Carelessness Leads to Cyber-Attacks, and Health Care is a Major Target
Security fatigue is real and an increasing challenge for IT security departments. Most of us are experiencing a weariness or reluctance to deal with computer security. According to a study by the National Institute of Standards and Technology (NIST), 91 percent of people report using identical passwords across sites. While the average person reportedly has 27 discrete online logins, 40 percent of organizations admit to storing admin passwords in Word documents and 28 percent store them on a shared server or USB stick. An additional study, the 2016 Healthcare Industry Cybersecurity Report by Security Scorecard covering 700 health care organizations, found that 70 percent of health insurance providers are not doing a good job protecting patient information and 75 percent of the industry suffered malware infections. Health care based businesses are big targets for malware attacks because the data they collect like full names, social security numbers, dates of birth and other information, can be used to steal someone’s identity. This study is especially troubling when factoring in that this highly sensitive data is found in a patient’s Electronic Health Record (EHR) located across multiple doctor’s practices, many who offer access to their patients via web browsers, all with a need for unique credentials and log ins.
In addition to reusing passwords, there are many signs of security fatigue, including feeling worn out by too many software updates, forgetting to connect to VPN, clicking on a link even though you’re unsure about it and not reporting something that seems off. Most commonly malware enters and organization through employees who access suspicious websites from their place of employment, using their corporate email addresses. Unfortunately, these examples likely seem all too familiar, and if someone experiences security fatigue it could not only open them up to identity theft but it could also make your business a target for a cyber-attack. That is, of course, if you don’t have a Managed Security Services Provider (MSSP).MSSPs provide outsourced monitoring and management of security devices and systems using high-availability security operation centers to provide 24/7 services to maintain an acceptable security posture. However, not all MSSPs are created equal. There are some MSSPs that are not also managed services providers (MSPs), which typically focus on network management and monitoring services; therefore, companies pay for a reactive approach in which problems are monitored by looking at logs and internet traffic, not at the full network. On their own, MSSPs usually don’t have the ability to fix issues detected issues, just alert the client. An MSSP that is also an MSP is your company’s best chance to fight security fatigue. Here are three ways they are different:
- Proactively Prepare Systems:
Hundreds of security issues are released every day in numerous programs and even in devices that you normally wouldn’t consider security risks, such as switches and copiers. Many printers now include as much intelligence as small computers, and they have the security flaws to match. MSSP-MSPs actively deploy measures, such as managed firewall, intrusion prevention and detection, virtual private network (VPN), Advanced Persistent Threat monitoring, vulnerability scanning and anti-malware services, so your company’s information and customer data can remain safe.
- Actively Watch Systems 24/7:
One benefit of having the combined power of a MSSP-MSPs is having someone dedicated to continually audit and review the network for security problems while your employees are contributing to your bottom line and when they’re sleeping. MSSP-MSPs have tools that deliver regular updates on anomalies and data trends with analytics-driven alert escalations. This can free up your employees to focus on other areas. MSSP-MSPs also update executive action and remediation plans so that you know the risks and can choose how to address them.
- Execute Remediation Plans:
Did you delay in hiring an MSSP with MSP capabilities and have a breach? When a breach as a result of security fatigue or other issue occurs, MSSP-MSPs can address the specific kind of breach detected and create, update and execute remediation plans that are appropriate for your particular industry. A joint MSSP with MSP will restore the integrity of your network system, assist with a notification plan and insurance claims advice for any affected people.
A lot of people don’t think they’re important enough to be targeted by organized criminals who have made it their profession to hack into companies. Reality is, everyone is vulnerable and just may not realize (or care) how much of a risk their carelessness can be to their employer. Educating your employees about the dangerous implications of security fatigue and building a partnership with an IT service company that is an experienced Managed Security Services Provider as well as a managed services provider safeguards your company from a breach. I95 Content Marketing
MNS Group (www.mnsgroup.com) is a trusted leader in company IT management, offering managed services to support small businesses and their humans. As a MSSP-MSP, MNS Group helps secure businesses by securing their network.
Toby Musser is a serial entrepreneur and is currently CEO and owner of MNS Group, a technology outsourcing and consulting company based in Bel Air. Musser has extensive experience with technology and business. He lends his time volunteering with various civic and faith based organizations throughout the county, believing truly that to whom much has been given, much is expected.