The Internet, now enabled with high performance, high reliability and low-cost connectivity, is enabling the transformation of every aspect of the human experience, and it has redefined how entire industries operate.
Personal and professional relationships are easy to establish and maintain. Market access and scalable service capabilities have never been so easy to achieve. And traditional barriers of space, time and capital have practically disappeared around the world.
With Internet and cloud-based technology, doctors are virtually diagnosing patients, homeowners are e-signing mortgages and students are taking classes anywhere, anytime.
The Internet is omni-present in today’s society, but that doesn’t come without challenges.
Staying On Guard
The cyber world is structurally and pragmatically governed by infrastructure providers to enable interoperability, communication and connectivity. Geopolitical entities (governments) struggle for relevance and control in the virtual world, and, for the most part, they haven’t made much of a dent in mitigating cyber attacks.
We are all very much on our own in this ungovernable world. All individuals and organizations must look to their own safety, security and privacy protection. Care must be taken to understand the inherent risks of leveraging convenient connectivity and access before exposing high-value or regulated content through Internet services.
Also, the nature of threats is constantly evolving. In the early days, threats were more about hobbyists or small groups creating pranks, viruses, “denial of service” attacks or network access hacks to disrupt a service. Today, these sort of threats continue, but they are overshadowed by better funded, systematic criminal networks. Activity is focused on identity theft for various fraud schemes, scams and intellectual property pirating—it is the real threat to the virtual world.
Everyone is “hackable”—no one is safe or secure. We all must invest and engage in self-defense, no one will do it for us. Four key strategies include:
- Active and passive defense. Use tech tools to arm your digital infrastructure. Deploying firewalls, encryption, regular cyclical scanning, blacklisting, behavior pattern monitoring/evaluation, OS and software patching, anti-virus software, two-factor and biometric identity verification can strengthen your digital security.
- Culture awareness. Keeping security issues and strategies top-of-mind is essential for defense. Be able to recognize phishing scams, make passwords complex and refresh them often, understand security and privacy policies, and make sure sensitive data and documents are accessed only on a need-to-know basis.
- High-value data content management. Putting sensitive information online is often inevitable, but it’s wise to avoid all personally identifying data wherever possible. Further, always encrypt data in flight and at rest. You want to make it extremely difficult for critical data to be breached.
- Breach readiness. Hope for the best, but prepare for the worst. Data backups for recovery should be regularly tested to ensure you won’t face a complete data-loss in the event of an attack. Also, know your liability and compliance requirements if your data is breached. Think about your customers – what will they expect? It’s important to have a crisis communication plan at the ready, as there well could be coverage of your data hack, depending on its severity.
Additionally, be technically ready. Build capable internal teams that are ready to respond to an attack at a moment’s notice, and ensure you have ready access to highly credible outside help.
Staying cyber secure is complex and expensive. While every company should have some internal knowledge to evaluate and govern cyber threats, cloud-based infrastructure providers are increasingly available and adept at serving many cyber threat management needs.
Strong security and privacy measures are not just another “added, billable service” that can enhance revenues for a cloud provider. Every cloud provider must be able to demonstrate strict controls if they are to earn the business of a sophisticated buyer. Corporate data integrity, privacy and security are critical entry requirements for any move to host services off-premises and must be a priority.
When you focus cyber security through the lens of healthcare IT, issues only become more complex. I’ll be diving deeper into the layers of healthcare cloud security on March 2 at HIMSS 2016. For more information about the session, click here.
Gary Seay is Principal of BrightWork Advisory, LLC, a practice focused on enabling innovative healthcare solution success. He also spent 19 years at Community Health Systems, Inc. as Senior Vice President and CIO. There, Seay built and led a full service corporate IT organization of over 650 corporate professionals and 1,000 market based staff members for a $19 billion healthcare system. Mr. Seay is an author, speaker and advisor possessing extensive executive experience with major healthcare provider systems, managed care organizations, venture capital firms and academic programs. He can be reached at josephgseay@BrightWorkAdvisory.com.
To learn more about e-signatures in the healthcare industry, download this free white paper.