Cybersecurity: Is your business at risk?

 - 
Friday, October 20, 2017

While data breaches at large businesses such as Equifax, Target, Anthem, Yahoo and major health systems often make the headlines, the majority of data breaches affect small businesses. Typically, small businesses do not have the resources to organize and fund a sophisticated IT security program. Hackers know this, which gives them an advantage when targeting a business to attack.

Most unsuspecting victims find out about an attack when it’s too late. In fact, insurance experts estimate that 60% of small businesses will go out of business within a year of having a major data breach, and 70% or more of all attacks are on businesses with fewer than 250 employees.

The healthcare industry, as a whole, is the golden goose for hackers. Patient files contain information that hackers can sell on the black market, fetching prices as high as $100 for a full patient record compared to selling credit card numbers that can usually only be sold for around $1. Hackers are seeking Social Security Numbers, dates of birth, mother’s maiden names, cell numbers and, recently, health insurance ID numbers to purchase prescription drugs and sell them.

There are many disruptions taking place in our industry from regulatory changes to margins shrinking, and a breach can compound those issues beyond imagination. I like to compare it to an oil spill and the devastation it causes the company well beyond the incident. It is expensive, and the negative publicity will have a huge impact on doing business with patients, caregivers, referral sources and, ultimately, insurance companies.

In recent months, cyber security and data breaches have been a hot topic for DME providers. Almost daily, I am contacted by providers seeking advice on how to prevent being hacked and have spoken with providers who have been breached, and it is a horrifying conversation.

When advising providers on what they should do to protect themselves, I have identified four common items that all businesses should address ASAP:

Cyber liability insurance– One of the easiest ways to protect your business is with a cyber liability policy. This will do two things: it will cover some of the expenses that arise quickly out of a breach, and the insurance agent will typically go through a list of best practices and can even offer additional training resources. 

BYOD– Bring Your Own Device is a technical term for employees using their own devices to access your business network. I am finding that many providers are allowing personal computers to be used while working from home or even at the business. Computers accessing your patient data should be supplied by the company and set up with restrictions and security protocols. Your user’s personal device typically accesses websites that would normally be blocked at work, because of this access it increases the likelihood of software being installed on your network, unknowingly, that contains harmful viruses or malware.

IT policiesand procedures are a question I field often. Having updated policies as they relate to the use of your company technology can protect you and also advise employees on what is acceptable or not. Review your policies to be sure they are up to date for modern technology use in your business.

Employee awareness training -The most advanced security protocols can’t protect an employee being tricked into clicking on a link or falling for a scam. A number of easy-to-use and trackable training programs are available to help educate staff. Regular training helps to build an additional line of defense to ensure company and customer data remain secure and protected from hackers and other online threats.

Overall, securing your business against hackers can be complicated and feel like a black hole of spending. Start small; something is better than nothing. Creating a budget and increasing it each year is a good place to start.

Hackers work full time to find ways to penetrate a business’s infrastructure to capture company and patient data. They will do anything they can to gain financially from IT oversight. Don’t risk it all; arm yourself with the tools to successfully protect your business from online threats. 

Jeremy Kauten is CIO and senior vice president of IT at VGM Group, Inc. You can reach him at Jeremy.kauten@vgm.com