• Cybersecurity, FBI and You

  • Forward Note-

    This article was written the just prior to the firing of FBI Director James Comey. The article highlights the concerns of many government agencies, especially with the this past weeks global cyberattacks targeting healthcare around the world.

    The Federal Bureau of Investigations (FBI) Former Director James Comey delivered a keynote speech at The American Hospital Association Annual Membership Meeting this week.

    “Healthcare organizations are major targets for cybercriminals, Comey said, because the sensitive data they collect in droves can be sold at a high price for use in fraud and identity theft. Medical devices are also increasingly becoming a target”.

    While Comey’s comments were in reference to hospital industry, these same scenarios are playing out in many organizations which are handling their clients, employees or patients “sensitive data”.

    Another government agency, the Federal Trade Commission (FTC) launched a new website aiming to assist small business protect their networks and systems from cyberattack, as well as protect customer and employee data. Access to the FTC's tips and advice are free.  ftc.gov/SmallBusiness 

    FireEye recently published a white paper entitled Five Reasons Small and Midsize Enterprises are Prime Targets for Cyber Attack. The paper states: “Cyber attackers are increasing targeting small and midsize enterprises (SMES) as well. One SME may not seem like a worthwhile target for a cyber-attack, but collectively, SMES are a gold mine. SME’s account for approximately 90% of business worldwide, creates four out of every five new positions and generates 33% of the gross national income (GNP).

    I would argue that you don’t have to be an organization which falls into the health care definition to be subject to a cyber-attack or breach. Whether you are an attorney, healthcare provider or a grocery store, you handle sensitive data of your employees, clients or patients.

    Cybercriminals make a business out of obtaining data and they view your employees as one of the weakest links in the security chain. With mobile devices being viewed as an easy way of gaining access to data and corporate networks.

    Two out of ten companies have already experienced a mobile device cyberattack, although in many cases, organizations are not even aware that an attack has happen. 

    These numbers and concerns should alarm any organization, no matter of their size to take a proactive approach of protecting their sensitive data. Employees are your weakest link.

    Ensure that your organization has adopted, written security and privacy policies, procedures and has trained employees. Back-up your data, ensure that it is not corrupt and store offsite.

    Judith has just released her comprehensive Information Security System. Here is a brief excerpt:

    “Security breaches are commonplace and organizations of all sizes and types have become popular targets for attack.  Confidential customer, employee information collected and used by companies in the normal course of business has become the target of cybercriminals and identity thieves.  The Company’s confidential and sensitive information must be protected from intrusion, loss, exposure and theft.  The Company should meet or exceed the best practices or minimum requirements in applicable federal, state and industry regulations for information, security, privacy and identity theft protection.  Policies, procedures should meet the “reasonable and appropriate” test for the time which the Information Security System was implemented. These common best practices include administrative, physical and technical safeguards, as well as a breach response plan that must be set up, maintained and updated regularly.”

    Judith is an accredited Certified HIPAA Professional (CHP) and member of HIMSS. As the owner of JAL, Judith is your subject matter expert providing guidance to organizations within HIPAA, GLBA, False Claim and other regulatory agencies. Judith provides reasonable and appropriate compliance policies, procedures within your Compliance Program. As a guru in compliance, Judith delivers compliance employee training programs, and participates in educational speaking engagements for the industries who handle Protected Health Information. To read more about the world of compliance subscribed to JAL’s insightful newsletter at www.jalconsultantsaz.com.

    Follow JAL:

    Twitter @ judithconsult
    Instagram judithconsult  

    “Copyright” © JAL Consulting 2017