4 Cybersecurity Mistakes to Avoid

By Gary Cox

sec

Things were going great at Michael Daugherty’s up-and-coming $4 million medical-testing company.

He was a happy man. He ran a good business in a nice place. His Atlanta-based LabMD had about 30 employees that tested blood, urine and tissue samples for urologists. Life was good for this middle-aged businessman from Detroit.

Then, one Tuesday afternoon in May 2008, the phone call came that changed his life. His general manager came in to tell Daugherty about a call he’d just fielded from a man claiming to have nabbed a file full of LabMD patient documents. For a medical business that had to comply with strict federal rules on privacy, this was bad. Very bad.

It turned out that LabMD’s billing manager had been using LimeWire file-sharing software to download music. In the process, she’d unwittingly left her documents folder containing the medical records exposed to a public network. A hacker easily found and downloaded LabMD’s patient records. And now the fate of Michael’s life – and his business – were drastically altered.

What followed was a nightmarish downward spiral for LabMD. Not one to go down without a fight, Michael found himself mired in an escalating number of multiple lawsuits and legal battles with the Federal Trade Commission and other regulators investigating the leak.

Finally, in January 2014, exhausted and out of funds, his business cratering under constant pressure, he gave up the fight and shuttered his company.

One tiny leak that could have easily been prevented took his entire company down. Could this happen to you and your business?

4 Cybersecurity Mistakes to Avoid

  1. Have you developed a false sense of security? Please, please, please do NOT think you are immune to a cyber-attack simply because you are not a big company. The fact is, whether you have 12 clients, or 12,000 clients, your data has value to hackers. A simple client profile with name, address and phone number sells for as little as $1 on the black market. Yet add a few details, like credit card and Social Security numbers, and the price can skyrocket – $300 per record is not uncommon. Being small doesn’t mean you are immune.
  2. Are you skimping on security to save money? Sure, of course you have a tight budget… So you cut a deal with your marketing manager, who wants to work from home at times. He links into the company network with a VPN. If configured properly, your VPN creates a secure and encrypted tunnel into your network. So his device now links his home network into the company network. The problem is, his home cable modem may be vulnerable to attack, an all-too-common issue with consumer devices. Now you have an open tunnel for malware and viruses to attack your network.
  3. Could lack of an off-boarding process put your company at risk? It’s crucial to keep a record of user accounts for each employee with security privileges. When an employee leaves, you MUST remove those accounts without delay. An internal attack by a disgruntled worker could do serious harm to your business. Be sure to close this loop.
  4. Have you been lax about implementing security policies for desktop computers, mobile devices and the Internet? The greatest threat to your company’s data originates not in technology, but in human behaviour. It starts before you boot up a single device. In an era of BYOD (bring your own device), for instance, lax behaviour by anyone connecting to your network weakens its security. Your team love their smartphones, and with good reason. So it’s tough sticking with strict rules about BYOD. But without absolute adherence to a clear policy, you might as well sell your company’s secrets on eBay.

Don’t let a tiny leak sink your ship – here’s what to do next…

Let us run our complete Network Security Audit for you. We’ll have our top data security specialist give you a complete top-to-bottom security analysis with action plan.

Call us on 072-898-0362 to answer your questions or to provide Computer and IT Support, we would be happy to hear from you. We at GCComp have the experience and technical knowledge to help your business with your technology issues “We know technology so you don’t have to”. 

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s