I recently talked with a potential client who had gotten hacked and was looking for help. What he didn’t realize is that by not having a full time IT support team, he was actually outside of government compliance standards. Because he got help ONLY when he noticed symptoms to a problem, his networks were not backed up, patches were not maintained and virus prevention not up to date.
Why?
Because break-fix IT support doesn’t make sure all of your security t’s are crossed. They simply are paid when you really have a problem. And when you are having viruses or hacks on computers on your network, you are actually in violation of compliance!
It doesn’t matter if you’re business relies on HIPAA, PCI or FIRPA (or any other flavor of) compliance. If you’re trying to keep sensitive data safe, you need a dedicated IT team to make sure that ALL security issues are being taken care of.
What does necessary security mean?
If you think you’re compliant, please evaluate the following security measures and make sure you’re doing them:
Weekly Patching— When there’s a problem with Windows, it doesn’t automatically fix itself. When Microsoft (I’m singling Microsoft out here—but every software or application company does this!) identifies a problem, it comes up with a fix for the issue. Many of the problems are security related and Microsoft works around the clock to produce patches for the holes in their products. If you don’t apply the patches, you’re leaving wide open doors for criminals to get in and steal or ransom your data.
DAILY Backups— We all hate to think about all the what if’s (but clients pay me to think about all the dooms-day scenarios)—but the cold hard fact: there are countless ways your networks can go down, data can get lost. If that data is sensitive or client information, you need to make sure you have copies of it. I’ve seen business undergo million dollar lawsuits simply because they lost client data!
Recurring Training— Your team is your biggest asset- but also your greatest liability. Hackers and criminals have been taking advantage of unsuspecting team members with phishing scams in attempt to either (1) get a quick pay day (if you’re lucky, your employee wires a thousand bucks to some guy in the Ukraine) or (2) gain access to your data for ransom.
Monitored Networks— Nefarious traffic can be a sure indication that something is wrong on your network. Having proper network security in place makes sure that your data is safe and out of the bad guy’s hands.
Protected Machines— Are all of your machines fire-walled from intrusion? If your users have access to sensitive data, if they take their laptop or other corporate device off-site (and here I’m assuming you have a good firewall in your office), the machine is no longer protected. If they decide to connect to WiFi at Starbucks and get on an unsecured network and while logging on, your browser redirects them to another website that prompts them to grant access on the machine (and they concede access), they may have compromised your data. With a machine-specific firewall, you prevent attacks from happening in the first place.
If you can’t place a check mark next to all 5 of these security measures (and for business security, these are really just the tip of the ice berg when it comes to security), you are likely in violation. And when something happens—an employee clicks on a malicious link, visits a hacked website or downloads an attachment and your network gets breached, you will have to report you compliance violation. If your data got breached, you may even have to Make a Press Realease!
Can you stand to accept tarnishing your reputation—and I am completely serious here—Your reputation keep patient or customer data safe? I for one would rather make sure I’m compliant by proactively protecting sensitive data (and if you’re a client, we already have you covered!).
If you’re worried that you might not be taking all the right measures to keep your patient data, your client data, any sensitive data safe, please contact me today for a network security and compliance assessment.
