Protect yourself from the dark side of the web with our cybersecurity tips. Don’t let online haunts give you a scare – read now!
Tag Archive for: cyber security
Have you heard any of these panic-inducing exclamations?
- Cyber criminals are out to steal your data!
- Vulnerabilities in your systems are being exploited as you read this!
- Regulatory noncompliance could end your business!
These aren’t necessarily disingenuous statements, but you don’t need to panic. By taking appropriate steps, you can focus on your mission and organizational goals instead of cyber security woes keeping you up at night.
This is not to say that you can let your security fall by the wayside. Taking cyber security seriously means having the appropriate policies and strategies in place before an incident occurs. There are some steps you can take on your own, while others might require hiring a firm that specializes in cyber security.
Either way, it’s critical that your organization advances on the path toward true security. From privacy to business continuity, your entire operation can be affected. Below are five tips to enhance your security profile.
1. It Starts With Smart Policy
One of the biggest vulnerabilities within any organization is the staff that works within it. If employees are clicking links in suspicious emails, sharing passwords, or are simply unaware of security threats like malware, you are asking for trouble.
Conduct regular cyber security training to keep your employees on the side of common sense when interacting with coworkers or clients electronically. Have your employees regularly change passwords in company systems, teach them not to click suspicious links in emails (or to verify with the sender first), and consider blocking websites that may contain viruses.
Policy extends from employees’ workstations to their mobile devices as a part of your small business phone solution. Your internal staff should be able to conduct basic training to give you some semblance of security.
2. Don’t Forget Physical Security
When focusing on cyber crime or electronic threats, managers and business owners too often forget good old-fashioned physical threats. Restrict access to servers and data centers to all but those professionals who absolutely need to be there. Other steps can include prohibiting employees from leaving passwords written down and left visible on a desk. These rules don’t need to be draconian and are just as common sense as locking the door at night.
3. Stay up to Date
If you are relying on software like firewalls or antivirus programs to keep your systems secure, make sure everything is updated regularly. Cyber threats are always evolving, and new malware is created every day. Most software platforms have options to enable auto-updating. Make sure these settings are enabled.
Sometimes your systems will need more than just a simple update. For instance, Microsoft will soon be ending its support for Windows 7. It won’t be long before systems that use it will no longer be secure.
4. Use an Effective Backup Solution for Small Business
Business continuity is a critical aspect of any organization’s cyber security strategy. If you don’t have plans and infrastructure in place to navigate the maze of a disaster situation, the loss can be catastrophic. Threats range from natural disasters to intrusion from hackers. Both are dangerous and both can be mitigated with appropriate disaster planning.
Creating offsite backup solutions or leveraging the cloud are both viable strategies depending on your situation and security needs. Cloud solutions for small business have the extra benefit of staying updated per the third item on this list.
5. Consider a Professional Managed Security Provider
Training and software updates can only get you so far. Network security solutions companies are the key to reducing risk and ensuring that your business is protected. Computer Technology Management Services (CTMS) offers a holistic suite of cyber security solutions that range from compliance to system backup.
If you have concerns about your existing security profile or think your internal staff could use a helping hand, give us a call today.
As of November 2, 2018, Ohio’s Data Protection Act, also known as a “safe harbor” law, grants businesses protection from lawsuits relating to data breaches if they are reasonably complying with industry-standard and federal regulatory frameworks. This groundbreaking legislation may soon be mirrored by other states but is limited to Ohio for now.
To qualify for “safe harbor,” as it were, a business must design its cyber security strategy to:
- Protect the security and confidentiality of confidential information
- Protect against any unanticipated physical or cyber threats or other hazards to that information
- Protect against unauthorized access to and acquisition of information that is likely to result in a material risk of identity theft or other fraud to the individual to whom the information relates
Cyber Security Frameworks Enumerated in the Law
The three provisions listed above can fit under a variety of regulatory frameworks. This means that businesses, including those in the healthcare industry, that reasonably conform to these frameworks are granted safe harbor. Although safe harbor does not provide total immunity—and thus businesses cannot use it as an impenetrable shield—it does offer protection against torts, which can result in closed businesses, especially for smaller operations.
The Regulatory Frameworks Under Safe Harbor:
- National Institute of Standards and Technology (NIST) Cybersecurity Framework
- NIST Special Publications 800-53, 800-53A, or 800-171
- Federal Risk and Authorization Management Program Security Assessment Framework
- Center for Internet Security Critical Security Controls for Effective Cyber Defense
- International Organization for Standardization/International Electrotechnical Commission’s 27000 Family – Information Security Management Systems
- Health Insurance Portability and Accountability Act (HIPAA) of 1996 Security Rule
- Health Information Technology for Economic and Clinical Health Act
- Title 5 of the Gramm-Leach-Bliley Act of 1999
- Federal Information Security Modernization Act of 2014
Reasonably Conform—What Does That Entail?
There are some situations where safe harbor will not apply. This can include a breach of contract or a violation of other law. Safe harbor is designed as a defense against tort claims claiming that the security protocols mandated by the regulatory standards mentioned above were not met.
To use a safe harbor defense, an organization must demonstrate that they have taken steps to meet all of the requirements under a given framework. Moreover, when these frameworks are updated based on new technology or processes, organizations have one year to conform or they may be forced to abandon the safe harbor defense.
Because many of these regulatory frameworks can be general in their suggestions whereas others can be quite specific (like HIPAA’s 29 required organizational policies), it can be hard for businesses to know if they are meeting standards or not. This is especially complex based on a variety of factors: the nature of the information being protected, the size of an organization, the resources available to that organization, and the availability of compliance tools.
In this sense, a cyber security solution provider like Computer Technology Management Solutions may be required so that organizations can mount the best defense possible and avoid being put out of business. Surveillance and cyber security solutions are not just crucial to keeping a business running efficiently; they are vital to keeping an organization running at all.
Industrial Cyber Security Solutions
Depending on the industry, compliance with one or more cyber security frameworks is critical to ensuring efficient operational functions and privacy. Although compliance can seem like a burden at times, through the Data Protection Act Ohio has added an extra layer of defense and protection for businesses and other entities that are making their best effort to conform and protect patients and other entities they may work with.
By consulting with a cyber security solution provider like CTMS, business owners and IT directors can improve their chances at fighting torts and reduce the risk of harmful data breaches.