Dallas_Medical_Journal_November_2018

TOR, which stands for The Onion Router, is software required to access the dark web. The US Navy developed TOR software in the 1990s as a way to allow intelligence agents operating overseas to communciate anonymously with colleagues in the United States. It was released to the public as free open software in 2003. The Onion Router got its name because all transmissions through it are anonymous; messages are sent to multiple servers around the world to disguise the sender — akin to layers of an onion. If you use TOR to search for info, it takes several seconds to load because the request travels tens of thousands of miles between all those servers before coming back to you. It’s perfect for preserving anonymity for spies, political dissidents and criminals. The TOR browser hides users’ IP addresses, and transactions usually are conducted in cryptocurrency to make them untraceable. November 2018 Dallas Medical Journal 27 for your work computer. And if those were the same as your accounts at Home Depot and Linked In — companies that have been hacked — then that information could be purchased, and all those accounts could be accessed and compromised. EVERYONE IS SUSCEPTIBLE — ESPECIALLY IN HEALTH CARE Most people wrongly believe that the dark web doesn’t apply to them. That’s simply not true: no network is bulletproof, and dark web perpetrators are increasingly more experienced, sophisticated and vigilant. The fact that healthcare provider databases can so easily be hacked and sold online should be a wake-up call for all businesses to rethink their security and compliance strategies. Healthcare providers store some of the most sensitive and private information about patients, and this information is open season to a wide range of cyberattacks. To make matters worse, many clinical systems are poorly patched and often communicate through unsecure channels. This allows hackers access to a provider’s most sensitive data — patient records. The combination of large networks, massive quantities of records, and less-than-secure systems makes providers vulnerable for increased and more intrusive attacks. The National Health-Information Sharing and Analysis Center (NHISAC) sums it up pretty well: “As the nation’s healthcare community continues to expand the integration of technology to support healthcare innovation, service delivery and HITECH Act implementation, unprecedented cybersecurity and privacy challenges continue to increase at a rapid pace.” HOW DO YOU PROTECT YOURSELF? The good news among all this alarming information is that you don’t have to play the victim. You can fight back, keep your cyber defenses up, and protect your data while your company performs with utmost efficiency and productivity. Cybersecurity strategy The best way to keep your data safe and secure is to adopt a comprehensive data security strategy that includes technology, timetables and employee buy-in. This takes a corporate commitment from your entire team (the right mindset) as well as a technology commitment (the right tools), along with a commitment to execution (the right follow-through). Security awareness training No matter how sophisticated and comprehensive your security policies, every business is susceptible to security breaches. The key is that everyone in the company is on board and committed to maintaining the highest security standards. It only takes a single fatal blow to sink the ship. Perpetrators on the dark web are counting on employees to be lax, lazy and unlearned in keeping data and passwords safe. Make sure everyone complies with your policies and procedures, and you won’t give hackers a chance to succeed. Strict password policies It is crucial that every user exercise care and caution in using passwords. Keeping track of them all can be difficult, especially if you have unique passwords for each account. Train your employees on the importance of those passwords and how to manage them and keep them secure, and use proper tooling to enforce password polices, centralize identity management, and increase security with multifactor authentication. Dark web scanning Routinely scanning the dark web for your company’s sensitive data is an essential step toward protection. These scans search hundreds of thousands of dark web sites to see if any company data has been posted, and if so, where. Advanced toolsets, previously available only to the FBI and CIA, can scour millions of dark web sources known for trafficking compromised credentials. Often the actual passwords can be captured, or an encoded password or encrypted hash is captured. Strategy assessment & refinement Businesses have to be more than simply committed to safe and secure practices today. They have to be prepared and equipped to wage war tomorrow and beyond because dark web perpetrators are motivated, their numbers are increasing, and they’re getting better at what they do. Rather than being satisfied to keep up with the perpetrators, businesses need to be a few steps ahead. That means being devoted to continued employee awareness, consistent training, and keeping up on trends and technology. The time you fall asleep or get lax is when you’re most vulnerable. The types of risks and the best practices for preventing them aren’t anything you have to invent. When implemented correctly, you don’t have to dramatically change your operational processes or take any action that will negatively impact or unduly overburden your business. You don’t need an MIT education or an Albert Einstein IQ. The key to security is preparation, process, tooling, and discipline. DMJ Keith Barthold is president and CEO of DKBinnovative, a Dallas-based IT managed services firm that specializes in cybersecurity. DKB offers secure, reliable IT solutions to Fortune 500-level as well as small- and medium-sized businesses globally. Established in 2004, DKB acts as a company’s virtual chief information and security officer to assist in planning, day-to-day execution, and future-proofing the organization. www.dkbinnovative.com. What’s The Onion Router?