In today’s ever-changing cyber landscape, we talk a lot about what measures to take if you have experienced a data breach or ransomware attack. Who do I call if my patient’s health information has been comprised? Do I need to pay the ransom? How long will my organization be down and disrupt the continuity of care?
While these are all good questions to ask, it’s not simply enough to think through the worst-case scenario. Whether your organization is large, small, or somewhere in between, it’s important to be on guard for whatever lies around the corner. At ComplyAssistant, we have seen time and time again, it’s not a matter of if your organization will experience a breach but when.
Cybersecurity Awareness Month
October is Cybersecurity Awareness Month. Each week in October the National Cybersecurity Alliance will offer industry insights and tips from thought leaders around the country. The hope is that this month will spur conversations around cyber safety and provide opportunities to educate the public, not just those in the IT community, about the dangers that exist online.
According to a recent report from RiskRecon, the impact of multi-party breaches or “ripple events” has had a detrimental impact on the U.S. economy in recent years. Some of the top findings from the report include:
- 897 multi-party breach incidents, known as ripple events, since 2008
- 147 newly uncovered ripples observed across the entire data set, with 108 occurring in the last three years
- The median ripple breach event causes 10x the financial damage of a traditional single-party breach
In an age where so much of our world evolves online, coupled with the rise in remote work and third-party vendors, it’s extremely crucial to make sure your organization is prepared for what comes next.
The first step to ensuring your organization is set up for success is education. The weight of keeping everyone accountable should not fall solely on the IT department’s shoulders; instead, it should be an enterprise-wide effort.
Here are some great tips for educating your team, regardless of organization size:
- Orient your team to the most common risks. The Department of Health and Human Services (HHS) offers a lot of education about what the common risks are. Read up on them here.
- Train your team on best practices. In addition to providing guidance around the most common risks, HHS has compiled a list of best practices to mitigate them.
- Establish a committee of key stakeholders. Remember, your IT team knows the ropes but not everyone does! This group should include a diverse representation of members from IT, finance, legal, admin, etc.
Although education never truly ends, the next step in the journey is preparation. Organizations that have a plan in place, whether it’s executed internally, externally, or a hybrid mix of both, are better off than organizations that don’t. Here are some tips to prepare for the unexpected:
- Have an Emergency Preparedness Team. This team can (and should) consist of members from your previously defined committee of stakeholders, and it can also include others not in that group as well.
- Create a Disaster Recovery & Business Continuity (DRBC) plan. Today’s downtimes are not what they used to be. National Institute of Standards and Technology (NIST) used to account for 72 hours of downtime, but as the headlines have shown us these days downtime can cost businesses upwards of 30 days or more. Whether you have resources in-house to manage your DRBC plan or an external source, you will be glad you planned ahead.
The good news about all of the work you’re doing within your organization to bolster cybersecurity awareness? Everything can be fine-tuned! The industry is constantly changing and unfortunately, hackers are finding new ways to do their dirty work, so you can be sure that any plan you develop will need to be modified as you progress down this path. Here are some important tips to remember:
- Keep an eye on your state’s legislation. Like anything, each state has their own approach to how cybersecurity is managed. Follow the National Conference of State Legislatures to make sure you know how your organization is affected based on where you’re located.
- Stay tuned into HHS protocols. Equally important to state guidance is the HHS’s protocols for cybersecurity compliance. Bookmark their website for detailed information and best practices.
If you have made it this far, it’s safe to say that you are ready to take the first step in securing your organization’s cybersecurity! Your team’s success is our company’s first priority. Contact us today – we’d love to help you get started in meeting your cybersecurity awareness goals for a safer world online.