By Charles Killmer, Security Officer, Netgain
Twitter: @NetgainHosting
Are you reading this blog from your phone or tablet? If so, you’re in good company. Mobile devices accounted for 51 percent of internet usage worldwide in October compared to 48 percent by desktop.
In healthcare, mobile trends are similar. Sixty-three percent of physicians use tablets to access medical research and 44 percent use smartphones to communicate with nurses and other patient staff.
As summer approaches and vacations are on the rise, mobile security becomes even more prevalent. Your providers may be accessing records from their tablet at their lake cabin and your staff may be checking emails on their phone while on summer vacations.
Before I share my tips for mobile security, I should share one caveat. I am biased toward Apple products because of their inherent security features. Many of these mobile security tips are simply taken care of if you’re using an iPhone or iPad. For Apple users, my three recommendations are these: don’t jail break your phone, use a password and keep it patched with Apple’s recommended upgrades.
With that said, here are 7 tips to help manage your mobile security:
1. Encrypt all mobile devices
With Apple products, encryption is automatically enabled by enabling a passcode. For other operating systems, encryption must by physically enabled and verified on each device. Encryption will ensure that information on the phone is not compromised if someone else gains access to your device.
2. Train your users on safe mobile practices
Your users are your greatest threat when it comes to mobile security, as with social engineering. Ensure your users know your mobile policy, how to properly access their work data remotely and keep their mobile devices current with mobile security best practices.
3. Inventory all mobile devices
This gets tricky with personal devices and Bring-Your-Own-Device (BYOD) policies, but having a list of all mobile devices that touch your network or are used for professional purposes by your staff can prevent trouble in the long run.
Tools like mobile device management software can help your practice identify and log which devices access your network and set policies for required upgrades, passcodes and other best practices.
4. Perform regular patches
Hackers often target devices with outdated software versions that have security gaps and vulnerabilities. Keeping current with regular patches and mandating operating system upgrades on mobile devices will help keep your users and your practice more secure.
Check the software update settings on your mobile devices to ensure you have the most recent patches or enlist the help of a mobile device management software to mandate these updates across your user-base.
5. Don’t download data locally
If your practice is in a hosted environment, educate your users not to download sensitive data (ie, patient charts, emails or reports) to their local device. Storing this information locally removes one more barrier if the device ends up in the wrong hands.
6. Use application whitelisting
Application whitelisting is incredibly effective at blocking malicious applications and prohibiting your users from downloading applications that are not “pre-approved” by your practice (Read more about application whitelisting).
Apple users rejoice; application whitelisting is built into your iOS. Proceed to the next tip!
For Android users, there is not an application whitelisting option, but I recommend using anti-virus on your mobile devices. Though anti-virus is only 40 percent effective, it will catch a fair amount of the malicious content trying to penetrate your network.
7. Use encrypted email
Secure, encrypted email adds an extra layer of protection to your mobile devices. Device encryption protects the information stored on the device, encrypted email protects information when sent between email addresses. Educate your users on when to use encrypted email, like sending patient information or medical communication with individually identifiable health information. Note, using encrypted email for ePHI, while secure, may not satisfy Meaningful Use requirements.
Mobile Device Management software can help you enforce mobile security practices for your organization. These tools audit which devices are connecting to the network, if they’re using a passcode and if they have the most recent software version, among other things.
The use of mobile devices can enhance user productivity on-the-go, but it can also compromise your organization’s sensitive data. Protect your practice by educating your staff and enforcing best practices as policies.
This article was originally published on Netgain and is republished here with permission.