- Cyber Security Services
- Compliance Services
- IT Risk and Audit Services
- Contact Us
Welcome to summer in New England! Or close to it at any rate. Today I would like to talk about a slightly different topic than usual on these blogs. For those of you that have read past entries, you know they are full of good advice on not many different compliance issues. We deal with everything from banking audits to HIPAA reviews, and we have many, MANY stories of things we’ve seen and best practices that go into these writings.
And like you, I read quite a few articles as well. Lately, there seem to be a large number of them devoted to shouting from the rooftops about some sort of breach. Municipalities, hospitals, insurance, retailers, no one is immune. However, there is a definite pattern that comes of reading all these stories. So rather than talk about PCI (Credit and Debit Cards), GDPR (European Privacy Law), or any of the 100 different acronyms that I could make your eyes glaze over with, I’m simply going to give you three tips. Those of you old enough to remember that three is a magic number know how important that is.
Seriously though, no matter what framework, rule, or regulation that is out there, there are common steps you can take that will make it much harder for the bad guys to take advantage of you. These are issues that appear in the majority of the compromises that we see. Will making sure these are in place guarantee that you won’t be hacked or compromised? Of course not. Only the Lone Ranger has silver bullets. But without these in place it can be like leaving the door unlocked before an overseas trip. Without any further introduction, they are:
Sometimes we are so intent on educating and warning people on the new threats and how to be compliant that we make assumptions that the basics are being handled. It’s similar to having a state-of-the-art security system and leaving the back door open because there’s a nice breeze. If you make sure the vectors that most criminals use (unpatched systems, compromised credentials, and user ignorance) are addressed, you make it exponentially harder to be attacked. In many cases these bad guys are looking for the quick and easy score, and will move down the block to an easier target. Interested in learning how you can further address these basic security areas? Contact us today to discuss your cybersecurity program and risks!