1. Your Cyber Security: The scope of your risk is broad and growing To understand the nature of the risk landscape look at the presentations here today-begin to assess your priorities

2. Your digital perimeter is getting bigger and bigger  Networking hardware and software  Cloud storage, audio and video conferencing  Remote access and data stored locally as part of that process  Wireless access points as an entry way to network  Digital printers, hard drives, digital fax and the paper they produce.  Laptops. Mobile Storage Devices  IT Policies and Practices – Process, compliance and PEOPLE  And the list just keeps growing And more and more difficult to defend.

3. HIPAA requires you to  Have a plan to evaluate data and network security, including data shared with partners, auditor, software vendors, etc.  Investigate any breaches of data or network and report it.  Notify all affected.  Take reasonable steps to protect them from potential loss financially or personally from the disclosure of the information. These requirements are part of existing regulations and should be included in privacy, compliance and auditing standards.

4. You must take action  Educate leadership about the law and the potential negative impact on the organization financially and its community reputation. This is an executive responsibility.  Study your system and identify your organizations individual vulnerabilities. Internal Network, Cloud, Mobile, Software, Wireless, IT Policies, etc.  Prioritize the issues and apply resources based upon those priorities. Maintain a written plan and update it with actions taken over years. Make sure the plan is reported on at the highest level of the organization. Advocate for the resources you need!  At some point you need someone from outside to validate your assessment and test your assumptions. Ethical Hacking is the real way of testing your system!