Something funny but serious!

😂 Some things are funny in life, except where the consequences could be huge


………
Take the medical center in San Antonio that has thousands of patients and sees hundreds of them each day.

In their waiting room they kindly provide free guest wifi access.

Unfortunately the guest wifi network is on the medical centers corporate network.

That’s right, the same network.

Guests could, if they were even a little tech savvy, literally access corporate files and patient records.

That medical center – definitely not HIPAA compliant!

Or,
Take the law firm that is dealing with high profile cases, stores lots of personal data, but their office of about 15 staff members operates utilizing a domestic wifi router that is literally hanging in a closet!

The router is not even sitting on a shelf.

If this is the approach to a corporate ‘network’, we can only imagine how technology is run at the firm.

It’s very likely to be run ‘on a shoe string’.

That law firm is not unique.

Profit over good business practices, over good governance. Happens all the time.

In the event of a cyber event or incident the risk of major impact on that firm is huge.

Imagine the loss of highly confidential client information, court information lost, all client cases compromised – the consequences are off the scale.

As cyber risk specialists we see poor tech set ups frequently, those poor setups, lack of staff training and awareness were the reason why those businesses were easily compromised.

We frequently get called in to a business after they’ve endured an incident as they realise that the pain was massive, and they wish to reduce the risk of it happening again.

Perhaps reading this you find what the medical center did is funny, maybe the law office is funny too.

How would you feel though if your confidential information was exposed, your data was lost? 🤔

Is your business operating any better? 🤔

At KV Impact we’re here to help you. Independent and objective cyber risk assessments to put you in the know.

Previous
Previous

SEC Cybersecurity Rules

Next
Next

Podcast time…again!