This is Part 1 of a three-part blog series that details 10 ways Healthcare and Life Sciences customers can protect themselves from data breaches. Part 2 and 3 are coming soon.
2018 has been a year of cyber pain for Healthcare and Life Sciences companies. Every week, we have seen companies and governments falling victim to data breaches and insiders threats. The financial impact of a data breach, according to HIPAA journal, is $408 per record. The annual cost of a breach has risen 6.8% according to the Annual Cost of a Data Breach Study by the Ponemon Institute/IBM Security. The costs of data breaches are growing faster than the revenue of these organizations, impacting top-line as well as profits. Customers are increasingly becoming concerned to bring business to these organizations. After a cybersecurity breach, many medium and small healthcare organizations are facing an existential crisis. Data breaches in Healthcare companies are becoming a hot topic for many security organizations and continues to inflate the cost of healthcare around the world.
The good news is that Healthcare and Life Science companies are increasingly becoming aware of the threats. Do companies have the necessary expertise and tools that are required to keep them away from being in the news for the wrong reasons? This article details three steps that Healthcare and Life Sciences companies can follow to better protect themselves against data breaches in Salesforce.
1. Know Your Data
Identifying what sensitive information you are storing is arguably the first and most important step you can take when protecting from data breaches. According to this Ponemon study, nearly 25% of security professionals do not know where their organization’s sensitive structured data resides, and an additional 60% have only limited knowledge. This problem tends to be pervasive in organizations that are going through digital transformation and cloud migration processes. By recognizing sensitive data and classifying it, you can determine the potential security loopholes in your Salesforce data model. A Risk Assessment of this data will position you to better identify the threat posture of your organization.
2. Identify the Blind Spots and Enforce Restrictions
More than 70% of the data breaches happen from inside the organization. These breaches are not sophisticated attacks, but occur due to additional access to data and information that are not essential for the employees' job functions. Giving unrestricted and unfiltered access opens up the possibilities for employee breaches and bad actors from within the organization. Backdoor entry to critical data leads to insider threats. Companies using Salesforce should take a closer look at auditing profiles, permission sets, and user sessions in your organizations. Closing the backdoor entry by using Single Sign-On systems and multi-factor authentication is critical to address those blind spots. Businesses should continuously monitor their Salesforce environment to ensure employees and customers only have access to vital information necessary for their duties. Restrictive data permissions are essential to ensuring these types of breaches do not occur and a lack of enforcement opens your data to unwarranted risks.
3. Encrypt Your Data
From ePHI to PII data of customers to employee social security numbers, bad actors inside and outside the company are on the hunt for sensitive information. Being able to identify sensitive information as mentioned in tip number 1 ensures that you can focus on encrypting the right data. Salesforce Shield will help you to encrypt your data at rest. You can bring your own keys to ensure the data is encrypted with your organization's certificates and keys. Switching the encryption keys every month or quarter, depending on the sensitivity of the information, ensures that you are more secure from potential outside data breaches. After you encrypt, make sure to audit the data model and encrypted fields to ensure the risks are assessed correctly and your organization has incorporated Salesforce best practices.
About ComplianceSeal and Shield Toolkit
ComplianceSeal is a Security Platform between for Salesforce to meet security requirements for Healthcare and Life Sciences, Financial Services industry. ComplianceSeal helps healthcare organizations to classify and monitor sensitive and confidential information in Salesforce. ComplianceSeal helps healthcare organizations using Salesforce applications to be HIPAA, FDA, HITECT 2.0 compliant.
Shield Toolkit removes barriers to the adoption of Salesforce Shield by automating encryption of sensitive information, Field Audit History, and real-time security monitoring. Customers use Shield Toolkit to ensure they are leveraging Salesforce Shield and protecting the critical assets in Salesforce and increasing the security posture.