The Regional Center for Blood Donation and Hemotherapy (Regionalne Centrum Krwiodawstwa i Krwiolecznictwa or RCKiK) in Warsaw is comprised of 10 territorial branches and 5 ambulances that facilitate mobile blood collection, and supply more than 150 liters of blood and blood components to more than 100 hospitals every day. Other customers include clinics and institutes that perform thousands of complex operations, transplants, transfusions and other procedures for which blood or its components are required.

As a medical institution, the RCKiK in Warsaw processes a huge amount of sensitive data containing information about the health of its donors. Until recently, most of the data was processed through paper records, but with technological developments, the digitization of data has become the norm. This switch has introduced a new threat of cyber-attacks and sensitive data leaks through accidental or intentional sharing. This has posed new challenges for the RCKiK.

The security of donor and patient data is a priority for us. That’s why we decided to introduce another technological solution that will ensure comprehensive protection, compliance with regulations and further increase the effectiveness of IT systems securing our facility,

says Karol Pszkit,
Head of the IT Section at the Regional Center for Blood Donation and Hemotherapy in Warsaw.

Medical identity theft occurs when someone uses identifying information related to another person’s health without that person’s knowledge. This can include his or her personal information, home address, registration number and medical records. Unauthorized individuals can use this information to purchase drugs, access reimbursed medical services or file false insurance claims, among other things. Additionally, stolen donor data can be used for other identity fraud.

With more than 300 employees, it’s difficult for us to monitor whether each of them is following procedures correctly. Safetica does this for us, so we know how our center’s processing is going. An additional advantage of the software is that it also performs an educational function in the organization, informing employees whether certain actions on files are appropriate – this is an additional element of protection against accidental data leakage,

explains Karol Pszkit of the RCKiK in Warsaw.

Safetica’s well-configured rules enable the software to detect when sensitive data is about to be mistakenly transmitted, and promptly notifies the employee with a warning message about the potential risk of their action. If the user has the authorization to perform such operations, he or she is allowed to complete the task after giving the necessary explanation to network administrators. Thanks to the fact that Safetica DLP allows continuous monitoring of activities on data, the resources of the Regional Center for Blood Donation and Hemotherapy in Warsaw are even better protected, and employees are aware that the correct way of doing things contributes in a practical way to maintaining the required level of data security for employers, patients

Before implementing the Safetica solution, we received a test version along with training on how to use the management console. The implementation itself went quickly and smoothly. An additional advantage is the exemplary technical support from certified engineers. If we have any questions, we seamlessly receive comprehensive and express assistance,

concludes Karol Pszkit.

Have you been using Safetica to its fullest? Any time you implement a solution into your ecosystem, it is wise to double-check that everything is set properly. Find out if Safetica is implemented well into your environment and that you are getting the most from all of the features. Our Customer Success team is ready to perform your Health Check! Make sure that Safetica is set right, so it can do the job it was built to. 

At Safetica, we offer a variety of professional services, and Health Check is one of them. Our Solution Engineers have experience from hundreds of Safetica deployments, from small companies all the way up to international projects with thousands of endpoints.

What to expect from a Health Check?

The goal of the Health Check is to provide recommendations for changes to the configuration, help you with implementation, and show you the best practices. We believe that data security is the foundation of your business growth! That’s why we want to make sure that your environment is covered, that Safetica protects your data efficiently, and that you are aware of all the features that might be useful for your organization.

What are the benefits of a Health Check?

After a successful Health Check, you will be provided with a Service completion report, including a complete protocol and a list of post-check recommendations.

You will know what next steps you should take to achieve the best data security in your organization. Health Check will help you to have a healthy, effortless DLP!

How should you set up your security policies for your employees working from home? What are the potential culprits of a remote workforce? And is BYOD putting your organization at unnecessary risk of a data breach? Some love it, and some hate it, but there’s no use turning a blind eye to the massive surge in the number of employees working from home.

Ever since covid turned the world upside down in 2020, working remotely became the norm… and a new threat to data security. Covid-19 sent employees packing (to their home offices). Across the globe, workers have been working from home, but not every company has managed to keep up with the security policy department.

Based on the 2022 Verizon Data Breach Investigations Report, 82% of all data breaches involve the human element. You probably know all too well by now how hard it is to keep those humans in check (security-wise), even if they’re all in the same building. But making sure everyone is being safe when they’re out of sight? Are you sure your work-from-home guidelines for employees are up to date?

With 8 in 10 people working either in a fully remote or hybrid environment (and the numbers are expected to rise, based on a 2022 AT&T study), figuring out and maintaining a work-from-home policy is not just important; it’s critical to any organization’s security.

 These are the top things to keep in mind if your organization employs remote workers: 

What are the security risks of working from home?

First of all, let’s be clear about one thing: It’s called “work from home”, but unless you are specifically restricting your employees from working outside of their residence, they could be all over the place: from a cafe downtown to a beach on the other side of the world.

That requires smarter planning, stronger policies, and better communication with employees on your part.

Remote work poses a wide variety of cybersecurity risks due to all the potential scenarios and versions of remote work. Some potential considerations:

• Without an IT department in the office next door, your remote worker may struggle with their limited IT skills.
• What type of networks are your employees connecting to? Are they using public wifi?
• Are you providing hardware for remote workers, or are they using their own devices?
• Is your infrastructure cloud-based to allow for a more functional work-from-home solution?
• What are your employees’ work habits? Could they be endangering your data with their behavior? 

The most important work-from-home security policies

Which security you set up for your organization will depend on your specific circumstances. But you don’t need to reinvent the wheel.

There are numerous regulations already in existence that your organization may or may not need to comply with that already specify the most important remote work policies.

You can also use ISO 27001, a major guideline for the establishment of an effective information security management system, to set up the best possible data security policy for your organization. Learn more about ISO 27001

Some areas that will always need to be addressed are:

Securing networks

It can be as simple as making sure that your employees’ home wifi router isn’t still on the default password and insisting they never use public wifi when connecting to your organization’s systems unless they use your organization’s VPN (a virtual private network).

A VPN will encrypt data being sent and received, preventing data leaks. It’s like a disguise for your employees’ online identity and your sensitive data.

Multi-factor authentication

Enforce a strong password policy and require changing passwords periodically, but don’t stop there. Have your employees use two-factor authentication to log onto your organization’s systems as an extra layer of protection.

This can be anything from utilizing single-use passwords to using biometrics.

Two-factor authentication can dramatically reduce the success of phishing and malware attacks since they often rely on stealing information such as passwords to infiltrate a system.

Have you heard of Zero Trust? The Zero Trust Approach is an evolving data loss protection model based on the need to authenticate and authorize any access to the network because trust is not assumed even if it has already been granted. It’s a great tool that can help you set up your authentication requirements.

Encryption

Encryption means that data from emails and documents is encoded, and only authorized parties can access and decipher it.

Sure, every device has an encryption option (but is it turned on?), but you can also implement data encryption software to protect your organization. Encryption is also used to protect sensitive data that is transferred between employee devices and company servers.

Using a VPN will encrypt data going to and from your remote worker through the internet.

Up-to-date software and security systems

Make sure all of your employees working from home have up-to-date firewalls, software, and security systems on all of their devices. You want all security patches to be activated as soon as they come out so that any vulnerabilities in the system are managed.

This can be harder to achieve in the BYOD (bring your own device) model. More on that is below.

Communication and support

Provide clear channels of communication. Educate your employees on how to report any suspicious online activity. Instruct them on how to spot a phishing attempt or security breach. Do your work-from-home employees know who to talk to in case a security issue comes up? Have someone within each team act as the go-to contact and provide guidelines for what types of issues should be reported.

Safe behavior

Talk to your employees about safe behavior – Are they working in an environment where people can easily see their screens? Do they know not to share sensitive information over messaging systems or on social media? Are they doing enough to prevent hardware theft?

Dedicated DLP Systems

Dedicated DLP (data loss prevention) systems such as Safetica’s solutions use a centralized and automated system to monitor and report on everything happening in an organization’s cybersecurity landscape – on-site or off. You will feel more secure knowing that no matter where your employees are, your organization’s sensitive data will remain safe.

Dedicated DLP vs Integrated DLP: Which one makes sense for your organization?

How to explain and enforce security guidelines

For in-house employees, you can use things like posters and LED visuals to spread security messages around the office. You’re also more likely to see questionable behavior or notice the need to distribute that new security brochure you spent too long putting together.

For work-from-home employees, out of sight and literally off-site equals fewer possibilities to have any physical effect on the people you work with. You’ll need to think out of the box and remember that it’s much easier to forget about policies (even if it’s by accident) when you aren’t in the office.

Learn more about educating your employees about data security.

Specifics of BYOD when working from home

If your remote employees use computers and other devices that your organization provides to them, you are able to make sure that all equipment and software comply with company standards and policies.

While BYOD has obvious advantages, such as reduced costs and potentially greater mobility, it also poses a greater security risk for your organization. 

  Let’s talk about data security

Why are cybercriminals targeting small and medium businesses (SMBs)? For one, they are seen as easier targets than large enterprises. They often have less sophisticated security measures in place, possibly failing to use dedicated data loss prevention software, making it easier for hackers to gain access to their data. Additionally, smaller businesses may not have the resources to invest in the latest security technologies and DLP solutions, leaving them vulnerable to cyber threats.

But based on our experience, smaller businesses tend to underestimate cyber security, which is ironic considering how devastating the impact of a data breach can be for these businesses.

The good news is that implementing effective data protection strategies is easier and more cost-effective than ever before.

The devastating consequences of data loss

A huge company may suffer more attacks than a small organization, but it also has much larger resources to leverage when dealing with the aftermath. So even though you probably won’t find yourself on our annual biggest breaches list, your business could still be wiped right off the map.

But let’s back up. What data should SMBs be worried about protecting, and what are the specific data security threats they face?

What types of sensitive data do SMBs own?

One of the most important things to remember is that sensitive data is the most valuable asset that your company can possess. The reality is that almost all businesses have personally identifiable information (PII) or protected health information (PHI) on their networks.

 And so, maybe surprisingly, every company, especially those with limited budgets, should prioritize securing their sensitive data.

Cyber Crimes Affecting SMBs

Before we talk about the biggest external cyber security threats, it’s important to keep in mind that the latest studies have shown that up to 95% of data leaks are caused by insiders. More than half of these are unintentional, proving the importance of educating your employees.

According to the ITRC’s 2022 Q1 Data Breach Analysis, 92% of data-compromising incidents were a result of a cyber-attack. SMBs are often targeted because they may have weaker security systems in place, making them more vulnerable to these types of attacks.

The top external cybercrimes affecting smaller companies

Phishing

Phishing attacks involve a cybercriminal convincing an individual to provide sensitive information through email. The hacker poses as a trusted entity to trick the person into divulging usernames, passwords, account numbers, etc. Those are then used directly or indirectly for the financial gain of the hacker.

Phishing can also happen via phone, text message, or social media. Learn more about phishing.

Malware

Malware is a type of software that infects a computer or network. It’s installed without the user’s knowledge and can be spread through phishing emails, for example, in an email attachment or through a link that the user clicks on.

The goal is anything from gathering sensitive data or spying on a user’s activity to crashing the entire system.

Ransomware

Ransomware is a special type of malware, and it does exactly what it sounds like it does. Ransomware locks up your computer or encrypts your data and demands payment for access to be restored and the ransomware to be removed.

DDoS

DDoS attacks can be really harmful to SMBs because they disrupt the business’ normal operations by overwhelming its servers and/or internet connection. A DDoS attack sends so much traffic to a computer or network that it comes to a standstill, causing websites to crash and ultimately stopping people from buying products or using online services.

Safetica offers DLP software perfect for SMBs

Data loss prevention (DLP) has always been one of the most critical components of a comprehensive security strategy, but now, with the expansion of digital tools and remote workspaces, your focus on DLP should be higher than ever.

A cloud-native, dedicated DLP is the perfect solution for smaller businesses. Why? You don’t need your own servers or databases. Safetica NXT is designed to run efficiently and reliably in the cloud. Start detecting insider threats and risks, preventing data leaks, and recording incidents in a matter of minutes.

We believe that security should never be at the expense of productivity, no matter how complex your organization’s ecosystem is. We make sure to work with organizations in a way that takes the stress away, not piles it on.

Get a Free Trial