Your Employees: Your Best Defense, Your Biggest Threat
by CompuTech City Admin Friday, 07 September 2018 CompuTech City Blog
When it comes to cybersecurity, you should remember the oaths elected officials and other government employees take pledging to “defend the Constitution of the United States against all enemies, foreign and domestic.” Your cybersecurity is like the Constitution, it must be defended from threats originating outside your company and inside your company.
We spend a lot of time focusing on external threats – attacks on networks, phishing campaigns, ransomware and the like. It’s also important to consider internal threats, though. Your employees can be either your best defense against data breaches or they can pose your biggest threat.
Internal threats are the ones we rarely think about. They’re the disgruntled employee who accesses privileged information and shares it with your competitors. They’re the curious deliveryman who sticks a USB into an unoccupied, unlocked computer in your office and downloads sensitive information.
Some internal threats aren’t necessarily nefarious: your employees visiting sites unrelated to their jobs, accessing and removing information for which they don’t have the privileges, installing unauthorized and potentially malware-ridden software, among other seemingly innocent activities. These activities can pose a threat to your network and are one of the most common ways that we see protected health information (PHI) get compromised.
External threats to your systems are those originating outside your network by unknown individuals. While they are the ones that we often think about, they are not always the biggest threat. Still, they are a very real problem for practices.
These threats often arrive by way of phishing emails and infected websites. One errant click and your data is lost or encrypted. Anti-virus, email filtering and other cybersecurity solutions can mitigate this risk. The most effective defense against external threats is a robust cybersecurity training program for your employees. If they can identify and avoid malicious links and websites, many external threats can be prevented from accessing your data. Trained, security-aware employees are your best defense against network insecurity.
COMBATTING INTERNAL & EXTERNAL HEALTHCARE SECURITY BREACHES
As we’ve said before, the most-secure organization is a security-conscious organization. If you invest in effective employee cybersecurity training and up-to-date systems, you can defeat many internal and external threats. Other ways to beef up your cybersecurity include:
1. Audit logs: Review the audit logs of your network monitoring solution to find any unauthorized or suspicious activity on your network. Even better, set up your monitoring solution to immediately alert you when such activity takes place.
2. Access controls: Build access controls into every facet of your organization – from making sure you lock the door to the server room to limiting employees’ access to only the data they need to do their jobs.
3. Install web and email filtering: Web filtering prevents your employees from visiting sites unrelated to their duties and exposing your network to malicious content. Email filtering can weed out spam and malware-laden emails before they get to your employees’ inboxes, greatly reducing the likelihood they will be clicked on.
4. Backups: If for no other reason than HIPAA compliance, you need to be backing up your data on a regular basis. If something were to happen, having a backup avoids the scenario of having to pay ransoms and will allow you to restore your files.
CompuTech City wrote the book on keeping your practice secure. Get your free copy and then ask us how we can use our decades of experience protecting medical practices to counter internal and external threats.
Check out our social media: