Things were going great at Michael Daugherty’s up-and-coming $4 million medical-testing company. He was a happy man. He ran a good business in a nice place. His Atlanta-based LabMD had about 30 employees and tested blood, urine and tissue samples for urologists. Life was good for this middle-aged businessman from Detroit. Then, one Tuesday afternoon in May 2008, the phone call came that changed his life. His general manager came in to tell Daugherty about a call he’d just fielded from a man claiming to have nabbed a file full of LabMD patient documents. For a medical business that had to comply with strict federal rules on privacy, this was bad. Very bad.
It turned out that LabMD’s billing manager had been using LimeWire file-sharing software to download music. In the process, she’d unwittingly left her documents folder containing the medical records exposed to a public network. A hacker easily found and downloaded LabMD’s patient records. And now the fate of Michael’s life – and his business – were drastically altered. What followed was a nightmarish downward spiral for LabMD. Not one to go down without a fight, Michael found himself mired in an escalating number of multiple lawsuits and legal battles with the Federal Trade Commission and other regulators investigating the leak.
Finally, in January 2014, exhausted and out of funds, his business cratering under constant pressure, he gave up the fight and shuttered his company. One tiny leak that could have easily been prevented took his entire company down. Could this happen to you and your business? Let’s take a look at four fatal errors you MUST avoid, to make sure it never does:
Have you developed a false sense of security?
Please, please, please do NOT think you are immune to a cyber-attack simply because you are not a big company. The fact is, whether you have 12 clients, or 12,000 clients, your data has value to hackers. A simple client profile with name, address and phone number sells for as little as $1 on the black market. Yet add a few details, like credit card and Social Security numbers, and the price can skyrocket – $300 per record is not uncommon. Being small doesn’t mean you are immune.
Are you skimping on security to save money?
Sure, of course you have a tight budget… So you cut a deal with your marketing manager who wants to work from home at times. He links into the company network with a VPN. If configured properly, your VPN creates a secure and encrypted tunnel into your network. So his device now links his home network into the company network. The problem is, his home cable modem may be vulnerable to attack, an all-too-common issue with consumer devices. Now you have an open tunnel for malware and viruses to at-tack your network.
Could lack of an off-boarding process put your company at risk?
It’s crucial to keep a record of user accounts for each employee with security privileges. When an employee leaves, you MUST remove those accounts without delay. An internal attack by a disgruntled worker could do serious harm to your business. Be sure to close this loop.
Have you been lax about implementing security policies for desktop computers, mobile devices and the Internet?
The greatest threat to your company’s data originates not in technology, but in human behavior. It starts before you boot up a single device. In an era of BYOD (bring your own device), for in-stance, lax behavior by anyone connecting to your network weakens its security. Your team loves their smartphones, and with good reason. So it’s tough sticking with strict rules about BYOD. But without absolute adherence to a clear policy, you might as well sell your company’s secrets on eBay.
Don’t let a tiny leak sink your ship – here’s what to do next…
Not sure where to start? We completely understand, but we can also help. Give us a call to talk to a tech about what is in place, what we recommend and some ‘first steps.’ Next, get a list of your current employees so our tech can compare that list to your existing network list and let’s start cleaning!