SecurityMetrics' Top Blogs of 2018

2019 is just around the corner, so it’s a good time to read up on important data security principles that will help you protect your data from cyber criminals next year. By mid-year 2018, the number of compromised records had already doubled compared to the same time in 2017, and the data breaches didn’t slow down after that.

What’s clear is that data breaches and cyber criminals are not going away, so bookmark these top SecurityMetrics blog posts to help you understand and implement some of the most foundational data protection principles. Our goal it to help you close gaps in security and avoid a data breach in 2019.

Our top Blogs of 2018

#5: How to Configure a Firewall in 5 Steps

Firewalls are foundational network security.

As the first line of defense against online attackers, your firewall is a critical part of your network security. Configuring a firewall can be an intimidating project, but breaking down the work into simpler tasks can make the work much more manageable.

The guidance in this popular post will help you understand the major steps involved in firewall configuration:

1. Secure your firewall
2. Architect your firewall zones and IP addresses
3. Configure access control lists
4. Configure your other firewall services and logging
5. Test your firewall configuration

#4: 7 Ways to Recognize a Phishing Email

Companies and individuals are often targeted by cybercriminals via emails designed to look like they came from a legitimate bank, government agency, or organization. In these emails, the sender asks recipients to click on a link that takes them to a page where they will confirm personal data, account information, etc.

This technique is called phishing, and it’s a way hackers con you into providing your personal information or account data. Once your info is obtained, hackers create new user credentials or install malware (such as backdoors) into your system to steal sensitive data.

As long as email users continue to click on phishing links, criminals will continue to send them. Social engineering phishing schemes are still a main cause of data breaches at businesses. This post gives tips to avoid becoming a victim of the latest phishing campaign.

See also: Fighting Phishing Email Scams: What You Should Know

Here is a rundown of our 7 tips to recognize phishing emails:

1. Legit companies don’t request your sensitive information via email
2. Legit companies usually call you by your name
3. Legit companies have domain emails
4. Legit companies know how to spell
5. Legit companies don’t force you to their website
6. Legit companies don’t send unsolicited attachments
7. Legit company links match legitimate URLs

#3: Cloud Security: What Businesses Need to Know

Because securing data within the Cloud is complex, having a standard set of protective controls is pivotal to keep your customers safe and avoid expensive data breaches.

In this post, we reviewed an incident from 2017 to demonstrate the breadth of security controls that should be established, as well as the difficult position in which any security event can place a business. Reviewing key controls gives you a specific path forward to secure your critical Cloud data.

In July 2017, Verizon experienced a security incident that made national headlines in the United States. While no hack took place and no customer information was taken, sensitive data was publicly exposed. A partner of the organization was using a data set from the telecommunications company to test and suggest changes to a self-service portal. A member of the third party's staff mistakenly set up the data’s cloud storage to permit external access.

This post goes into detail for six key cloud security controls in order to avoid such cloud-related compromises:

1. Understand your responsibilities
2. Audit business and operational processes
3. Set up access controls
4. Protect the data
5. Optimize your visibility
6. Safeguard your keys

#2: How Much Does HIPAA Compliance Cost?

HIPAA compliance is rarely allocated the resources it requires. And this trend extends beyond just small organizations with limited security budgets. Lack of budget is a plague that affects risk and compliance officers at health organizations of all sizes.  

How Much Does HIPAA Compliance Cost? gives you the information you need to more accurately plan your HIPAA budget.

See also: Five Things to Consider When Making a HIPAA Security Budget

The cost of HIPAA compliance depends on your organization. Here are a few variables that will factor into the cost of your overall compliance:

1. Your organization type: Are you a hospital, business associate, HIE, healthcare clearinghouse, or another type of healthcare provider? Each will have varying amounts of protected health information (PHI) and risk levels.
2. Your organization size: Typically, the larger the organization, the more vulnerabilities it has. More workforce members, more programs, more processes, more computers, more PHI, and more departments add up to more HIPAA cost.
3. Your organization’s culture: If data security is one of upper management’s top priorities, you've probably already invested in a cybersecurity program. If management is hesitant to dedicate budget to security, compliance with HIPAA will cost more because you will have more distance to make up.
4. Your organization’s environment: The type of medical devices, the brand of computers, the kind of firewalls, the model of backend servers, etc. can all affect HIPAA compliance cost. If cybersecurity was considered when purchasing, implementing and maintaining these devices, the costs to comply with HIPAA at this point will be lower. If security was not considered, costs to get in line with HIPAA will be greater.
5. Your organization’s dedicated HIPAA workforce: Without a dedicated HIPAA team, you might not know how far you are from closing the HIPAA gap. Even with a dedicated HIPAA team, organizations usually require outside assistance or consulting to help them meet HIPAA requirements.

#1: 6 Phases In the Incident Response Plan

6 Phases in the Incident Response Plan teaches readers how to create their incident response plans and manage a data compromise; both critical aspects of any data security plan.

An incident response plan should be set up to address a suspected data breach in a series of phases. Within each phase, there are specific areas of need that should be considered.

The incident response phases are:

1. Preparation
2. Identification
3. Containment
4. Eradication
5. Recovery
6. Lessons Learned

See also: 6 Steps to Making an Incident Response Plan

No one wants to go through a data breach, but it’s essential to plan for one. Prepare for it, know what to do when it happens, and learn all that you can afterwards.

Need help with a data breach? Talk to one of our Forensic Investigators.

Check out more top blogs of 2018!