October was Cybersecurity Awareness Month, follow the conversation and do your part #BeCyberSmart.
This month we engaged our health IT community in cybersecurity awareness as we are all trying to meet the new challenges of working from home and through the pandemic. Check out our posts to see what they all had to say.
By Art Gross, President and CEO, HIPAA Secure Now!
Twitter: @HIPAASecureNow
Read other articles by this author
As we end this year’s Cybersecurity Awareness Month, never has it been more important to make sure that you are informed and making smart cyber choices in both your personal and professional life.
With the pandemic providing cybercriminals ample opportunity to take advantage of our uncertainties in many aspects, and with online activity through the roof in areas that many people weren’t fully prepared to deploy, the weakest link has become a bigger part of the chain. Telehealth presented healthcare with a tremendous opportunity to care for patients in the landscape of a global crisis, but not all systems were ready to integrate with that type of service. While we are getting into the groove with this “new normal”, we aren’t always sure of what areas are left exposed until they present themselves in a negative manner – for example with a breach. The healthcare industry was ALREADY a huge target for data compromises, but even more so today.
What Can We Do?
So how can you offset the dangers while still continuing to run your business successfully? With education and training. We know that you can’t shut down and send everyone off to cyber-school. But you can ensure that basic smart practices are in place and that employees are receiving ongoing cybersecurity training to keep them on their toes. In addition, it’s important to note that HIPAA has presented a set of rules and structures to work around but smart HIPAA practices don’t necessarily equal smart cybersecurity.
They complement each other, but they are completely different beasts. If an employee isn’t aware of the dangers of phishing scams, they can inadvertently expose all of your sensitive data. HIPAA rules aren’t going to teach them that. And what if a breach does occur, or someone mistakenly clicks on a link that is dangerous? What next? Time is of the essence so knowing what you need to do immediately is critical. And “calling your IT guy” isn’t always going to suffice – in fact, they can only help effectively if the right policies and procedures are in place, to begin with.
Human error accounts for the majority of breaches. Here are a few basic rules that should be standard in your practice:
- Never use the same password for multiple platforms
- Don’t leave passwords written down or visible
- Do not log on to personal accounts from business devices
- Educate your team about phishing – hover before clicking!
- Make sure your devices have screen locks enabled
- Always enable two-factor authentication (2FA) when available
It takes a little bit of time NOW to get set up with the right infrastructure so that you can not only avoid cybersecurity mishaps but also thrive in the wake of one if it does happen.
This article was originally published on HIPAA Secure Now! and is republished here with permission. HIPAA Secure Now offers annual online subscriptions to help covered entities and business associates keep up with compliance. Learn more here.
HIPAA Secure Now! now offers PHIshMD training for CEs and BAs to help protect your organization from security threats.
Technology safeguards put a virtual wall around your network, but what happens when the bad actors climb over that wall? It’s up to your employees. Over 90% of breaches get caused by human error according to Kaspersky Lab, and if you’re not educating users HOW to protect your organization in this ever-changing threat landscape, your organization could be next. LEARN MORE