A disturbing trend has been noted in cyber crime. As tier one businesses and practices improve their security measures attention is shifting to the largely under protected small and medium sized businesses. Attacks resulting in data breaches or sever systems compromises are showing up in the small to medium sized professional practices and businesses.
Typically security measures are lax or non-existent. Lack of staff, cost, and complexity head the reasons why thousands of smaller firms and practices don't institute even good basics, let alone best practice security measures. This is not lost on cyber criminals. While hacking into a small organization and stealing data is not as grandstanding or profitable hacking say the Social Security Administration it is still profitable and infinitely easier. With the level of sophistication available even the casual hacker can breach marginally protected systems. Real Cyber Criminals find it very simple and profitable.
The worst part is that the organization may not even know they have been compromised for weeks if ever. A breach of all the records contained in a practice could go virtually unnoticed until the stolen information is used for profit or publicized. Either way your practice is responsible for the breach and liable for the enforcement and civil penalties that follow.
That is what we can prevent.