Medical, Banking and E-Commerce Industries are Hot Targets for Cyberattacks
Every organization at one time or another thinks “it will not happen to us,” but almost every organization is a target for cyberattacks from nefarious elements. Data breaches, phishing offenses, malware downloads, ransomware attacks are all on the rise across the board. Everyone must take precautionary and protective measures. However, there are a few organizations that must put ADDITIONAL safeguards in place as they are most attractive to criminals due to their expansive treasure trove of personal, confidential, and financial information on individuals and companies—the mother lode that crooks are seeking.
The most appealing industries for cyber felons are the healthcare/medical sector, the banking/credit/financial arena and e-commerce enterprises. Their desirability as targets as well as the need for professionalism means that most of these also have compliance and legal standards to which they must comply for a variety of reasons, including IT security.
The Healthcare/Medical Security Factor
Healthcare providers must adhere to the security roles outlined in the Health Insurance Portability and Accountability Act (HIPAA). Specifically, each must:
- ensure the confidentiality, integrity, and availability of all e-PHI they create, receive, maintain or transmit,
- identify and protect against reasonably anticipated threats to the security or integrity of the information,
- protect against reasonably anticipated, impermissible uses or disclosures, and
- ensure compliance by their workforce.
This requires that they have an IT Security Policy in place that is updated and enforced including limiting access to information to the “minimum necessary” level, securing the network, and designating an individual staff member responsible for developing, implementing and monitoring security policies and procedures. Additionally, they are required to have a workforce training, testing and security management system in place as well as an ongoing security evaluation process in place. On top of all that, they must employ physical and technical safeguards to ensure data integrity in stored and transmissive states—such as data encryption, hardware firewalls, secure access via VPN with multi-factor authentication and more.
The Banking/Credit/Financial Arena Security Factor
The financial field has its own set of requirements and regulations that vary widely across governmental jurisdictions. The one that people are most familiar with is the PCI-DSS (Payment Card Industry Data Security Standard) which specifies requirements for processing, storing and transferring payment card data. On top of that are regulations such as the Sarbanes Oxley Act (SOX) which stipulates what financial records should be stored, for how long and how they must be secured. Another well-known standard is FINRA (Financial Industry Regulatory Authority) which sets requirements for brokers/dealers and enforces rules for lowering risks from cyberthreats.
The E-Commerce Enterprise Security Factor
E-commerce businesses must adhere to PCI-DSS requirements but also usually must have other things in place such as HTTPS protocols for secure payments as well as SSL (secure sockets layer) certificates to protect data during the payment process. Like most organizations, these should have hardware firewalls in place and utilize a CDN (content delivery network) for further safeguards including protecting against DDoS (Distributed Denial of Service) attacks.
What Businesses with Above-Average Security Needs Must Have to Protect Themselves from Cyberattacks
Each of these industries have above-average needs for cybersecurity measures because they each use technology in every part of their business. At a high level, each of them must do the following:
- Backup all local and cloud data in multiple geographic locations.
- Install BDR (Business Disaster Recovery) appliances to minimize the downtime caused by any event.
- Secure all devices/networks with antivirus, anti-spam filters and anti-spyware software, set up hardware firewalls with all security procedures engaged and get all updates in place as soon as they are available.
- Encrypt all important information when stored locally, online and in transit.
- Enable multi-factor authentication for all important services.
- Manage and enforce secure password policies.
- Control all access, especially to administrative functions.
- Monitor devices, especially remote devices with management software.
- Train staff on cybersecurity risks and how to reduce them.
- Protect all client and confidential data to the most possible level possible given business economics.
- Get a good cyber liability insurance policy in place and find a breach consultant in advance of any threat.
The truth be told, cyberattacks CAN happen to you! Address the threat before it’s too late. Click here and let IT Radix help you avoid being a victim of cybercrime!