It is said that a heart attack is 80% preventable by eating well, exercising regularly, and keeping stress to a minimum*. While there is no official statistic yet, I would say that a cyber-attack is 95% preventable by vetting partners well, exercising caution, and keeping access points to a minimum.
Key #1 to Preventing a Cyber-Attack: Vetting Partners Well
We are judged by the company we keep, and vetting our partners with a keen eye and thorough risk assessment is the most important step in making sure we’re in good company.
Don’t let partner agreements be a box that’s quickly checked and never reviewed. It’s important to review the answers our partners provide, not just once but continuously to ensure they remain in good standing. The partner agreement is like a marriage. It takes commitment and nurturing.
Key #2 to Preventing a Cyber-Attack: Exercise Caution
For exercise to provide successful outcomes, it requires consistency, and exercising caution is no different. Consistency is key. Having a process and a policy to which users — all users — are held accountable is the only way.
Some tried and true methods for mitigating the risk of a cyber threat:
- Multi-factor authentication
- Safe devices
- No login sharing
- Positive identification
- Access for only what the job requires
If we are super cautious out of the gate but then we let our guard down, we are putting our network at risk. A constant review of user status and access is worth the time. Are all those staff with access still working for that partner or physician’s office?
Key #3 to Preventing a Cyber-Threat: Keeping Access Points to a Minimum
Keeping access points to a minimum sounds simple, but can be a struggle if there is a knowledge gap or infrastructure issues. No matter the obstacles, it’s worth the time to consolidate those points of entry into a more consistent (there’s that word again) and manageable model.
Choose what’s best for your business and require that of your partners. Whether it’s a VPN tunnel, Citrix platform, VDI or whatever you choose, make sure it’s auditable, reportable, and transparent to you.
There are some key questions that you should be asking. Who’s in your network? How long has she been in there? What is she working on? It’s important to know these answers — real time and retrospectively. Trends will emerge over time that can alert you to poor practices or gaps in security.
Take a step back to consider your prevention plan. Make sure you’re keeping good company for the long haul, that you’re exercising caution consistently and streamlining those access points.
I will discuss cyber security and other remote access topics in an upcoming live webinar, "Take Control of Remote Network Access" on Thursday July 19, at 2:00 p.m. ET, where I'll also give a demonstration of our new solution to solve remote access challenges. You can register here. Bring any questions you have, or leave a comment below for specific questions that you would like to have answered during the webinar.
*Source: Center for Disease Control (CDC)