It outta be a crime, sharing user accounts, in this day and age. Failing to track audit trails and alert on network security events outta be a crime, too. Failing to encrypt laptops, letting USB sticks run rampant, and not watching what goes out you email server, outta be a crime. Any business big enough that you can’t keep your eye on all the computers all the time, should be using layered security: anti-virus, firewalls, IDS. To not do so, outta be a crime.
And the law-makers are finally getting around to it. After how many billions of dollars have gone the way of the Dodo? At least they finally get it.
HITECH is one of the biggest impact laws to roll out of the beltway. It finally makes HIPAA security and privacy a serious concern for business entities, and not just hospitals, but everyone hospitals do business with. It makes security failures a nightmare for healthcare companies, and better yet, it permits local enforcement, so not everything has to go back to DC to get fixed. More interesting is its pinning of responsibility on management. Personally. An example of this is the supervisor that blindly permits her reports to bring in memory sticks and plug them in to company computers. In violation of policy, of course. When one of them looses a virus that allows a bad guy in to download medical records and abuse patient finances, that supervisor is going to share some of the responsibility. So will the organization, of course, since they weren’t educating enough (obviously) and they weren’t watching for it. But the supervisor is still going to be responsible, and so will the employee. HITECH pushes responsibility down so that people have to start taking a personal interest and not blindly going about their day unconcerned about security problems.
Now it gets interesting. Like, blood in the water interesting. Finally, what outta be a crime, is.
Digital Trust is, of course, one of many companies that can make your business more compliant. We can help you erect shields to protect you from the sharks. We can do it without breaking the bank and minimizing disruption. We know, because we’ve done it. Let us help you fix/expand/enhance your security program, like we’ve done with other clients. We can even work with your business partners to make sure they don’t get you in trouble.
This blog and it’s contents copyright 2009 Digital Trust, LLC. Republication of this post is permitted provided it is strictly on internal corporate messaging systems. Any republication or reuse is forbidden if the Digital Trust name is removed.