Author Archives: WITS Admin

  • 0

The Hard Truth about CyberSecurity in 2016 going forward

CyberSecurity planning Takeaways in 2016.

Without Clear Business Alignment, Your Company Will Not Prioritize Security

Security leaders have often ignored CyberSecurity — until something goes wrong.  If you do not see how CyberSecurity efforts help achieve business objectives, there is no compelling reason for supporting them  with budget, communication, or inclusion in projects.  CyberSecurity is now a key component to any business plan because your data is your business.  Need to protect the data assets of the business as much as is done financially.  Without your data there is no business, without CyberSecurity there maybe no data.  Time for CyberSecurity to have a seat at all of the tables of the business just like policy, finance, and planning.   From Board room to break rooms.  To preserve the business reputation, future prospects, and C-Suite jobs CyberSecurity needs to be factored into all the calculus used to drive the business to success.

A Truly Business-Savvy company Will Have A Truly Business-Savvy Strategy

Business leaders have adopted a technology agenda that allows the organization to successfully compete and grow, but they left out the most important part to keeping their business.  CyberSecurity is the missing critical piece. Weekly we hear of another business being attacked and data lost or compromised.  Because they did not consider security of  business data and the ability to process it each day worth what it represents.   Business data represents the business itself, protecting it is not some insignificant  bother or a promise of a one time purchase solves all.  The data is the business, protect it as you do the finances, the 5 year plan, growth, and success.   CyberSecurity is here to stay with costs and planning.   Without a CyberSecurity plan a business will not reach its potential and possibly perish.

If You Can’t Communicate Your Strategy Simply, You May As Well Not Bother

Your business needs to be able to communicate all of the business strategies including CyberSecurity. If you cannot communicate it in a clear and concise manner, then there is a problem, it probably doesn’t exist.   A business can communicate its financial plan to banks, boards, and stock holders precisely, but what about the Cyber protection of the business essence from being compromised or ruined by neglecting to address the fiduciary responsibility of CyberSecurity.  Remember Ben Franklin’s words, “failure to plan is planning to fail.”  Is the Board and Executive team planing to fail foolishly thinking that they are saving money?   If it cannot be communicate your CyberSecurity strategy because it didn’t spike the administration interest, then you may as well not bother continuing the business because eminent failure will be in your future.

Is your business is planning to fail by ignoring the fact that CyberSecurity is a critical  business problem of the 21st century?  This is a Board and Executive level fiduciary responsibility for any business.  To not deal with it is negligence  and eminent failure is what is coming, followed by losses, regulatory fines, litigation, and the demise of a once viable company that failed to protect it self from those that wanted to harm it.  Certainly those that ignore the eminent threat will not continue in the same profession.

Time to make a critical business decision to protect the business by protecting the data that defines it.   What is your answer?


  • 0

A Five Point Plan for Boards Addressing Cyber Risk

A Five Point Plan for Boards Addressing Cyber Risk

Simple, to the point, and certainly the absolute truth.   About a 30 second video that should change your perspective.

https://www.securityroundtable.org/a-five-point-plan-for-boards-addressing-cyber-risk/


  • 0

The 10 Security Commandments

  1. Thou shalt install security patches. Exploiting vulnerabilities is one of the main infection vectors. To prevent intrusions, keep the operating systems and all its applications always updated.
  2. Thou shalt audit. Keep a record of logs and everything that goes on in the systems in order to detect security gaps in servers and anything that has access to sensitive information.
  3. Thou shalt use security technologies. The basic combination of antivirus, antispam, and firewall software is only the starting point. They should be complemented with other tools, such as intrusion detection systems (IDS), honeypots, and encryption software.
  4. Thou shalt implement security policies. These documents define the best practices, limit the actions of users on information resources, and state their responsibilities towards them.
  5. Thou shalt use strong, unique passwords. These are the access keys to all resources such as servers, mail, data, and network gear. They must be strong and have to be stored in specialized password managers to minimize the risk of unauthorized access.
  6. Thou shalt grant your users limited rights. Administrative rights should be granted only to very small groups, as they could be exploited by malware to perform actions on the file system or install unauthorized programs.
  7. Thou shalt use legitimate software. Downloading applications from unknown or illegitimate sources may install trojanized software or malware.
  8. Thou shalt educate your users. User security training regarding the proper use of technologies, data protection and existing threats can be implemented through training talks, posters and login messages.
  9. Thou shalt not make unjustified exceptions. Security policies should be applied consistently throughout the whole network. Making unjustified exceptions for a manager, a friend, or a developer exposes company to Risk, even though the rest of the users comply with the policies.
  10. Thou shalt know the security trends. Cyberthreats and techniques are constantly evolving. Meanwhile, security measures are developed and improved to fight them.     Reading http://www.welivesecurity.com is as fine a start as any.

List adapted from http://www.welivesecurity.com/2016/07/29/10-security-commandments-every-sysadmin/


  • 0

Cybersecurity: Time to Move from Talk to Action

Cybersecurity as a business priority has been ignored for too long in too many cases.  Hence, the almost daily news releases of another breach, email hacking, or data loss.  Even the government and politicians are woefully behind the power curve and not paying attention with their actions showing what not to do and data leaking everywhere.

Healthcare is one of those businesses that to this day many feel “we are too small to be noticed” or “the cost of being secure is too much”.  Neither statement has any truth to it.  Healthcare providers are now the target of Cyber Criminals, and the smaller the operation the MORE attractive you are not less.  So you save a few bucks being careless until it hits and then you are paying Bitcoins to some mysterious criminal.  Thinking that is the end of it you find that the government was serious about security and privacy when it developed HIPAA and HITECH regulations specifically for healthcare.  They arrive at your door and begin an audit, and since you decided HIPAA  regulations weren’t  for you  the fines and possible criminal charges for Willful Neglect are in your future.  Lawyer fees and maybe the end of your practice is near.

The story doesn’t have to end that way, action can be taken today to protect  practices and patient privacy as prescribed as required by law.  It is a time to Move from Talk to Action.  Protect your investment, business, and livelihood.

Don’t be like these people and have your name and practice in virtual lights for all to see:

HHS and Office of Civil Rights Wall of Shame

https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf

Or these people writing checks for simple things your office may be doing.

http://www.healthcareitnews.com/slideshow/6-biggest-hipaa-breach-fines?page=1

Call Us, we can help write a better ending to the story.