Modern technologies are certainly making it easier for an organization to minimize risk and detect and prevent security breaches when they occur. Between intrusion detection systems, next generation firewall systems, threat management solutions, data encryption solutions, there are a lot of ways to help your organization. However, the basics of security are just as important. If you look at the HIPAA data breach portal, you’ll find a pile of examples of breaches caused by simple errors and security mistakes.
While the FTC doesn’t cover enforcement of HIPAA-covered entities, their latest blog post for business is a must read for your business, no matter if you’re HIPAA-regulated or not. Start with Security: A Guide for Business covers the following aspects of data security in an easy-to-follow format:
- Start with security.
- Control access to data sensibly.
- Require secure passwords and authentication.
- Store sensitive personal information securely and protect it during transmission.
- Segment your network and monitor who’s trying to get in and out.
- Secure remote access to your network.
- Apply sound security practices when developing new products.
- Make sure your service providers implement reasonable security measures.
- Put procedures in place to keep your security current and address vulnerabilities that may arise.
- Secure paper, physical media, and devices.
While this is an especially important issue to regulated industries, the advice is good for any business to follow.