Cyber Security Threats, not going away!

Leo Bletnitsky, President - Healthy Technology Solutions LLC

 

Most are aware of the Ransomware attack that took down UHS last week, thankfully they are mostly back up and running at this point. (more info here)

Many executives and business owners I’ve talked to say things like “we’re not a big target like UHS so we’ll be ok”. Unfortunately, they are very wrong! While smaller healthcare and business organizations may not be specifically targeted like larger high profile entities, there are a multitude of untargeted threats that are even more likely to hit smaller companies due to lax security and staff training practices.

Smaller typically means fewer security resources, a less effective backup & disaster recovery plan, less staff cyber threat training, a slower response and significantly fewer resources for recovery. Using the cousin of your front desk manager for I.T. in most cases exacerbates the dangers. Being affected by a cyber incident is not a question of if but when and how bad will it hurt. The equation that determines the pain looks something like this:

(“Scope of incident” x “Cost of 1hr of Downtime”) + “Regulatory Fines” – (“Quality of Backup Solution” + “Safeguards in place”) = “Business & Reputation Pain”

In a nutshell, if the breach was due to bad luck despite professional preparations and safeguards, and you have a good backup/disaster recover solution & plan,  you will not be down for long nor most likely will regulators fine you. If on the other hand you took the above, “We’re not a target and don’t need to spend money” attitude, you will likely incur data loss, significant down time and fines for violations of HIPAA or State Privacy Laws, not to mention that PR pain that will result in being called out by regulators.

To prepare, companies need to have at least the following in place:

  • Solid offsite Data Backup Solution (Rotating hard drives off site is not a solid solution!)
  • Two Factor Authentication required for all systems that support it.
  • Regular Staff Training on how to spot threats.
  • A security update deployment strategy that is actually in effect with all computers and servers updated at least monthly!
  • A business class firewall (no not the Netgear firewall from home!)
  • A centrally managed Anti-Virus/Anti-Malware solution with an artificial intelligence component. (not the free 90 day trial that came on the PC from Best Buy)
  • No Windows 7 or XP computers on network
  • Secure remote access for users working from home and a way to ensure their home computers will not spread infections.

The above is not a complete list, but it’s a minimum start and we find most organizations significantly fall short. During the months since Covid hit, we’ve been busy helping our growing client base fill in the gaps! If you need help, please feel free to reach out at sales@HTSNV.com or 702-553-3200

Also, sign up for our Security Tips: https://www.healthytechsolutions.com/cyber-security-tip-of-the-week/ 

Happy and Safe Computing!