
Establishing cybersecurity standards should be a priority for every business, and truly, every individual as well. You would never leave the front door to your home or office unlocked all night. Why leave your online information and intellectual property just as vulnerable?
Depending on what industry you are in, you may be legally obligated to operate within a specific set of cybersecurity standards. For instance, any business that handles credit card information has to comply with the Payment Card Industry Data Security Standard (PCI-DSS) to ensure that customers’ financial information is safe from loss or theft. While this particular standard has fairly basic requirements, other standards can be far more complex and difficult to navigate for small and medium-sized business owners.
Generally speaking, the more sensitive information your company handles, the more cybersecurity standards you will be required to follow. This is especially true of healthcare facilities, law offices, and financial institutions. While this article is not legal advice and should not be construed as such, it will give you an incomplete overview of some of the most prominent cybersecurity compliance frameworks and regulations pertinent to these industries.
Cybersecurity for Healthcare Providers: HIPAA
The biggest set of cybersecurity regulations for medical facilities comes with the privacy standards set by the Health Insurance Portability and Accountability Act (HIPAA). Steps that healthcare facilities must take in order to be HIPAA compliant include a HIPAA Risk Assessment, policies and procedures documents, a management plan, a data breach communication plan, network security, the ability to backup and recover data, and HIPAA training for business associates. That is right; compliance applies to not just your organization, but your business associates as well.
Many states have their own data security laws and regulations for the healthcare industry. Additionally, public and private facilities may be held to different standards as well. It is important to stay up to date on cybersecurity compliance requirements because you are not just facing legal repercussions; when a security breach occurs, you lose the trust of your patients and risk doing lasting harm to your reputation. In fact, 72 percent of medical offices shut down or file bankruptcy within two years of a breach.
Cybersecurity compliance is not always straightforward. Your IT provider can help.
Law Firms and Cybersecurity Expectations: ABA
Just like healthcare facilities, law offices process a lot more data than just their client’s payment information. Some, especially those dealing with insurance companies, may also need to be HIPAA compliant. Regardless of who lawyers work with, their data is worth a lot to hackers, and in a 2019 survey by the American Bar Association (ABA), 26 percent of lawyers reported that their firms had experienced some sort of security breach. An additional 19 percent could not even verify whether or not they had actually experienced a security breach, showing a lack of even basic breach detection protocols.
A number of ABA Model Rules and Formal Opinions dictate the degree of Cybersecurity expected at a practicing law firm. The very first Model Rule establishes the “duty of competency” among lawyers, which includes maintaining up-to-date knowledge of “changes in the law and its practice, including the benefits and risks associated with relevant technology.”
More specifically, Formal Opinion 477 states that, “[A] lawyer may be required to take special security precautions to protect against the inadvertent or unauthorized disclosure of client information when required by an agreement with the client or by law, or when the nature of the information requires a higher degree of security.”
There are also standards for being aware of and reporting breaches at law offices. Opinion 483 states, “[W]hen a data breach occurs involving, or having a substantial likelihood of involving, material client information, lawyers have a duty to notify clients of the breach and to take other reasonable steps consistent with their obligations under these Model Rules.” While these rules may not seem very strict or explicit, it is in the best interest of the law firm and the client to provide reasonable cybersecurity protections and to monitor and promptly respond to breaches.
Financial Sector Cybersecurity: NIST and FINRA
The financial sector is subject to a sweeping number of state-specific cybersecurity regulations in addition to those determined by the Financial Industry Regulatory Authority (FINRA). Instead of delving into each of these one-by-one, we will cover the National Institute of Standards and Technology (NIST) Cybersecurity Framework, widely considered the gold standard of cybersecurity in the US and abroad. In fact, this framework is used by some of the largest financial institutions in the world, including JP Morgan Chase and the Bank of England.
NIST is also a good foundation in this case because FINRA bases their own cybersecurity compliance checklist off of the NIST framework. NIST breaks down into five key categories of Cybersecurity protocols: identify, protect, detect, respond, and recover. This framework is so effective because it requires two complementary strategies: proactive threat prevention and detection alongside a plan for when that prevention does fail.
Any Company that Handles Consumer Data Should Comply with Basic Cybersecurity Standards
If you are handling any sensitive customer information, or even if you just want to keep your own information private, there are basic steps you can take to be more cyber secure. Detection and prevention are vital to running a smooth business, but being ready for a breach when it happens is important too. If you are not sure if your company is in compliance with legal standards, look for a managed IT provider that offers a full suite of cybersecurity products to stay in compliance with cybersecurity regulations. Working with such a provider makes it simple to stay in compliance with regulations without wasting time that could be spent running your business. It also gives you the peace of mind that you are at the top of your industry when it comes to protecting your clients’ security.
Interesting links
Here are some interesting links for you! Enjoy your stay :)Pages
- About
- Acceptable Use Policy
- Areas We Serve
- Blog
- Business Internet
- Business Internet Options
- Business Phone
- Business Phone Service
- Business Phone Systems
- Careers
- Channel Partner Program
- Channel Partner Resources
- Cloud
- Cloud Migration
- Contact Us
- Cybersecurity
- Dark Web Monitoring
- Data Backup and Recovery
- Extended Terms
- HaaS
- Homepage
- IDS/IPS
- ILD Rates
- Industries We Serve
- IT Consulting
- IT Support
- Managed Colocation
- Managed Internet
- Managed IT
- Network Engineering
- Our Services
- Partners
- Privacy Policy
- Security and Compliance
- Security Awareness Training
- Terms And Conditions
- The Leadership Team
- We Empower Success
- Cybersecurity Spear Phishing Quiz
Categories
Archive
- January 2023
- December 2022
- November 2022
- October 2022
- August 2022
- July 2022
- June 2022
- May 2022
- April 2022
- March 2022
- January 2022
- December 2021
- November 2021
- October 2021
- September 2021
- August 2021
- July 2021
- June 2021
- May 2021
- April 2021
- March 2021
- February 2021
- January 2021
- December 2020
- November 2020
- October 2020
- September 2020
- August 2020
- July 2020
- June 2020
- May 2020
- April 2020
- March 2020
- June 2019