Michelle Drolet interviewed on the WannaCry Ransomware Attack

After the recent wave of WannaCry ransomware attacks, managed service providers said the key takeaway they are bringing to customers going forward is the importance of proactive security.


“Our whole stance is around proactive security. When you have proactive [security], WannaCry is not going to have an impact,” said Michelle Drolet, CEO of Framingham, Mass.-based Towerwall.

Drolet said that proactive approach includes an integrated, layered approach to security to protect the different levels of the environment. She said that includes vulnerability management, patch management, strong protection technologies and more. Drolet said none of her company’s customers were hit by the WannaCry ransomware attack.

Click here to read the full article >

Cannabis and privacy compliance: Is your health information protected?

The legal regime for cannabis is a highly fractured one in the U.S. As of today, we’re approaching the legalized use of either recreational or medicinal marijuana in 30 states with eight states and the District of Columbia nearing full recreational use. Five states in the country continue to ban any use of cannabis, including for medical purposes.


This discrepancy between state cannabis legal regimes creates anxiety for both users and suppliers of cannabis. Medical marijuana can be particularly problematic, given that for some people it can literally mean the difference between controllable pain and excruciating pain. But what of the privacy and rights of those who use medical marijuana? And what is the role of marijuana dispensaries? Enter HIPAA, the Health Insurance Portability and Accountability Act.

Also referred to as the Kennedy–Kassebaum Act, HIPAA came into law in August, 1996. Title II of HIPAA defines policies, procedures and guidelines for maintaining the privacy and security of what is known as protected health information (or PHI) and establishes civil and criminal penalties for breaches of these privacy and security rules. Title II also instructs the U.S. Department of Health and Human Services about how to establish national standards for processing and monitoring electronic healthcare transactions.

The bottom line is that healthcare organizations must ensure secure electronic access to health data that is compliant with privacy rules.

If one is to consider medical marijuana as a Schedule 1 controlled substance (illegal at the federal level) then it should require a robust system of patient verification, often by electronic means. This data could typically include sensitive health information such as a patient’s contact information, medical records, diagnosis and other personal information. That is why medical marijuana should theoretically be subject to HIPAA compliance. HIPAA would ensure that data could never be released without either the patient’s written consent or by court subpoena. Additionally, this need for HIPAA compliance would also be the case for a person applying to qualify for a medical marijuana card.

Dispensaries need to remember that breaches of privacy occur all too easily. Web-driven email services like Gmail and Yahoo, and text messaging services such as Facebook and WhatsApp, are not encrypted for sensitive data. Cloud storage providers such as iCloud or OneDrive are also not HIPAA-compliant. In fact, many contemporary apps, data centers, and email systems are not regarded as secure and can be easily hacked by malicious third parties. That also includes any SMS service – for example, one used with patients as part of a loyalty and promotions program.

Patients should take comfort that their privacy is de facto protected, largely thanks to HIPAA.

Joe Elford, an attorney for the advocacy group Americans for Safe Access, has said that, technically, a doctor’s recommendation for medical marijuana is very private,  making it nearly impossible for even law enforcement to obtain private patient records.

But it is marijuana medical dispensaries that remain jittery about their responsibilities, as cautioned by Joshua G. Urquhart, who represented the Colorado Medical Marijuana Registry while at the state attorney general’s office. He notes how most dispensaries are forced to work on a strictly cash bases. Urquhart believes that not all providers are “covered entities” under HIPAA, with the critical issue being whether the dispensary transmits “covered transactions” electronically. An inevitable limbo for dispensaries has become the norm.

It is very important to note that HIPAA does not include a right to private civil action, i.e., to file a lawsuit, as a result of a HIPAA-related violation. However, this is changing. For example, in the landmark 2014 case of Byrne v. Avery Center for Obstetrics and Gynecology the Supreme Court of Connecticut held that HIPAA should not preclude a person from seeking common law relief (i.e., by means of a lawsuit) against a medical center (which could include a HIPAA-registered marijuana dispensary) or other entity that may have breached a person’s privacy due to negligence.

The emergence of HIPAA-related lawsuits poses significant liability risk for any dispensary that may be subject to HIPAA. As medical marijuana moves inevitably towards ever stronger regulations, dispensaries need to weigh up the pros and cons of adopting HIPAA standards.

One thing is certain: patients’ data will have to remain strictly private and protected at all times, whether or not a marijuana dispensary or doctor is HIPAA-compliant.


This article was originally published in Cannabis Business Executive >

The End of Ransomware

Everything you need to know to stop ransomware.

Please join Towerwall and Sophos for an exclusive lunch and learn to learn how to stop ransomware cold. You’ll find out about:

  • Polymorphic Malware
  • What is Next Generation Malware
  • How does a ransomware attack happen?
  • 9 best security practices to apply NOW!

June 28, 2017 | 12:00 PM – 2:00 PM

Sophos Inc. 3 Van de Graaff Drive, 2nd Floor, Burlington, MA 01803

Please email Kelleyg@towerwall.com to RSVP to this event.

Michelle Drolet of Towerwall Named a Power 30 Solution Provider in CRN’s 2017 Women of the Channel

BOSTON – May 15, 2017Towerwall (www.towerwall.com), a data security services provider for small to mid-size businesses, today announced that CRN®, a brand of The Channel Company, has named Michelle Drolet, Towerwall founder and chief executive officer, to its list of 2017 Power 30 Solution Providers, an elite subset of its prestigious annual Women of the Channel list.


CRN’s editorial team selects Women of the Channel honorees based on their professional accomplishments, demonstrated expertise and ongoing dedication to the channel. The Power 30 Solution Providers belong to an exclusive group drawn from this larger list: women leaders in solution provider organizations whose vision and influence are key drivers of their companies’ success and help move the entire IT channel forward.


Michelle Drolet is a seasoned security expert with 27 years of experience providing organizations with IT security technology services. She is the founder of the 5th annual Information Security Summit hosted by MassBay Community College and scheduled for June 8, 2017. Keynote speaker is Martha Coakley, former Attorney General of Massachusetts. Drolet writes a monthly column, “InfoSec at your Service” for Network World magazine and is a regular contributor to Worcester Business Journal.

In November 2016, Cyber Defense Magazine named Towerwall a “Cyber Security Leader for 2016.” Towerwall was among the top 20 companies to receive the recognition for exceptional information security (InfoSec) products and services. In October 2016, Michelle Drolet was voted among six other local business leaders as “2016 Outstanding Women in Business” by the Worcester Business Journal.

Towerwall clients include AMG, Middlesex Savings Bank, Becker College, CannaCare, Allegro MicroSystems and Smith & Wesson, local SMBs and law firms. Towerwall has reseller partnerships with Sophos, Varonis, AlienVault, Websense, Snoopwall, Qualys, PhishMe and many other nationally-recognized security vendors.


“These extraordinary executives support every aspect of the channel ecosystem, from technical innovation to marketing to business development, working tirelessly to keep the channel moving into the future,” said Robert Faletra, CEO of The Channel Company.


“They are developing fresh go-to-market strategies, strengthening the channel’s network of partnerships and building creative new IT solutions, among many other contributions. We congratulate all the 2017 Women of the Channel on their stellar accomplishments and look forward to their future success,” Faletra added.


The 2017 Women of the Channel and Power 30 Solution Provider lists will be featured in the June issue of CRN Magazine and online at www.CRN.com/wotc



About the Channel Company

The Channel Company enables breakthrough IT channel performance with our dominant media, engaging events, expert consulting and education, and innovative marketing services and platforms. As the channel catalyst, we connect and empower technology suppliers, solution providers and end users. Backed by more than 30 years of unequaled channel experience, we draw from our deep knowledge to envision innovative new solutions for ever-evolving challenges in the technology marketplace. www.thechannelco.com


About Towerwall

Founded in 1993 and based in Framingham, Massachusetts, Towerwall provides organizations such as AMG, Middlesex Savings Bank, Becker College, CannaCare, Allegro MicroSystems and Smith & Wesson, with IT security technology services required for secure business-class networks.  Strategic partnerships with Sophos, Varonis, AlienVault, Websense, Snoopwall, Qualys, and many other nationally recognized security vendors allows Towerwall to offer its customers an integrated approach to solving their security needs by coupling best-of-breed technology with top-notch integration services. For more information please call (774) 204-0700 or email us at info@towerwall.com.

Copyright ©2017. The Channel Company, LLC. CRN is a registered trademark of The Channel Company, LLC. All rights reserved.. 

Michelle Drolet interviewed on “Today’s security challenges” in recent TechTarget E-Handbook

Channel partners can make arguments for the integrated security suite and the best-in-class point product method, but the decision ultimately rests on a customer’s specific needs.


“Security is not one-size-fits-all, so it depends on the type of organization and what their risk tolerance level is,” said Michelle Drolet, CEO at Towerwall Inc., a data security services provider based in Framingham, Mass. “There are a lot of questions that need to be answered before you can make that decision.”

 Click here to read the full article >

10 things I know about… Public Wi-Fi

10. Freely hackable

Free public Wi-Fi connections are treated like a public utility, but they can be making you vulnerable to hackers.

9. Sign me up

By default, most mobile phones/devices are set to ask your permission to join a network. Once you obtain credentials, the known network will join your phone automatically.

8. Sniffing you out

Public Wi-Fi hotspots are vulnerable since anyone sharing the same hotspot can use sniffing software to intercept your browser session while you’re visiting websites.

7. Session hijacking

Hijacking your browser session allows hackers to pick up your session cookies, allowing hackers to impersonate the victim, even if the password itself is not compromised.

6. SSL encryption

Many websites use SSL encryption for their login pages to stop hackers from seeing your password, but do not use encryption for the rest of the website.

5. Cross-site scripting trickery

Using cross-site scripting, hackers can trick the victim’s computer into running code that appears to be trustworthy, allowing the attacker to perform hacks.

4. Stealing your cookies

Malware or other unwanted programs can use session hijacking to steal a browser’s cookie to perform unwanted actions without the user’s knowledge.

3. Download a VPN

The best way for to protect yourself on public Wi-Fi networks is to download a virtual private network (VPN) app to your mobile device, which utilizes encryption.

2. Safer in the cloud

VPNs create a virtual network within any Wi-Fi network, thereby hooking into a secured Internet connection via the cloud.

1. Worry less

With a VPN, users of public Wi-Fi need not worry about a device automatically detecting and connecting to an unsecured network.


This article was originally featured in the Worcester Business Journal >