• Blog
  • Services
    • PHIshMD Ongoing Training
    • HIPAA Compliance
    • Discover Vulnerabilities to Patient PHI
  • Store
    • HIPAA Secure Now Service Store
  • Contact Us
    • Sales Inquiry
    • Customer Support
  • Resources
    • Free Healthcare Security Check Up Quiz
    • HIPAA Compliance Requirements | A Guide
    • Webinars & Downloadable Content
    • Use our free Breach Cost Calculator
    • HIPAA Secured Seal
    • In-Email Training & Analysis | Catch Phish

Call us at: 877-275-4545

Client or Partner? Login here
HIPAA Secure Now!HIPAA Secure Now!
  • Blog
  • Services
    • PHIshMD Ongoing Training
    • HIPAA Compliance
    • Discover Vulnerabilities to Patient PHI
  • Store
    • HIPAA Secure Now Service Store
  • Contact Us
    • Sales Inquiry
    • Customer Support
  • Resources
    • Free Healthcare Security Check Up Quiz
    • HIPAA Compliance Requirements | A Guide
    • Webinars & Downloadable Content
    • Use our free Breach Cost Calculator
    • HIPAA Secured Seal
    • In-Email Training & Analysis | Catch Phish

The weakest link in cybersecurity

October 30, 2017 Posted by Art Gross Security Training No Comments

By now I’m sure you’ve heard that when it comes to information security, employees are the weakest link. Organizations often emphasize that despite any security measures they put in place to protect their infrastructure, all it takes is one employee who is not following the rules to undo all of that. An article on TechRepubic looks at a theory by security researcher Dr. Kelly Caine, which questions the conventional belief that employees are information security’s weakest link.

Although most agree with the logic that users are the weakest link in causing a data breach, Clemson University’s Dr. Kelly Caine recently made a contradictory claim at the Infosecurity North America conference in Boston. At the conference, Dr. Caine shifted the focus away from employees by putting the spotlight on IT professionals up the chain.

It’s actually executives, managers, system administrators, designers, and coders–rather than users–that are the weak links in information security.”  – Dr. Caine

To enhance her argument, Dr. Caine uses her experience obtained through her role as director of the Humans and Technology Lab at Clemson University. Dr. Caine, who leads research in a number of fields surrounding human-computer interactions explains that one lesson learned through her research is that usability is an absolute necessity rather than a luxury or afterthought.

While systems are often designed with security in mind, they are not always easy to use. Unfortunately, when systems are difficult to use, employees will often find an easier way to get their job done, which many times means violating company policies.

For example, if sending a secure email is difficult to do, there is a good possibility that an employee with still send that email, however do so in a way that is not secure. It is important that IT professionals and management ensure usability for all systems to prevent employees from looking for shortcuts that could potentially comprise the organization’s security.

Dr. Caine also emphasizes the importance of looking at cybersecurity from the end user’s point of view. She finds that anything a leader higher up says or does will ultimately have an impact on the education/training of those users.

Every interaction trains users to behave securely or insecurely. There is no middle ground.”

For example, suppose an organization trains their employees on the importance of not opening email attachments, which could potentially be phishing emails. Considering the growing threat of ransomware, ensuring employees understand the risks that come with opening an email attachment is essential.

Now suppose that same organization regularly communicates with their employees using emails that contain attachments. Despite the fact that employees are trained on the risks associated with opening email attachments, if their employer is consistently communicating using the very methods they are training against, employees will view that as an acceptable way to communicate.

While poorly trained employees are known to be a leading cause of data breaches, Caine argues that leader’s higher up are equally responsible for data breaches.

According to Caine, they’re just as much the effect of leaders higher up who’ve failed to institute a security culture that takes into account the needs and habits of employees.”

What can management and IT leaders do to help improve cybersecurity?

  1. Learn about your employees. Understand what areas they’re struggling to improve on when it comes to their security habits.
  2. Be cautious about outdated advice. Ensure you’re staying up to date with the latest password recommendations and security information.
  3. Simplify processes for your employees. If an employee finds something like understanding a privacy statement or the process of authenticating a new device too confusing, chances are they will find quicker less secure ways around those procedures.
Tags: BreachransomwareSecurity Training
No Comments
Share
0

You also might be interested in

Introducing HIPAA Secure Now!

Feb 13, 2011

We are proud to announce the launch of the HIPAA[...]

Employee training might produce the best security ROI

Employee training might produce the best security ROI

Feb 21, 2011

There are countless security products on the market today. You[...]

Using patient record security as a competitive advantage

Using patient record security as a competitive advantage

Mar 7, 2011

The following blog was written a year ago but the[...]

Leave a Reply Cancel Reply

Recent Posts

  • HIPAA Security Policies
  • Restructuring the OCR
  • HIPAA: P for Portability
  • OCR Healthcare Report Released
  • HIPAA Compliance & Cybersecurity: How They Differ

Recent Comments

  • Milan on PHI or PII – What’s the Difference?
  • Automatic Backlinks on Free HIPAA Security Training!
  • Lisa Porter on Free HIPAA Security Training!
  • Roseanne ruiz on Health Apps & HIPAA
  • Roseanne ruiz on PHI or PII – What’s the Difference?

Archives

  • March 2023
  • February 2023
  • January 2023
  • December 2022
  • November 2022
  • October 2022
  • September 2022
  • August 2022
  • July 2022
  • June 2022
  • May 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • December 2021
  • November 2021
  • October 2021
  • September 2021
  • August 2021
  • July 2021
  • June 2021
  • May 2021
  • April 2021
  • March 2021
  • February 2021
  • January 2021
  • December 2020
  • November 2020
  • October 2020
  • September 2020
  • August 2020
  • July 2020
  • June 2020
  • May 2020
  • April 2020
  • March 2020
  • February 2020
  • January 2020
  • December 2019
  • November 2019
  • October 2019
  • September 2019
  • August 2019
  • July 2019
  • June 2019
  • May 2019
  • April 2019
  • March 2019
  • February 2019
  • January 2019
  • November 2018
  • October 2018
  • September 2018
  • August 2018
  • July 2018
  • June 2018
  • May 2018
  • April 2018
  • March 2018
  • February 2018
  • January 2018
  • December 2017
  • November 2017
  • October 2017
  • September 2017
  • August 2017
  • July 2017
  • June 2017
  • May 2017
  • April 2017
  • March 2017
  • February 2017
  • January 2017
  • December 2016
  • November 2016
  • October 2016
  • September 2016
  • August 2016
  • July 2016
  • June 2016
  • May 2016
  • April 2016
  • March 2016
  • February 2016
  • January 2016
  • December 2015
  • November 2015
  • October 2015
  • September 2015
  • August 2015
  • June 2015
  • May 2015
  • April 2015
  • March 2015
  • February 2015
  • January 2015
  • December 2014
  • November 2014
  • October 2014
  • September 2014
  • August 2014
  • July 2014
  • June 2014
  • May 2014
  • April 2014
  • March 2014
  • February 2014
  • January 2014
  • December 2013
  • November 2013
  • October 2013
  • September 2013
  • August 2013
  • July 2013
  • June 2013
  • May 2013
  • April 2013
  • March 2013
  • February 2013
  • January 2013
  • December 2012
  • November 2012
  • October 2012
  • September 2012
  • July 2012
  • June 2012
  • May 2012
  • April 2012
  • March 2012
  • February 2012
  • January 2012
  • December 2011
  • November 2011
  • October 2011
  • September 2011
  • August 2011
  • July 2011
  • June 2011
  • May 2011
  • April 2011
  • March 2011
  • February 2011

Categories

  • Backup & Disaster Recovery
  • Business Associates
  • Client News
  • Download
  • Healthcare Industry
  • HIPAA
  • HIPAA Audits
  • HIPAA Violations
  • HSN News
  • Legal
  • MACRA
  • Policies and Procedures
  • Press Release
  • Remote Workforce
  • Risk Assessment
  • Scams
  • Security
  • Security Reminders
  • Security Training
  • Telehealth
  • Uncategorized
  • Webinar
  • Website

Meta

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

Contact Us

  • HIPAA Secure Now
  • 55 Madison Ave, Suite 400 Morristown, NJ 07960
  • (877) 275 - 4545
  • info@hipaasecurenow.com

Find us on Social Media

Recent Posts

  • HIPAA Security Policies March 21, 2023
  • Restructuring the OCR March 14, 2023
  • HIPAA: P for Portability March 7, 2023
  • OCR Healthcare Report Released February 28, 2023
  • HIPAA Compliance & Cybersecurity: How They Differ February 21, 2023

Subscribe to our Newsletter

  • Hidden

© 2023 · HIPAA Secure Now!

Prev Next