Your Bank Gets Hacked. You Lose. (What?)

On the way to work this morning I listened to an interesting NPR piece on cybercrime. What I learned is that as a small business, your bank is not responsible for covering loss due to cybercrime. Unlike your credit card company, who will reimburse you for fraudulent transactions, banks are under no obligation to do so.

The small business owners interviewed for this audio news article recounted their experiences, some who lost millions, trying to hold their bank accountable. Most were ...

Continue Reading
0

Don’t Get Caught Exposed

You may be aware that hackers recently exposed security weaknesses and false business practices by publishing sensitive personal data of an estimated 36 million accounts from the Ashley Madison website. Email addresses, credit card accounts and transactions and more were leaked on August 18.

Tens of millions of hashed passwords were also exposed and a number of those were easily cracked. Most were easily guessed, as they are considered ‘weak’ passwords like 123456, password, qwerty, ashley, 111111, etc. Even if your ...

Continue Reading
0

Build a Bigger Barn Now

I recently broke ground on a new barn. A neighbor stopped by to see what all the commotion was about. As I explained that I was building a new barn he asked, “How big is it going to be?” As I started to describe the dimensions, and before I could finish, he interrupted me by saying, “It’s not big enough!” What he was telling me was that no matter what size it was planned to be, it would still be ...

Continue Reading
0

The Human Factor

Effective security management combines technical protection with human factor engineering. Would you be surprised to learn that exploiting human flaws contributes to a greater majority of system hacks than technical breaches? That’s right. If you’re only focusing on system-level protection, you’re leaving a huge gap in your security framework.

According to a recent report from Proofpoint, The Human Factor 2015, “most advanced attacks rely as much on exploiting human flaws as on exploiting system flaws.” End users, who use email, interact ...

Continue Reading
0

Are Your BC/DR Plans Ready?

Business continuity and disaster recovery (BC/DR) planning is important for mitigating potential issues like natural disasters, in-house theft, and targeted cyber-attacks. Any service outage or data loss can affect sales and the future of your enterprise. In addition, this is a requirement for HIPAA Security compliance.

At a minimum, you can address this requirement by following these steps:

  • Define the potential business impact of downtime and/or data loss
  • Examine existing requirements
  • Develop and prioritize a plan of action
  • Commit (funding, resources, etc.) to executing that ...
Continue Reading
0

Data Privacy Fails at the U.S. Government

The U.S. government recently discovered that up to 14 million government employee records were hacked by sophisticated Chinese agents. The extent and root cause of the breach is still under investigation. The implications for these employees and the U.S. government are serious. Lawmakers are berating the government for allowing such a breach to occur and for ignoring repeated warnings about weaknesses in the government’s computer networks. Many privately owned businesses have been just as negligent with data protection ...

Continue Reading
0

The Insider Threat

Of all the threat vectors an organization can experience, the insider threat is one of the most overlooked. Employees may either by accident or through malicious intent cause a security breach. Read the following real-life scenarios to determine if they could occur in your organization.

Malicious theft from airline

A case cited in a paper titled ‘Security beyond the firewall’ highlights the danger of not fully depriving former employees of access to IT systems. A senior employee left Air Canada and ...

Continue Reading
0

Focus on ePHI to achieve HIPAA security compliance

For all practical purposes, conducting a HIPAA security risk assessment is typically accomplished in layers. Initially, the first step takes a first pass at each HIPAA security compliance requirement. While this puts a CE (covered entity) on the path of security management and compliance, efforts to reduce risk shouldn’t stop there. With each successive iteration of the risk assessment (most CEs do this annually), improved security is addressed by defense in depth analysis. One approach is to focus on the ...

Continue Reading
0

See Your Company Through the Eyes of a Hacker

HIPAA security compliance is only one approach to protecting your data- as I’ve stated in prior posts, it is foundational only. It’s a start. It doesn’t fully represent a proactive approach to information security management. Covered Entities, even if HIPAA security compliant, do not do an adequate job of protecting their ePHI. One approach to improve this performance gap is to evaluate your security posture through the eyes of a hacker.

In a recent Harvard Business Review article, Nathaniel ...

Continue Reading
0

A View from the Top (OCR)

Did you know you can keep your finger on the pulse of HIPAA breach activity in the U.S.? Understanding other CE breach events, their discovery, remediation actions and fines will help move your HIPAA compliance program along.

The U.S. Department of Health & Services (HHS.gov) Office of Civil Rights (OCR) publishes a variety of metrics regarding their HIPAA compliance enforcement – Enforcement Results by Calendar Year, Enforcement Results by State, and the Continue Reading

0
Page 4 of 6 «...23456