IT Security Guide for DD Board Superintendents
DD leaders, are you….
- Making the right data security investments for your Board?
- Unsure of your cyber risks or whether sensitive computer IT is protected?
- Worried about information security and not sure where to start?
At Eagle Consulting Partners, we have 17 years of experience providing HIPAA compliance and information security risk management consulting to over 70 of Ohio’s county Boards of Developmental Disabilities.
We have compiled an IT security guide that will act as a roadmap for DD Board leaders to follow, with special focus on the needs of small and medium county DD Boards.
What Are the Worst-Case Scenarios?
During a Security Risk Assessment, we look at the following worst-case scenarios for DD Boards:
- Major Data Breach– this breach would expose all of the Protected Health Information (PHI) in the Board’s IT systems
- Loss of Data– a complete loss of all the Board’s data, including the inability to restore data and/or loss of backups
- Major Operational Disruption– disruption of Board’s day-to-day function due to downtime or unavailability of critical IT systems
A major data breach could easily cost over $100,000 for restoration of data and systems, as well as hefty HIPAA fines, for even the smallest County Board. Larger Boards could see costs soaring into the millions.
With these daunting costs, it makes sense to invest the time and resources ahead of a potential breach to protect your Board’s data. Proactive measures, such as a Security Risk Assessment, a Technical Vulnerability Analysis, and a Disaster Recovery Plan, can save hundreds of thousands (or millions) of dollars in the long run, and give you and the families you serve the peace of mind that your systems are as safe as possible.
An ounce of prevention is worth a pound of cure.
State, County, and Local Governments Prime Targets for Ransomware Attacks
According to a recent report…
In the first nine months of 2019, at least 621 government entities, healthcare service providers and school districts, colleges and universities were affected by ransomware. The attacks have caused massive disruption: municipal and emergency services have been interrupted, medical practices have permanently closed, ER patients have been diverted, property transactions halted, the collection of property taxes and water bills delayed, medical procedures canceled, schools closed and data lost. (1)
Of these attacks, 130 of the victims were state, county, and municipal entities, as well as school districts and other educational organizations.
Why are public entities such attractive targets?
There are many theories as to why the public sector is continually targeted by cyber criminals…
- Government agencies often do not keep their systems updated, using older operating systems, hardware, and legacy software. Additionally, they do not have backups of their data, making them an all-around easier hack. (2)
- Many government agencies do not consider IT security a big enough priority to allocate funds in that direction. Without proper IT staff, “agencies do not have standardized cybersecurity processes … which impacts their ability to efficiently gain visibility and effectively combat threats.” (3)
- “Governments have access to a tremendous amount of sensitive data about their citizens,” and selling this data on the dark web is a lucrative endeavor. (4)
- Due to lack of time and resources for training, employees are more susceptible to phishing scams and social engineering attacks.
Our Exclusive IT Security Guide
Cyber Risks are Not Isolated to the IT Department
Here is a sneak preview from the report:
For Ohio County DD Boards, cyber risks are no longer isolated to the IT Department. Information security incidents represent critical risks to the agency’s operations, disrupt services to the community, and can total hundreds of thousands or millions of dollars in financial impacts. DD Boards of all sizes cannot afford to downplay these risks.
To superintendents at small and medium county DD Boards, the challenges can seem insurmountable without the heftier budgets and sizeable IT Departments of Ohio’s larger counties. Fortunately, agencies in smaller counties are just as capable of developing robust and secure information systems that provide many benefits to the Board.
This roadmap has four major themes:
- Cyber threats to DD Boards have never been higher.
- Boards must invest in secure information systems to avoid potentially crippling impacts and to improve operations and service delivery.
- Information security can seem overwhelming, but Boards can achieve major benefits by just doing the basics well.
- Board leaders don’t have to go it alone. Instead, they should partner with experts and follow the examples of others.
In This Report You Will Learn About…
- Major cyber risks to DD Boards, including ransomware and data breaches
- Warren County DD Board’s information security transformation
- The importance of leadership support for successful IT security
- The top 11 security controls to prioritize
- The importance of expert partners
- Criteria for selecting an IT service provider
After the IT Security Guide, explore our solutions for Ohio county DD Boards.