A recent story about a data breach that affected 45,000 patients at Rush University Medical Center in Chicago drives home an important point about data security.
Many security breaches, including the one at Rush reported by the Chicago Tribune, are caused by human error. Investigators think the incident at Rush probably happened when an employee of one of the hospital’s bill processing vendors disclosed a file to an unauthorized party.
It is essential that we work with both technology and people to keep ourselves (and our data) safe.
We talk about it a lot around here and with peers within the industry. Here are some suggestions, based on actions we’ve taken and things I’ve learned from peers, at conferences and in reading about cybersecurity from experts.
Cyber Security Tip 1: Train Your People.
As one hospital official pointed out, the weakest link in any security system is people.
Rod Piechowski, a specialist in health information systems, the amount of money spent on security doesn’t always directly correlate with level of security, its impact relies on how you budget it and on which priorities you allocate your money to.
“You have to create a culture of security awareness,” he said.
Given that most cyber attacks are tied to people’s mistakes, we believe that educating your workforce—-not just when they are hired, but constantly—can thwart many attacks. It is hard to send too many messages about the importance of protecting data.
Protecting the data that we collect and that clients provide us for their projects is an ongoing challenge. The shape of cybercrime changes daily, maybe even hourly, as hackers devise new techniques for breaking through the protections companies put in place.
Cyber Security Tip 2: Create a security committee.
If you approach security from one person’s expertise or angle, it’s like locking the front door but leaving the windows and back door open. Because security has many dimensions, we advise putting together a committee made up staff from different areas of your company: management, facilities, IT, human resources, project management, sales. Have short, weekly meetings. Keep the meetings quick and action-oriented or they will become something people dread. Ask everyone to share their insights, concerns and updates and then assign people to investigate or take corrective actions.
Cyber Security Tip 3: Create written protocols.
If you haven’t done so already, create instructions that guide staff who deal with data. Make it exact and clear as to how data is to be handled and destroyed. Have your committee regularly review and update these rules. It’s also wise to create a list of best practices for all staff to follow regarding digital devices and data security.
Cyber Security Tip 4: Educate staff all the time.
Keep staff informed about the latest cyber threats. Provide them with a list of best practices and regularly reiterate security tips in emails, staff meetings or on company boards. Here are a few best practices for employees that Norton, a well-known digital security company, recommends:
- Follow company rules and protocols, and pay particular attention to rules that protect customer data.
- Secure and destroy records as instructed.
- If something goes awry with your computer—security alerts, weird email—contact IT. They want to hear from you.
- Steer clear of pop-ups, unknown emails and links.
- You wouldn’t give personal information to someone who called or emailed YOU so don’t send confidential company information to someone online. Identities can be stolen; if an email seems fishy, it probably is. Call IT.
- Use strong, complex passwords.
- Use secure networks when traveling.
- Don’t put off software updates; they often include new preventive measures against the latest cyber threats.
Major department stores reward staff who call security when they witness shoplifting. The same sort of incentive could be offered to employees who alert management to cyber threats, such as phishing emails. Spending $50 on an employee tip would be a smart investment, considering the billions companies lose each year because of cyber thefts. It’s estimated that this year, cybercrime will cost $2.1 trillion worldwide, four times what it did just 4 years ago. Microsoft estimates that 20 percent of small businesses have been the target of a cyber crime, according to a column in Forbes.com.
Cyber Security Tip 5: Educate your experts.
It is tough to keep up with the latest criminal strategies and threats. Offer your IT security experts educational opportunities in many forms. Are there organizations they should join, where online forums with peers could keep them apprised of problems and solutions? How about webinars and other online educational opportunities? Share articles from newspapers and magazines about cyber attacks and how they can be prevented. This article from Forbes about hiring IT staff and training employees to be security savvy might be a good one to share with management.
Cybercrime affects all businesses
Remember that cyber criminals attack companies large and small. They especially prey on small companies, theorizing, often correctly that they devote less time and fewer resources to security. Get your company on a safer path by making your entire staff more cyber savvy. All it takes to have a data breach is one employee clicking on that phishing email.
Interested in how Bluegrass can help?
See what we can do.
You may also like...
Leave a Comment