In The Help Me With HIPAA podcast IT and CyberSecurity are Not The Same (Ep 325), Donna has left David to do the podcast alone! No, she is not crazy. Gary Salman the CEO of Black Talon Security came by to babysit David and they had a great discussion on the wonderful world of cybersecurity.
What is the difference between IT vs. CyberSecurity? IT is about creating and implementing systems to store and share information digitally, whereas CyberSecurity is focused on protecting that digital information. Is it important to understand the difference? Yes, most people think that if they hire an IT company that looks after the computer system that they are all set. Maybe they are, but only if a computer malfunctions or a printer loses connection to the network. Yes, the IT company would be very equipped to handle that situation. But, how are they protecting the data on your network? There are some overlaps between IT and Cybersecurity teams, but a cybersecurity firm is primarily focused on protecting the network and data.
David and Gary talk about firewall protection, antivirus solutions and email hosting. But a solution that stood out to me was the old school air gap method. This is where you could actually have an external hard drive that you would use to back up your computer system each night or at least a couple of times a week. The external hard drive would be stored in a separate and secure location. If your data was stolen or corrupted, you would have a copy that you could restore relatively easily. Of course, you would need to encrypt the external drive, in case it got lost or stolen. Of course, there are risks with this solution too. You are relying on humans to remember to do the backups and not lose the device… but it is a plan.
Another major takeaway from this episode is that your business should have a budget for IT that will cover the actual systems, computers and if you need help installing and troubleshooting issues. You should also have a separate budget for cybersecurity. This budget will include things like running vulnerability scans, data management and performing a security risk analysis on your network devices…just to name a few. Listen to IT and CyberSecurity are Not The Same (Ep 325) to hear a summary of services your IT and cybersecurity teams should be doing for your business.