As a business owner or manager, you have a multitude of “things” you must ensure that your company is doing correctly. There are HR rules and regulations, taxes, safety requirements, and on it goes. Each of these can invoke fines or even criminal penalties if ignored. Unfortunately, I have one more item for you to add to your list: cybersecurity.
Everyone acknowledges that it is important to protect your computer networks, and more specifically, your company’s data. But do you know that if some types of data are stolen there are stiff penalties assessed, both civil and criminal?
Protected Health Information (PHI) is a big data type that falls under this. HIPAA regulations require that all forms of PHI be protected. If you are a medical office or a related business that handles patient information, you have a major responsibility to protect those records. If you are found negligent, you will be held responsible.
As an IT provider, ACS has helped many health companies conduct their own internal HIPAA audits. We have tools available to help a medical office through the process of HIPAA compliance. Of course, many HIPAA requirements involve your network and computer systems.
The next data type is bigger than HIPAA compliance: PCI (Payment Card Industry) requirements.
I’m not sure if you’ve had the “pleasure” of going through a PCI audit, but they are long and complicated. If you accept credit cards from your clients, you’ve probably been through a PCI audit.
It is scary to realize that if cardholder data is stolen because of negligence on your part, the penalties are devastating for your company. Once again, many of the PCI requirements are specific to network and computer systems, where much of the data is stored.
These are the two most intense cybersecurity topics we see on a regular basis at ACS. But even if PHI and PCI compliance are not issues for your company, there are guidelines you should follow to make sure your data security is adequate.
Here are a few things all companies should do for their cybersecurity:
- Use Secure Passwords. Unfortunately, “1234” or “password” are not acceptable for your network domain (or any other account for that matter). Use at least eight characters with numbers and symbols. Think of passphrases instead of passwords. The number of characters makes a difference. The last that I heard, there are 2.25 billion combinations with a six-character password. But there are closer to 3.76 quadrillion possible combinations with a 10-character password. Use more characters to make your password harder to crack.
- Get a Good Network Router. I will be blunt: The $50 Walmart router is not an acceptable router for your business. You need a proper business-class router with built-in software that proactively prevents network intrusions. You will especially need its functionality if you must comply with PCI or HIPAA requirements. (Change that default admin password ASAP!)
- Educate Your Employees. If you are a manufacturing company, you have safety meetings. That’s expected. So why aren’t companies having meetings to discuss cybersecurity and safety with their administration teams? To kick-start these discussions, and for more information on cybersecurity awareness, head to www.dhs.gov/stopthinkconnect.
- Limit Access. Employees should only have access to the information and applications they need to do their job. Your server already has security tools in place to help control access. It helps to contact an IT provider to help get this configured properly for your business. But when all employees can access everything, including high-level data, problems arise.
- Get Antivirus Software and Run Updates. Free AVG isn’t enough for a business. As part of your IT operating budget, plan to invest in an antivirus software that will offer more protection. Consider it an investment in the future, as spending now can save massive amounts to correct security breaches later. Also, run those Windows updates! Operating systems send out patches to block a newly discovered security weakness. Get the patches.
These are just a few of the steps that all companies should take. It is a good idea to work with a trusted IT provider to help you define and implement a custom cybersecurity policy for your company beyond these tips.
A custom planning guide is available at www.fcc.gov/cyberplanner
to get your company started.
There’s a reason why so many organizations look to Atlantic Computer Services for the IT support they need to grow their business, and that’s because ACS provides honest, reliable, knowledgeable and friendly service. The company's goal is to serve as a technology partner, offering solutions that are affordable, uncomplicated and in the best interest of each individual client. Learn more about ACS, its services and its people at www.acs-ilm.com, or call (910) 799-6538.