HIPAA Tip: Why SMBs Are Cybercriminal’s Target

While news headlines announce large company breaches from cybersecurity incidents it is just as likely for cybercriminals to target small or mid-size businesses (SMBs). And why is that, when you are thinking to yourself, “the bad guys aren’t coming after my small business!” Because it’s easy and the effort they need to put into the attack is simpler than a large organization.

In believing an attack cannot happen to the organization many SMBs take a more lackadaisical approach to their security measures, thus exposing the business environment to a range of risks and vulnerabilities.

Some benefits of targeting SMBs from a cybercriminal’s perspective:

  1. For some SMBs it takes time to upgrade or update older software operating systems, applications and even hardware. Outdated systems and devices are easy targets for threat actors to gain access into the organization’s network.
  2. Security Awareness and Cybersecurity Training is (unfortunately) not a top priority for SMBs. Cybercriminals know this all too well and how easy it is to access an organization’s environment through a phishing email – asking the user to open a link or attachment, or to sign into a system using unique credentials.
  3. Smaller businesses often have limited IT budgets and/or resources making them more likely to not have robust security measures. Many times balancing business finances leads to postponing additional security initiatives.
  4. Cybercriminals know that SMBs may not have well defined data protection along with retention policies. Password policies may be very limited or shared user accounts with no password policies may still exist. Backups for all critical data may only be onsite, with no replication offsite; or worst case, there are no backups being completed.

There are numerous organizations trying to assist SMBs to become educated and proactive against cybersecurity attacks. Take advantage and secure your organization!

HPH Cybersecurity Performance Goals

HIPAA compliance isn’t a one-time checklist. It’s ongoing, programmatic in nature, and requires demonstrated reasonable diligence to stay in good standing with the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR). Anatomy IT can provide you peace of mind with our expert HIPAA compliance services. To learn more, contact us here.