By June Noto
The recent announcement by a Hollywood, California, hospital that it paid $17,000 to computer hackers for the return of its computer data is yet another reminder that cybersecurity is everyone’s problem.
Cybersecurity is not just an Information Technology (IT) issue; it is a security/privacy issue; it’s everyone’s responsibility, starting with the CEO. In other words, it is your responsibility. Your IT staff (if you have them) are not responsible for your data breach, just as they are not responsible for your liability insurance.
Did you know that the theft of healthcare information ranks number one in the world as the most common type of identity theft – more than banking and finance, government and military, or education. More healthcare organizations are targeted than any other vertical market, because of the specific data set of personal information. Think about it. Names, addresses, social security numbers, spouse and family member names, insurance information or Medicaid ID’s, credit card numbers if provided for payment, diagnoses, provider information, doctor names and National Provider Identification numbers (NPI’s). This dataset is the most valuable to anyone looking to do nefarious things with this data.
But healthcare organizations are far from the only ones at risk. Non-profits, school districts, businesses and government entities of all sizes are all vulnerable. Some organizations are still running software, such as Windows XP, that is no longer supported with updated protection.
Additionally, most standard insurance coverages (Commercial GL, Property, D&O, crime) typically don’t provide proper coverage for cyber liability, or may not have enough coverage, leaving organizations vulnerable to liability in the event of a data breach, or even misuse of confidential data by a staff member. Did you know that Walgreens had to pay $1.44 million in damages because a single employee snooped in a customer’s Electronic Medical Record (EMR) and misused the data?
Executive staff must understand the liability to their organizations and what they will be held responsible for (and possibly fined for) if they do not address cybersecurity. Cybersecurity is everyone’s issue. Not just the overworked, overstressed IT staff that organizations may employ. It is not just for compliance officers and security officers. Every President or CEO needs to learn more about the threats, the liability and the limits of that liability.
So what can you do?
For your staff/volunteers:
- Set strong passwords, change them regularly, and don’t share them with anyone.
- Keep your operating system, browser, and other critical software optimized by installing updates.
- Maintain an open dialogue with your friends, family, and colleagues about Internet safety.
- Use privacy settings and limit the amount of personal information you post online.
- Be cautious about offers online – if it sounds too good to be true, it probably is.
For your organization:
- Keep your software up to date; upgrade your computers if necessary. Many low-cost software programs are available to non-profits. A great source for starters is Techsoup.org.
- Develop and implement strong IT policies and procedures, and TRAIN your staff and volunteers regularly.
- Consider Cyber Liability Insurance. Consult with your insurance provider to review your current coverage and actual needs. Keep your insurance agent apprised of changes in activities and services, implementation of policies, and anything that might have a bearing on your organization’s risk status. (Implementing protections may even reduce your insurance costs.)
- EDUCATE YOURSELF! Education is the number one preventative measure you can take, and your insurance company will appreciate that you have taken appropriate steps to limit your risk. Plus, it can reduce the cost of your premiums.
- New Jersey Association of Mental Health and Addiction Agencies (NJAMHAA) IT Project’s 2016 annual conference Wield the Power of Information Technology (March 2 in Edison, NJ) will delve into a variety of topics on technology, cybersecurity and cyber crime as experts share their experiences and best practices to staying as secure as possible. Learn more about these important issues and network with your colleagues. NJAMHAA and Center for Non-Profits Members receive discounts on admission (Center members: contact the Center for discount code)
- Idealware recently released a free downloadable guide: What Nonprofits Need to Know About Security: A Practical Guide to Managing Risk
- The Federal Communications Commission maintains a free Cyber Security Planning Guide, developed by the FCC with input from public and private sector partners, including the Department of Homeland Security, the National Cybersecurity Alliance and The Chamber of Commerce
Remember, there are steps that organizations of all sizes can take to protect themselves. We owe it to our organizations and those that depend on us to pursue them.
June Noto is Vice President, IT, HR and Administrative Services, of the New Jersey Association of Mental Health and Addiction Agencies (NJAMHAA).
EXCITING NEWS – Limited Time 20% Discount on Dual Membership!
The Center for Non-Profits and the New Jersey Association of Mental Health and Addiction Agencies (NJAMHAA) are delighted to announce a limited time discount membership offer. Become a member of BOTH organizations and get 20% off your annual dues for each membership; deepen your support to NJ’s non-profit community, stay informed and have input on policy and legislative issues, and take advantage of exclusive dual membership offers.