Notifiable Data Breach Scheme

From February 2018, you MUST take reasonable steps to ensure the safety of personal data held in your systems

Notifiable Data Breaches scheme | Free Data Breach Response Plan

Security and Network Audits

A comprehensive review of your internal and external security should be completed annually or after significant change. A test restore of your system should be included to ensure your data is safe.
Get a security audit

Web Site Security

WordPress has made it easy for anybody to have a dynamic and beautiful web site. However this has made it a huge security target. If your website is important it requires backing up, securing and regular maintenance.
Secure your site today

Data breach response plan

This page could save your business Create a data breach response plan customised to your business.Suitable for private medical practices...

Read More

Layered Security

From Anti-Virus to Zero-Day attacks, security is not a product it’s a process. Our layers of security keep you safe from modern threats.

Health IT provide a layered approach to security which includes:

1.       People Security (Training, common sense)
2.       Physical Security (Server accessibility, screen locks etc.)
3.       Network Security (Managed Firewall, Spam protection)
4.       Endpoint Security (Managed Anti-virus, anti-spyware)
5.       Application Security (Appropriate permissions, Principle of least privilege)
6.       Data Security (Backup and Disaster Recovery)

Security Stack

Protect each Windows or Macintosh computer in use including servers.

  • Managed Anti-virus system – infections checked and remediated daily*
  • Manage DNS security – A cloud based security system sitting between your computers and the Internet. The principle purpose is to prevent your systems from communicating with known “bad” or infected sites on the Internet. This can also be used to manage access to web sites or categories of web sites for example blocking social media.
  • Windows computers are additionally protected by automated lockdown including proactive Crypto protection.
  • Where possible, Group Policy and other automated tools are used to continuously improve the computers protected by our server stack.

* Note that this Security Stack is provided to attempt to prevent any infection of malware / ransomware / virus. In the case of infection, automated tools will attempt to contain and remedy the infection. If these tools cannot solve the issue, manual remediation of infection, due to unpredictable scope and effect, is out of the scope of this agreement. We will take action as deemed necessary and contact you as soon as possible.

Anti-Virus – Webroot
DNS Security – Cisco Umbrella
Maintenance System – ConnectWise Manage
Third Wall Security Plugin (Windows only)

Security Stack + SOC + SIEM

SOC – Security Operations Centre
SIEM – Security Information and Event Management

This product is applied to either a Server, Firewall or Office 365 Tenancy.
In each case, all logging is sent to a trusted security provider in Melbourne.

SSL Certificate

An SSL Certificate may be used to secure a service eg. Web site, Secure remote access.

Security Stack + Endpoint

Security Stack + Endpoint is our Security Stack product + next generation endpoint protection from Cylance or Sophos.

Protect each Windows or Macintosh computer in use including servers.

  • Managed Anti-virus system – infections checked and remediated daily*
  • Managed DNS security – A cloud based security system sitting between your computers and the Internet. The principle purpose is to prevent your systems from communicating with known “bad” or infected sites on the Internet. This can also be used to manage access to web sites or categories of web sites for example blocking social media.
  • Windows computers are additionally protected by automated lockdown including proactive Crypto protection.
  • Where possible, Group Policy and other automated tools are used to continuously improve the computers protected by our server stack.
  • Security Stack + optionally adds additional advanced security for users seeking to protect their data at a higher level.

* Note that this Security Stack is provided to attempt to prevent any infection of malware / ransomware / virus. In the case of infection, automated tools will attempt to contain and remedy the infection. If these tools cannot solve the issue, manual remediation of infection, due to unpredictable scope and effect, is out of the scope of this agreement. We will take action as deemed necessary and contact you as soon as possible.

Multi Factor Authentication License

Multi Factor Authentication (MFA) is now standard to protect remote access to secure data. A license is required for each user connecting remotely.

Our Duo Security MFA system applies this security to your servers so that all remote access is secure.

It operates with your smart phone and you simply need to press a button to authorise access.

With the Essential Eight in mind, we are working towards NIST which is a broader framework.

Along the way we need to comply with MSP3 an Australian Government security initiative to harden IT providers.

In GP land, we need to solve Part 6 of the RACGP Standards V5 for our customers.

For recent examples see: Northlakes Doctors Accreditation IT Report 2019 and Northlakes Doctors – Disaster Recovery Plan

Here are some current ideas around what the stack should achieve