Like a wildfire data breaches have become the topic of discussion and the future of these attacks is changing just as rapidly. Out of the countless studies released by experts including The Ponemon Institute, Verizon and the United States Secret Service, we can see that many data breaches are due to loss and theft. Small healthcare organization and small to medium sized businesses have the biggest risk but the threat is not hackers. Instead it is the professionals who are being trusted with confidential data on devices without proper training or repercussion.
Why are Small Healthcare Organizations at Risk?
Of the total reported healthcare data breaches on HHS.gov, 67% were caused by theft and loss, resulting in 78% of stolen individual records. Physicians need to have access to confidential patient data at many times throughout their day, so they are already at risk of data loss or theft. However many small healthcare organizations are often reluctant to join the cloud due to security concerns. Even more daunting is the fact that theft and loss result in 92% of computer related data breaches, resulting in 97% of stolen records. By utilizing an in house network and allowing protected health information to be stored on mobile devices a smaller practice is actually putting their patient’s confidential data at risk.
Why are Small to Medium Sized Businesses at Risk?
Many small businesses lack the desire to be secure and state there is not enough money in their budget. However Ponemon recently surveyed IT professionals who work for companies with less than 100 employees and found that 78% believe data breaches are caused by employee negligence. How much does it cost to educate employees about weak passwords and data handling procedures? The highest percentage of breaches occurred from the loss of mobile devices and laptops. This form of negligence accounts for a third of the problems small businesses have with data breaches. Yet SMB’s are still reluctant to move their private data to a cloud computing system.
Verizon stated in its 2011 Data Breach Report that the cloud is not the problem when it comes to security. Healthcare has recently been moving toward the cloud to secure its confidential data but this is most likely due to government regulations like the HIPAA Security Rule. Small businesses are facing other concerns with the cloud though. Instead of worrying about security from hackers they are seeing the potential for these cloud computing services to steal their confidential information.
So what is a cost effective alternative that offers efficient security for data and can be created in house? Utilizing a central database for information not only limits data loss through employee negligence of data and passwords, but it also offers better accountability for businesses and healthcare facilities. By removing data from mobile devices such as smartphones, tablets and laptops, companies remove responsibility from employees. Also security of one single server is much easier to maintain than having to educate employees about security of their devices.
Through out-of-band two-factor authentication a company can limit access to authorized individuals only. Also by utilizing a one-time password sent through SMS text message this out-of-band authentication method can provide notifications when access is requested. This is an added layer of protection that also provides small businesses and healthcare facilities with a cost effective solution. The future of data breaches ultimately lies on the companies who store personal customer data however a simple and easy to implement solution is awaiting them.