There are countless security products on the market today. You can buy products from hardware firewalls, to anti-virus / anti-malware, to web content management, to email encryption, to log management platforms, the list goes on and on. All of these products have a place and help in protecting data and electronic protected health information (ePHI). But there is one place you can focus on that might bring the best return on investment (ROI). That would be employee training.
By investing in employee training and education on how to protect data you can enlist your employees to help in protecting data. If security is not seen as an obstacle but ingrained as part of normal workflow then everyone shares the responsibility of protecting data. No one wants to be the cause of a security breach. By training employees on the proper methods of protecting data you help them and make them more aware of the correct protocols and procedures.
You can and should invest in products that encrypt portable media (laptops, USB drives, smartphone, etc.) but it may be more beneficial to make sure your employees understand the risks associated with portable media and data security. By educating your employees you bring them a higher awareness of security. The software encryption that you purchased will help if a laptop is lost or stolen but education might prevent that laptop from leaving your office in the first place.
Educating your employees on security and protecting data will strengthen your overall security posture and you may find that it brings the best ROI for your security investment.