I was talking to a dentist I know last month—let's call him Dr. Smith. Dr. Smith runs a great, busy practice, and he told me flat out: "Honestly, I don't stress about HIPAA audits. We aren't a massive hospital network. The regulators have bigger fish to fry."
It’s a comforting thought, but it’s completely wrong.
What goes through your brain when you think of data theft? Chances are it’s probably some hacker in a dark room wearing an even darker hoodie, staring at lines of code well into the night. This misconception of data theft is the exact opposite of the reality; data exfiltration is incredibly boring, quiet, and sometimes completely invisible to the untrained eye. Instead of happening overnight, it will happen over the course of 30 days or longer, and it’ll happen right under your nose if you’re not paying attention.
“Our systems are running okay right now. Let’s just wait and see how things go before we invest in upgrading our IT.”
Whenever we see this sentiment echoed in the small business community, our technicians break out in a cold sweat. The wait-and-see approach might seem fiscally conservative and responsible, but in reality, it’s anything but. It’s not a strategy; it’s unhedged financial liability.
It only makes sense that, when an employee leaves your business, you would collect any company-owned devices they used during their tenure. This is undeniably important to do, but it is also important to remember all their digital resources, too. Cloud licenses and similar subscriptions that go uncancelled create numerous problems that your business simply shouldn’t have to contend with.