HEALTHTECH: What are the biggest security challenges IT teams face right now?
DAUGHERTY: We have a very interesting workforce population here composed of faculty and staff — and then, of course, our providers that work in other facilities. It about making sure everyone can connect to the resources they need in the most secure way possible.
We are putting a lot of different policies and procedures in place to ensure the users connecting to our network and our resources are, in fact, supposed to be doing so.
We’ve had to roll out multifactor authentication, putting it in front of applications and resources that we didn’t previously have it in front of. We are requiring that applications that are not onsite or connected to the UT network to have an elevated e-ID — electronic identification, such as digital identity card — which is what we use to authenticate into our network.
HEALTHTECH: How can remote work arrangements be risky?
DAUGHERTY: You can look at it like this: The only thing a threat actor needs is one small opening.
Let’s say, for instance, if we had someone from our workforce that was working from home and maybe they weren’t connected to a VPN. Maybe their home network wasn’t necessarily secure, and an attacker got access to their home network and then they could move laterally through and make it to our network.
It’s about looking at those types of things and those scenarios we really didn’t have to take into account or take as seriously before.
HEALTHTECH: How has the pandemic heightened these concerns?
DAUGHERTY: There’s been an insane uptake in phishing and “vishing” (fraudulent phone messages). Cybercriminals are looking for credentials and sending all of these emails that may be related to a COVID vaccine or contact tracing or things that are going to pique the identified user’s interests — so they’ll be more liable to click on it or open it up.