*This article was last updated May 2020.
It seems as though cyberattacks at companies of all sizes are becoming more and more common. For a business owner, that can feel pretty daunting.
But it doesn't have to! The article you're reading right now is the first in a series designed to provide you with the knowledge you need to understand and prevent cyberattacks.
Ready to begin? Good. Let's start with the basics.
A cyberattack is any type of offensive tactic that targets computer networks, devices, information systems or infrastructures.
There are four main types of cyberattacks. These include:
The various types of cyberattacks include: malware — malicious software intended to damage or disable computers or computer systems. Ransomware — a type of malware designed to block access to a computer system until money is paid. Phishing or vishing — sending emails acting like a reputable company to convince people to give out personal information. Voice phishing, or vishing, is gaining access to private personal and financial information over the phone. Masquerading or social engineering — an attack that uses a fake identity to gain unauthorized access to a personal computer.
Defend your workplace against cyber security breaches
Some cyberattacks, like ransomware External Site, can be hard to detect at first. Ransomware is a type of malware designed to block access to a computer system until money is paid. The best defense against a cyberattack is to be aware, and take proactive steps to protect you and your business like:
- Keeping software and devices up to date
- Using strong passwords
- Staying leery of unusual emails and popups
Cyberattacks and HIPAA rules
The Health Insurance Portability and Accountability Act, or HIPAA External Site is a federal law that provides data privacy and security provisions for safeguarding medical and health information. HIPAA defines a breach of protected health information (PHI) as "the acquisition, access, use or disclosure of PHI in a manner that is not permitted under the HIPAA Privacy Rule, which compromises the security or privacy of the PHI."
One of the biggest threats to protected health information (PHI) External SIte is the compromise of data through ransomware. In these cases, the malware can encrypt data with a key only known to the hacker. When electronic PHI is encrypted, a breach has occurred because an unauthorized individual has taken control of PHI.
Know the signs of an attack
Even by taking these steps, knowing how to detect an attack ensures you can take swift action to correct the problem. Indicators of an attack could include:
- A user realizing that a link, file attachment or website may have been malicious in nature.
- Losing the ability to access certain files, or noticing that files have been deleted, renamed or moved.
- Your computer is taking longer to process simple commands for no apparent reasons, or a slower than normal internet speed.
- Getting kicked out of your system or receiving an email that a password was changed without your request.
This is not an exhaustive list. If something feels wrong, it probably is. Be sure you know who you can contact if you believe that your business has experienced a cyberattack so you can respond immediately.
Report suspected breaches to Wellmark Blue Cross and Blue Shield
And, as a reminder, if you suspect something is wrong and you discover that protected health information (PHI) has been compromised, you must report the incident to Wellmark immediately. Either contact your authorized Wellmark representative or email CyberResponse@Wellmark.com Send Email