Are you tired of hearing about security breaches? Tired of hearing that yet another company has been hacked, and hundreds, if not thousands of trusting consumers are once again forced to seek protection for their financial assets? Those that track such things are still totaling the damage for the year, but in the first half of 2015, 21% of all data breaches occurred in the healthcare industry, the most by far of any other sector. The experts say that’s because hackers look for places where they can get the most bang for the buck. Hospitals are a virtual breeding ground!

The biggest cause of cyber-breaches is probably sitting in the cubicle next door. It’s Harry or Sally who innocently opens an email from someone they don’t know, clicks on a link they’ve never clicked on before, or “innocently” leaves their myriad number of passwords on a 3 x 5 card tacked to the wall of their cube (yes, we’ve seen it!). 

Training tens of thousands of employees to “be more careful” is an impossible challenge so it’s often up to those of us working at the network infrastructure level to fill the gaps. Better email filtering works well but by its very nature, identifies the problems after the patient has been infected. Our StabilITy Alliance partner Foresite, recommends a five-point plan for any organization looking to plug their security holes.

·      Vulnerability and Penetration Testing: Hire an “ethical” hacker to gain unauthorized access to your network.

·      Web Application Testing: Review website applications that can often provide easy access to troublemakers.

·      Enterprise Security Risk Assessment: Conduct a complete review of security practices from a technical administrative perspective.

·      Third Party Risk Review: Analyze your business partners and third party relationships whose lax security procedures could have a profound impact on your own.

·      Social Engineering: Analyze Harry and Sally’s work habits and put in place a comprehensive and ongoing training program to raise security awareness.

Tired of hearing about IT security?  Get over it.  As long as real people are at the rudder, the ship has a risk of running aground.