With 91% of all cyberattacks coming from phishing emails, providers’ vulnerability to email-borne malware is still high. Employee negligence is the main cause of data breaches, according to a state of the industry report by Shred-it, an information security company. The report found that 47 percent of business leaders said human error such as accidental loss of a device or document by an employee had caused a data breach.
In light of the threat data breaches impose, it’s imperative that organizations re-prioritize their strategy to make employee cybersecurity awareness critical. Cybersecurity attacks are at an all-time high and hackers are focusing on gaining access through the utilization of people, so it is crucial to emphasize creating a strong cybersecurity culture based on awareness and understanding of what cybersecurity is and how it can affect an organization.
Securing information and systems that support the health care organization involves much more than technology, and it is often mistakenly viewed as only the information security organization’s responsibility.
Education Is the Strongest Defense
Our attention and area of focus continues to be executed as technology, process and people, verses the people, process, then technology. We need to remember that professional cyber criminals do not attack machines, they attack people.
Therefore, ensuring employees are educated about cybersecurity awareness and know what to do if such an attempt is made is a vital part of any organizational security strategy. It is essential to have a cybersecurity framework in place that addresses both the technical and non-technical aspects of cybersecurity.
This means taking into account not only the technologies involved, but also the governing aspects and processes to be followed, and the training around security awareness and security incident response management.
Creating a Human Firewall…It Takes Everyone, Not Just IT
Establishing a cybersecurity culture advocates the need that everyone, including executive leadership and management, has an equal part in cybersecurity. Because it is not only an IT responsibility to prevent data breaches, but an overall organizational responsibility.
Securing information and systems that support the health care organization involves much more than technology, and it is often mistakenly viewed as only the information security organization’s responsibility.
Technology is just one part of security, and although Information Technology Services plays a critical role, the reality is that the entire organization needs to be engaged to help reduce cybersecurity risks. When employees are properly prepared to participate in their organization’s cybersecurity awareness training program and compliance awareness campaigns, they will be strongly motivated to safeguard the organization systems and information while recognizing that they play an important role in keeping data and systems safe and secure. When fully engaged, this creates a formidable human firewall which is a key element in building a strong cybersecurity culture.
We need to remember that cybersecurity isn’t just about data security — it’s also a matter of life and death. Change the culture, focus on your people, improve patient care, and build your human firewall because the best technology in the world will still fail if your people fail.