks. If just one team member has lax security, such as an easily cracked password or uses an unsecured public network, all those stored files are exposed. Further, it could open someone up to SIM swapping.

How should you store your data? We like Microsoft’s Conditional Access, an access management solution that enforces security policies by bringing together real-time signals from users, devices, locations, and applications to block, allow, or require additional verification steps to access resources.

It works on a granular level. For example, you can set limits on which countries someone can log into your system. You can limit IP addresses. Steps like these can provide extremely useful insurance against worldwide hacker organizations that take advantage of local weaknesses in our global networks.

Installing and configuring the right access limits for your needs is not something you should attempt by yourself. There are myriad variables to the conditions that limit access, and if you make a mistake, you could lock out access to people who need it. If that happens, you’ll need an IT professional to undo the problems and reconfigure your system.

How should you back up your data? The short answer is to use specific backup technology. It makes a copy of files in storage and then encrypts them for protection. In the event of a cyberattack, a system outage or some other disaster, the encrypted files are used to restore the files to your system.

We can help you set up and configure both Microsoft Conditional Access and a backup program to keep you safely up and running. We can also provide the training needed to maintain both systems. Call us – 973-433-6676 – or email us to set up an appointment to design a coordinated plan that best meets your needs.

Who’s Minding the Electronic Store?

I recently couldn’t fill a prescription online because the third party that processes pharmaceutical products for my drug plan was hacked. Little did I know at the time this would be an ongoing problem affecting a substantial part of our healthcare system. We’ll leave policy debates to others and focus on what we can do.

The hack was made at Change Healthcare, a subsidiary of UnitedHealth Group, that manages healthcare technology pipelines and processes 14 billion transactions a year. The company said ransomware criminals ALPHV, or Blackcat, had claimed responsibility for the attack but did not say whether it paid or negotiated a ransom. WIRED has reported a ransom payment of $22 million. The company said its investigation determined that Change Healthcare, Optum, UnitedHealthcare, and UnitedHealth Group systems have been affected.

The American Hospital Association has called it “the most significant cyberattack on the U.S. healthcare system in American history.” Providers can’t get paid for services provided, which affects their ability to pay their bills. They can’t preauthorize procedures or authorize payments for prescriptions. The tragedy is that a lot of people can’t afford to lay out the money for prescriptions, much less procedures. Pharmacies are scrambling for drugs. Treatment is not being provided.

But that’s not the end of the problem. Patient records – sensitive personal information – may have been compromised, and that’s another set of issues.

United Healthcare said it immediately disconnected Change Healthcare and started working with law enforcement agencies and cybersecurity experts. They instituted workarounds, including manual processes to submit information, check eligibility, look at claim status to make claims, clear prior authorizations, and fill prescriptions.

While most of us are nowhere near the size of United Healthcare, we can be ransomware targets and suffer just as significantly on our own level. And on our own level, we must be willing to make the necessary investments in our technology because we depend so much on its operating performance and reliability. A good plan to prevent problems looks something like this:

  1. Make sure all your hardware can run the most up to date software for your operating system, cybersecurity, and apps. For example, Microsoft will no longer support Windows 10 a year from now. You may need to upgrade to systems capable of running Windows 11. Newer versions of other software may not run on Windows 10.
  2. Have a documented process in place to make sure updates for operating system, security, and application software are automatically downloaded and installed on every piece of equipment in your office. You also need to verify the process is being followed.
  3. Have an emergency response plan with people trained to implement it as soon as a problem is detected. That plan may include disconnecting systems from the internet and processes to reconnect or work without full web-based capabilities.

We can help you by assessing your technology assets and liabilities; procuring and installing new technology; and developing an emergency response plan. Call us – 973-433-66776 – or email us for an appointment.