Benefits of Managed Technology Services for Healthcare Companies
Over the past decade, technology has become a critical part of any business’s success. This is especially true in the healthcare industry, where the...
4 min read
Wade Yeaman
:
Feb 19, 2019 11:00:00 AM
Let’s start this cybersecurity discussion by taking a little vacation – or at least pretend to take a vacation. Before going on vacation, people usually plan for the trip ahead of time.
Scenario 1: Planning for a vacation.
When planning a vacation, most people take the following steps:
All the above has a cost element to be considered, which can cause the vacation plans to change. Ideally, a budget would be created at the beginning of the process to help with planning the vacation and determining what is and is not doable. Although, a budget should be the first step in the planning process, people oftentimes choose a desired destination, and then adjust the budget accordingly.
Another important step when planning a vacation, is to do enough research to make informed decisions and properly budget for each part of the plan, especially if traveling to a new destination. People will often turn to friends and/or family for suggestions and input when planning a vacation, but friends and family may not be able to give the best advice. For example, how could they recommend a hotel if they’ve never been to the destination?
Therefore, it’s also important to utilize outside resources for information and contact experts who are able provide information on destinations, price, pros and cons, hotels, activities, etc. The hard part is knowing who to trust. Some “experts” are more concerned with selling certain products or services even if they may not be the best option. So, it’s usually a good idea to gather information from various people and resources before making informed decisions.
If the same logic is applied to businesses when choosing cybersecurity solutions, it reveals a dangerous tendency.
Scenario 2: Choosing and implementing the best solution and level of cybersecurity
When planning for cybersecurity implementation, business leaders should take several steps:
While planning a vacation can be challenging, it is exponentially more difficult to plan and implement cybersecurity.
When planning a trip, people usually have some sense of what the budget should be or at least know what they can and cannot spend. Most businesses don’t even have a budget for cybersecurity, so there’s no starting point. In fact, most companies don’t even have an IT budget, so they certainly don’t have a security budget.
While understanding the purpose for each part of a trip, the reason for it, and pros and cons is relatively easy, understanding the different levels of cybersecurity is not easy at all. Due to the technical nature and the complexity of cybersecurity, it’s difficult to educate CEO’s (buyers) on the different levels of cybersecurity. Translating technology and then articulating the risk/value can be extremely challenging.
Also, like the “experts” people may consult when planning a vacation, many “cybersecurity experts” try to sell solutions to businesses that may not be the appropriate solutions and/or security level. In addition, many IT professionals don’t know how to implement or even determine the best security solutions.
CEO’s and C-level executives:
If you are an IT professional:
Effective and consistent communication is imperative for businesses to appropriately address technology and cybersecurity risks.
The following provides ways to help overcome this challenge in order to effectively plan and implement cybersecurity:
As the diagram below illustrates, there are various levels of cybersecurity.
Step 1. Define and understand each level.
Step 2. Determine what level of security the company currently has.
Step 3. Decide on which security level to target during implementation.
Step 4. Implement, monitor and communicate
• Once the desired level is agreed upon, begin implementation and continue to monitor and communicate the current state of risk as the company progresses towards the desired cybersecurity level.
• Using a simple diagram, like the one below, is a helpful tool to use when explaining the progress of implementation to management.
This diagram illustrates an example of an organization that has a “Yellow risk level” while also showing what has been completed and what has not.
Step 5. Update management on an ongoing basis
Embrace the journey! Effective cybersecurity management never ends. Therefore, if security solutions and levels are not proactively monitored, the risk level can move from Yellow to Green and then back down to Red. Firewall failure, equipment beyond end-of-life, anti-virus expiration, etc. can cause immediate changes in risk levels.
Cybersecurity is about continuously mitigating risk and keeping businesses from going out of business. But, in order to successfully mitigate risk, a disconnect between management and IT cannot exist. The IT industry continues to struggle with effective communication – especially when it comes to cybersecurity. Because of this, over 58% of all cyberattacks target small to mid-sized businesses and over 60% of businesses that are hit with a cyberattack go out of business.
Albert Einstein defined insanity as doing the same thing over and over again and expecting different results. It’s time for the technology industry to stop the insanity of ineffective and/or complete lack of communication with business owners and executives about cybersecurity. It’s important to take a step back to understand the ‘why’ then work on the ‘what’. Create a communication method that works for the business, then begin focus on the ‘how’ and ‘when’ to take the appropriate action.
Over the past decade, technology has become a critical part of any business’s success. This is especially true in the healthcare industry, where the...
The cloud has been around long enough for people to have heard of Amazon Web Services (AWS) and Azure, even if you don’t know what they are or do....
I'll just come out and say it – the state of our country and the world has me more concerned and generally despondent than ever before. It's not a...