Information Security is a moving target. Once you "think" that you have it figured out, boom, here comes another new threat to knock you back on your heels and question just how strong your Information Security program is. That's the bad news. The good news is that we are going to give you 5 Information Security Tips that will help reduce the chances (notice I did not say eliminate) of an Information Security incident from taking place.(These can apply to both individuals and organizations as well):
Install Antivirus and AntiMalware - Sounds simple enough but the key is to make sure that you update the definitions for both programs on a regular basis. If you have these programs on your system but they haven't been updated in 3 months, that could lead to trouble. I know that there is a lot of talk out there in the Infosec world about the death of antivirus and while some of that might be true, it still plays a valuable role in your overall Information Security Program.
Passwords, Passwords, Passwords - I get it, we are inundated with the need to create thousands of passwords for all the "stuff" we have to log in to. But, that doesn't mean that you can use terrible passwords (like Password1) and you shouldn't use the same password across sites/systems. Passwords are getting easier to crack so you need to be more complex in your passwords. Use longer (more than 10 characters), more complex (combination of uppercase, lowercase, numbers, and symbols), and not words. Get a password manager that generates passwords for you and this will help resolve the issue. Bonus: The password manager will save the passwords for you too! Just don't use a weak password to login to the manager!
Avoid Unsecured, Public WiFi - This would be like going to the mall during the holiday season, putting all the gifts you just bought in your car, and leaving the car doors unlocked while you go back to do more shopping. Either you are very trusting of others or you're not that smart. Same rules apply when using that free WiFi that Starbucks offers you so you can sit there for 3 hours and consume 45 Pumpkin Spice Lattes. Use a VPN to secure your connection so hackers can't intercept what you are doing over that very public, very open WiFi connection.
Be Careful on Social Media - Social Media is great for many reasons but it can be a nightmare for many reasons too if you aren't careful. Sharing that you are going on a trip with your family for 10 days and nobody is watching your house is an invitation for criminals to see just how good your security system might be (if you even have one). Don't post a ton of personal information and if you do, make sure that your profile is locked so only you can choose who sees what you post. Oh, and finally, don't accept friend requests from people you don't know. If you don't know them and don't have any mutual friends in common, now might not be the time to develop that electronic friendship.
Secure Your Laptop and Smartphone - It's almost 2017, if you don't have passwords and encryption on both your laptop or smartphone, you are at a significant risk of suffering some form of a breach. In fact, if you need proof of this specific to the healthcare sector, head on over to the Department of Health and Human Services Office of Civil Rights "Wall of Shame." This outlines all breaches reported affecting over 500 individuals as well as the reason for the breach. You will be amazed at how many are due to the theft/loss of a laptop or other electronic device.
These seem like simple things to put in place and in all honesty, they are. But, people get busy and sometimes these small things can fall through the cracks and increase your risk of a breach and the resulting fines associated with various compliance regulations. By implementing good security, you reduce your risk and simplify the process of complying with various Federal, State, and Industry Regulations.
While on the topic of Security and Compliance, for our November webinar series we will be discussing how to build a culture of security and how that can help with your compliance initiatives. Details are below but you will have to hurry to register as the webinar is tomorrow and space is limited: