A data breach is notoriously hard to detect. In one study, researchers found that it took U.S. companies an average of 206 days to detect a data breach in their system. The average cost of identifying a breach on this timetable? $8.7 million.
This is by design, of course – the longer hackers can stay connected to a system, the more they’ll profit. And while larger enterprises might seem like more desirable targets for these attacks, in many cases, small businesses are just as vulnerable, if not more so. According to Verizon’s 2019 Data Breach Investigations Report, 43% of cyber attacks that year targeted small businesses – the largest share of any group.
And as unfortunate as it is, hackers these days view certain types of businesses – such as medical clinics or dental offices – as prime targets.
Just last year, we saw a rash of cybersecurity attacks against dental offices, primarily done by exploiting vulnerable endpoints in the clinic’s IT architecture to install ransomware. This software seizes your clinic’s data and holds it in stasis until the ransom is paid, at which point the hacker may (or may not) choose to release the data.
Ransomware is always hard to deal with, but a data breach doesn’t have to be so drastic. Consider two dental offices in Illinois and Georgia that reported data breaches last year, which exposed as many as 2,600 patient records. This was a smaller breach than most that make the headlines, but it’s a big loss all the same. Every data breach is a potential HIPAA violation lying in wait. (And even if records don’t explicitly get exposed, the damage is done – the American Dental Association considers all ransomware attacks HIPAA violations by default).
What small clinic can afford to deal with HIPAA fines on top of disaster management IT costs, all combined with a loss of patient trust? Few out there are prepared to ready the storm. And as the beginning of 2020 has shown us, the storm is already here.
On top of everything else medical clinics have to deal with, the pressures of the SARS-CoV-2 (coronavirus) pandemic forces our hands further. Clinics must adapt to new workplace processes, work from home orders, increased reliance on third-party software, and more personal mobile device use.
This, in addition to the already-existing threats faced by healthcare clinics, represents real challenges for providers who need to protect themselves from data breaches.
How to Protect Your Business
So, your company faces IT threats from outside sources that include business-facing ransomware, social engineering, and outdated software IT threats to business. And thanks to COVID-19, there’s a higher risk of data breach through our increased use of personal mobile devices and laptops. What can be done to prevent a breach? And if a breach does occur, how will you know?
The answer is to take a layered approach to cybersecurity and embed it throughout your entire organization. This needs to be done in a three-pronged approach that addresses all of your vulnerabilities at once:
- Employee level security
- Business network level security
- Cloud level security
Each of these pieces needs to be addressed to create a thorough cybersecurity plan. For example, a medical clinic may be great at employee level security and offer thorough training on social engineering, installation of corporate-grade firewalls, and updates to outdated software IT threats to the business. But all of this preparation won’t mean much if the other two levels aren’t secured.
What good is user authentication if your Group Policy doesn’t allow access to the proper resources? Why buy cyber insurance if your cloud configurations aren’t set up to prevent intrusion?
Looking at cybersecurity this way, it’s clear why so many companies struggle to identify and address breaches. There are plenty of attack vectors to worry about, and even one bit of outdated software is an IT threat to the business.
Particularly in the wake of the coronavirus pandemic, small businesses need to stay on top of these issues and make embedded cybersecurity a priority throughout their IT architecture.
Your Next Step – Learn How to Upgrade Your System
There’s a lot to cover in a cybersecurity upgrade – which is why we put together a guide titled “How to Embed Cybersecurity in Your Organization.” Within, you’ll find details on how to apply a layered approach to cybersecurity within your company, as well as tips on more advanced security features, including the use of virtual private networks, wireless access points, predictive threat assessments, and more.