Third Rock performs Risk Assessments (Security Risk Analysis) for very small firms to large organizations in healthcare, technical, financial, insurance, oil and gas, and other industries. We know the focus of the assessment needs to be security; therefore, we run an industry standard (NIST based) scan checking computers for vulnerabilities and many variants of compliance. (NIST stands for National Institute of Standards and Technology) Our findings show that the average covered entity is about 15% compliant and the Windows Operating System is about 27% compliant against the NIST test. It’s obvious to us that cybersecurity has not been addressed.
You might ask, “How do we improve these findings and correct these issues?”
It’s actually not too difficult.
- Make sure your software is up-to-date. You should have “auto-update” turned on for operating systems, anti-virus software, and applications.
- Ensure that your backups are (a) current, (b) secure, (c) off-site, and that they work. Test the backups on a daily basis to make sure they have not been encrypted by ransomware.
- Correct the deficiencies of the Windows operating system, including setting up password policies. Utilizing a domain is wise.
- Hire competent IT staff or a Managed Service Provider to provide consistent service for your computers and network. Paying for assistance only when you have a problem means no one is monitoring your network or computers on a regular basis.
- Make sure your network has been locked down. Change firewall logins regularly, and use strong passwords. Hide or turn off WiFi broadcasting and use strong passwords. Do NOT allow guests onto the company network.
- If you’re a larger covered entity, you should consider hiring a Managed Security Services Provider (MSSP).
Hope this helps you think about cybersecurity in a new light and to take action to harden your systems and network.
If you have any questions drop us an email at compliance@thirdrock.com. We’re happy to help!