Archive for July, 2011

Phishing should be one of your security concerns

  • Written by Art Gross, President, Entegration, Inc.
  • Posted July 27, 2011 at 11:17 am

I write a lot about network security, HIPAA and protecting patient data. I truly believe that these concerns should be on the top of every healthcare organization’s security list. But recently something has hit my radar that concerns me even more. Phishing has always been a problem but now it seems like an epidemic. Let’s take a closer look at Phishing. What is Phishing? Below is the Wikipedia definition:

 

Phishing is a way of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication.

 

A good example of a typical Phishing attack is for a person to get an email from their bank that states their account has been locked due to suspicious activity.  The email states that the person needs to log into their account to reactivate it.  In the email there is a link to a website that looks like the normal bank login.  The person enters their log in credentials. From here the login credentials are used to access the real bank account and money is then transferred out of the account to another bank.

Unfortunately over the past month I have heard of actual successful Phishing attempts that have resulted in hundreds of thousands of dollars being stolen. Now you see why Phishing is on top of my list of concerns not only for my company but for my client’s as well.

In the past Phishing attempts were easy to spot.  The emails had spelling mistakes, the website didn’t look legitimate, etc. But that is not the case anymore.  The emails now are almost impossible to spot as fake, the websites look exactly like the real websites. It is getting harder and harder to spot Phishing attempts.

With the recent high profile hacking of large companies such as Epsilon and Sony, millions and millions of email addresses are now in the hands of people that are using them for Phishing attacks.

So what can an organization do to protect themselves against Phishing attacks?

  1. Educate your employees – make them aware of Phishing attacks. Make sure anyone that has access to your organization’s financials, credit cards and online banking is very aware of what Phishing is and are on the lookout for Phishing attacks. Make sure they know that anytime they think something may be suspicious, they should call the bank or company and verify the legitimacy of the request prior to providing any information online.
  2. Lower your bank’s wire transfer amount limit – many times a successful Phishing attack utilizes a wire transfer out of the victim’s bank into another bank. One way to protect against this is to lower the wire transfer amount limit on your account. If you don’t use wire transfers often then lower it to $5,000 or less or insist that you have to verbally approve each wire transfer. Each bank is different but it is worth the time to discuss your options with your bank.

In addition to loss of money due to wire transfers, other Phishing attempts try to collect credit card information, social networking information such as ids and passwords of sites such as Facebook and LinkedIn. Now more than ever, it is very important to scrutinize each email that you receive and make sure that it is legitimate prior to providing any information that can be used to access your accounts.

 

Image: scottchan / FreeDigitalPhotos.net

Share
Comments Off
Filed under: Technology Insight

Google+ is fast and furious

  • Written by Art Gross, President, Entegration, Inc.
  • Posted July 14, 2011 at 10:43 am

There has been a lot written about Google+.  Google’s new social platform seems to be a hit. Google+ mixes the best elements of both Facebook and Twitter and provides a platform that allows for both sharing of information as well as providing Facebook type comments and feedback.

So far the pace of information, sharing and user growth has been both fast and furious. I am enjoying the Google+ experience and seeing how a new social platform develops.

Are you on Google+?  If you are and want to connect use the Follow Me on Google+ box to the right of this post to add me to one of your circles.

See you on G+!

 

 

 

 

Share
Comments Off
Filed under: Technology Insight

We are hiring! NYC Systems Administrator

  • Written by Art Gross, President, Entegration, Inc.
  • Posted July 1, 2011 at 12:51 pm

We are looking for a good Systems Administrator for a New York City client.  If you know someone that might be a good fit please pass the below posting to them.

 

Systems Engineer/Systems Administrator

ENTEGRATION, Inc., a leading provider of outsourcing, consulting, and systems integration providing IT consulting services to the medical industry, is seeking a motivated, energetic Systems Engineer/Systems Administrator to support a large client in New York City. We are looking for an individual with a proven track record of implementing and supporting industry standard solutions on Microsoft platforms. A successful candidate will have good intrapersonal skills and be able to interface with high level management at our client to understand and design solutions to meet their requirements.

The Systems Engineer/Systems Administrator will work at our New York client on a full-time basis. They will work closely with our client*s management and employees to understand the client*s needs and support issues. The Systems Engineer/Systems Administrator will also work closely with other Entegration employees to ensure that standard solutions are implemented and to ensure that best practices are shared amongst all Entegration clients.

Duties and Responsibilities:
1. Interface with high levels of management at the client to understand, design, and propose technical solutions to meet their individual needs
2. Author project scopes for client proposals; participate in conference calls and meetings
3. Perform analysis, troubleshooting, diagnosis, and resolution of complex systems and network
4. Design, implement, upgrade, migrate, and maintain all Microsoft Windows server platforms
5. Responsible for design, installation, upgrade, and migration of all Microsoft server technologies, including Microsoft Active Directory and Microsoft Back Office products
6. Troubleshoot, and maintain messaging and collaboration services using Microsoft Exchange 2007 and 2010 server technologies
7. Work with ISPs to design and implement traditional T1/MPLS WANs
8. Implement and troubleshoot BlackBerry Enterprise Server platform (v.4 & v.5)
9. Install and configure Microsoft SQL Server (2000-2010) database platforms
10. Perform installation, configuration, and capacity planning for Citrix XenApp Server farms
11. Design, implement, and troubleshoot Symantec Backup Exec platform along with other disk-based backup methodologies
12. Participate in a rotational on call schedule

Qualifications:
1. Must possess 4+ years systems administration and/or engineering experience.
2. Candidates must possess a Bachelors degree in Computer Science, Information Technology or related field of study.
3. Candidates must demonstrate proven knowledge of computer networking either through formal instruction or practical work experience.
4. Candidates must possess excellent troubleshooting methodology and skills.
5. Candidates must possess strong written and oral communications, as well as strong analytical and problem solving skills.
6. Candidates must be able to demonstrate decision-making and project management skills.
7. Candidates must be able to work well under pressure, prioritize multiple issues at one time, and have a proven track record meeting strict deadlines.
8. Candidates must retain the highest level of professionalism at all times.
9. Ability to work a flexible schedule is required, may occasionally be required to work outside standard business hours.
10. Experience providing IT services to the healthcare industry highly desirable but not required.
11. Microsoft Certification (MCSE or MSTP) highly desirable but not required.

Required Technologies:
* Strong skills deploying, using, and troubleshooting Windows desktop operating systems including 2000, XP, Vista, & Windows 7
* Strong understanding of deploying and troubleshooting Windows Server operating systems including 2000, 2003 & 2008
* A strong understanding of Microsoft Active Directory, Group Policy, and File and Print services
* Strong understanding of Microsoft Exchange (2003 * 2010); advanced understanding of SMTP internet mail flow required
* Advanced installation & configuration of Microsoft SQL Server (2000-2008)
* Networking Protocols including DNS, DHCP, & TCP/IP
* Familiar with smart phone platforms, including BlackBerry, Android, iPhone, & Windows Mobile devices; BlackBerry (BES) server experience required
* Familiar with Enterprise Anti-Virus technologies (McAfee, Symantec, Sunbelt Vipre)
* A strong understanding of Terminal Services administration and troubleshooting
* Strong knowledge configuring, administering, and troubleshooting Citrix Presentation Server for remote access and thin client computing
* Experienced deploying workstations using Symantec Ghost or similar technology
* Candidate must be familiar with automated trouble ticketing systems
* Candidate must be familiar with automated systems monitoring tools
* Candidate must be experienced providing remote support through a variety of remote assistance technologies

Familiarity with the following technologies is highly desirable, but not required:
* Knowledge of Dell hardware
* Knowledge of iSCSI SAN infrastructure (EqualLogic or similar)
* VMWare ESXi hypervisor datacenter experience
* Strong working knowledge of Dell & Cisco switch operating systems
* Working knowledge of AdTran & Cisco routing platforms
* Windows scripting
* Microsoft Sharepoint Server 2007
* Websense * Internet Content Filtering
* ScriptLogic * automated logon scripting tool
* Knowledge of firewall technologies, including ACLs, PAT, NAT
* Knowledge of Cisco firewall operating systems including IPSEC tunneling protocols
* Advanced understanding of physically distributed (branch office) networks and connectivity options (Point-to-point T1, MPLS, VPN, etc)

Candidates must meet the basic requirements of this position in order to be considered.

About

ENTEGRATION, Inc. is a leading provider of outsourcing, consulting, and systems integration services. Since 2000, ENTEGRATION has worked with medical practices of various sizes, ranging from practices with 2-3 providers in a single office to 10 or more providers spread across several offices.

ENTEGRATION specializes in helping our clients implement electronic medical record (EMR) systems from start to finish, including the selection, planning, implementation and on-going support phases. Our focus on medical practices has allowed us to build specific services that today*s practices require, including HIPAA security, EMR hosting, EMR off-site backup, and numerous other services. Our clients depend on us to manage their networks and ensure that they are secure, efficient, and reliable. ENTEGRATION understands medical practices and how they run, allowing us to provide the highest level of service. We strive to be more than just a vendor to our clients; we aim to be a trusted technology advisor and valuable partner.

You can learn more about ENTEGRATION by visiting www.entegration.net.

ENTEGRATION, Inc. is an equal opportunity employer.

Diana Mazzarella
Entegration, Inc.
6 Dumont Place
Morristown, NJ 07960
Phone: (877) 275-4545 ext: 87

 

Share
Comments Off
Filed under: Network Support