Testing proves you Secure Important Data   

"You need to know that your investment in technology is protecting you from data losses and public breaches."  

Business partners, clients, and regulators require that you regularly test your websites, networks, and devices for known vulnerabilities and misconfigurations.    You test to ensure I/T service providers are diligent, to prioritize future upgrades, and for simple peace of mind.   If you don't find the vulnerabilities in your websites and networks, outsiders will. 

Working Security Testing Services include:

  • Scanning your networks, computers, and websites for vulnerabilities
  • Evaluating your wireless networks for insecure configurations
  • Penetration testing critical application and devices
  • Validating staff awareness through Social Engineering techniques
  • Delivering a risk prioritized plan to address vulnerabilities in the right order
  • Working with your teams to close issues and document success

Working Security delivers vulnerability reports, ethical hacking services, and penetration tests.   We provide testing services on-site at your business and remotely by virtual private network (VPN) connection.   All test services come with detailed technical results, prioritized to allow immediate mitigation of identified weaknesses.   Our reports and matching action plans allow you to demonstrate a responsible standard of care for the data you hold for partners, clients, and customers.

Contact a Security Advisor today to start your test. 

  • Risk Assessment in the Spotlight

OCRRisk assessment for healthcare providers and business associates is again in the spotlight.   The Department of Health and Human Services is gearing up for a new round of HIPAA audits.   At this point they are surveying 1200 firms and will include business associates.   The results of the survey will be hundreds of audits.  Of continued interest in this round are risk assessments.

Why does risk assessment keep jumping to the front?   Any time we hear of a breach of personal information an investigation follows.   It's very rare that an organization has done nothing to secure data.   The problem is they've done the wrong things.

Risk Assessment is the missing first step in the processing of establishing an effective Information Security program.   It creates a prioritized roadmap for firms to address information security issues.   In short, it tells an organization where to spend their time and money most effectively.  

Too many organizations fall victim to product based compliance schemes thinking that purchasing specific software or hardware products will make them HIPAA compliant.  

When risk assessment is cited as a shortfall, it's a good sign the organization was spending money on security, but wasn't making informed decisions.

The difference between demonstrating due diligence in securing information assets and not can sometimes be as simple as producing the results from an annual risk assessment.   

"We understood that risk, but didn't mitigate it as well as we could," is very different than saying "We never throughout about that risk and instead thought our anti-virus would protect us."   

Resulting costs can include millions of dollars and significant patient attrition.

Read More