The U.S. government recently discovered that up to 14 million government employee records were hacked by sophisticated Chinese agents. The extent and root cause of the breach is still under investigation. The implications for these employees and the U.S. government are serious. Lawmakers are berating the government for allowing such a breach to occur and for ignoring repeated warnings about weaknesses in the government’s computer networks. Many privately owned businesses have been just as negligent with data protection and are just as vulnerable. You are probably one of them.
Businesses in the U.S., particularly healthcare CE’s, are like low-hanging fruit to the hacking community – ripe for the picking. Your data is valuable on the black market. Underground automated tools relentlessly search and report on network vulnerabilities to unscrupulous gangs. Hundreds of different attack plans and tools are now well-published and leveraged by these gangs to gain access to your data based on vulnerability. The hacking community is significantly more organized, funded, patient and coordinated than most business entities. These guys are smart, sly, technically sophisticated, motivated and determined to steal anything and everything you own digitally to turn a buck.
So what can you do?
- Start with a risk assessment. Identify your vulnerabilities.
- Put a plan in place to address each and every vulnerability.
- Do it in a coordinated, formal fashion. Don’t leave these actions ungoverned.
- Drive cultural change. This means from the leadership level down.
- Verify change has taken place. Check your progress.
- Implement controls. Don’t let the organization slip back to business as usual.
- Establish ownership of both the data and the data management processes. A Chief Security Officer role would be appropriate.
- Be proactive in your management practice. Don’t wait to respond to a breach or assume bad guys are probing your network, because they probably are.
Indeed, establish a formal security management program. Information security has never been, and certainly will never be, a one-time action. Just as other business functions like accounting, procurement, and departmental management are ongoing functions of your company, so must be security management.
Orion Group Managed Services offers Security Management consulting support and assists our customers in its design and implementation. Schedule a consultation with one of our experts to help prevent a hack at your organization.