Wednesday, September 30, 2020

What's the Difference Between a Breach and Security Incident?

data breach


If you think a data breach can’t happen to you, think again: According to the Ponemon Institute’s Fifth Annual Benchmark Study on Privacy and Security of Healthcare Data,criminal attacks are up 125 percent compared to five years ago. And that’s just in the healthcare sector. Now more than ever, organizations need a primer on how to protect sensitive data. With cyber crime attacks on the rise, it’s critical to understand what a data breach is, how it differs from a security incident and how to plan a data breach response.

 

Incident vs. Breach


Think of a security incident as a pesky cold that may sideline you for a couple days, but clears up fairly quickly. It’s any event that violates an organization’s security or privacy policies around sensitive information like Social Security numbers or confidential medical records. This can be anything from a misplaced drive to missing paper files. A data breach Fayetteville NC, on the other hand, is like the nastiest flu bug ever — a whopper of a virus that will knock you off your feet.  The folks at ID Experts define it as a security incident that meets specific legal definitions per state and federal laws. Specifically, data breaches require notification to the affected individuals, regulatory agencies, and sometimes credit reporting agencies and media.  

 

 

Security Incidents Are Status Quo


Security incidents are, sadly, part of the status quo — with 65 percent of healthcare organizations reporting having experienced electronic information-based security incidents over the past two years, according to the Ponemon study. While not all security incidents escalate into data breaches, there’s a regulatory obligation to complete an incident risk assessment when PHI (protected health information) or PII (personally identifiable information) is compromised.

 

Responding Effectively


When an incident does escalate into a data breach, a quick and effective response is critical. This requires close collaboration across the company or organization, not just IT. Stakeholders in legal, marketing, public relations, the C-Suite and other functions have to be prepared to own a piece of the incident response and work together in a fairly seamless manner. The first two, vital steps following a data breach are 1) Quantify the damage; and 2) Determine your response. To address the first, quantifying damage, it helps to know at any point in time what information requires the most protection, where it’s stored and how it’s protected. At SpartanTec, Inc. we recommend performing periodic cyber threat assessments to develop this understanding. In respect to step two, determining response, this is essential to managing enterprise risk and can quell fears, especially when the breach is more serious than initially thought, when credit monitoring isn’t enough and when media interest is high. It requires data breach agility. Organizations with high data breach agility are more likely to have cybersecurity platforms that optimize visibility and the sharing of actionable threat intelligence between prevention and detection tools and across endpoints, data centers and the cloud.  

 

This is among the advantages of the security fabric. Based on open APIs, it links together different security sensors and tools to collect real threat data, enabling technology and people to more effectively coordinate and respond to potential threats. Contact SpartanTec, Inc. to learn more.


SpartanTec, Inc.
Fayetteville, NC 28304
(910) 745-7776
http://manageditservicesfayetteville.com

Serving: Myrtle Beach, North Myrtle Beach, Columbia, Wilmington, Fayetteville, Florence

Monday, September 21, 2020

5 Overlooked Security Measures When Using Mobile Devices

IT Service

Implement a mobile device policy. This is particularly important if your employees are using their own personal devices to access company e-mail and data. If that employee leaves, are you allowed to erase company data from their phone? If their phone is lost or stolen, are you permitted to remotely wipe the device – which would delete all of that employee’s photos, videos, texts, etc. – to ensure YOUR clients’ information isn’t compromised? Further, if the data in your organization is highly sensitive, such as patient records, credit card information, financial information and the like, you may not be legally permitted to allow employees to access it on devices that are not secured, but that doesn’t mean an employee might not innocently “take work home.” If it’s a company-owned device, you need to detail what an employee can and cannot do with that device, including “rooting” or “jailbreaking” the device to circumvent security mechanisms you put in place as part of the IT service.  
Require STRONG passwords and passcodes to lock mobile devices. Managed IT service providers say that passwords should be at least 8 characters and contain lowercase and uppercase letters, symbols and at least one number. On a cell phone, requiring a passcode to be entered will go a long way in preventing a stolen device from being compromised.


Require all mobile devices be encrypted. Experts of IT services Fayetteville NC suggest that encryption is the most effective way to achieve data security. To read an encrypted file, you must have access to a secret key or password that unlocks (decrypts) the data.


Implement a remote wipe software for lost or stolen devices. If you find a laptop was taken or a cell phone lost, remote “kill” or wipe software will allow you to disable the device and erase any and all sensitive data remotely. 


Backup remote devices. If you implement step 4, you’ll need to have a backup of everything you’re erasing. To that end, make sure you are backing up all MOBILE devices including laptops so you can quickly restore the data. While these 5 are a good start, many organizations that are heavily using mobile devices or are handling highly sensitive data such as credit card numbers, financial information, social security numbers or medical records need to be far more diligent about monitoring and securing all mobile devices.  
 

For those of you who fit into that category, we have a special report that details X more security measures and strategies that you need to implement and know about that most IT firms don’t know or won’t tell you. For a free copy, simply call SpartanTec, Inc. or shoot me an e-mail at lcarter@spartantec.com with “Mobile security report” in the subject line.


SpartanTec, Inc.
Fayetteville, NC 28304
(910) 745-7776
http://manageditservicesfayetteville.com

Serving: Myrtle Beach, North Myrtle Beach, Columbia, Wilmington, Fayetteville, Florence