CIO ongoing tasks to prevent data breach

 

 

Protecting your facility’s information from breach faces a good deal of challenges.  In the past few months various organizations have had their data compromised, like the University of Virginia or the Office of the Medicaid Inspector General.  This is a clear statement that institutions and their CIOs are still in great need of a strong information security plan; or for sure that they have yet to establish a security strategy and system to suit their needs.

 Establishing a comprehensive security strategy isn’t always the easiest; but there are some things you can do to reduce incidents of breach, while working towards building the security program you need.

We recently shared the OWASP Top 10 risks to web-based applications.  The list gives you a pretty good idea of the vulnerabilities you face with web applications. What it also demonstrates is the need to test your applications for multiple fallacies and security gaps, such as broken authentication and session management or security misconfiguration.  Thoroughly vetting, checking and double checking your web applications is the first step towards proactively taking charge of your facility’s security. It also helps to have a fresh set of eyes to triple check your web applications for anything you may have missed.

 Your network is another area you should continuously work on for the benefit of security.  The internal and external network vulnerabilities that could be present and give room for breach need your eyes on them at all times.  Change is a constant in the information security field; hackers are always coming up with the next way to penetrate your network.  This means that the same way you apply patches to the programs you use and reconfigure your software, is what you need to be doing with your network. A complete network assessment; where testing, analyzing and reporting are a part of your routine need to be implemented as much as possible.

 Another priority executives and CIOs need to include in their daily ‘to do’ list is physical site security.  Checking for locked areas where sensitive data is held or ensuring no one can run off with your server; these are necessary steps to fully work towards an effective security program.   The at home safe feeling that comes from human’s optimism bias needs to be put aside and in its place the notion of prevention and protection.  A beneficial habit to pick up is to think like a data thief; like a robber who studies the bank he’s going to hit before doing the job.  With this frame of mind, any open door becomes an issue at all times, and all on or off the premises devices get the security attention they deserve.

 Working on your establishment’s security strategy can only be good for business; and above all, your peace of mind.  You can also add the perks of cost savings from not withstanding data breaches, and the elimination of bad publicity for your organization.

 

How are you responding to the challenges of implementing a comprehensive security strategy?

 

Photo Courtesy of The U.S. Navy