Security Assessments

Security Assessments For Individuals and Small Businesses

Individuals and small businesses are increasingly targets of hacking, with results ranging from minor inconveniences to total incapacitation. Fortunately, application of some simple principles and practices can go a long way to fortify defenses and greatly reduce the risk of a successful breach.

As much as 80% of malware-infected websites are owned by a small business. This is a result of the high demand for e-commerce websites with a relatively low or nonexistent budget for cybersecurity expenses. Unfortunately, the result of this combination of factors is an Internet filled with easy website targets for hackers.

Additionally, a vast population is reaching the age of retirement, having accumulated retirement savings in the form of stocks and bonds, annuities, and other holdings. Because the majority of these people know very little about Internet security, they risk these assets every time they access them online.

Our mission is to provide expertise in the form of education, training, and assistance for people in these categories in order to reduce their online risks. By providing standardized assessments, we can generate recommendations for action that will result in vastly improved defenses--preventing costly, even devastating breaches.

Regulation-Based Security Assessments

Major professions are now required to meet specific federal and state government regulations assuring effective and secure management of data about individuals. With rising incidences of system breaches resulting in increasing impacts to consumers' private data, this trend is likely to continue.

The medical profession, including all clinical organizations maintaining electronic records of their patients, must meet HIPAA requirements or face steep fines. Such fines often lead to clinic closures, especially in cases where there is a basis to consider infractions intentional or where regulations were simply ignored.

The section of HIPAA termed the Security Rule defines steps clinics must take to protect patient data against theft. The Security Rule defines specific means by which patient data is to be handled and protected in terms of technical safeguards, i.e., system configuration to ensure programs and hardware work together to prevent unauthorized access. It also defines the need for a series of documents addressing human behaviors which can directly impact the security of clinical data. Such documents include plans by which clinics can protect patient data under a variety of circumstances, ranging from events such as fire and flood to burglary, but also demands plans by which employees will be trained on hire and periodically to understand their responsibilities for, and the means by which they will continue, protecting patient data.

Another example is the handling of client data associated with financial management, including tax preparation and associated legal action. While the IRS does not issue regulations associated with secure management of taxpayer data, they have provided extensive guidelines which must be followed.

Steel Bubble provides formal assessments based on governmental regulations, regardless of the field of endeavor, culminating with detailed reports of compliance and actions recommended to address noncompliances. All outcomes are completely confidential and are not shared or provided for use in governmental audits.