Data security is important for any industry, but healthcare has unique needs that make security particularly critical. The need to comply with HIPAA requirements, the large amount of sensitive data that the healthcare industry handles, and the large number of security threats it faces every year all mean that any healthcare organization must implement strong protocols and best practices to keep data secure.
The following best practices outline a pathway to greater healthcare security. With the right IT support for healthcare, organizations in this industry can implement these practices and more successfully protect the sensitive data entrusted to them.
The Holiday Season is in full swing and shoppers everywhere are more and more frequently opting to use their credit cards from the comfort of their homes, taking advantage of online deals. We thought we’d take a moment to provide some tips to help you remain cyber-safe while shopping for those last minute gifts and End-of-Season sales:
Although National Cyber Security Awareness Month has come to an end, it’s important to keep cyber security top-of-mind not only during the month of October but throughout the entire year. Cyber criminals are finding new ways every day to sneak into your network and wreak havoc.
To recap, here are the biggest risks to your organization’s IT security:
Our next topic for Nation Cyber Security Awareness Month (NCSAM) focuses on another area of concern for business security. With around 235 million people using a smartphone in the United States, it is important to have a Bring Your Own Device (BYOD) Policy in place to help protect your IT infrastructure. Allowing employees to use their personal devices – such as cell phones, tablets and laptops – to access work-related data in the office or out in the field boosts productivity and cuts costs for businesses by not having to purchase the devices themselves. But it also opens your network up to all forms of cyber attacks.
The Equifax Data Breach exposed 145.5 million people’s sensitive data – social security numbers, birth dates, street addresses and some drivers licenses – and was one of the worst breaches in history. The breach could have been avoided had Equifax applied a known web-application patch that was released two months prior. The attack is believed to have begun in mid-May of 2017 and was not discovered until July 29th, allowing the hackers a month and a half to steal consumer information.
Also in May of 2017, the WannaCry ransomware cryptoworm made headlines across the world as it infected more than 200,000 computers throughout 150 countries, causing damages from the hundreds of millions to billions of dollars. It targeted PCs that were running older versions of Windows and exploited vulnerabilities in systems that didn’t have the latest software updates. WannaCry affected many organizations – large and small – as well as individual home users.
Patching and updating your IT software and hardware is critical. Failure to do so will leave your organization vulnerable to viruses and ransomware. Many SMBs (small and medium businesses) think that hackers only go after large corporations since those stories typically make the news headlines. But actually, small business are targeted more than half the time (58%) and a single breach can cost an average of $690,000. Cyber criminals realize that smaller companies oftentimes do not have the resources needed to protect them from breaches.
Keep Software and Applications Updated
It’s easy to ignore those pesky popups that say “a software update is available” and think ‘I’ll just finish what I’m working on and install the update later’, but the truth is most people won’t. Software updates, however, often include critical patches to security holes that hackers use to infect your systems and steal valuable data. By ignoring those messages, you are leaving your computer and network open, allowing cybercriminals to cause major damage.
Software updates need to be checked and performed at least once a month for:
• Operating Systems (i.e. Windows, Mac OS)
• Productivity Software (i.e. Microsoft Office)
• Accounting and Customer Management Software (i.e. Quickbooks, Sage, Salesforce)
• Custom Applications (such as legacy software that was custom written for your organization)
• Industry-Specific Software
• Web Browsers (i.e. Explorer, Chrome, Firefox, Safari)
• Plugins (i.e. Adobe Flash, Java, Microsoft Silverlight)
• Website Content Management Systems and Plugins (i.e. WordPress, Joomla, Magneto and Drupal)
Don’t Forget Your Other Hardware!
Not only is it imperative to apply software updates to your PCs, laptops and servers, but also other IT hardware devices, such as switches, firewalls, routers and access points. Once equipment is deemed end-of-life (EOL), the manufacturers no longer support or maintain them, which can lead to security risks. That is why we recommend for companies to budget replacing IT equipment before they reach their end-of-life.
What To Do If You Are Not Sure You’re All Patched Up
There are several patch management softwares that help organizations discover vulnerabilities and stay on top of updates. If you need further assistance, give us a call! All of our Texas Systems Group BrightStar Managed Service packages include automated patching. Monthly and quarterly audits help find vulnerabilities within your network so they can be addressed before a data breach occurs. Our CyberSecure Team is constantly looking out for the latest threats and solutions to protect our customers. Our vCIO will work with you on budgeting to replace aging equipment which decreases the chance of hackers exploiting unpatched and out-of-date hardware. All of these components together drastically decrease your risk of becoming the next victim of a cyber attack.