Cyber Security Tips Dress for survival in a harsh and hostile computing environment BY DANIEL MARCELLUS

Most people would not put themselves into the Arc- tic Circle during the fro- zen winter months with- out the layers of protection

needed to survive. Each layer of pro- tection serves a particular purpose, and together, those layers allow you to sur- vive in the unrelenting, harsh and hos- tile environment. Your coverage would include a foundation layer to wick away moisture, a middle layer to insu- late body heat, and an outer layer to keep out water and wind. To survive, you need several layers of different types of protection providing multi- dimensional shelter from the storm. Protecting your information tech- nology (IT) environment is not any different. There are many elements that are ruthlessly attacking from every direction. And just like the harsh win- ter elements of the Arctic, you need multiple layers and levels of protection for your business to survive intact. The harsh reality is that if you don’t use a multi-dimensional approach to data security, a breach could cost you your business. A 2016 study on small to medium businesses (SMB) and managed security service providers (MSSP), “The State of SMB Security Risks: Why Most SMBs Are Looking to MSSPs,” by Aberdeen Group shows that businesses with 1,000 employees or less have a 90 percent likelihood of having a data breach costing more than $216,000. Today, the elements you need pro- tection from are not only those that are electronic in nature, but also physical. Social engineering for example, is

a method of intrusion that hackers use that relies heavily on human interac- tion. It often involves tricking people

into breaking normal security proce- dures, assuming there are any in place.

The Multi-Layered, Multi-Level Approach to Protection Adopting a multi-layered, multi-level approach to protecting your data includes not only implementing tech- nology to monitor and fix problems, but also putting policies and proce- dures in place within your organiza- tion to ensure that staff understand the actions they can take to protect your center and your patients. Finally, test- ing and training employees on how to recognize and reject intrusions like phishing expeditions will go a long way toward ensuring the safety of your IT infrastructure. So, how do we protect ourselves from these out-of-control elements? What layers do we need surrounding our IT infrastructure to survive? Bear in mind that you will not survive with just one layer in our current environ- ment. As a data security services pro- vider, I have seen cyber security threats

come in the front door, the back door and every crevice in between. The organizations that defend themselves from these threats know they need protection from every dimension. A managed security service pro- vider is the best equipped to advise your organization about the layers you need, and as an ASC, there are certain ones that should be on the list to discuss: ■■

Layer 1—proper policies, pro ce- dures and processes

■■ ■■

Layer 2—system monitoring

Layer 3—patch management and remediation

■■ Layer 4—expert analysis Layer 5—social engineering


Layer 1—Proper Policies, Procedures and Processes The first layer of protection is administrative. Having a layer of bad or even no policies, procedures and tested processes has always been the failure of a company protect- ing itself, even before electronic IT. The proliferation of IT has changed

The advice and opinions expressed in this article are those of the author and do not represent official Ambulatory Surgery Center Association policy or opinion. ASC FOCUS JANUARY 2018 | 17

Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34