Speaker Jeff Bell offered a bit of irony at the start of his cybercrime program Tuesday morning by admitting he left his cell phone in a taxi cab the day before, one of the most preventable causes of data breaches. Fortunately, he had a tracer app that ensured the return of his phone, but not before suffering a bout of anxiety.

“I don’t have to convince you the impact of cybercrime is growing with no end in sight,” said Bell, director of IT security and risk services for CareTech Solutions in Troy, Michigan. “You need to take actionable steps to lower your risk of being a victim.”

Bell told attendees at the Cybersecurity Command Center in the McCormick Place North Hall that data breaches and cyberattacks “are no longer rare events and that you will probably be breached in the next two years.” Documenting the growing threat is a recent PriceWaterhouseCoopers survey on cybercrime, which found that approximately 3,000 U.S. companies were notified by the FBI that they had been victims of cyber intrusion last year.

Therefore, healthcare organizations need to think in terms of an imminent attack and follow a menu of preparation steps that include secure configuration, vulnerability management, strong authentication, security monitoring and incident response.

Secure configuration is discouraging breaches by reducing the attack surface and giving hackers very few ways to intrude, Bell said. It starts with a secure baseline from a publicly vetted source, such as the National Institute of Standards and Technology, the Center for Internet Security Benchmarks, the U.S. Government Configuration Baseline and the Department of Defense’s Security Technical Implementation Guides.

Vulnerability management is a continuous information security risk management process, “one of the cornerstones of security,” Bell said. Vulnerability scanning is a highly recommended investment, he said, and should be run at least once a month.

“Every time a vulnerability surfaces, the attackers are racing to weaponize and exploit that weakness,” Bell said.

Strong authentication is another critical element, Bell said, because most breaches involve compromised credentials, such as in the cases of Anthem, Target and HBGary. Passwords are another vulnerability because so many people use weak log-ins, but Bell said more complex passwords would only result in minor improvement in the era of sophisticated phishing attacks and fake websites. As for multi-factor authentication, he said “use it when the risk level justifies it.”

Bell also recommended investing in security information and event-monitoring technology as a primary tool to collect and consolidate all security monitoring data. “SEIM can be used to detect a targeted attack and indicators of compromise,” he said.

Finally, incident response is critical to discover the nature of an attack and organizations that methodically follow preparation protocols should be ready to handle that process should it arise, Bell said.