To implement a cybersecurity solution, one needs to understand the four pillars of cybersecurity, says Gary Salman, CEO of Black Talon Security in Katonah, NY.
The pillars are Cybersecurity Awareness Training, Cybersecurity Audit, Vulnerability Scanning, and Penetration Testing.
Under the HIPAA security rule and many states’ breach laws, organizations are required to implement cybersecurity awareness training for every employee in the organization. This is a comprehensive training that helps leaders and employees understand and identify threats that present themselves through email, internet, and lack of standard operating procedures related to password and access point protection for the network, Salman says.
The second pillar is a cybersecurity audit. During this audit, a cybersecurity company will work closely with the organization and IT company to understand, from a holistic perspective, the entire network and IT infrastructure, Salman says. An audit will uncover vulnerabilities in the infrastructure and procedures that may allow someone to gain access to data, he says.
The third pillar is vulnerability scanning. This can be broken down into two components, Salman says. A HIPAA scan is a very basic scan that examines the network for vulnerabilities that may result in unauthorized access or the exposure of patient data, ultimately causing a HIPAA violation. It is not designed to find vulnerabilities in the network, such as improperly configured computers, devices, or servers, Salman says.
“On the other hand, a vulnerability scan is very comprehensive and is designed to find the unlocked doors and windows on your network that a hacker would use to exploit data,” he says.
The final pillar of cybersecurity is a penetration test, also known as a Pen test. This is performed by one of the cybersecurity company’s ethical hackers, known as white hat hackers. The goal is to try to break into the network using the same tools, techniques, and protocols a criminal would use, Salman says. Once in, hackers will try to exploit various protocols and technologies to gain access to a workstation or server.
“By following the four pillars of cybersecurity and compliance, you can feel confident that you have done everything to comply with federal, and often state, laws and that your network is as secure as possible,” Salman says. “Nothing is ever 100% secure, but these best practices will significantly improve your security posture.”
- Gary Salman, CEO, Black Talon Security, Katonah, NY. Telephone: (800) 683-3797.