5 minute read
Protect Your Practice from Cyber Attacks
— Eric Roebuck, CEO CISO, Valander Cybersecurity
The Cybersecurity world is a mess. According to Security magazine, there were 1,767 publicly reported data breaches exposing 18.8 billion records in 2021. This is a decrease from 2020’s pace. Although this may seem like progress, let me assure you it is certainly not. Data breaches have decreased because a more profitable attack has taken its place; Ransomware. Ransomware and data breaches, however, are the symptoms, and not the disease.
There will always be cyberattacks with the data-rich environments created by our high-tech world. The issue, therefore, is not that there are attacks, but how do we create a culture to deter them from attacking our organizations. The only way to start gaining ground is to instill a culture of security at every level within our organizations. It starts with command emphasis from the top. Leaders must understand the challenges and costs associated with keeping data safe as compared to the crippling costs and effects of data breaches.
First, it’s important to understand who is attacking your company, and why. When we close our eyes and imagine who the hackers are, we envision an overweight, dirty, and socially awkward person in their parents’ basement, pounding on their keyboards at three am. This is not the case. There are entire companies staffed with cyber hackers dedicated to stealing your data to sell it or make you pay a ransom for the privilege to exist. It’s their job, 24/7, and it’s about making money or inflicting pain!
Next, in the cyber battle, it’s important to note that when one type of attack is controlled, another is on the way. There are countries with cyber armies in the tens of thousands that can see your vulnerabilities at the speed of light from half a world away. Even beginners have enough free tools and training at their disposal to become a threat in a matter of weeks. Each of these enemies is more dedicated to stealing data than we are prepared to protect it. Again, it’s their ONE and ONLY job!
As leaders we underestimate our adversary. The bad guys are far more committed to stealing organizations’ data and encrypting their systems than leaders are to protecting them. This is not an issue of competence, but one of time and culture. Cyber criminals have the luxury to being singularly focused on attacking. All their research and development are aimed at breaking into systems and making money on data theft and encryption. Because most organizations have a lack of understanding about cybersecurity issues at the highest level, the commitment to protection is nowhere near the commitment of invasion, handing the bad guys an enormous advantage.
So how do we minimize the risk of cyberattacks? The only way to counteract this is with written policies, procedures and guidelines that are understood and followed by everyone. We begin by reviewing our current organizational vulnerabilities which are probably staggering and quite invisible to the average employee. We then develop understandable, and enforceable, written documentation, while creating a culture of detailed processes and protocols that identify infrastructure and employee cyber hygiene. A framework like the Nist 800-53 or the ISO 27001 must be implemented and taught. The Nist 800-53 can be implemented with less pain by using a SAAS program like Compliancepro.info to help leadership go step-by-step through the process. And we must continually remind our team that any misstep can be immediately detected by cyber criminals.
The process to mitigating disaster is a massive undertaking for all team members, but most importantly for leadership. Other responsibilities compete for our time and attention. Hence, this problem can only be solved by understanding, then delegating the task. A competent Chief Information Security Officer could be a first step for larger companies. Smaller organizations may wish to contract information security professionals to secure their IT environment. Ultimately, however, the responsibility to keep data safe still falls on you. You must push a culture of leadership through a framework and be as committed to protecting your organization as the bad guys are to attacking you.
As Sun Tzu wrote in the Art of War, “If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.” •
FEATURE
Introducing My Benefit Advisor
We Focus on Your Benefits. You Focus on Your Practice.
Many Docs and Firm Administrators struggle with understanding and getting the most out of their employee benefits and may not be aware of the different services available to enhance their employee benefits offerings. As a solution for its members, Philadelphia County Medical Society is proud to offer members access to the My Benefit Advisor (MBA) program.
MBA is designed to guide members through the complexity of planning, communicating, and managing an employee benefits program that meets the needs of their employees and is in-line with financial objectives. Our experts have an in-depth understanding of the marketplace, compliance regulations, and strategies for long-term cost containment.
MBA provides numerous resources, tools, and products to benefit medical practices, strengthening their employee benefits program and setting their business up for success. Resources for MBA Clients: • Consulting: Our experts have a wealth of experience to help you understand your options to make an informed decision and guide you through the implementation process • Discounted Insurance Resources: Exclusive savings and programs through the Med Society to help save money • Unique Programs: Solutions for student loan debt repayment, Payroll, HRAs, and more
• Online Enrollment &
Communication: Effectively communicate your benefits program, improving tracking and collection of enrollment data, and enable employees to update personal information, make benefit elections, and view side-by-side plan comparisons and summaries
• Human Resources Support:
Complimentary access to comprehensive HR solutions including live phone support, training courses, and an online library to assist practices large & small • Medicare: We guide you through the processes to help you find and enroll in the coverage that fits your needs • First-Class Service: Our service team and resources ensure employers have continuous assistance with the ongoing administration of their benefits program and employees have answers to everyday benefit questions • Compliance Education: Simplifying complex health care reform topics and highlighting employer responsibilities
There are many more advantages to the MBA program. We advise clients from individuals and families to small & mid-size practices. For more information about My Benefit Advisor, visit this website: pcms.mybenefitadvisor.com or contact Jim Pitts at (610) 684-6930. •
