At this very moment, we might be thinking of launching a new business, buying something online, having a meeting online, consulting doctors, sending reports, opening a new account, or subscribing to some page or channel. However, do we notice that all of these thoughts are directly related to the cyber world? Isn’t it surprising how all of our day to day life got engaged into these areas and that we are doing it subconsciously just like a part of our daily routine?
What we don’t know is that we are constantly exposing ourselves to the vast world of probable information leakage. At any time and any moment, someone can get into our nerves and break into our personal information that is available throughout the internet, especially the sensitive information that we share as a patient.
This is where compliances come into the picture.
We often misunderstand the terms Security and Compliance and try to put it together. In fact, these two have different definitions and purposes in the cyber security field and in the field of protecting our information from getting into the wrong hands.
Although these two share the same goal of PROTECTION, they focus on different actions.
Let’s see how these differ from each other by definition:
Security: It focuses on the precise set of tools, processes, and technological firewalls that defend unauthorized access to our information and physical devices.
Compliance: Unlike security, it is more concentrated on the controls of how the information is distributed and accessed by different layers of users via a set of regulations and rules, keeping the business side of it.
Let’s see which compliance is suitable for our website or business:
Stands for “Health Insurance Portability and Accountability Act”, and applies to companies or websites who deal with sensitive patient information. This compliance is precisely designed and well recognized in the USA. In fact, it’s mandatory for such businesses in order to handle Protected Health Information (PHI) data.
It makes sure that both the website and the server hosting the information of all the patients go through a strict set of rules and regulations as a checklist in order to avoid probable data breach and unauthorized data sharing. Violation of HIPAA rules in aUS based business can cost upto $10 million depending on the breach depth. Without any prior notice, a fine may be charged any time once noticed by the security experts and reported.
General Data Protection Regulation (GDPR) is a set of regulations designed for EU based businesses where privacy of the information transferred between the EU member states are secured. Violations to these standards cost beyond imagination.
In September 2018, British Airways reported ICO of a breach of personal data of approximately 500, 000 of its users. A hacker stole user data, including names, addresses, credit card details, and booking details of passengers by diverting users to a fraudulent website. Due to poor security management, they fined BA with a whopping £183.39 million.
The Center for Internet Security (CIS) is a security benchmark set by experts of the cybersecurity world for best practices. Right now, over 100 benchmarks are available for assets in 14 technology groups, including Microsoft, Cisco, AWS, and IBM.
CIS deals with the security of existing devices, users, networks, applications, data, and it is best known for its standard procedures of minimizing the vulnerability of any organization at any level. Cyber security experts follow a predefined set of benchmarks by defining the business type and providing defensive measures.
No matter what type of business we are running, if it is connected to the network in any way, then it’s vulnerable. Taking enough precautionary measures on time is crucial for any business where money and time both run exponentially.