The Importance of Cybersecurity
WHAT IS CYBERSECURITY?
Cybersecurity aka Computer Networks Security or Information Security is the designed and defined act of shielding systems, networks and the WWW from malicious attacks, ungranted use and the theft of information transmitted, distributed and/or stored on the web or electronically.
Shielding computer systems and networks involve the people (cybersecurity practitioners and experts), the processes, the techniques and the technology behind all these factions. Split into different sub-fields, cybersecurity comes in the form of cloud security, application security, IoT security, et al. Without these different forms of cybersecurity, cyber attacks become the norm leading to loss of privacy, money and confidential information to those who should not be in possession of these objects of interest.
WHY IS CYBERSECURITY IMPORTANT?
As physical protection and keeping intruders away from our physical spaces are important, so is keeping cyber intruders away from our electronic and web activities. From protection against phishing to protection against keystroke logging or shoulder surfing, the importance of cybersecurity cannot be overemphasized.
Here is why:
A dynamic and excellent cybersecurity practice keeps personal information safe.
Cybersecurity helps keep Intellectual Property away from unauthorized hands which can use proprietary technology or knowledge for nefarious reasons.
Cybersecurity protects financial information and data which should not be exposed for public consumption from falling into the wrong hands.
Cybersecurity provides layers of security on the four means of user authentication (knowledge, possession, non-dynamic biometrics and dynamic biometrics) away from the hands of attackers.
Because the world of business thrives on the internet for different activities across different industries, cybersecurity is super-necessary in industries like technology, energy, retail, finance, legal, health/medicine, travel, hospitality, etc. Holistically, it serves as a hedge for lots of organizations; a hedge against the vulnerabilities (assessed value of the probable weak points in computer networks and web activities), the threats (the chances that cyber attacks will seek to exploit these weak points) and the impact of these exploits on their computers and web activities.
However, when it comes to keeping personal information and intellectual property safe, the legal industry and the medical/healthcare industry are the two industries that stand to lose a lot from a cyber attack because they hold tons of dynamic data on individuals, businesses and governments.
CYBERSECURITY FOR LAW FIRMS AND HEALTHCARE
Cyber attacks on law firms are not a recent occurrence. They have been around for a while but they are increasingly becoming prevalent because law firms as a whole are collectively a hub or community that ushers access to files and information of/on other industries.
Law firms, living up to their legal responsibilities, keep records of crucial documents like case files of ongoing cases at the law courts, pending and ongoing business deals, patient care records, attorney-client privileged documents, government secrets, information that could spur insider trading in the stock market and matters that should be kept hush hush; this means that a breach in cybersecurity is a given to accessing data and information of different industry records.
Cybersecurity is paramount for law firms because the downsides of a successful cyber attack includes, but are not limited to:
The cost of replacing software and hardware.
Loss of clientele confidence in the services and security of their business with your law firm.
Loss of billable hours as a result of low clientele confidence.
Expansive cyber attacks from the information gotten about different industries/sectors.
On the other hand, on an annual basis, the healthcare sector loses billions of dollars to cyber attacks. In 2018, the cybersecurity threats the healthcare sector suffered were in excess of 8 digits (41 million plus); from 2018 till date, that number has significantly increased at an alarming rate especially within this Covid-19 pandemic period where hospitals experienced - and are still experiencing - a higher doctor-patient ratio. Just like law firms, cyber attacks on healthcare facilities pose a grave danger because each successful attack exposes patients’ medical records (medical records contain dynamic information which date back over many years for individuals, companies as well as governments; it is regarded as a health document as well as a legal document). Medical record “exposure” means a patient’s name, date of birth, treatment plan, medication, social security number (SSN), billing information, etc are exposed to those who are not supposed to have access to it.
This dual nature of medical records - as a health document as well as a legal document - leads up to the cross-industrial convergence by the legal sector and the medical sector. This is why the US government stepped in many years ago with the introduction of the HIPAA Act to ensure that healthcare providers take cyber security seriously and safeguard patients’ data.
Since we have established that medical records are collectively a healthcare document as well as a legal document, how do law firms and healthcare providers embrace cybersecurity to protect themselves against cyber threats while staying on the good side of the law? There are about half a dozen ways to do so but we will focus on Security Awareness Training.
SECURITY AWARENESS TRAINING
It is not strange to know that employees are mostly focused on Continuing Professional Development (a process for continuously developing the knowledge they have within their industries) that they forget to learn about the industry that makes cyber connectivity and enhanced workplace productivity possible (read: the IT industry).
Security Awareness Training brings this need-to-learn-activity to the fore by educating employees on the types of cyber attacks, the processes and techniques for computer security in order to protect against cyber attack. A standard Security Awareness Training program covers materials on these areas: social engineering, encryption, dictionary attacks, user disclosure, phishing and smishing, malware, clean disk policy, password protection and authentication methods, compliance, BYOD vs COPE, Business Email Compromise and other computer security areas that helps the employees identify potential attacks and/or scams. Oftentimes, this training simulates attacks like phishing attacks, malware attacks, ransomware attacks and the likes to ensure that employees have a feel of what potential attacks could look like and how to not fall prey.
These trainings are highly recommended for the employees of law firms and healthcare providers while the employers focus on risk assessments and the introduction of cybersecurity procedures in their organizations to identify cyber threats and prevent cyber attacks.
WHAT IS HIPAA?
An acronym for Health Insurance Portability and Accountability Act (HIPAA), it was passed into law by President Bill Clinton in 1996. Best known as HIPAA, it covers 5 clearly defined rules about data privacy and security of medical information:
Privacy Rule;
Security Rule;
Transactions Rule;
Identifiers Rule;
Enforcement Rule.
Because HIPAA covers the protection of data and privacy of the medical industry from a legal perspective, it connects these two industries on how medical information ought to be treated and complied with.
WHAT IS A HIPAA SECURITY AUDIT?
In line with the above, a HIPAA Security Audit involves the legal inspection and assessment of medical providers’ databases to ensure that they are aligned with the clearly defined rules of the HIPAA act, especially HIPAA Title II which manages Protected Health Information (PHI) of patients. This audit is usually carried out to make certain that healthcare providers are not running foul of the rules set out by HIPAA.
Breaching HIPAA rules leads to non-compliance financial costs that run into millions of dollars. When it comes to the privacy and security of patients’ Medicare information, it is best to err on the path of conscious, constantly-evolving cybersecurity processes.
