Tag Archives: Cyberattacks

How Cybersecurity Needs To Evolve

Posted on by

There’s a huge need for the cybersecurity industry to step up. Ample demand and the evolving nature of attacks has made the industry dynamic in recent years. For those that are up for the challenge, it’s a great opportunity to delve into a field that is always growing. However, no business is invulnerable to threats, and the industry needs to change in several critical ways to reach a point of maturity.

 

Nobody’s Perfect

Don’t get me wrong, many businesses practice cybersecurity well. We’re seeing more and more organizations understand that ever-changing threats inherent in the industry, and that bodes well for progress. Still, a concerning amount of businesses continue to adopt a “fire and forget” approach—that is to say layering on defenses and calling it a day.

 

Every new system, every new update, and even every new solution creates vulnerabilities that attackers will try to exploit. The first step to building a better cybersecurity program is acknowledging that there will never be perfect countermeasures. The best a business can do is to identify key vulnerabilities unique to their organization and focus on protecting those while remaining vigilant about the possibility of an attack. Often, this means bringing in a third-party that can better monitor and upgrade systems on a business’s behalf.

 

Don’t Adopt Just To Adopt

While it’s true that every business—from large corporations to small businesses—should be concerned about cybersecurity, it doesn’t mean that the shotgun approach of adopting as much as possible and hoping for the best is smart.

 

Instead, businesses should look at cybersecurity strategically. There are a lot of great tools out there, but many require some expenditure of time and talent to be used effectively. Choosing tools should be a matter of weighing whether a team is capable of using them to monitor and detect potential threats. If they’re not being used correctly or as intended, they can often be a money sink that accomplishes very little.

 

Personalize It

Plenty of resources online give step-by-step plans for implementing cybersecurity in a business. While these articles are great starting points, they should not be the end-all-be-all of cybersecurity. More often, businesses should consider their level of risk, the amount of resources at their disposal, and potential attack surfaces when constructing a cybersecurity plan.

 

I’ve written a lot about security and compliance in the healthcare sphere because these organizations stand to lose more than most in an attack. There’s a lot to talk about. A smaller business will want to identify what is at risk in the event of an attack and what they could lose. Many times, it’s also about what these businesses can gain—the benefits available to them when older systems are upgraded.

 

Ever Vigilant

In all likelihood, cybercriminals are not constantly probing the average business for weak points—but no business can afford to assume that they aren’t. Complacency is the enemy of good cybersecurity, and planning for the future is the best way to ensure that needs are being anticipated. In short, new measures should be proactive, not reactive—and it’s up to all businesses to find an ongoing solution that works for them.

Finding A Healthcare Cybersecurity Plan For Your Organization

Posted on by

While I cannot stress enough that security does not equate to compliance as far as healthcare is concerned, it is still true that securing important systems in your health organization goes a long way toward meeting regulations—and living up to the trust of your patients.

In many cases, compliance may need to go beyond HIPAA regulations. A recent survey conducted by Accenture and the American Medical Association (AMA) revealed that 4 out of 5 surveyed doctors had experienced some kind of cyberattack. Concern in the medical community is widespread, especially when a breach can compromise large amounts of critical information. Among healthcare providers, sharing data has become the norm to ensure a seamless experience for patients, but this also creates more potential for a security breach.

Since every practice is different, it comes down to them to formulate a plan on how to tackle cybersecurity to reach compliance—or go beyond, if it comes to that.

However, the rise of organizations dedicated to helping care providers achieve compliance can offset some of the difficulties inherent in cybersecurity. With smaller hospitals and practices, it can be difficult to justify having an on-staff IT expert to handle data management. In many cases, these organizations will either spend money on a full-time staff member that they don’t necessarily need, or let data concerns fall by the wayside. This is where hiring third-part IT experts comes into play; organizations can get as much work done as necessary without having to worry about the logistics of recruiting staff.

And regardless of who is responsible for a care provider’s cybersecurity, a comprehensive audit of all systems involved may be necessary to prevent future breaches. Systems that may not necessarily involve patient data may become compromised, leading to poor security elsewhere. The American Health Information Management Association (AHIMA) has published toolkits to prepare for HIPAA audits, and has praised the merits of good information governance by going beyond what is required for regulatory compliance.

This is when risk assessment becomes important—knowing the path that information takes as it moves in and out of an organization is the first step to ensuring that it is safe. Understanding the way systems are connected and even the non-technological ways data can be compromised is increasingly important in the modern environment. Even beyond theft, making backups is important, as is having a disaster recovery plan in the event of an environmental cataclysm.

The fact is, audits can often reveal vulnerabilities that your organization may not have been sure existed. They also create opportunities for a care provider to reevaluate their IT practices and find a better option in a third-party if the situation calls for it. Take the time to rethink your needs and develop a plan that is ideal for you.