By ClearDATA Founder and Chief Information Security Officer (CISO) Chris Bowen
In today’s digital age, cybersecurity is more important than ever before, especially in the healthcare industry where sensitive data and patient safety are at stake. As we celebrate the 20th year of National Cybersecurity Awareness Month, it’s crucial to reflect on our digital hygiene habits.
While we often hear about big commercial breaches, it’s the small, everyday actions that can make a big difference in protecting ourselves and our data. By practicing personal cyber hygiene, which includes using strong passwords, implementing two-factor authentication, enacting regular software updates, and staying vigilant against social engineering attacks, we can safeguard our digital lives.
To get back to basics and enhance our cybersecurity, here are some tried-and-true strategies recommended by Cisa.gov:
Strong Passwords: Creating a strong password is crucial to ensuring the safety and security of your personal and professional information. It really is the first line of defense against cyber threats and goes a long way in protecting our online identity. It seems simple, but you would be surprised at the number of individuals who employ feeble or easily predictable passwords to safeguard confidential data. A weak password makes it easier for cybercriminals to gain unauthorized access to our emails, bank accounts, social media profiles, and other sensitive accounts that share the same or similar password. It is imperative to create passwords that are lengthy (at least 12 characters) and complex, using a combination of uppercase and lowercase letters, numbers, and special characters. Yes, this means avoiding easily guessable information such as birthdays or names of family or loved ones! The National Cyber Security Alliance provides valuable resources that can guide individuals and businesses in creating secure passwords and resources on how to properly use password managers. I personally like 1Password, but there are other effective password managers out there. By taking the time to invest in strong passwords, we are taking proactive steps to mitigate the risks associated with cyber-attacks and safeguarding our digital assets.
Two-Factor and Multi-Factor Authentication (MFA): MFA adds an extra layer of security, making it significantly harder for potential intruders to gain access to a person’s devices or online (TechTarget). This is because simply knowing the victim’s password alone is not enough to pass the authentication check. I realize it can feel like an inconvenience to open an authentication app or check a text or email, but hackers have become increasingly adept at breaching security systems. With. MFA it is more difficult for hackers to access your account without your second factor of authentication. It is like having two locks on your door; let’s make it more difficult to find that second key! CI.gov outlines steps on how to turn on MFA to protect your online accounts. (Investopedia, FTC).
Be Aware of Social Engineering: Social Engineering techniques involve manipulating individuals into revealing sensitive information or performing actions that compromise security. observing a surge in the usage of manipulative strategies known as Social Engineering techniques. These techniques are designed to deceive individuals into disclosing sensitive information or carrying out actions that could potentially jeopardize security. It’s striking to me that 98% of cyber-attacks employ some form of social engineering and to 90% of malicious data breaches involve social engineering techniques. Firewall Times consolidated some striking statistics about social engineering in 2023. This alarming trend underscores the pressing need for vigilance and education in our digital interactions. Always verify any unexpected communication, especially if it asks for personal information, be skeptical of unsolicited offers or requests, and never click on suspicious links. Remember, knowledge is power. By understanding social engineering tactics, we can better protect ourselves and our digital networks. (KnowBe4).
Regular Software Updates: Software updates and patches are not only optional add-ons that improve functionality or introduce new features, but they are also critical for maintaining the security and integrity of our digital tools (Keeper). One crucial aspect of this work is the regular application of software updates and patches. These updates are not merely optional add-ons that improve functionality or introduce new features, they are absolutely critical for maintaining the security and integrity of our digital tools. When we neglect to update our software, we leave our systems exposed to potential security threats for hackers to exploit.
Personal cyber hygiene is not only essential for protecting sensitive information, but it also contributes to the overall health of the digital space. As National Cybersecurity Awareness Month celebrates its 20th year, I hope each of us is empowered to take proactive steps in maintaining cybersecurity hygiene –together.
When it comes to your organization’s security, you can’t afford to rely on digital hygiene habits. Rely on an experienced healthcare cloud security and compliance provider for the PHI protection you need. Learn about our security services and capabilities for more.
Need to talk it out? See if your healthcare organization has enough security measures in place to protect PHI in the cloud. Talk to our experts.