Much of the focus in recent news is on attacks on retailers and the financial industry. It is easy to see the results of these money-motivated attacks in the form of large thefts of money or credit cards. As a result, it may surprise you to know your health care information is under attack. You are mistaken if you think that HIPAA’s data security protections are working to protect it. Health care organizations are not meeting the security table stakes. By rushing to implement electronic health records without minimum viable security, health care organizations are leaving the door wide open for criminals. How Bad Is It? A recent study by the Ponemon institute revealed that 94% of medical institutions have[…]

Business leaders and gamblers know risk. Success means managing risks effectively. The better they do, the better the returns. Often overlooked is another similarity: table stakes. Gamblers have to pay to play, certain games have minimum table stakes you must ante to participate. For business, the ante is investing enough time, money, and effort in efforts. That applies to security, too. In fact, businesses must meet the security table stakes before implementing even minimum viable security. This article addresses the six things every organization needs, regardless of size, industry, and budget. To be clear, this is not the one-size-fits-all prescription for security. These are the common barriers that prevent minimum viable security. For many, these represent the barrier to entry.[…]

At the RSA conference, I attended a panel discussion entitled “Changing User Behavior: The Science of Awareness.” The panel focused on explaining the failure of traditional awareness efforts, and made suggestions about what improved solutions might look like. During the panel, surrounded by a room full of security professionals, it hit me: we are technologists trying to figure out how to solve a communication problem. Maybe security’s “people problem” is relying on the wrong people to solve this challenge. Are People The Problem? Our industry is quick to put the blame on “users” when security problems occur. Whether it is the takeover of CNN and the AP’s twitter feeds, or a hack of Target’s HVAC contractor leading to their breach, people are[…]

How do you buy groceries? Do you buy based on brand, what you know? Do you consider the price? Or do you have someone else handle it for you? Making An Investment While routine, groceries aren’t expensive. When we consider larger investments, however, the calculus changes. Most hesitate a bit when buying a new computer or tablet. We’d want to make sure the system meets our requirements and we’re not paying too much. Since they are a commodity item, you can shop around without difficulty. Buying a car or a house requires more time to be spent in the due diligence process. At some point it becomes less about “buying” and more about “making an investment”. Smart entrepreneurs consider their exit.[…]

Water is critical to life. Many sources suggest drinking more water can lead to better health. And yet I’m sure you heard the story of the woman who died as a result of drinking too much water during a radio station contest in 2007. Water intoxication results when our water intake and water losses are grossly different. The levels of electrolytes in our system can get out of balance, causing basic functions of our body to cease operating. Too much of a good thing–even water–can be bad. Minimum Effective Dose A minimum effective dose or MED, as described in effective dosage of pharmaceuticals, is the smallest dose that will produce an effective outcome. Think of acetaminophen, the main ingredient in[…]

While the headlines are dominated with tales about recent breaches at Target, Neiman Marcus, and others, those businesses will survive. What about smaller companies? Turns out that just last year, two separate title and escrow companies have had to shut their doors after suffering cyber attacks. Leaked emails from a small regional bank resulted a successful theft of money from a client. And thieves are using the access that small accounting and financial management firms have to individual and corporate bank accounts to steal hundreds of thousands of dollars. What do these incidents all have in common? They are all financial industry firms. And they are all relatively small. Most of them neglected to provide even the minimum viable security[…]