Law Inside 2010

The New York Times reported on 2-19-10 that virtually every state is making or planning significant cuts in Medicaid benefits. These actions are taking place while demand for Medicaid grows. This entitlement, originally conceived as a support for those in lower socioeconomic classes and disabled persons, now is a necessary lifeline for those formerly in middle income groups who have lost their jobs. Medicaid enrollment soared by 7.5% from June 2008 to June 2009 (3.3 million new enrollees). The 2009-2010 increase is expected to be even larger.

The American health care crisis is not a doomsday scenario concocted by shrill socialist Chicken Littles. State governments can’t afford to pay their health care bills. It’s not surprising that individual Americans can’t afford to pay for health insurance and are dropping coverage by the millions.

The Medicaid news is the canary in the coal mine. When the canary dies, it’s time to pack up your gear and get out. In terms of health care, the demise of Medicaid is the clearest possible signal that the entire edifice is about to come crashing down.

States can’t pay Medicaid bills. Hospitals and physicians will lose substantial revenues. Many hospitals will file for bankruptcy. Others will drastically reduce services, starting with community assistance programs. Physicians will discontinue participation in Medicaid in frantic attempts to regain financial solvency. In the worst case, hospitals and physicians will only accept new patients on the basis of proof of ability to pay. Health care policy in American will become “no cash, no care”. Tens of millions of Americans will have zero access to quality medical services.

We’re veering sharply in the direction of a society of medical haves and have-nots in which there is no middle ground, no available safety net. Public health disasters will rapidly befall such a society, disasters that will not spare those fortunate enough to have “good benefits”. As millions of Americans, particularly low-income children, become less well, they will become breeding grounds for bacteria, viruses, and parasites. The deadly diseases of the past – tuberculosis, diphtheria, and whooping cough – will return with great force. New infections will arise as a weakened population makes it easier for microorganisms to take hold. Diseases with the pathogenicity of HIV will race through communities and cities, spreading from region to region. Neither Republicans nor Democrats, neither Red states nor Blue states, will be spared from this public health implosion.

Filed under: Articles | No Comments »

Like everything else, technology has got its ugly face which can no longer be ignored. With every patch released for a particular weakness, being followed by the next exploit at the very next moment, you can never be sure that your systems, your processes, your business and ultimately the economy are in safe hands. How good it would have been if technology alone could help us confide in it of totally securing ourselves? Unfortunately, that’s not the case.

With a wholesome increase in internal employee frauds, gone are the days when only firewall or IDS or other security devices could protect our networks and systems. As per the 2010 Cyber Security Watch Survey, insiders were rated as the second largest threat after hackers and also the worst since they are mostly silent and hence difficult to detect. Even a big list of policies, procedures and safe practices falls short owing to a small mistake, intentional or unintentional, by an employee. Putting money every time does not solve the problem. You may invest millions in building thousands of security controls, but a minor inexpensive measure, if not taken may cost you a fortune. As per the survey report, the most often neglected simple measures are listed below:

1. Patch Management: With ever growing business requirements, increases the number of software and applications fulfilling them with a single constant governing their complexity- the number of available patches. Each software vendor releases large number of patches continuously. The grave problem in many organizations is that the need for a patch is not realized until the business is impacted. The strategy adopted is often reactive and not proactive. The requirement for a particular patch is at times realized six months after the patch has been released.

The other problem is unmanaged changes. Patches, if not validated, approved and tested in a disciplined manner may cause other business functionalities or controls to break or malfunction. The challenges faced in patch management are affected by compound factors like volume and complexity of patches, speed of implementation, impact on business, events driving the need and environment changes.

Hence, an ongoing proactive process should be followed to identify the available patches, determine the organization’s need, validate, test, implement and continuously monitor the patches for compliance.

2. Log Analysis: Improper log analysis is a cause of many unauthorized and suspicious activities going undetected. Logs are often analyzed just for complying with regulatory and legal requirements. While focusing on compliance, an abnormal event is ignored at times. Organizations should set up rules to perform continuous analysis of daily logs to detect, alert and act upon any suspicious activity found. While doing this, business critical assets and the activities performed on them/by them that need to be monitored, should be identified first. Also, a baseline for security configuration settings should be developed for each device/type of device within an organization and any violation to these settings needs to be alerted. All network, system and critical server logs should be closely monitored to understand the implementation and health of security controls within the organization and their compliance with organizational policies and procedures.

3. Privilege Restrictions: Unmanaged user roles and privileges are similar to open doors of a treasury which can be escalated to gain control of critical systems within an organization. User roles and the privileges assigned to them if not managed and reviewed periodically may lead to privilege escalation attacks. Internet facing services are more risky and hence need foolproof protection against privilege escalation. There may be few services like SSH used in the organization which require complete security throughout their life cycle. All such critical services and business critical applications should be identified. A list of different users that require access to these services or applications should be prepared and privileges should be judiciously assigned based on their roles or “Principle of Least Privilege”. Such lists need to approved, authorized and regularly reviewed.

4. Password Expiration: In spite of thousands of things said, written, talked, and published about password security, needless to say, the lack of awareness still persists. Password policies of different organizations have many aspects in common like no. of characters, password history, type of characters etc. But the expiration period often varies in different organizations from 30 days, 45 days, 60 days or 90 days. The password expiration is always recommended to be set depending on the value of the data to be protected. Some even suggest that never expire passwords, rather than making them weaker by users adopting unsafe practices to choose new passwords and to remember them. Too short password expiration periods may cause user inconvenience leading to increase in number of help desk calls for password reset. On the other hand, too long periods have their own disadvantages of password being compromised due to user negligence or any other reasons.

There is no standard definition for password aging periods. The organization should set the expiration periods by striking a balance between data protection, password safety and user convenience.

5. Termination of Former Employees: Off late, the cases of access controls broken by terminated employees are on constant rise. Disgruntled employees taking revenge by deleting all of company’s data or by hacking own company’s systems or by leaking company’s confidential information are often heard. Despite of many security controls in place, improper removal of access rights of the employees who have been transferred, terminated or resigned may lead to huge loss to business. The amount and severity of loss depends on the position, roles and responsibilities of the employee and the privileges assigned to him/her. Organizations should follow a well-defined termination procedure with a separate checklist for removal of access rights from different systems for the IT department. Such removal should not be delayed for any reason and should be on top priority on the termination of employee.

Filed under: Articles | No Comments »

Most people in this country will need, at some point, to know if a person of interest to them has a criminal record. It may happen that they require information relating to a business partner, for the future customer, a new employee, probable caretaker for the member of the family, or even from the prospective love point of view. You can take advantage of today’s online sites that provide the ability to perform a criminal record search.

In the past, you used to have to go to a whole lot of trouble to get any kind of information about someone’s criminal past and if you didn’t know, criminal records are a public matter. Probably you used to go through hundreds, even possibly thousands of dusty old files in court houses libraries, just to see if there was any information available and getting that kind of information used to entail taking a trip down to the local courthouse, and sifting through dozens of records; to do this, you would have to know which county courthouse is applicable, imagine your search if you don’t have these info. You could get lost into papers.

There are a significant amount of options thanks to today’s technology. Along with many other sites that provide both free and paid search services and you will find that there are many states and local agencies that provide record search websites generally. You must make it a point, that much of the time may be wasted since most records which are available free of cost online are often not complete, not up to date, or even some times non-existing also.

The best option before you is a combination of using free sites in order to make it sure whether or not the information or the person you have been searching is available and after that knowing about the money is not going to be flown through the drain, then you can pay the required service fee to arm you with a completely searched up-to-date criminal record of the person about whom you wanted the information. Protect the trust you give to a new job applicant, dating interest, or business supplier by investing in a review of available public and criminal records.

Filed under: Articles | No Comments »

In recent years, the Occupational Safety and Health Administration (OSHA) and other government organizations have made a concerted effort to reduce the number of workplace injuries in the United States. As our workplaces become more advanced and more technologically refined, the number of accidents should be decreasing. Unfortunately, this is not the case. Thousands of workers are injured every single day in workplace accidents, the majority of which are tragically preventable.

In 2008 alone, there were almost 3.7 million workplace accidents reported in the United States – a total which represents approximately 10,000 injuries every day of the year. Some of the most commonly affected fields include construction workers, mill workers, and manufacturing employees.

Perhaps more frightening is the frequency with which employers attempt to hide workplace accidents in order to avoid paying workers’ compensation. According to a study compiled by the University of Illinois, UCLA, and the National Employment Law Project, only 8% of low-wage workers who were seriously injured on the job filed a workers’ compensation claim, and a large number of company doctors said they were pressured to cover up major injuries.

Ultimately, your employer has a responsibility to provide a safe workplace for you and your fellow workers. Accidents that occur as the result of a failure to provide a safe working environment are ultimately his or her fault, and he or she has an obligation to provide you with compensation for your injury.

Workers’ Compensation

Workers’ compensation is a form of insurance designed to protect workers like you who have been injured at the workplace. It exists to provide them with the money they need to cover lost wages and medical bills. In order to qualify for it, an employee essentially waives his or her right to sue his or her employer. So when your employer fails to give you the compensation you deserve, he is failing to honor his end of the agreement.

Your employer owes you a safe workplace. If he hasn’t provided it, and you’ve been injured, you have the right to workers’ compensation funds. If you aren’t receiving them, it is your legal right to sue. A qualified workers’ compensation attorney may be able to help you get the compensation you deserve.

Filed under: Articles | No Comments »