Implementing cybersecurity measures BEFORE you experience a breach

A cybersecurity nightmare

“IT just informed us that our main software platform has been hacked.” A statement no CISO wants to hear. Do you have a plan for what to do next? Are you prepared to handle this? How will you recover servers and client data? As an organization, are you legally required to report this breach? These are just a few of the questions you may be asking yourself when you realize your organization has been breached.

Our world is encompassed by technology and the Internet of Things. Software programs are now one of the most important operational assets for companies – big and small, across all industries. The networks and servers that facilitate these software programs need to be properly secured from hackers and cybercriminals. If you are on the internet and sell any product or service, getting hacked is more likely today than a week or even a month ago. Hackers typically trick unsuspecting people to click links to inadvertently launch ransomware. That ransomware then begins encrypting data and databases that user has access to. Sometimes the hacker finds the names of executives on the company website and gets lucky using an old email address and password to access the victim’s account.

Companies like Cannon, Garmin, and University of Utah have recently been mentioned in the news with dramatic stories of ransomware holding their data hostage.

The unfortunate truth is these and many other companies give into the pressures and end up paying hackers millions of dollars to:

  1. Decrypt their applications and data in order to regain access to their systems
  2. Not release the personally identifiable information

This problem isn’t going away

There is a rapidly growing market for cyber-criminal companies. Both public and private organizations are paying up and the frequency and cost of breaches are continually increasing. No one is immune. With that in mind, it is important to create a plan to outline how your organization will react in specific situations.

With a specific plan in place, we are more likely to respond to and successfully limit the damage that a security incident would cause. Additionally, tools such as multi-factor authentication could also be used to further support and secure our other systems.

We all believe it will never happen to us.  Appropriate cybersecurity measures are often avoided until a breach occurs and shakes the foundation of the organization. Waiting for a disaster to occur before making the necessary changes is common and very dangerous. Don’t let a breach be the catalyst for implementing cybersecurity measures; if it hasn’t already happened, your time will come too. Criminals are spending a lot of time and money to obtain unauthorized access to systems. If we do not invest time and resources to combat their efforts, we will eventually lose.

What can be done now?

It can be difficult to know where to start when it comes to implementing cybersecurity measures. Intraprise Health offers a variety of security services and resources to help you get started. Additionally, our HIPAA One® software gives users an actionable list of security items to implement now, and provides an intuitive, step-by-step approach to addressing security risks.

Some of the recommended cybersecurity tasks in the NIST framework include: Performing an annual Security Risk Assessment, conducting routine Security training, and performing annual external server and network vulnerability scan. HIPAA One has created an ongoing cybersecurity checklist based on NIST standards that include annual, monthly, and daily (as needed) tasks that are considered the best practices when it comes to adequate cybersecurity. We have provided a sample of the list here.

The process to reduce risk doesn’t happen overnight.  There are always risks that should be addressed today as a starting point. Everyone needs a good foundation of practical, simple and effective measures to protect the organization from ransomware and data-extortion. To discuss your concerns and needs for your HIPAA or cybersecurity strategy, fill out the form below to speak with us today.