11-12-13 | Blog Post
Online Tech is liveblogging from Milwaukee at Rock IT Around the Clock! That’s the theme for the HIMSS Midwest Area Chapters Fall Technology Conference November 10-12, where we’re exhibiting our HIPAA hosting solutions at booth #501. Here’s our takeaways from a session on cyber security:
Session: Cyber Attacks from Shanghai: Prepared?
Speaker: Ali Pabrai
Firewalls are our first line of defense!
Key: Encrypt all passwords during transmission and storage on all system components. There are too many generic accounts (physician accounts, and nurse accounts, etc.)
Implement two-factor authentication for remote access.
Audit Log consolidation control.
*****Keys: review logs for all system components at least daily, and retain audit trail history for at least one year, with a minimum of 3 months online availability
1 in 4 breaches lead to identity theft (in 2012)
Encryption: Last line of defense!!
If there’s one control that should have the floodlights on it, it’s encryption. It’s one of the most important things to implement in 2014 and beyond. And encryption should be looked at from a dozen different places.
THE BOTTOM LINE: What is your enterprise standard for encryption, from mobile devices to cloud computing?
Unsecured PII, Breach notification mandate:
Assume that your organization might already have been compromised, and start from there. What have you deployed? You may have a firewall and antivirus, but if you don’t have two factor, or mobile device management or device encryption, there’s still work to be done.
Seven steps to enterprise security:
This helps availability, integrity, and confidentiality.
“Victorious warriors win first and then go to war, while defeated warriors go to war first and then seek to win.” –The Art of War
Are you converting those security incidents into security intelligence?
***Get your enterprise security system security plan developed***