This document provides 3 links to articles about data breaches in healthcare and other industries. The Citrix blog link discusses how healthcare IT has evolved from paper records to digital systems. The Forbes article covers the PR challenges Sony faced after a major data breach. The SC Magazine link analyzes the PR response by Anthem health insurance after a data breach impacted over 80 million records.
Networking possible, internet not likely, no antivirus, if using windows you may have had one minimal type product installed.
Regardless of the type of business or size of business you are part of, the way we approach security has changed forever. Gone are the days that a business can feel safe with their security design model. These days the attacks have become more sophisticated than ever. Your organization should no longer be thinking about “if” an attack will happen, but be planning for “when” an attack will happen. How does this change the scope of our organizational security strategies? It means that all organizations should step back and take a hard look at their current plan.
Black Hat Hackers: These are folks that have extensive computer knowledge and deliberately look for new exploits. The types of exploits that allow them to obtain corporate and personal information that doesn’t belong to them. These teams can run like organizations with full Research and Development environments to develop the next attack or exploit.
Two very recent breeches where one was handled very well and one was not. Sony didn’t have a PR plan in place. They were accused of staging and trying to promote a movie. Medical information, emails, personal information about actors, etc. In the end it was an employee that deliberately infected a machine to distribute data, leaking personal information about actors and actresses. They took too long to respond, causing a lot of speculation with journalists and even going as far as going after some of the journalists http://www.forbes.com/sites/davelewis/2014/12/16/sony-pictures-data-breach-and-the-pr-nightmare/.
In a sharply worded letter sent to news organizations, including The New York Times, David Boies, a prominent lawyer hired by Sony, characterized the documents as “stolen information” and demanded that they be avoided, and destroyed if they had already been downloaded or otherwise acquired.
The studio “does not consent to your possession, review, copying, dissemination, publication, uploading, downloading or making any use” of the information, Mr. Boies wrote in the three-page letter, which was distributed Sunday morning.
This breech did not make Sony look good at all.
Anthem
Responded immediately, stayed in communication with their customers. They also are protecting their customers if they have identity fraud issues. Also offering additional protection for 2 years to their customers through a 3rd party. 80 million people impacted.
Current and former customers, such as their names, birthdays, medical IDs, Social Security numbers, street addresses, email addresses, and employment information
Once the attack was discovered, Anthem "immediately made every effort to close the security vulnerability, contacted the FBI, and began fully cooperating with their investigation,"
Anthem also launched a microsite, which customers could access via a link from the company's homepage, that includes an FAQ list
no organization is safe from a hack or breech, but rethinking your approach and taking action can significantly reduce this risk.
According to Sian John with Symantec, we can eliminate 80% of vulnerabilities just by patching our servers and workstations routinely. This includes updates anything and everything software related that your organization uses that patches have been issued for by the vendor. That leaves the remaining 20% of vulnerabilities to be resolved in the following recommendations.
By routinely doing security checks; including penetration testing with 3rd party providers, you can help find security loopholes that need resolution. Even more importantly though, do not just sit on this information. Remediate the issues found. XP, SSL recommendations, etc.
If your organization is running old equipment that is not being updated or maintained, it’s time to figure out how to get that replaced. Old legacy systems typically are highly vulnerable to today’s sophisticated attacks.
By having a solid backup strategy in place can help you restore your business under even the worst security violation. For example, Cryptolocker encrypts data on network shares, backups etc. trojan is a common piece of malware that has been able to destroy organizational backups.
Cloud, dr, replicated disk to another device (EMC) Avamar. Larger vendors, Commvault
Relying on a single security vendor to protect your systems in no longer enough.
Putting together a formal playbook with the appropriate people within your organization (legal/public relations) will allow for the correct public communication to protect your business.
Putting together a formal playbook with the appropriate people within your organization (legal/public relations) will allow for the correct public communication to protect your business.
Like many smaller organizations, you are now wondering how to protect your business from these new and complex security threats. More importantly as a small business owner I probably do not have a budget for the complex strategy as mentioned above. What can I do?
Invest in one or two really good virus/malware protection software for your PC’s. One thing I have noticed is that in addition to virus protection on a PC, it has become crucial to have malware protection. Research and find software programs that you trust, and do regular system scans!
Use a reputable provide that keeps up with backend system updates and offer you the latest and greatest software available. This will likely fulfill your business need for Email, and Office related products. For example, Microsoft’s Office 365 or Amazon’s product offerings would be considered reputable, and keep up with backend software updates that reduce the risk of security vulnerabilities.
Use a reputable provide that keeps up with backend system updates and offer you the latest and greatest software available. This will likely fulfill your business need for Email, and Office related products. For example, Microsoft’s Office 365 or Amazon’s product offerings would be considered reputable, and keep up with backend software updates that reduce the risk of security vulnerabilities.
This is still very important and should not be neglected. Using a legal representative to start this conversation is very important. Having a plan for public communication will go a long way for the reputation of your business.
Like many smaller organizations, you are now wondering how to protect your business from these new and complex security threats. More importantly as a small business owner I probably do not have a budget for the complex strategy as mentioned above. What can I do?
Protecting our organizations from the different levels of attacks out there is vital to organizational success. Some attacks are so severe that even an operating system rebuild will not eliminate the vulnerability, and others so severe that your backups can become destroyed. Now is the time for every organization to take a close look at their protection strategy and ramp up, because it will continue to become more difficult to protect our corporate data. This includes implementing a great public relations strategy for your customers and employees that promotes good communication and trust. Falling short on your overall response can risk the future success of your business.
Protecting our organizations from the different levels of attacks out there is vital to organizational success. Some attacks are so severe that even an operating system rebuild will not eliminate the vulnerability, and others so severe that your backups can become destroyed. Now is the time for every organization to take a close look at their protection strategy and ramp up, because it will continue to become more difficult to protect our corporate data. This includes implementing a great public relations strategy for your customers and employees that promotes good communication and trust. Falling short on your overall response can risk the future success of your business.