Posture Posture
  • Home
  • Solutions
    • Security Awareness Training
    • HIPAA Compliance
    • PCI DSS Compliance
    • Due Diligence
    • Posture Pro
  • Small Business
  • Enterprise
  • Pricing
  • Try It
  • Login
Posture

Kimberley Whyte

16Aug

Cybersecurity for Small Businesses: 4 Simple Practices to Protect Your Business

August 16, 2022 Kimberley Whyte All Posts, SMB 165

Many small businesses rely heavily on technology in order to conduct business and operate on a daily basis. From the internet, laptop computers and printers, to cloud storage and other Web-based applications, technology plays a huge role in helping small business owners.

It is therefore imperative that small businesses have provisions in place to protect their business from security risks that come with technology use. A 2019 report from Verizon found that 43% of cyberattacks were directed at small businesses, and according to Keeper Security (via CNBC), only 14% had the capacity to defend themselves.

The “2020 Cost of Insider Threats: Global” report shows that small organizations (those with fewer than 500 employees) spend an average of $7.68 million per incident. Hackers exploit smaller organizations because they know smaller companies have less resources allocated to IT security, thus making it easier and less risky to hack into their network. As such, small business owners cannot afford to take cybersecurity for granted. Here are some simple practices to make your business more cyber resilient.JTNDaW1nJTIwc3JjJTNEJTIyaHR0cHMlM0ElMkYlMkZsaDQuZ29vZ2xldXNlcmNvbnRlbnQuY29tJTJGcldMYXpKd09LdXVTSW9sOUxsdENmd2hPTTFlWWszR3FxcEdsWWxpRmttYnBNVzJxLS1jc2xBam1QcmZKN1VMcGpJTk5VNUFTNXRtVF90RkNUa3RTMDdzTkxYd3k2WDFOQjh6a0V5MmNSYnNTa2gxelhBajNTckw3MlloLTVvd01wc2VsLThHaSUyMiUyMGFsdCUzRCUyMkVtcGxveWVlcyUyMHVzaW5nJTIwZGV2aWNlcyUyMC0lMjBjeWJlcnNlY3VyaXR5LiUyMiUyMCUyRiUzRQ==

Employee training at all levels is considered vital to keeping the company safe and protected. Employees must be trained to identify various cyber threats and attacks, and also know how to prevent them. Training should be comprehensive, covering key areas such as phishing, social engineering, clicking on questionable links, downloading unauthorized software, and other risky behavior that exposes the company to cybercrime. Employees are a small business’ greatest line of defense against cyber attacks. If an employee is not aware of or educated about a threat, they cannot recognize and stop it.JTNDaW1nJTIwc3JjJTNEJTIyaHR0cHMlM0ElMkYlMkZsaDQuZ29vZ2xldXNlcmNvbnRlbnQuY29tJTJGRVJBYXp2a1VBRDVEWWxibHZGOEU1VWFIYzlob0hoZXgwZjZTaUdfN2k1M0RfR0xrQzFDQmN0RU4zU092aWFocENwQVBiMG1sRzdfSDFGa09rTTZEQ2kzbTByU0xub3RMRTJVeVZMNm9DZjd0cW5ZMS1aVE1ZazF2MUpNX0t6WW5vS3FoSEV6cCUyMiUyMGFsdCUzRCUyMkFudGl2aXJ1cyUyMGZvciUyMHNtYWxsJTIwYnVzaW5lc3NlcyUyMC0lMjBjeWJlcnNlY3VyaXR5LiUyMiUyMCUyRiUzRQ==

There are many benefits to having antivirus and anti-malware software. The software can protect against a number of threats, such as viruses, ransomware, and malware. Antivirus software works by detecting and removing viruses and securing your data against different types of attacks. Some antivirus software even keeps private and personal information protected when you’re online. Both Microsoft and Google have security features you can use to protect data, such as firewalls, browser checkup, and file encryption. Other strong and secure antivirus software options include McAfee® Total Protection and Avast Business Antivirus Pro Plus.JTNDaW1nJTIwc3JjJTNEJTIyaHR0cHMlM0ElMkYlMkZ3d3cucG9zdHVyZWQuaW8lMkZ3cC1jb250ZW50JTJGdXBsb2FkcyUyRjIwMjElMkYwMSUyRkFkb2JlU3RvY2tfOTk1MjIyOTAtMjA0OHgxMzY1LmpwZyUyMiUyMGFsdCUzRCUyMlNvZnR3YXJlJTIwdXBkYXRlJTIwZm9yJTIwY3liZXJzZWN1cml0eSUyMGZvciUyMHNtYWxsJTIwYnVzaW5lc3Nlcy4lMjIlMjAlMkYlM0U=

Cyberthreats are always evolving. General software updates are important to digital safety and cyber security because they add new security features to devices and remove outdated ones. Hackers can take advantage of vulnerability in applications that have not been updated by gaining unauthorized access to data, programs, and systems. Software updates typically include patches that protect your systems and programs against such vulnerabilities and hackers.JTNDaW1nJTIwc3JjJTNEJTIyaHR0cHMlM0ElMkYlMkZsaDUuZ29vZ2xldXNlcmNvbnRlbnQuY29tJTJGeFhmS0UwYjBGTDdDcUlfN3h2VE5la2hJVjFrLVRGdjA4eE9CTXJ4SDNDdlJ3NThQX2d3cUpNRG91eDF4Zi1CNTZPOEJPMzJOVi0zMHlOb2xUdzVuZ29XeTAwU3B4MHhoZnBDUFpDOUwwbWFWUnlCRTk1d1NnNUNPMWU0b25FN3ZKeGc4bVFyVSUyMiUyMGFsdCUzRCUyMlZQTiUyMGZvciUyMGN5YmVyc2VjdXJpdHklMjBmb3IlMjBzbWFsbCUyMGJ1c2luZXNzZXMlMjIlMjAlMkYlM0U=

Virtual Private Networks (VPNs) can offer an additional layer of security and privacy. A VPN creates a private, encrypted network from a public internet connection to give you online privacy and anonymity. With a VPN, your traffic or online activity is encrypted, so it remains private as it travels. This means online actions are virtually untraceable. VPNs prevent unauthorized persons from eavesdropping on such traffic and allow the user to conduct work remotely. VPN technology is widely used in corporate environments and is great for users who work remotely or connect to unsecured networks. VPNs are also super affordable and an easy way to help your business become more secure.

The key to implementing a cybersecurity strategy to protect small businesses is to reduce the threat risk by minimizing the attack potential. It is important for a small business to actively prevent an attack for the company to succeed. Now more than ever, it’s important for small businesses owners to make security a priority in order to protect their businesses, employees, and customers.

Learn how to protect your business from security breaches with Posture.

Read more
28May

Data Sharing during COVID-19: How to Maintain ePHI Privacy and Security

May 28, 2022 Kimberley Whyte All Posts, HIPPA 141
 

The global spread of COVID-19 has generated countless privacy, data protection, security, and compliance questions for companies working hard to provide care in our new reality of “socially distant” interactions. For all organizations that depend on direct customer engagement, adopting new technologies to enable and support remote audio and video communications is the only path toward remaining in business. Healthcare providers are particularly affected by this paradigm shift. Many smaller providers that only offered in-person services have been forced to quickly adopt new technologies and platforms as a means to offer care to patients. Protecting the security and privacy of patient health-related information is challenging at the best of times, and it is now made even more difficult during the current crisis.

 
 

The Health Insurance Portability and Accountability Act (HIPAA) requires all entities with access to Electronic Protected Health Information (ePHI) to protect the security and privacy of that information. The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has issued waivers and notices of enforcement discretion for several issues related to HIPAA compliance during the pandemic. The following paragraph summarizes the key actions that OCR has taken to modify HIPAA in response to the COVID-19 pandemic:

“OCR’s enforcement discretion for noncompliance with HIPAA regulations against providers leveraging telehealth platforms that may not comply with the privacy rule. The waiver allows covered providers to potentially use any non-public facing remote, audio, or video communication platforms available to provide telehealth and communicate with patients during the pandemic. OCR will not penalize those providers for using potentially non-HIPAA-compliant tools, regardless of whether or not the service is used to diagnose or treat COVID-19-related conditions.”

Learn more about how to get started with HIPPA Compliance with Posture

 
 
 
  1. Employees should be trained on potential security risks and the secure use of remote tools.
  2. For employees working remotely, Virtual Private Network (VPN) connections should be made mandatory.
  3. Employers must provide guidelines and policies on restricting the use of private devices and supplying adequate password protection.
  4. Employee security awareness training should be promoted by educating employees about the rising level of coronavirus-related cyberthreats, including potential responses and incident handling.
  5. IT departments must be provided with the resources needed to support employees working securely from home by expanding their network and videoconferencing capacity with vendor-supplied services.
 

Ensuring data privacy as we battle COVID-19

COVID-19’s impact on data privacy, protection and security

Can We Track COVID-19 and Protect Privacy at the Same Time?

COVID-19: Data protection lessons from Google’s contact-tracing API

The Value of RDA for COVID-19

COVID-19 Changes HIPAA Compliance, But Caution Necessary

OCR Announces Notification of Enforcement Discretion for Telehealth Remote Communications During the COVID-19 Nationwide Public Health Emergency

OCR Issues Guidance on Telehealth Remote Communications Following Its Notification of Enforcement Discretion

Key HIPAA Changes in Light of COVID-19

Insights into HHS COVID-19 HIPAA Waivers and Lasting Implications

How can European companies best prevent measures intended to control the COVID-19 pandemic from also undermining data privacy and security?

Data security tips to help weather a pandemic

HIPAA, Hackers & Secure Telehealth: 5 Simple Tips to Secure Your Environment

Read more
14Sep

Healthcare Under Attack: Why Healthcare Organizations are Targeted by Hackers.

September 14, 2021 Kimberley Whyte All Posts, HIPPA 155

Telehealth, the use of digital technologies such as computers and mobile devices to access health care services remotely, has increased during the Covid-19 pandemic. Health professionals are making use of technology to deliver services and care for patients. As a result, healthcare organizations are becoming increasingly susceptible to cyberattacks, threatening and compromising confidential patient data.

According to Cybersecurity Ventures, the healthcare industry, which is a $1.2 trillion sector, will fall victim to two to three times more cyberattacks in 2021 than the average numbers for other industries. Black Book Market Research stated that “more than 93 percent of healthcare organizations have experienced a data breach over the past three years, and 57 percent have had more than five data breaches during the same time frame.”

With statistics like that, one can conclude that the healthcare industry is under attack. There are many reasons why healthcare organizations are a target for cyber-attacks. It is therefore imperative that organizations and patients alike, are made aware of some reasons why.

The healthcare industry has made many advances in medical innovations, but not every organization has kept pace. Many technologies, software, and infrastructures are outdated and have minimal resilience to cyberattacks. System updates are important and software should be the most recent version. But eventually, some software reaches end-of-life, and vendors stop providing updates. According to a report published by Duo.com, of the 82% of healthcare organizations that are using Windows, 76% are still using Windows 7 – an operating system that is “so outdated that patches can’t keep it secure”.

Medical professionals are trained to deal with a lot of things but protecting themselves from cyber threats is not normally one of them. As a result, healthcare staff are often unprepared to deal with cyber risks. But with security incidents becoming an increasing everyday reality, all staff need to be trained in order to be able to identify threats such as phishing and social engineering.

Hospitals and other healthcare organizations store a great deal of patient data. This data is a valuable target for cyber attackers due to its monetary value. Hackers can sell the data on the black market or essentially sell hacked patient information back to healthcare organizations by using ransomware to hold the information hostage.

There are a variety of reasons why healthcare systems are often targets of cyber attackers such as outdated technology, untrained staff, and valuable patient information. Being aware of these reasons highlights the importance of healthcare cybersecurity awareness.

Posture provides small and mid-size enterprises with a low-cost solution to improve their organizations’ cybersecurity hygiene. From HIPAA and cybersecurity awareness training, risk assessment, to a marketplace with vetted cost-effective security tools and services.

  • 9 Reasons Healthcare is the Biggest Target for Cyberattacks
  • Why is Healthcare Data a Prime Target for Hackers?
  • Hackers are leveling up and catching healthcare off-guard
  • Healthcare Sector Becoming Primary Target for Cyber Attacks
  • Telehealth: Technology meets health care
Read more

ABOUT POSTURE

Posture provides small and mid-size suppliers with an affordable solution to improve their cybersecurity hygiene and verifiably meet their buyer’s security requirements.

Gain access to our powerful supplier risk management platform, which connects buyers and suppliers. Buyers gain greater visibility into their suppliers’ security practices and risk. Suppliers gain access to understandable security requirements, relative maturity scoring, training, and a marketplace of vetted cybersecurity and privacy “made-easy” tools.

GET IN TOUCH

Contact Us

Email Support

1-888-418-6628

COMPANY

About Us

Our Security

Blog

QUICK LINKS

Features

Due Diligence

Posture Pro

Training

HIPAA

PCI-DSS

Terms of Service | Privacy Policy | Security 

© 2022 Posture Inc. All Rights Reserved.

Privacy Center | Do not sell my personal information

© 2023 Posture Inc. All Rights Reserved.