Cyber and ransomware attacks are on the rise as criminals are finding more ways to infiltrate companies that house critical demographic and financial information. It’s important to determine where your weakest links are in your cyber defense system and how you can fortify your infrastructure to guard yourself from these types of attacks. How can you put a stop to these crimes and ensure your healthcare information stays safe?
In 2018 over 184 million ransomware attacks occurred, with damages estimated at almost $8 billion no company can afford to miss critical updates or stay with an outdated software system to keep their company data safe. What’s disturbing is that in an age of information, employees are still every company’s weakest link. Your employees are the ones downloading malware, clicking email links, sharing passwords, and internet surfing on unsecured sites – which leaves your organization vulnerable to outside attacks.
What are some steps you can take to safeguard your company from cyber-attacks and ensure your weakest link is armed with knowledge?
Train your Employees
Recent research has shown that 3% of users have never been trained on security issues or how to prevent them. What’s even more troubling is that 30% of employees receive training only once a year and 21% are trained only twice a year. In a world where threats are advancing and hospitals are being held hostage by ransomware, twice a year security trainings are not nearly enough to protect your practice from being hacked.
Every new and current employee should have quarterly trainings on cyber security and data management. Do your employees understand how to detect fraudulent emails or links? Are they aware of how to detect a suspicious site and avoid downloading malicious content? While cyber criminals are getting more advanced, you can stay one step ahead by keeping your employees well trained and vigilant in their security of your system. When all else fails, they are your last line of defense.
The average cyberattack for a small healthcare provider can cost upwards of $1 million in recovery. Download white paper, "Healthcare, Cybersecurity, and You."
Create IT Safeguards
Having a reliable and knowledgeable IT staff will help protect your system from all sides. Your IT department should be a driving force behind your cyber security, and the enforcer of your IT safeguards.
One of the easiest safeguards you can practice is to regularly have your employees change their passwords. When was the last time you had to change your desktop password? If you’re operating a smaller practice, chances are it’s probably not that often. At a minimum, passwords should be changed every 90 days if not every 60 days. Your password guidelines should also be robust in nature, such as: no sequential numbers, “password” cannot be used as a password, require more than 10 characters with a mixture of lower case, capital letters, numbers, and symbols.
Secondly, your system should automatically prompt to authenticate system or program installations or downloads. This certifies that unauthorized programs don’t infiltrate your system and unknowingly leak information when you’re not aware.
Thirdly, it’s easy for employees to bring in software or programs that affect your infrastructure from the outside if you don’t lock down their laptops and desktops from being accessed via USB. Many USB’s contain programs that run automatically once plugged into a computer (plug and play devices). Denying these ports of access to have connectivity limits the amount of data that can be transferred on and off your system, thereby creating another layer to safeguard your practice.
Create a Security Culture
Creating a security culture means regularly discussing cyber safety and awareness from the top down. Your CEO’s, CFO’s and CIO’s should all be regularly discussing and defining what it means to guard and secure your business from cyber-attacks. It only takes one person to reveal the right information at the wrong time to make your practice vulnerable to attack.
Give your employees permission to stop being polite. If their co-worker can’t access a program, they need to call IT. Sharing passwords is never okay. Your managers need to preform regular security checks and reinforce changing passwords and locking down sensitive information. A security culture is not driven by IT, it’s driven by management in every corner of your organization. When you value the time it takes for your employees to be trained in the areas of cyber-security it places responsibility and trust on their shoulders. It takes an entire organization being knowledgeable and well versed in “what could happen” so it doesn’t happen.
With cyber attacks increasing year over year, it’s important to have a security strategy as you move forward in your business. With cyber security losses of over $1.42 billion in the USA, this is not a small security issue that you can ignore, or hope will go away. Worldwide, cybercrime is netting over $608 billion – and that’s just in 2018. It’s important that you train your employees, give your IT department the resources it needs to defend your practice, and your employees are armed with the best knowledge to combat the seemingly innocent emails and links they encounter on a regular basis.
If you’re unsure about your system or security, give us a call for a security assessment and see how we can help you build a safe and secure practice.