FAQs About Data Breach Security
I have a firewall and anti-virus software, so why do I need data breach security services?
Part of proper data breach security is ensuring that you make every effort to secure and protect your network. The industry standard for network security and data protection is vulnerability scanning and penetration testing. If your firewall, network, and operating systems are not configured properly or not updated, your system is very vulnerable.
In the event of a data breach, your network will be closely examined to see if you had vulnerabilities that should have been removed. If you and your IT company are found to be negligent, you could face massive penalties from your state and/or government entities.
Black Talon Security specializes in network security and compliance. We have found that most IT companies are good at setting up networks, but have limited knowledge when it comes to robust network data breach security. You really need to have a third party, such as Black Talon Security, validate and manage your security.
What will happen if I have a data breach?
Most practices and businesses spend a lot of money on advertising, PR, and managing relationships. But have you thought about the ramifications of a data breach or ransomware? All the money you have invested in yourself, your practice/business, and staff could be jeopardized. These are just some of the consequences of improper data breach security:
Federal Law and most state laws require you notify every single patient or client that their records and identity were compromised.
The social media backlash will be severe.
Mainstream media will make your practice a target.
The financial cost of identity monitoring and legal fees could easily put you out of business.
You will face lawsuits from your patients or clients.
Your data may be published to the Dark Web or publicly, putting you in a very compromising position.
Imagine if an unauthorized person is able to see your patient's record or business files. It has happened before and it will happen again!
I store all my data in the cloud, so I’m safe, right?
Even though you may be running a cloud service, which handles the database security, you are still at risk. Through malware delivered via websites or email, a hacker can compromise your network by using a phishing scam to get your user name and password or install a key-logging script that captures your login credentials. With this information, the hacker could log in to your software as if he/she was in your office. Most cloud-based systems are vulnerable to ransomware attacks.
Most businesses that use a cloud software still have data being stored locally. This data contains electronic protected health information (ePHI), personally identifiable information (PII), trade secrets, and confidential documents, and needs to be safeguarded as well.
What is ransomware and what happens to my business if I’m affected?
Ransomware is a debilitating attack on your infrastructure that encrypts your computers and server and leaves you completely helpless and hostage unless you are willing to pay a significant amount of money to have the attacker decrypt your files. Most law enforcement agencies will tell you not to pay since there are no guarantees your files will be released. If this occurs, your entire network infrastructure will need to be restored. If you don't have a good backup, you may experience significant data loss, which is a data breach security incident under the HIPAA security rule or other federal/state laws.
The process of restoring your network is expensive and very time consuming. It is the same process as starting from scratch. Applications have to be installed and configured. Network security, settings, accounts, and data have to be restored. Even with a good offsite backup, it may take days just to get your data back. For the average sized business, this is a multi-day process resulting in the shut-down of some or all operations. How much will this cost you financially? How will your clients or patients feel when you have to cancel meetings/appointments or cannot access their data?
Do I still need an IT company to support my network?
Absolutely. The relationship we have with your IT company is mutually beneficial. After performing all of our security testing on your network, we will work with your IT company to mitigate any risks. Your IT company will be the one making the necessary software changes based on our recommendations.
If I have Macs, do I still need cybersecurity?
You absolutely do. There are more and more Mac exploits being developed by hackers than ever before. In addition, many practices that have Macs often have acquisition PCs that drive their digital imaging systems and these PCs often run Microsoft Windows. Are you using any IoT (Internet of Things) devices such as smart TVs, digital picture frames, digital thermostats, etc.? These devices are often highly susceptible to cyberattacks and hackers often use them as a way to launch data breach security attacks against the rest of your network.
Regardless of the platform you use (Windows or Mac), you must conduct a risk assessment and risk analysis against these devices to understand your security posture.