October is National Cyber Security Awareness Month! Join us throughout the next few weeks as we discuss hot topics in healthcare cybersecurity, including this week's topic: 3 ways you can improve your cyber security.
People in the healthcare industry need to be particularly vigilant when it comes to cyber security because the high value of healthcare information makes healthcare systems attractive targets for criminals. System users can unknowingly make it easier for criminals to gain enough access to cause a security breach, which is likely to result in the loss of patient and provider trust and revenue, not to mention legal penalties.
As a system user, you can make your organization less prone to attack with a few simple, consistent actions:
1. Actively manage your online accounts
Don’t wait until a data breach, like the recently disclosed Yahoo hack, hits the news to examine your account pages, both on the programs you use for work and the ones you use in your personal life. Social media programs change privacy options frequently, so you need to check to make sure you’re not oversharing information. If you’re concerned that your online credentials may have been compromised, go to https://haveibeenpwned.com/ to check whether your email address is part of any reported data breaches. If it is, you need to change the passwords associated with those accounts.
Best practices dictate that you use long, strong, and unique passwords for every system you sign into and update those passwords regularly. The hc1 platform, for example, enforces a minimum length for passwords and requires them to include a number, uppercase and lowercase letter, and a special character. Also, users can’t reuse previous passwords, and passwords expire every 30 days. (System administrators can change this time period as needed.) In practice, being supersafe about passwords can be a pain, particularly if you’re signing into multiple systems every day. Before you resort to the Post-It-under-the-keyboard method of securing your password, why not use a password management program, such as Dashlane, LastPass, or Keeper? That way, you only have to remember one password. Come up with an off-kilter password phrase that sticks in your brain and use the first letter of each word. Add some numbers, symbols, and funky capitalization and make it longer than 12 characters, and you have yourself a harder-to-crack but easier-to-remember password.
For extra security, enable two-factor authentication on your accounts if it’s available. In hc1, you can choose to receive authentication codes through email or text. (System administrators can choose to require two-factor authentication for different user groups.)
2. Be careful how you share sensitive information
Just because you trust who you are communicating with, such a well-vetted vendor or longtime customer, doesn’t mean you don’t have to think about what or how you’re communicating. Sensitive information, such as passwords and patient information, must be shared securely, and regular email is not secure. Encrypted email or secure file transfer sites are much safer alternatives. The hc1 platform provides the Collaboration Center feature as another secure way to send messages and files that contain Protected Health Information (PHI).
With increasingly sophisticated email spoofing and phishing attacks, you also need to be careful about email you receive, even when it appears to be from a coworker or customer. Don’t open attachments you aren’t expecting to receive. If a person emails you to ask for information they don’t normally need or an email message seems “off” somehow, check with the sender to confirm that the request is legitimate.
3. Keep your software up-to-date
As a cloud-based technology, hc1 always pushes its out latest version to all of its users. But other programs require you to actively seek out and download the latest security patches. Make sure your web browsers and operating systems are all on the latest version. This doesn’t just apply to your workstation, but your phone and tablet, too. Often, if you go to the Help menu and click About on a program, there is an option to update the program or set it to update automatically. To really stay on top of security updates for software, visit the United States Computer Emergency Readiness Team site at https://www.us-cert.gov/.
By taking a few simple security precautions, you can become less of a threat vector and more of the first line of defense in your organization’s cybersecurity strategy. Want to learn more about how hc1 can help protect your PHI? Request your demo here. You can also tweet hc1 @hc1_HRM and share how you're staying #CyberAware.