By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
SmartData Collective
  • Analytics
    AnalyticsShow More
    predictive analytics in dropshipping
    Predictive Analytics Helps New Dropshipping Businesses Thrive
    12 Min Read
    data-driven approach in healthcare
    The Importance of Data-Driven Approaches to Improving Healthcare in Rural Areas
    6 Min Read
    analytics for tax compliance
    Analytics Changes the Calculus of Business Tax Compliance
    8 Min Read
    big data analytics in gaming
    The Role of Big Data Analytics in Gaming
    10 Min Read
    analyst,women,looking,at,kpi,data,on,computer,screen
    Promising Benefits of Predictive Analytics in Asset Management
    11 Min Read
  • Big Data
  • BI
  • Exclusive
  • IT
  • Marketing
  • Software
Search
© 2008-23 SmartData Collective. All Rights Reserved.
Reading: Michigan Cyber Initiative Reports ‘People’ as Weakest Link in IT Security
Share
Notification Show More
Latest News
ai digital marketing tools
Top Five AI-Driven Digital Marketing Tools in 2023
Artificial Intelligence
ai-generated content
Is AI-Generated Content a Net Positive for Businesses?
Artificial Intelligence
predictive analytics in dropshipping
Predictive Analytics Helps New Dropshipping Businesses Thrive
Predictive Analytics
cloud data security in 2023
Top Tools for Your Cloud Data Security Stack in 2023
Cloud Computing
become a data scientist
Boosting Your Chances for Landing a Job as a Data Scientist
Jobs
Aa
SmartData Collective
Aa
Search
  • About
  • Help
  • Privacy
Follow US
© 2008-23 SmartData Collective. All Rights Reserved.
SmartData Collective > IT > Security > Michigan Cyber Initiative Reports ‘People’ as Weakest Link in IT Security
NewsSecurity

Michigan Cyber Initiative Reports ‘People’ as Weakest Link in IT Security

onlinetech
Last updated: 2012/10/12 at 2:08 PM
onlinetech
9 Min Read
SHARE

Not sure where I was last year, but I somehow missed the entire Michigan Cyber Initiative launched by the State of Michigan. If you did too, you can review their efforts at www.Michigan.gov/cybersecurity. After scanning the Cybersecurity Measures for Businesses section, one thing that caught my eye was the Personnel Security Controls – ‘People, People, People’ is listed as both an asset and a threat. I’m guessing the iteration of the word makes it extra important, so let’s review what this could mean.

Not sure where I was last year, but I somehow missed the entire Michigan Cyber Initiative launched by the State of Michigan. If you did too, you can review their efforts at www.Michigan.gov/cybersecurity. After scanning the Cybersecurity Measures for Businesses section, one thing that caught my eye was the Personnel Security Controls – ‘People, People, People’ is listed as both an asset and a threat. I’m guessing the iteration of the word makes it extra important, so let’s review what this could mean.

Their three-bullet point list starts with: “People are the key ingredient to a successful organization; but people can be the weakest link for security of the environment.” It’s true. An untrained or careless staff can unknowingly be the root cause of many a data breach. A data breach is the event in which confidential data is leaked, stolen or lost.

Among the tiers of security any organization should implement, administrative security is equally if not more important as the physical security and technical security of your data environment. For a Michigan hosting provider, administrative security should include audits, policies, staff training and industry-specific compliance training.

More Read

cloud data security in 2023

Top Tools for Your Cloud Data Security Stack in 2023

Combat AI-Powered Threats with Cybersecurity Simulations & Other Practices
A Guide to Using XDR Threat Protection to Stop Data Breaches
Big Data is Changing the Student Financial Aid Process
Data-Driven Tips to Optimize the Speed of Macs

If you’re a Michigan business seeking an IT vendor, it’s important to understand which audits and reports are specific to IT/managed hosting providers. Read a brief description of each audit and what it means in our Data Center Standards Cheat Sheet – From HIPAA to SOC 2.

If you’re a Michigan healthcare organization, it’s even more important to understand what HIPAA compliance (Health Insurance Portability and Accountability Act) means for your hosting solution, as there are serious legal implications on the storage and transmission of all protected health information (PHI). These legal implications can mean state and civil lawsuits, lost business, remediation costs and reputational damage, if you experience a data breach.

Likewise, if you’re a Michigan retail or e-commerce organization, it’s important to understand what PCI DSS compliance (Payment Card Industry Data Security Standards) means for your hosting solution in order to avoid the loss of credit cardholder data you may be storing or transmitting.

Back to ‘People, People, People’ – employee error is a very common cause for a data breach. The Human Factor in Data Protection, a study by the Ponemon Institute reported 78 percent of respondents’ organizations had experienced a data breach as a result of negligent or malicious employees or other insiders. According to the report, the top 10 employee behavior that could lead to a vulnerability include:

  1. Connecting to the Internet via an insecure wireless network.
  2. Not deleting information off of their computer when no longer necessary.
  3. Sharing passwords with others.
  4. Reusing passwords and usernames on different websites.
  5. Using generic, unencrypted USB drives.
  6. Leaving computers unattended when outside the workplace.
  7. Losing unencrypted USB drives and not immediately notifying their organization.
  8. Traveling and working on laptops without a privacy screen.
  9. Carrying unnecessary sensitive information on a laptop while traveling.
  10. Using personal mobile devices that connect to their organization’s network.

Here are a few real examples:

  • In the largest healthcare breach (4.9 million people affected) by a contractor for TRICARE, the military’s healthcare program, an employee their data security contractor, SAIC (Science Applications International Corp.), left backup tapes that contained a decade of unencrypted patient history data in the back of his car. Theft ensued. In the subsequent lawsuit, one charge targeted their employee training policies; claiming that the contractor’s staff was unaware of how to properly handle data.
  • In April, an employee of the South Carolina Department of Health and Human Services (SCDHHS) Medicaid program transferred personal data of over 200,000 Medicaid beneficiaries to his personal email account.
  • Over 700,000 individuals were affected by a hacker gaining access to a server due to a configuration error at the password authentication level at the Utah Department of Technology Services (DTS). The server was a test server, and it was misconfigured after it was put into production. According to InformationWeek.com, processes were not followed, and the password was very weak.

The Ponemon Institute study lists specific security and governance procedures that organizations employ, in order of importance:

High importanceData protection and security measures
80%Manage and monitor end-user privileges and entitlements
57%Conduct criminal background checks before granting privileged access
52%Ensure security governance practices are consistently applied
48%Attract and retain high quality IT security personnel
47%Train employees about IT security policies and procedures
45%Enforce security and data protection policies
36%Obtain intelligence about probable attacks or advance threats
35%Ensure security administration is consistently managed
35%Conform with leading IT security frameworks
35%Ensure encryption keys or tokens are adequately secured
31%Ensure that third parties are properly vetted before data sharing
31%Manage and monitor end-user access to Internet apps
30%Control all live data used in systems development activities

Read our guide, Five Questions to Ask Your HIPAA Hosting Provider for tips on how to properly vet third parties before data sharing – although written primarily for healthcare organizations, anyone concerned with security can benefit from it.

Visit our administrative security section of our website for details on the various components of a secure hosting service:

Administrative Security 
Audits and Reports
Data center and hosting providers should maintain reports on compliance (ROC) in order to clarify which requirements they cover, and which requirements your company needs to fulfill. Online Tech provides copies of our audit reports for SSAE 16, SAS 70, SOC 1, SOC 2, HIPAA and PCI compliance.
Policies
Online Tech’s documented policies and procedures reflect our protocol in the event of a data breach in order to provide your company visibility into our notification timeline. Additionally, documentation can outline other important security standards, from how data is handled after service termination to password policies.
Staff Training
Documented policies and procedures are only effectual if employees are made aware of and trained on a regular basis. The mishandling and misuse of sensitive data can potentially lead to a data breach. Check the last dates of employee training, and inquire about hiring policies to ensure that your data is in safe hands.
Business Associate Training
As your HIPAA hosting provider, we are trained on how to specifically handle ePHI (electronic protected health information). Part of your due diligence as a covered entity includes vetting your third-party service providers and ensuring they are trained on how to prevent a data breach. Additionally, we offer to sign and provide a business associate agreement with every healthcare client.

References:
Cybersecurity Measures for Businesses
People, People, People
The Human Factor in Data Protection (PDF)
Utah’s Medicaid Data Breach Worse Than Expected

onlinetech October 12, 2012
Share this Article
Facebook Twitter Pinterest LinkedIn
Share

Follow us on Facebook

Latest News

ai digital marketing tools
Top Five AI-Driven Digital Marketing Tools in 2023
Artificial Intelligence
ai-generated content
Is AI-Generated Content a Net Positive for Businesses?
Artificial Intelligence
predictive analytics in dropshipping
Predictive Analytics Helps New Dropshipping Businesses Thrive
Predictive Analytics
cloud data security in 2023
Top Tools for Your Cloud Data Security Stack in 2023
Cloud Computing

Stay Connected

1.2k Followers Like
33.7k Followers Follow
222 Followers Pin

Sign Up for Our Newsletter

Subscribe to our newsletter to get our newest articles instantly!

[mc4wp_form id=”1616″]

You Might also Like

cloud data security in 2023
Cloud Computing

Top Tools for Your Cloud Data Security Stack in 2023

7 Min Read
cybersecurity simulations
Artificial IntelligenceExclusiveITSecurity

Combat AI-Powered Threats with Cybersecurity Simulations & Other Practices

7 Min Read
data breach issues
Security

A Guide to Using XDR Threat Protection to Stop Data Breaches

6 Min Read
companies using big data 17-18
Big DataExclusiveNews

Big Data is Changing the Student Financial Aid Process

7 Min Read

SmartData Collective is one of the largest & trusted community covering technical content about Big Data, BI, Cloud, Analytics, Artificial Intelligence, IoT & more.

giveaway chatbots
How To Get An Award Winning Giveaway Bot
Big Data Chatbots Exclusive
ai in ecommerce
Artificial Intelligence for eCommerce: A Closer Look
Artificial Intelligence

Quick Link

  • About
  • Contact
  • Privacy
Follow US

© 2008-23 SmartData Collective. All Rights Reserved.

Removed from reading list

Undo
Go to mobile version
Welcome Back!

Sign in to your account

Lost your password?