Cybersecurity—Does it really matter?
February 5, 2016
By: Guillermo A Francia, III, Ph.D., Professor of Computer Science Jacksonville State University
As the dependency of society on cyberspace pushes deeper so does the complexity of sustaining such a way of life. Businesses, educational institutions, and government agencies have no recourse but to respond to society’s ever increasing demand for connectivity in cyberspace. In doing so, these entities are confronted with an unimaginable threat landscape that seem to evolve in direct proportion to the rate of advancement in technology. Once connected in cyberspace, entities are bound, by laws, customer demands, and/or financial obligations, to protect their Information Technology systems from unintended or unauthorized disruption, disclosure, and alteration that could possibly have significant human or financial consequences. That, in essence, is cybersecurity!
But wait, does it really matter?
First, let’s look on why it does matter at the legal viewpoint. If you are in the healthcare business, you should be aware of the Health Information Technology and Economic and Health Act (HITECH) which, among other provisions, protects the confidentiality of health information. The penalty for non‐compliance could go up to $250,000 with repeat/uncorrected violations extending up to $1.5 million. If your business involves children under 13 years old, you should be familiar with the Children’s Online Privacy Protection Act (COPPA) which protects the privacy of those children in that age group. In 2009, a company that makes online app for smartphones settled a case with the Federal Trade Commission (FTC) for a hefty $450,000 penalty. Even small merchants which are setup to take a handful of payments through credit card transactions need to know that they are required to be in compliance with the Payment Card Industry Data Security Standard (PCI DSS). A substantial fine amounting to $5,000 to $100,000 per month per compliance violation can be catastrophic to a small business entity. Educators must contend with the Family Education Rights and Privacy Act, or FERPA, which strives to protect the information of students. In fact, some educational institutions may find themselves covered by both FERPA and HITECH if that institution is affiliated with a health care provider. The institution’s information security program, including those policies which seek to prevent identity theft, must comply with both Acts as well as any other federal and state laws the institution may be affected by.
In spite of all preventative measures, the truth is that no amount of precaution, monitoring, or paid services can guarantee that an individual or a business entity is free from data breach. Major data breaches are becoming more commonplace and sensitive data are becoming cheap to acquire. According to a set of statistics reported by Robert Siciliano in 2014, a compromised U.S. bank account with a balance of $70,000 ‐ $150,000 can be purchased online for as little as $300, while as little as $8 will buy a stolen U.S. credit card (Card Verification Value (CVV) number included) and a mere $40 will purchase a stolen U.S. identity.
Now, because of the newly found convenience and excitement of cyberspace, are we all doomed? Well, let’s stop and think. Is there a way out of all these troubles? The answer is Yes! There are two things to keep in mind: risk management and contingency planning. While risk management involves assessment and control, contingency planning entails meeting head‐on the inevitable adverse event. A cybersecurity attack could happen anytime and it is incumbent for an individual or business entity to be ready with control mechanisms that can minimize the undesirable effects and a contingency plan for recovery.
Keeping Your Business Safe: Business Continuity, Cybersecurity and Disaster Planning
Join us Friday, March 4, from 8:00-11:00 A.M.
at the Civilian Marksmanship Program, 1470 Sentinel Drive, Anniston
Hear from the EMA and JSU Cybersecurity and receive resources to ensure your business is ready!
No charge to attend. RSVP required. Call 256-237-3536 to RSVP and receive the event preparation packet.