Last week the FBI released a fraud alert warning financial institutions
that cyber criminals have been using tactics such as spam and phishing emails to obtain employee log-in
credentials. After obtaining the credentials the hackers initiated
wire transfers oversees. A few days after the alert, Bank of
America, JPMorgan Chase and Wells Fargo suffered service outages
that prevented access to their websites. According to security
experts, such outages were likely caused by denial of service attacks that disrupt the
service to websites by overloading the servers with traffic so that
they cannot respond to legitimate requests.
These attacks have been aimed at financial institutions, but are
a good reminder to all organizations that cyber security remains an
important aspect of your company's overall security. Technology
is constantly changing and hackers are always finding new ways to
penetrate systems so it's important for organizations to
analyze their systems and make updates as necessary.
Where do you start? Below are a few tips for combating cyber
1) Remain vigilant. No security system is 100%
secure so it's important to review the safety measures you have
in place and identify gaps. A good way to identify such gaps is by
hiring a third party to perform penetration tests on your systems. Malicious
attacks are simulated in penetration tests which will enable your
organization to identify how your protections fail. It's also
important to run regular scans of your network for vulnerabilities
and make sure your firewalls are as strong as possible. Investing
in security technology before you have a breach will save your
organization time and money in the long run.
2) Train your employees. According to a recent article published by Computerworld,
most data breaches are inadvertently caused by employees. An
organization can have the most robust cyber security system
available, but if employees are not trained and re-trained about
the importance of protecting sensitive information then there are
going to be data breaches. It's important to educate employees
on how to protect information, including the threats posed by spam
and phishing emails.
3) Encrypt, encrypt, encrypt. Encryption of
information at all stages will information useless if it is
obtained during a hack.
4) Vet your vendors. Is your company providing
sensitive information to third parties (storing documents offsite?
That counts!)? If so, it's essential that your company conduct
reviews of vendors to ensure their security measures meet your
standards. What about your vendor's vendors? See our previous
here discussing that topic.
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
The 2010 theft of an unencrypted laptop containing confidential health care information made front-page news in 2013, not because a huge number of patients were affected, but for the exact opposite reason.
Any company that collects personal data from consumers should take proactive steps to have appropriate legal counsel review its data security practices, as well as its terms of service or privacy practices, to identify any potential problem areas.
The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) published on its website a series of factsheets designed to educate consumers unfamiliar with their rights under the Health Insurance Portability and Accountability Act’s (HIPAA) Privacy and Security Rules.