Valuable insights and thought leadership.
- Breadcrumb News
- In The News
Does your favorite yoga studio or local ice cream shop have a cybersecurity risk management plan? If not, they may be putting their sensitive data- or yours- at risk of cybertheft.
According to new research from insurance firm Nationwide, a significant percentage of small businesses may not know they have been a cyberattack victim due to a lack of understanding as to what constitutes a cyberattack.
Nationwide’s annual survey of business owners found that 13 percent said they experienced a cyberattack.
However, that number jumped to 58 percent of owners who identified as victims when shown a list of specific examples of attacks, including phishing, viruses and ransomware – revealing a 45 percent gap in lack of understanding about what constitutes an actual attack.
Creating a culture of security, as you’ve likely gathered, is not a static process. The key to staying ahead of cybercriminals is consistent review and updates. A common mistake organizations make with their security awareness program is failing to plan long term. Often times, they get caught up in the initial roll-out of their training, but forget to plan on updating their program periodically. New types of attacks are consistently generated, so it is important that senior management and the IT department work together to stay ahead of the hackers. The key to maintaining a strong security posture is consistent review and updates.
On Tuesday, October 10, Breadcrumb Cybersecurity – formerly IT Strategy, Inc. – presented The California Cybersecurity Initiative: Privacy is the New Currency. The inaugural event, hosted at McCormick Barstow, LLP, highlighted the financial and reputational risks associated with today’s cyber threats, as well as the economic advantage to protecting the privacy of patients, customers, and sensitive corporate data.
If you are a healthcare provider that accepts Medicare, then you have likely seen and heard the acronyms MACRA, MIPS, and EHR hundreds of times in 2017.
You may have chosen to attest to MIPS for the entire calendar year, or perhaps you are gearing up to begin reporting in the final 90 days of 2017. You also may have chosen to begin reporting in 2018. Whichever path you have selected, are you aware that before medical practices participate in MIPS they must prove that patient health information contained in EHR and elsewhere in their practice is protected by performing a security risk assessment (SRA)?
The process of creating a security culture does not end after awareness training is complete. In fact, each of the preceding steps in this series have built upon one another to get your organization to this point. Now is when the ongoing task of keeping cybersecurity front-of-mind begins.
If you’ve followed our first three steps for creating a culture of security, you’ve set you, your employees, and your organization up for success in these final two steps. The assessment has revealed key strengths and weaknesses in your current cybersecurity environment. Creating buy-in has developed the framework for a company that values security. Your awareness training has provided all key stakeholders with the necessary tools for spotting and mitigating potential cyberthreats.
Equifax, one of the three main credit reporting companies, said last week that a major data breach exposed Social Security numbers and other important information of millions of people.
The breach affected about 143 million consumers in the United States, as well as some in Canada and the United Kingdom, but Equifax didn’t provide a number. Hackers had access to the data between May and July. The company publicly announced the hack on September 7, 2017
Equifax has not done much to clear up public confusion surrounding the breach, affecting nearly half of Americans. Many are left with questions regarding how this happened, and what to do now.
Here are the answers to 5 common questions: