08-12-13 | Blog Post
A recent study by the Ponemon Institute and Experian Data Breach Resolution reveals that 45 percent of organizations reported having suffered a data breach or security exploit over the past 2 years as a result of negligence or mistakes causing the loss of confidential business information. Thirty-four percent experienced a disruption in business operations, and 24 percent were victims of misuse or theft of confidential business information (i.e., intellectual properties).
Last year I wrote the article, Michigan Cyber Initiative Reports ‘People’ as Weakest Link in IT Security, citing the Michigan.gov’s cybersecurity advice about Personnel Security Controls – “People are the key ingredient to a successful organization, but people can be the weakest link for security of the environment.”
Countless data breaches can be attributed to human error, including sloppy IT security practices, like the recent healthcare data breach caused by a health IT vendor that had their firewall turned off for a month, allowing Google to index private data ( read PHI Indexed on Google? Reaffirming the Need for Business Associate HIPAA Compliance for the whole story).
Mistakes happen, but risk mitigation can start with preventionary tactics such as updated and consistent staff security training. Appointing a Risk Management and Security Officer to conduct training on simple policies to ensure physical and network safety can protect business data.
According to a Ponemon Institute report, The Human Factor in Data Protection, examples of employee behavior that put companies at risk include connecting to the Internet via an insecure wireless network; using personal mobile devices connected to their organization’s network; using generic, unencrypted USB drives and others.
The security of your organization also extends to the security practices put in place by your contracted vendors (business associates in the case of healthcare). For data center provider/hosting practices, a few physical security precautions include:
Other technical security tools that can be employed on computer networks to protect web applications and data include file integrity monitoring (FIM), web application firewalls (WAF), daily log review, vulnerability scanning, encryption and more.
Find out other ways to avoid a data breach in:
Ensuring Cloud Vendor Security Transparency in the Age of Data Breaches
Gartner recently released recommendations for gaining transparency into cloud software as a service (SaaS) contracts – including emphasis on annual security audits and certification by a third party to verify a cloud vendor’s operating/product security. Gartner also recommends that contracts … Continue reading →
HIPAA Violations Cost Health Insurer $1.7 Million: Lessons Learned
Reuter’s reports that WellPoint, Inc., the second largest U.S. health insurer, has reached a $1.7 million settlement with the Dept. of Health and Human Services as result of a data breach that exposed over 600k health records. WellPoint’s online database … Continue reading →
Disabled Firewalls, Lack of Log Monitoring & Risk Analysis Lead to HIPAA Data Breach
The latest HIPAA data breach case resulting in Dept. of Health and Human Services fines involves disabled server firewall protections that left the ePHI (electronic protected health information) of 17,500 patients vulnerable for at least 10 months. According to the … Continue reading →