Untangle The Cybersecurity Landscape

Part of proper data breach security is ensuring that you make every effort to secure and protect your network. The industry standard for network security and data protection is vulnerability scanning and penetration testing. If your firewall, network, and operating systems are not configured properly or not updated, your system is very vulnerable.

In the event of a data breach, your network will be closely examined to see if you had vulnerabilities that should have been removed. If you and your IT company are found to be negligent, you could face massive penalties from your state and/or government entities.

Black Talon Security specializes in network security and compliance. We have found that most IT companies are good at setting up networks, but have limited knowledge when it comes to robust network data breach security. You really need to have a third party, such as Black Talon Security, validate and manage your security.

Even though you may be running a cloud service, which handles the database security, you are still at risk. Through malware delivered via websites or email, a hacker can compromise your network by using a phishing scam to get your user name and password or install a key-logging script that captures your login credentials. With this information, the hacker could log in to your software as if he/she was in your office. Most cloud-based systems are vulnerable to ransomware attacks.

Most businesses that use a cloud software still have data being stored locally. This data contains electronic protected health information (ePHI), personally identifiable information (PII), trade secrets, and confidential documents, and needs to be safeguarded as well.

Most businesses spend a lot of money on advertising, PR, and managing relationships. But have you thought about the ramifications of a data breach or ransomware? All the money you have invested in yourself, your business, and staff could be jeopardized. These are just some of the consequences of improper data breach security:

• Federal Law and most state laws require you notify every single client/patient that their records and identity were compromised.
• The social media backlash will be severe.
• Mainstream media will make your business a target.
• The financial cost of identity monitoring and legal fees could easily put you out of business.
• You will face lawsuits from your clients/patients.
• Your data may be published to the Dark Web or publicly, putting you in a very compromising position.

Ransomware is a debilitating attack on your infrastructure that encrypts your computers and server and leaves you completely helpless and hostage unless you are willing to pay a significant amount of money to have the attacker decrypt your files. Most law enforcement agencies will tell you not to pay since there are no guarantees your files will be released. If this occurs, your entire network infrastructure will need to be restored. If you don't have a good backup, you may experience significant data loss, which is a data breach security incident under the HIPAA security rule or other federal/state laws.

The process of restoring your network is expensive and very time consuming. It is the same process as starting from scratch. Applications have to be installed and configured. Network security, settings, accounts, and data have to be restored. Even with a good offsite backup, it may take days just to get your data back. For the average sized business, this is a multi-day process resulting in the shut-down of some or all operations. How much will this cost you financially? How will your clients or patients feel when you have to cancel meetings/appointments or cannot access their data?

In short, cybersecurity professionals are specialists in their field.

We often hear clients say that they don't need a cybersecurity company because their "IT guy" or computer company handles all of their security for data breach prevention. When we interview prospective clients on their current cybersecurity posture, the executives of the organization almost always fail at answering the most basic cybersecurity questions related to their security posture. Relying strictly on an IT company for security is almost guaranteed to put your business or practice in a compromised position. Cybersecurity vs IT security is not the same. IT Companies are NOT cybersecurity companies and they do not have the same level of knowledge, certifications, tools and standard operating procedures required to protect your business from ransomware attacks and cyberattacks. Battling cyber-criminals is something that we do 100% of the time and we are the specialists and experts in this field. For cybersecurity vs IT security, IT companies often use outdated technology and do not understand how hackers breach systems, or how to defend against them.

​When it comes to protecting your business, client/patient data and your reputation, you must engage with a company that understands the complex nature of this threat environment and can implement technologies and strategies to defend against cyber threats and ransomware attacks.

The best IT companies tell their clients that they should engage with a cybersecurity company to enhance the security of their network and to independently assess it. If your IT company pushes back, ask yourself, "Why would they not want me to be secure?" The reason IT companies typically push back is because they promised you something they cannot deliver.

Too many executives and healthcare providers find themselves on the wrong side of the table when a data breach occurs. When things go bad, you immediately turn to your IT company for help. In many cases, the IT company will say, "Sorry, we are not a cybersecurity company and this is not our fault."​

If you don't have a full cybersecurity plan that includes vulnerability scanning, penetration testing, training and an assessment, we should talk.