We’re halfway through this year’s Cybersecurity Awareness Month and never has it been more important to make sure that you are informed and making smart cyber choices in both your personal and professional life.
With the pandemic providing cybercriminals ample opportunity to take advantage of our uncertainties in many aspects, and with online activity through the roof in areas that many people weren’t fully prepared to deploy, the weakest link has become a bigger part of the chain. Telehealth presented healthcare with a tremendous opportunity to care for patients in the landscape of a global crisis, but not all systems were ready to integrate with that type of service. While we are getting into the groove with this “new normal”, we aren’t always sure of what areas are left exposed until they present themselves in a negative manner – for example with a breach. The healthcare industry was ALREADY a huge target for data compromises, but even more so today.
What Can We Do?
So how can you offset the dangers while still continuing to run your business successfully? With education and training. We know that you can’t shut down and send everyone off to cyber-school. But you can ensure that basic smart practices are in place and that employees are receiving ongoing cybersecurity training to keep them on their toes. In addition, it’s important to note that HIPAA has presented a set of rules and structures to work around but smart HIPAA practices don’t necessarily equal smart cybersecurity.
They complement each other, but they are completely different beasts. If an employee isn’t aware of the dangers of phishing scams, they can inadvertently expose all of your sensitive data. HIPAA rules aren’t going to teach them that. And what if a breach does occur, or someone mistakenly clicks on a link that is dangerous? What next? Time is of the essence so knowing what you need to do immediately is critical. And “calling your IT guy” isn’t always going to suffice – in fact, they can only help effectively if the right policies and procedures are in place, to begin with.
Human error accounts for the majority of breaches. Here are a few basic rules that should be standard in your practice:
- Never use the same password for multiple platforms
- Don’t leave passwords written down or visible
- Do not log on to personal accounts from business devices
- Educate your team about phishing – hover before clicking!
- Make sure your devices have screen locks enabled
- Always enable two-factor authentication (2FA) when available
It takes a little bit of time NOW to get set up with the right infrastructure so that you can not only avoid cybersecurity mishaps but also thrive in the wake of one if it does happen.
You can learn more about PHIshMD, our ongoing cybersecurity training program complete with weekly micro-training videos, dark web monitoring, simulated phishing and so much more, here: https://www-new.hipaasecurenow.com/phishmd/