At Standard Computer, we pride ourselves on offering cutting-edge cybersecurity solutions that inoculate your business against outside viruses. The problem at hand is ransomware, a growing threat that requires a high level of expertise to tackle. Unfortunately, in the past, we’ve seen a low rumble from actual experts followed by a massive hysterical wave led by salespeople. This is a real concern as highly trained experts’ voices are drowned out by the cacophony of unqualified salespeople that can actually put your office at risk of a HIPAA violation.
So, how do we handle this? At Standard Computer, we have developed several strategies to help you protect your protected health information.
First, make sure you’re engaging with a qualified cybersecurity expert. Ask pointed questions to determine this. For instance, “What IT industry certifications does your company have?” “What IT security-specific certification do you carry?” “What healthcare information system certifications do you maintain?” “Are you recognized by any court, federal or state, to provide expert IT testimony?” “How do you maintain expert knowledge?” “Who are your industry peers?” If your consultant doesn’t have good answers to these questions, then you should find another consultant.
Second, make sure your security test is reliable and not just a fishing expedition. A reliable network security test is conducted by an expert and will leave you with improved security. The expert will “find their own way” using various hacking techniques, with the goal of providing you with the truth on how a breach could occur and work with your IT department to harden against those vulnerabilities. In contrast, A “fishing expedition” is done by a salesperson who wants to cash in on a cybersecurity mania. They want to find every little problem and convince you that it’s a wide-open door. This fake security expert will need your administrator account and full access to everything! The goal of this person is to produce a report that shows hypothetical breaches that could occur but not lift a finger to help you or your IT department remedy these problems.
Now, you may be asking, “What makes a Security Test reliable?” A real security expert will have you sign a letter of engagement that includes language stating that you will not prosecute them for breaking into your network. It will also lay out certain rules of engagement. After you sign the letter, they will not ask you anything else. These experts rely merely upon their skills to probe your security. Specifically you do not have to give them access to your network! After a few weeks, they will come back to your office and report if and how they broke in. This information is reliable.
Remember: A good expert needs no access, but a fake security expert will ask you to turn off all the security and provide them with passwords so they “run their scans”. Then they propose to you something that essentially asks you to fire the IT company and hire them because they failed the security test.