With many organizations employing a remote workforce, cyber criminals are working overtime to steal valuable company data and cripple healthcare companies when they are needed most. February saw a 21% month over month increase in data breaches, and a 231% increase in breached records – meaning that more records were breached in February than in the last three months combined.
Working remotely can give employees a false sense of security. While they may feel more relaxed working in their home office, it is still necessary to practice good data security habits as a home router can still be hacked. Now more than ever, it is important to ensure employees are taking the proper precautions to keep their company’s data safe, especially while working in a remote environment. Today we’ll share some easy implementations your team can make to keep their company from falling prey to a cyber-attack.
Changing Passwords
One of the easiest safeguards your employees can practice is to regularly change their passwords. When was the last time they had to change their password? Smaller operations normally do not prompt their employees for a regular password update, but at minimum passwords should be changed every 90 days if not every 60 days. Password guidelines should also be robust in nature, such as: no sequential numbers, “password” cannot be used as a password, and require more than 10 characters with a mixture of lower case, capital letters, numbers, and symbols.
Data Encryption
An unencrypted laptop was responsible for one of the largest data breaches in Oregon in February. Even though the laptop was password protected, the organization failed to encrypt the data stored on the hard drive, leaving thousands of patient records accessible on the stolen laptop. Regularly reviewing data security measures to find vulnerabilities should be a regular practice for all organizations, but specifically those who have access to privileged health information.
Data encryption is important not only for large organizations, but smaller offices as well. Maintaining an attitude of hyper-vigilance is key to protecting your office, your patients, and yourself.
Email Phishing Awareness
Employees continue to be the weak link in the IT security chain. Hacking was the number one proponent of data breaches with employees responding to phishing emails. Phishing campaigns using COVID-19 and fear around the virus are being used as a lure to exploit information and deliver malware or ransomware to healthcare organizations when their services are needed most.
Over 2,000 Coronavirus and COVID-19 themed domains have been registered, many of which are suspected to be used with the intent to steal information. The increase of attacks demonstrates how important it is to implement a powerful email security solution and provide regular trainings to employees to teach them how to recognize these dangerous emails. Read this blog article for more information on email phishing.
It is important now more than ever to remain vigilant. Cyber criminals will take every opportunity during this tumultuous time to take advantage of the good intentions of others. It’s important that you remind your employees to change their passwords early, give your IT department the resources it needs to defend your practice, and ensure your employees are armed with knowledge to combat the seemingly innocent emails and links they encounter on a regular basis.