Will Your Employees Get You Hacked?
by Donna Koger, 3.8.18
Apparently, according to cybersecurity experts, there are 5 things your employees are doing that will get you hacked. And you are not alone in being remiss to be sure your staff is fully trained on cyber hacking and the dangers involved from the small business end.
Out of 2,000 small business owners surveyed, there was enough data to indicate nearly half are at risk of being hacked because they are not investing enough in cybersecurity. But there are some simple things that can help you avoid the unthinkable – getting hacked - and paying huge fines for exposing your PHI.
First, you need to train your employees to be aware of 5 things:
Do your employees assume the IT department is taking care of cybersecurity or otherwise don’t believe they have to worry about it? Tell them to think again.
Your company can invest in a service that provides email encryption, such as EmailPros, or you can have your employees (or IT dept) set up 2-step verification in their email app, such as MS Outlook. There is plenty of information to be found on 2-step verification on the internet, ask your IT department or you can check out these websites: https://support.microsoft.com/en-us/help/12408/microsoft-account-about-two-step-verification or this one: https://www.msoutlook.info/question/773
Clicking on Fake Emails
According to cybersecurity companies, “91 percent of cyber attacks begin with a spear fishing email.” (hipaasecurenow.com) These emails can entice employees to click and share inappropriate information, such as usernames and passwords with potential hackers. They tend to look authentic, but much of the time, if someone receives one of the phishing emails, checking the email address the message is from can tell you it is not legitimate. But this isn’t always the case so everyone must extra diligent in examining all unsolicited emails. Phishing scams usually insert ransomware [link to my other article on ransomeware] that infects not only computers, but mobile devices and networks.
Can you believe the most common password today is “123456?” How easy do you think it would be to crack that password to gain access to someone’s computer or mobile device? The same password could be used by one individual on many devices or shared with coworkers, family and friends. As entrepreneur.com and other resources say, “Chances are, most of your employees are well-intentioned – but clueless when it comes to cyber protection.”
Are there employees in your organization that do not back up their data? With PIMSY, your data is backed up to the cloud regularly, so there isn’t any danger there. However, there may be PHI on employee’s computers or other devices that is not encrypted or backed up. Those files can be hacked with ransomware or other nasty viruses that give hackers access to PHI or denies the employee’s access to their files. Of course, if it’s ransomware, [link again] you will be required to pay a “ransom” before the files are returned to the owner. By then, it’s probably too late to avoid HIPAA fines for your “hacked” PHI.