GUEST BLOG: Our guest blog post this week is written by Chris Apgar, CEO of Apgar and Associates, LLC. Chris is a recognized expert in Information Security and Compliance. We are delighted to have him contribute to the Ostendio Blog.
Why training people remains the best defense against security threats.
The high value of medical records on the black market has placed the healthcare industry squarely in the sights of cybercriminals. Whether it’s to perpetrate Medicare fraud, to ransom private and essential data or to gain access to trade secrets, expect cybercrime news to make headlines for the foreseeable future.
The healthcare industry has been called out as being slow to adopt cybersecurity protection measures and to implement sound information security programs. Recognizing that, there are ways healthcare organizations and their technology business partners can prevent and quickly mitigate risk when it comes to cybercrime combat. Cybercrime risk mitigation is not only a matter of complying with HIPAA and other privacy and security laws, but also about protecting your business and your customers, whether they be patients, covered entities or upstream business associates.
Mitigate the “people risk” to data with training.
The number one risk to any organization when it comes to cybercrime remains people – employees, contractors and anyone who has access to your network and IT assets. That’s why one of the best places to start is training, (and not one-time training, either).
My recommendations:
One of my favorite training exercises is the mock phishing test. That way you can target additional training to those who clicked on that mock malicious link without a real risk to your technical infrastructure. Now, will this completely stop the clicking on malicious links? No, someone will always click. But the mock phishing exercise will meet its purpose, which is to greatly reduce the number of people who click on malicious links.
In addition to training, you can take steps to strengthen against cyberattacks by conducting a risk analysis, network perimeter monitoring, strong network walls, ongoing risk monitoring and mitigation, asset protection. Just keep in mind that that while people are your most significant risk, they can also be prepared and trained so that they’re a great defense, too.
Chris Apgar, CISSP is the CEO of Apgar & Associates, LLC, which provides privacy expertise for secure information. He is a frequent educator and panelist for medical practice management associations, HCCA and other industry-leading organizations. Chris is also available as an expert witness and columnist. He can be reached at: 503-384-2538 or capgar@apgarandassoc.com.
[/av_textblock]
[/av_one_full]