What You Don’t Know Can Hurt You
Cybercriminals don’t care about you or your business. They’re only interested in stealing your money. This fact, unfortunately, makes them one of the most dangerous threats to businesses today. Over the course of my career, I’ve discovered that typically, due to a lack of resources, small- to mid-sized businesses are at an even greater cybersecurity risk – and not always for the reasons you think.
Yes, smaller organizations are less likely to be able to invest in their cybersecurity infrastructure. And, yes, they are less likely to recover from a cyber attack. But perhaps a bigger issue occurs when a business owner thinks they are paying for a service they are not receiving. This scenario results in a false sense of security and when a cyber-attack does occur, the owner is left with an empty bank account, a poor reputation, and a look of confusion.
Smaller businesses, including dental practices, often outsource IT support to a local independent IT specialist or small IT organization. These IT companies are primarily tasked with troubleshooting small computer issues and maintaining the day-to-day IT management. What is often missing in these outsourced relationships is the implementation of cybersecurity controls. As a result, businesses are vulnerable to a variety of threats, including phishing attacks, legacy system exploits, and Ransomware.
What is often missing in these outsourced relationships is the implementation of cybersecurity controls. As a result, businesses are vulnerable to a variety of threats, including phishing attacks, legacy system exploits, and Ransomware.
The Problem: Not Knowing The Cybersecurity Risk
Rea & Associates’ cybersecurity team was recently introduced to one of the firm’s existing dental clients during an annual business review. After a brief conversation, cyber specialists were able to identify several areas of concern. The dental practice owner agreed to allow the cyber team to conduct a Health Insurance Portability and Accountability Act (HIPAA) Security Risk Assessment. This particular risk assessment allowed Rea to take a deep dive into the practice’s IT environment and review existing cybersecurity controls. The security risk assessment findings were eye-opening.
The Solution: A Security Risk Assessment & MyISO
Rea’s cyber specialists not only revealed that the third-party IT support the practice was paying for didn’t include the implementation of cybersecurity controls, but they also discovered the organization was aware of the insecure cybersecurity and data protection environment and did nothing to inform the practice. To rectify this issue, the dental practice tapped Rea’s cyber team for help. The cyber team’s solution included the replacement of more than 15 outdated computers, the installation of endpoint protection, and more. Today, the dental client has Rea’s cyber team on retainer through the firm’s MyISO service offering. As a result, Rea serves as the practice’s information security officer on a month-to-month basis for a minimal monthly fee.
Final Observations On Dental Practice Cybersecurity
A common theme we see among dental practice owners and owners of other small- to mid-sized businesses is that they were never taught about the importance of a cybersecurity infrastructure during their professional education. Therefore, they tend to overlook the growing list of regulations pertaining to network safety, data protection, and their impact on their business’s bottom line. The best way to solve the issue of “I don’t know what I don’t know” is to have a conversation with a member of Rea’s cyber services team. Contact us today to learn more.
By Paul Hugenberg, III, CISSP, CRISC, CISA (Wooster CPA Firm)