Creating a culture of cybersecurity is critical for all organizations ‒ large and small businesses, academic institutions, non-profits, and government agencies – and must be a shared responsibility among all employees. Week 2 will showcase how organizations can protect against the most common cyber threats. The week will also look at resources to help organizations strengthen their cyber resilience, including the use of the National Institute of Standards and Technology Cybersecurity Framework.
How can you prevent cyber threats?
Forbes recently published an article stating: 97% of respondents admitted that human error causes network outages and problems, with over two-thirds stating that monitoring solutions fail to predict most issues.” Education is the best defense against cybersecurity threats. Here are a few ways you can prevent data breaches:
Do not share or reuse passwords
Do not click on links or open attachments from unknown senders
Enforce password policies
Verify requests for sensitive information
Businesses can reduce cyber threats with firewalls, web-filtering, email filtering, network monitoring and anti-virus protection. Zerofail Southeast is Your IT Concierge offering 24/7 monitoring and IT support services. If you are unsure whether your business has any of these please contact us at email@example.com to schedule a consultation with one of our experts.
According to IBM Security, almost 100,000,000 healthcare records were compromised in 2015. Data breaches are a serious problem across industries, especially in healthcare. We are all at risk from our healthcare records being hacked. The article Why change management needs review by IT security addresses the “elephant in the room” by recommending that the IT department participate in change management policies and procedures.
“Investigations conducted by the HHS Office for Civil Rights often reveal that healthcare organizations fail to implement policies and procedures to prevent security violations or effectively manage risk1.”
The graph below display the healthcare hacks by type. Malware, physical theft, human error and phishing can all be reduced through IT security training. Educating users is key. Phishing attacks can be thwarted by educating users not to open email attachments and hyperlinks from unknown senders. In addition, malware can be reduced through monitoring and maintaining servers and computers.
Here are the recommendations for key steps in an effective change management process1:
Document and implement a change management policy and procedure and ensure the process oversees and monitors all changes to existing and new technologies such as servers, desktops, applications and databases.
Establish a detailed process flow for applying the change with back-out plans and integrate security reviews prior to a change and post introduction to validate installation is consistent with security requirements.
Define and assign roles and responsibilities to coordinate, document, communicate and approve change requests and ensure that only those individuals authorized to carry out a change, has the relevant access and that all necessary approvals are received prior to a change being introduced.
Establish and regularly assemble a Change Advisory Board, composed of technical and business membership, while communicating change plans to all stakeholders within a reasonable time prior to the scheduled change.
Test the change in a non-production environment prior to implementing any change in the production environment.
Ensure the asset inventory is updated whenever a technology is added, modified or removed from the environment, including the installation of software and software patches to provide an accurate and complete view of organizational assets.
Provide ongoing training and communications to ensure users thoroughly understand and follow the change management process and its value to the organization.
Track approvals, decisions and variances in a change management repository including the associated rationale behind decisions made and ensure all changes are carefully documented.
Establish metrics to provide a process baseline, determine the effect of process improvements, identify areas where the process may be ineffectual or broken, and assess improvements that could make the process more effective or efficient.
If you are unsure whether or not your company is HIPPA compliant contact Zerofail Southeast for an assessment at firstname.lastname@example.org.