Article | December 20, 2016

Data Security In Healthcare – Defending Against Threats

Source: Connection
Establishing A Security Policy

With the continuous state of change in the global data security threat landscape, organizations face cyber attacks and security breaches that grow in frequency and sophistication every day. As a result, healthcare organizations today spend a significant amount of money on security tools, including firewalls and anti-malware services. Those solutions, however, offer little protection against a phishing attack, which tricks an authorized user into downloading malicious software or compromising credentials.

The ugly truth is that most organizations today have either been the victim of a recent cyber security breach, or will be in the future. With this accepted reality that a breach will happen for most companies, corporate security is no longer an IT concern, but a business concern. The hole in communication between executives and the security team can result in costly losses and damages to data and the enterprise’s reputation. According to a 2015 Ponemon study, boards of directors are not as informed and knowledgeable about cyber security risks as they should be to fulfill their governance responsibilities. The study showed a disturbing rift in cyber security knowledge between those who make decisions and manage the budgets and those who have to implement and manage the security measures.

The good and bad news is that according to IDC’s Mobile Security Predictions for 2015, users remain a key element of security. With the number of mobile users having surpassed the number of desktop users, securing these devices is the greater challenge. For whatever reason – curiosity, inattention, a mistake – more often than not, a user will unknowingly click on a malicious link.

“Most organizations want to enable their employees to connect from anywhere, anytime, with any device,” noted Stephen Nardone, practice director of security and mobility for Connection. “Whether or not it is a company-issued device or a BYOD model, there needs to be a very solid strategy about how you can do that safely and securely.”