Cybersecurity in 2021

5 Ways 2020 Makes 2021 A Different New Year

30 Dec 2020 in

Your advisors are likely calling to talk about your plans for 2021. It is important to have these conversations and ensure you have evaluated the projects required for success in the coming year.

Every year my clients engage in a timeline exercise where we review what worked, what still needs improvement, and where solutions fell short during the existing year. This gives us clarity in our plan for the upcoming year based on budget, risk, timelines, and priorities for improving individual segments of the business. I am excited to share these tips with you! Below you will find an outline of the conversation topics and important points to consider.

While the top 5 issues to tackle are similar year to year, 2020’s pandemic and economic shifts have put a spotlight on many of the gaps my clients are facing in 2021.

Please take a moment to evaluate how you are doing on these below items, ask yourself (and your staff) the hard questions to be prepared to take forward actions on the answers.

Rate yourself on a scale of 1-10 (1 being High Risk, 10 being Low Risk). Also, ask someone who knows your business well to rate your risk or performance so that you can get an alternate perspective.

#1 - How much risk are you assuming in your compliance adherence? PCI, HIPAA, ADA, etc.

Do you take credit cards for payment? There are 250 points to being compliant with PCI requirements and if you are keeping track on a spreadsheet or do not have a GRC (Governance Risk Compliance) tool at your disposal monitoring all who access your PII (Personal Identifying Information) you are on the high-risk side of this scale.

COVID-19 has pushed the boundaries of HIPAA and a patient’s PHI (protected health information) to disclose who may be a carrier without identifying the individual. While permitted to share information during an “emergency” with public health authorities you are responsible for yourself as a covered entity and your business associates who may have access to PHI in protecting your patient’s privacy.

There is no hall pass for small entities versus large companies when it comes to compliance adherence. Everyone gets handed the same fines for non-compliance. Can your budget ride the wave of a large fine? There are new rules concerning accountability with hefty fines in California with other states considering similar measures. The privacy landscape will continue to evolve and being able to adapt quickly to those changes in regulations is the pathway to success if you have regulatory requirements.

#2 - When is the last time you tested your disaster recovery plan?

Ok, well most of us have tested the scenario where the world goes into lockdown for a pandemic and you are forced to work from home whether you want to or not! Many made the transition with ease based on their adaption of cloud-based solutions that could be accessed from anywhere, however those who had not yet leaped are still struggling with poor internet connections in their home offices, the inability to connect and collaborate with their peers, or answer the calls of your clients.

Are you ready for the next disaster scenario or are you still dealing with the blows that 2020 has dished out? How does your team feel about your response to this pandemic and how much time is being lost to poorly integrated or non-integrated solutions?

In nearly all instances of a well-defined disaster recovery plan, there is still a single point of failure. With the new distributed architecture. Where is yours?

It could be your cloud access. Yes, even if your data is in the cloud it still needs a backup because hackers can get into that too! See # 3 below.

If the answer to when you last tested is more than 3 months ago that puts you in the high-risk category.

#3 – When will you update your cybersecurity policy and begin providing education to your team on thwarting cyber threats?

Threat actors are getting more aggressive in their strategies and taking full advantage of your newly distributed and highly distracted workforce. They are counting on you having an outdated security stack that has little hope of reaching every endpoint used to access data. Your staff is more vulnerable than ever to phishing attacks and password compromises.

What if your team had the same sort of awareness, we all now have for wearing masks and social distancing and apply it to the sovereignty of your precious data? Now that your team is likely outside of your “castle” where are the weak links? VPN connections, managed hardware, and cloud services are often outside of an IT department’s other protection stacks and hackers are getting in.

Healthcare sees an alarmingly larger rate of attack than other businesses and the average cost of a data breach in Healthcare is $7.13M compared to the global industry average of $3.86M. Hackers are now looking for research information on COVID-19 vaccines and ways around our defenses as proven by the recent attack on FireEye to gain tools used against hackers.

Password protection, employee education, and a serious look at each link in your armor are required as you prepare for 2021.

#4 – What is the most common complaint you are getting from your team or your customers/patients?

So often as business owners we spend our days working in the business instead of on our businesses. The best pulse as to how well things are going is the complaints by staff or patients. Even in the best of circumstances the most often received complaint from customers or patients is that it’s hard to get ahold of the people they need to talk to schedule an appointment, handle a bill, or just ask a simple question. In a world full of information at our fingertips, how well are you empowering your staff to make it easy to see or do business with you? This is essential to success in a rapidly evolving digital world. If you do not exist on the internet, social media, and easy methods of contact; your business will suffer.

A few years ago, this wasn’t an issue for my healthcare clients as they enjoyed a certain umbrella from providing exceptional customer service because of the nature of their industry. That has all rapidly changed with the acceleration of telehealth during this pandemic. If you don’t know what your patients are complaining about, check your google business rating and reviews. Your happy patients won't’ likely take the time to sing your praises however your upset ones surely will. Just because you provide a specialty in the practice of medicine does not make you immune to changes in communication styles for your patients. It is time to look at the things that can be automated, measured, and improved to ensure that your team is providing the best patient experience during your digital transformation.

#5 – What service provider contracts do you have coming to term this year?

Most technology has an evolutionary shelf life of 3-5 years. Generally, your service provider contracts span a term of 36 months from the day you signed or turned up the service. As more and more cloud services are commoditized, you must take the time to renegotiate your contracts and are getting the best price for the services you consume. Internet bandwidth, cloud-based phone offerings, your MSP (managed service provider) contracts, and anything else you pay monthly for is likely to auto-renew if you are not paying attention.

Service providers often require 90 days’ notice to go to a month-to-month scenario after the original term has expired. This notice does not mean you have to change service providers however we highly encourage all our clients to re-evaluate the technology in use every year as the applications evolve rapidly and there could be something out there better suited to your culture, budget, and service level requirements.

We hope you have enjoyed this bit of information regarding strategic planning as we look ahead to 2021. As a group of Unbiased Technology Advisors, it is our goal to help each one of our clients find their #technologyunicorn!