Protecting personal identifiable information (PII) is imperative, regardless of the size of your business. PII is personal information, such as cardholder data and social security numbers, that doesn't need to be served as dessert to the dark side. Don't make the mistake of satisfying the hunger of Mr. Hacker with your happy meal size office. Cyber criminals feed on weak security, remote employees and unprotected small branch locations. Back at the Fort or Infosec headquarters organizations continue the war against cybercrime. In the meantime fresh battlegrounds form daily where less resources and attention are much-needed.
Sometimes a picture says it all. In this case, InfoSec Bob was in die-hard need of dental service but decided to leave in physical pain after realizing Nurse Betty wanted to store his credit card on file. Even with a HIPAA compliant sign hanging by the wayside, she spilt the beans by stating only the corporate office is being assessed. Would you have walked away like Infosec Bob or risked a tooth for your CC#?
Several weeks back, reports from the Department of HHS stated that HIPAA "will be" tightening up Data Breach Liability Risks and guaranteeing stronger enforcement. Really? If you're in Infosec and had to scan small medical offices, you know what I mean. You perform a data discovery scan, and 9 out of 10 offices have toneladas (tons in spanish) of unprotected PII or PAN - Primary Account Number data. Looks much like this sample report.
It is time to chip in and start providing security scans and audits to the small offices while obtaining secure medical service without risking PII.
Happy scanning for the small office!