Kusserow on Compliance: Tips for reducing the risk of cyber-attacks

Tim Murphy, former FBI deputy director stated that he rated cyber-attacks as the number one threat facing the country. Threats come from both inside organizations and outside. Insider threats may involve current or former employees or vendors. They may be motivated to steal intellectual property, funds, or simply to cause problems. The danger of employee-related crimes is that they have inside information concerning how things work and have access to data and computer systems. One of the best ways to combat attacks by insiders is to maintain a continuous monitoring of an individual’s public, online activity as well as the internal, network activity to detect changes in behavior. Often, cyber-attackers have patterns of detectable behavior and network activity which can provide indicators of risk, assist in early detection. It is important to know at any given time what are employees doing on the network; who are they dealing with; if they are leaving with data and files; and whether they are violating policy by sharing sensitive information with outsiders. Employee engagement in careless practice is far more common than engagement in malicious practice. Oftentimes carelessness takes the form of simple negligence by clicking on a link in a random email. However, there are ways to mitigate the threats, which can reduce the risk of cyber-attacks by as much as 80 percent, including:

  1. Provide ongoing employee and contractor training on what to do and not to do
  2. Conduct a risk assessment to understand threats presented by an insider
  3. Continuously monitor employee and vendor networks
  4. Update and upgrade software
  5. Use encryption to guard against information being read by unauthorized parties
  6. Establish multi-factor authentication

For more information health care provider cyber-security, contact Dr. Cornelia Dorfschmid at cdorfschmid@strategicm.com or at (703) 535-1419.

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2019 Strategic Management Services, LLC. Published with permission.