I was reading an article about cyber crime trends. This article, of course talked about how phishing attempts are still growing. Cyber criminals infiltrating your network by simply sending an e-mail and playing on people’s emotions is still very relevant. But the author of another article, this article linked to, hinted we might be sick about talking about phishing.
So I am going to talk about something else that popped out to me about cyber crime trends. I kind of knew about this trend from attending IT conferences but was reminded by this article.
More and more, gadgets that connect to the Internet are coming out every day. Think Fitbit or thermostat. Us computer people call this the “Internet of Things”. Do you know that cyber crime remote attacks are attempted on a lot these things? You probably never thought your thermostat at office, connected to the Internet, could be the start of an attack on your network. These devices are vulnerable because they are not designed with security in mind. As this article states, because putting a focus on security would significantly increase manufacturing and maintenance expenses. It makes common sense that that $60 gadget you bought is not exactly going to be Ft. Knox.
The answer to this security concern, besides being on the lookout, in the news, for exploited vulnerabilities for the product you bought, is to segment these devices off your network and away from valuable information
Don’t worry, you don’t need to know about setting up VLANs on your switch to segment. Segmenting is not that hard these days with the newest wireless access points.
Most wireless access points, like my home Verizon router, have both a normal (or internal network) and a Guest network. You simply put these devices on the guest network. These little devices most likely don’t need to connect to your workstations on your network or especially your server where ePHI or other sensitive data is stored. So the receptionist’s Fitbit will be happy getting to the Internet through the Guest network. No need for it to have access to your patients information.