Healthcare is under cyber attack. As one of the top five most targeted industry sectors, healthcare organizations are finding that it is often an organization’s own employees who open the door to theft, malware, ransomware, and a host of other security issues. Enterprise-wide cybersecurity awareness training can strengthen your frontline defense.
The best defense is a good offense.
Employee security awareness has been cited as the source of greatest concern regarding threat exposure. The 2017 HIMSS Cybersecurity Survey found that 87% of respondents conduct security awareness training classes for their staff at least once a year. What is your organization’s security strategy and does it include employee security awareness and training?
Risk prevention starts with an informed workforce.
HIPAA’s Security Rule requires covered entities and business associates to “implement a security awareness and training program for all members of its workforce (including management)”. In the OCR July 2017 Cyber Awareness Newsletter, the U.S. Department of Health and Human Services (HHS) provides further guidance and interpretation on this topic. When structuring your employee security awareness strategy, consider a multi-communication approach—training, updates, and alerts.
Regularly scheduled training
Educate workforce members on your security policies, practices, and protocols. As new cyber threats are identified, be sure your educational strategy is flexible enough to keep materials current and up-to-date. Select an annual, semi-annual, or quarterly training program based on the security needs of your organization as determined by your risks analyses. Given the size of your organization, computer-based training may provide the most flexible format and allow for online scoring techniques that can document ongoing enterprise-wide participation and level of engagement. Make sure all new hires receive security training as part of their initial onboarding.
Periodic security news updates
Issue periodic security updates and reminders. For many companies, a monthly newsletter is emailed to all employees providing timely, relevant content about new, emerging threats and how employees should respond to them. Frequency and content is based on the security needs of your organization as determined by your risks analyses.
Immediate security alerts
Quickly communicate immediate security threats to employees. Predetermine the alert messaging format and channel of distribution. Consider the security needs of your organization as determined by your risks analyses.
Your organization is as secure as your employees (and vendors) are aware. That is why at Quadax we engage in on-going, enterprise-wide security awareness training for all-employees, coupled with monthly security news updates and timely alerts. We make employee awareness and training an integral part of our security strategy.
For more information on cybersecurity, check out the 15th Annual Information Security Summit located in Cleveland, OH at the Cleveland I-X Center. Quadax Senior Manager, Information Security, Patrick Duffy, will be presenting Security Awareness Training for the Reluctant Many on Friday, November 3, 2017. If attending the Summit, add Patrick’s session to your agenda to learn more about security awareness training for your employees.