Network Security: The Hardest Easy Policy

What is cyber security?  It seems like a simple question, but it can be a truly difficult answer.  In simple terms, it is the use of hardware, software, training, and practices to secure data, and block the infiltration of your information by outside entities.  A simple question, with a not so simple answer.

When it comes to cyber security, the first step is to know when you need it.  Cyber security is ALWAYS needed.  Whether you go to the grocery store to buy veggies to go with your family’s dinner, or you are a multi-million-dollar organization, cyber security is always there.  With every transaction your grocery store makes with the bank, your identity and information needs to be secure.  The same goes for your practice.  All EPHI needs to be secured for your patients, and yourself, to ensure no one can access it when they are not supposed to.

The next question on security, is how can you make sure you are secure?  The first step is to find out where you have the biggest problem.  This can be done with an annual Security Risk Assessment, or HIPAA Audit in extreme cases.  Your yearly Security Risk Assessment can be completed by a security officer, or an outside entity, like MedCo Data.  These risk assessments are recommended to be done at least twice a year, but required to be completed at least annually.

Once any issues have been identified, it is up to your IT department to recommend the proper steps to resolve them.  Whether it is software, configurations, or policy implementation, most threats can be prevented.

There are many threats to security and data, but one sticks out more than others currently.  Ransomware.  Once, just a buzz word kicked around the IT room, now it is a real threat to businesses and individuals worldwide.  Ransomware is designed to completely encrypt its victims file system, including all network shares.  This makes all the data on every machine and server unusable until the ransom is paid and the files are decrypted.

The scary part: Ransomware is not slowing down.  In 2017, it was found that the number of attacks was over 300% higher than the previous year, and the average ransomware attack cost its victim $2,500 per incident, with some victims falling prey multiple times.  The highest “reported” incident cost one company over $50,000 in decryptions to one such attack.  Even home computer users are not safe.  Over 55 percent of people surveyed reported that they would pay the ransom to retrieve family photos, tax documents, an everything else they save to their home PCs, while business reported that a staggering 70% would pay to recover their data (Source: https://www-03.ibm.com/press/us/en/pressrelease/51230.wss).   According to Cybersecurity Ventures, ransomware damages reached $5 billion in 2017.  (Source: https://cybersecurityventures.com/ransomware-damage-report-2017-5-billion/)

Many times, I have heard “I have a Mac or Linux computer.  I am safe.”  If only this were true.  While it is true that Apple (Mac) and Linux computers are less likely to fall victim to these kinds of threats, this is in part due to the relative ease to obtain a Windows computer and software compatibilities with business applications.  With the number of threats increasing, and the increase in Mac usage, it is causing these computers to become more attractive targets.

How can you protect yourself?  All I can advise is to follow these simple rules.

1. Listen to your IT department. They have had experience in dealing with these kinds of threats, researched ways to avoid them, and have your best interests at heart.
2. Ask questions. If you are not sure if you are protected, write down your concerns and send them to your IT Professionals. They should be able to answer any questions you may have and set your fears at ease.
3. Stay protected. Don’t let your antivirus software lapse, scan often, and make sure your firewall is up to date. These companies are battling every day to prevent these attacks and are updating their software constantly with new virus definitions.
4. When in doubt, don’t click. The biggest obstacle with emails is the need to click the links.  It may look like a legitimate offer, ad, or notice, but if you didn’t ask for it, be wary.