One SMBs Cyber Survey – Ep 347 

Cyber threats are a growing risk that is becoming increasingly difficult to avoid. Small and medium businesses are not immune to these cyber threats. They are a growing business risk. The first step in preventing cyber threats is awareness.

In this episode:

One SMBs Cyber Survey – Ep 347

Today’s Episode is brought to you by:

Kardon

and

HIPAA for MSPs with Security First IT

 Subscribe on Apple Podcast. Share us on Social Media. Rate us wherever you find the opportunity. 

The Privacy and Security Boot Camp

3.5 day In Person Event

Sep 12, 13, 14 and 15

PriSecBootCamp.com

Great idea! Share Help Me With HIPAA with one person this week!

Learn about offerings from the Kardon Club

and HIPAA for MSPs!

Thanks to our donors. We appreciate your support!

If you would like to donate to the cause you can do that at HelpMeWithHIPAA.com

Like us and leave a review on our Facebook page: www.Facebook.com/HelpMeWithHIPAA

If you see a couple of numbers on the left side you can click that and go directly to that part of the audio. Get the best of both worlds from the show notes to the audio and back!

HIPAA Say What!?!

Remember that podcast y’all did months ago about the breach at Scripps Health? I JUST received a letter from them, sing along with me, “Maintaining the confidentiality and security of your information…”

The ransomware did not access the EHR, and Scripps definitely deserves credit. But their communication was a complete mess.

Thanks Jenn! Interesting that you are getting a letter about it in 2022. Our episode where we were watching the live feed was from May 2021. Not sure what the deal is with the 60 day notification time limit. I guess it remains to be seen just how this one does turn out.

We think you are right, we all know the words and should be able to sing along. Who can create a song about this?

Also, shout out to Donna’s friend Glen. He is not technical and not in healthcare at all. HIPAA only applies to him as a patient. However, he does listen to this podcast from time to time. He always enjoys it and is really surprised that all the things we talk about really are happening. The most important thing he mentioned is that he just laughs and laughs listening to us. Thanks for listening, Glen!

This anecdote just illustrates an important thing. Do not assume that others you know can not learn from this podcast. You don’t have to be technical nor in healthcare. Someone just needs to be willing to learn.

405(d) Tip of the Day

• A flyer – front and back – the front explains the threat and the back explains ways you can protect yourself from the threat.
• Slides from the presentation explaining HICP concepts, the threat, and the HICP recommendations for mitigating the threat.
• A poster with quick reminders about the threat to use in your organization for workforce education.

One SMBs Cyber Survey

While this is just one response David got from his survey, the answers are not an anomaly or outlier. Most reports about SMBs understanding show there is a real lack of understanding of the real and current risks to their business.

Let’s review their answers and discuss just how much this impacts them and others in the big picture.

The question: “How concerned are you about the following:”

Answer Options (# selected):

• Couldn’t care less (1)
• Rarely Concerned (3)
• Sometimes it concerns me (3)
• Often concerned (5)
• I lose sleep over it (0)

Let’s just get this one point out there now. Not one item on this list of 12 cybersecurity concerns makes them lose sleep over it. Not one thing. Let’s just take that into consideration as we evaluate what they feel about the others.

Often concerned:

1. Phishing
2. Employees causing data loss or security incident
3. 3rd party software vendor breach
4. Data backup and recovery
5. Cyber threats and incidents

Sometimes concerned:

1. Ransomware
2. Email Security
3. Data in the cloud

Rarely concerned:

1. Loss / theft of equipment or data
2. Compliance/regulatory failures
3. Business/executive email compromise

Couldn’t care less:

1. Social Engineering

How do they feel about the top 5 threats?

• Phishing – Often concerned
  • Social Engineering – Couldn’t care less about it
  • Business/executive email compromise – Rarely concerned
  • Email Security – Sometimes concerned
• Ransomware – Sometimes concerned
  • 3rd party software vendor breach – Often concerned
  • Data backup and recovery – Often concerned
• Loss or theft of device – Rarely concerned
• Insider, Accidental, or Intentional Data Loss – Often concerned
  • Data in the cloud – Sometimes concerned
• Connected devices – not on the list, but you can bet it wouldn’t be above rarely concerned, if that.

That only leaves out compliance, which they are rarely concerned about, and the generic cyber threats and incidents, which they are often concerned about.

Although this is just responses from one survey from one business executive, this is a pretty normal response from an overall standpoint. What is interesting though is that David says after some education and understanding of the complexity of how these threats can affect a business, the survey respondent has a different response to how concerned they are on the items. After all, privacy and security threats are part of business risk management.

It all comes back to education. Educating everybody on privacy and cybersecurity concerns is key. You can’t fix something that you are not even worried about. There is a communication disconnect there. We have to find ways to resolve that so everyone is on the same page. We are all on the cybersecurity team.

Remember to follow us and share us on your favorite social media site. Rate us on your podcasting apps, we need your help to keep spreading the word. As always, send in your questions and ideas!

Special thanks to our sponsors Security First IT and Kardon.