The election news cycle is in full swing as we near the big day on November 3rd. Regardless of how you vote, at Ostendio we encourage all employees to get out and vote by offering paid time off work to get to the polls and cast their ballot. In the news this election year we are hearing a lot about the issue of cybersecurity. People are on edge about security around the election whether it is related to postal votes or foreign interference. Many of the issues raised are common to businesses who, regardless of size, have to face cybersecurity concerns every day. Businesses also need to protect sensitive information and stop bad actors from accessing their sensitive data.
Based on a recent Washington Post article, here are some of the issues that businesses face that also affect elections:
- 1. Disinformation
- Since cybersecurity is such a hot topic these days, many people are just learning the basics about it so there is a lot of disinformation. As with election security issues, follow reliable sources to get the information you need. The experts at Ostendio can help you evaluate the different security frameworks and regulations available and pick the ones that work best for your business and your industry. Read reliable sources like Gartner and Forrester to get background information. Check out real customer reviews of cybersecurity products like those on Capterra. Do due diligence on several products before you choose a solution that is right for your business. Remember, not everything is what it seems at face value so make sure the solution you choose has the depth of features to grow with your business and cover all aspects of your cybersecurity program.
- 2. Executives claiming victory early
- Everyone wants to be a winner. Even in business, company executives are fast to claim victory with “HIPAA compliant” claims and “SOC2 certified” announcements. If you are going to do business with an organization, follow up on these claims and make sure that they are truly demonstrating the compliance that they claim. One common misconception is that you can be “HIPAA compliant” when there is no official certification available. Companies can operate in line with HIPAA regulations but there is no official certification available so beware of companies who make that claim. Also, if a company says they have passed a SOC2 audit, ask to see their report and pay attention to the scope of the audit and whether it affects the areas that you care about. By taking these steps you can ensure that the companies really do have the security background that they are claiming to hold.
- 3. Hackers disrupting databases
- The rate of cyberattacks is on the rise. We have seen data breaches affecting more people than ever before in 2020. In elections, there is a fear of data breaches from foreign interference. In the world of business cybersecurity the same is true with international hacker groups targeting employees with phishing emails that download malware to company systems. Cybercriminals see the COVID-19 pandemic, with an increase in remote workers, as an opportunity to exploit vulnerabilities in security programs and steal information. This threat is serious with some industries under attack more than others, especially healthcare where a recent report showed that only 44 percent of healthcare providers meet NIST Cybersecurity Framework standards. Organizations need to keep up to date with security standards because cyber criminals are working every day to improve their attacks. If organizations are not working every day to improve their defenses and improve their security posture they are falling behind the hackers. Employee training is seen as one of the essential elements. Most companies are only as strong as their weakest link. Using a platform like Ostendio MyVCM with built in security training, that monitors who has completed training and offers regular training to be most effective, is a great start to building a culture of security in any organization.
- 4. Fear of using the latest technology
- I would add this in as a final piece of advice. In elections, technology has advanced from hanging chads - remember the chaos those caused? Well technology has advanced in business cybersecurity too. Many organizations are still trying to complete complex tasks by sharing spreadsheets and manually completing tasks that could easily be automated using the right platform. Organizations are using old data to make risk-based decisions that should be made with real-time data to ensure the best choices are made. The Ostendio MyVCM platform automates much of the manual data security work for example: reminders, verifications and individual compliance to training. It also gives you a view of real-time data - across your organization, geographies or teams, right down to individual views. By using this real-time data you can be sure you are making the right decisions for your business.
In our current COVID-19 environment, with an increase in remote workers, cybersecurity is more important than ever. Many companies, like Microsoft, are moving to permanent remote work situations for more employees so the need for SaaS solutions is greater to keep employees engaged and allow easy collaboration. Recent reports have also shown that cyberattacks are on the rise and all businesses, big and small, need to have a robust cybersecurity program in place to protect customers data.
The need for a strong data security and risk management program is not going away. Just as cybersecurity has become a key element of the election cycle, cybersecurity should be a boardroom issue for all organizations. At Ostendio, we help companies build, operate and showcase their cybersecurity programs. Whether you are just starting your cybersecurity journey, have already established a program, or if you are about to undertake a complex audit like a SOC2. Ask for a free demo - you’ll be impressed by how much the Ostendio MyVCM platform has changed the world of data security and risk management.
And a final word about elections - vote!