REA DENTAL CLIENT UNCOVERS CYBERSECURITY RISKS
AFTER RISK ASSESSMENT
By Paul Hugenberg , III , CISSP , CRISC , CISA , principal & director , cybersecurity and data protection services , paul . hugenberg @ reacpa . com ( Wooster office )
Cybercriminals don ’ t care about you or your business , they ’ re just looking to steal your money , which makes them one of the most dangerous threats to businesses today . Unfortunately , oftentimes due to a lack of resources , smallto mid-sized businesses are at an even greater risk – and it ’ s not always for the reasons you might think .
Yes , smaller organizations are less likely to be able to invest in their cybersecurity infrastructure ; and , yes , they are less likely to recover from a cyber attack . But perhaps a bigger issue occurs when a business owner thinks they are paying for a service they are not receiving . This scenario results in a false sense of security and when a cyber attack does occur , the owner is left with an empty bank account , a poor reputation , and a look of confusion .
Smaller businesses , including dental practices , often outsource IT support to a local independent IT specialist or a small IT organization . These IT companies are primarily tasked with troubleshooting small computer issues and maintaining the day-to-day IT management of the office . What is often missing in these outsourced relationships is the implementation of cybersecurity controls . As a result , businesses are vulnerable to a variety of threats , including phishing attacks , legacy system exploits , and Ransomware .
The Problem : Not Knowing The Cybersecurity Risk
Rea & Associates ’ cyber team was recently introduced to one of the firm ’ s existing dental clients during an annual business review . After a brief conversation , our cyber specialists were able to identify several areas of concern . The dental practice owner agreed to allow the cyber team to conduct a Health Insurance Portability and Accountability Act ( HIPAA ) Security Risk Assessment , which allowed Rea to take a deep dive into the practice ’ s IT environment and review any existing cybersecurity controls . The security risk assessment findings were eye-opening .
The Solution : A Security Risk Assessment and MyISO
Rea ’ s cyber specialists were not only able to reveal that the third-party IT support the practice was paying for didn ’ t include the implementation of cyberse- curity controls , they discovered that the organization was aware of the insecure cybersecurity and data protection environment and did nothing to inform the practice of these issues . To rectify this issue , the dental practice tapped Rea ’ s cyber team for help , which included the replacement of more than 15 outdated computers , the installation of endpoint protection , and much more . Today , the dental client has Rea ’ s cyber team on retainer through the firm ’ s MyISO service offering , through which Rea serves as the practice ’ s information security officer on a month-to-month basis for a minimal monthly fee .
Final Observations
A common theme we see among dental practice owners and owners of other small- to mid-sized businesses is that they were never taught about the importance of a cybersecurity infrastructure during their professional education . Therefore , they tend to overlook the growing list of regulations pertaining to network safety , data protection , and their impact on their business ’ s bottom line . The best way to solve the issue of “ I don ’ t know what I don ’ t know ” is to have a conversation with a member of Rea ’ s cyber services team .
7