Cybersecurity Gets Better When It's Everyone's Responsibility
There’s a statistic that holds true across industries: more than 80 percent of breaches are unintentional, meaning that people cause them accidentally. No matter what controls are in place, the human factor is what really poses most of the risk. Therefore, education across the organization is crucial.
There are a few things that healthcare IT and security teams must ensure that all people in the organization are aware of so they can do their part to prevent an attack. Making sure they understand cybersecurity best practices comes down to conducting annual training and attestation.
The foundations of a strong security culture must be embedded in an organization’s policies, taxonomy, standards, procedures and guidelines to create a complete ecosystem of awareness. Employees must be able to identify what an authoritative source of information from the hospital system looks like and when bad actors are mimicking the hospital using phishing. The organization’s security strategy must be holistic.
A Strong Security Partner Can Help with Ransomware Prevention and Recovery
Legacy technologies are a major vulnerability and target for cyberattacks in healthcare organizations. However, those technologies are still important to many organizations’ IT infrastructures. It’s important to find a cybersecurity partner that understands those systems and how they’re maintained.
At CDW, when we help an organization, we listen to the customer to identify top goals. We then either suggest cybersecurity strategies or, if they are in good shape from a strategic perspective, we look at a five-year strategy and focus on the clinical operations, administrative and technology wings of the organization. We work with the organization to make sure the security solutions and strategies used don’t interrupt continuity of care, impact clinical workflows, or create hurdles for operations and administration.
CDW can also deploy our service offerings to bolster an organization’s security posture, whether that means a security assessment for emerging data sources or application rationalization to help save money. We can also help with third-party risk management as part of a merger, acquisition or even divestiture, which would mean building up the service catalog and management capabilities of the organization. These are some of the key offerings that play into everyday budget cycles.
When we start working with an organization, we sometimes already have an existing relationship from partnering on infrastructure or other technology implementations. Regardless, we always sit down with the security organization, from leadership down to the directors and the line managers, to discuss their product requirements as well as where they might have skills gaps or resource deficits. They may just need augmentation to close those gaps. In that case, we can plug into their existing initiatives.
We also do briefings to talk about current capabilities, the future desired state and budget to make sure that we’re not suggesting unrealistic ideas. As a security partner, it’s also important to foster good communication through workshops and other engagements. This also allows us to do baselines in the environment and then build out the entire ecosystem to further optimize the IT environment for the future of care.
One of the things healthcare organizations should consider is the beginning and end of a security partnership. CDW has established a strategist role so that we’re not just providing an introduction, we’re maintaining a relationship. We know that there will always be changes in the environment that need extra focus.
We consider the foundations of care, optimization of care and the future of care and work to support those pillars through our partnerships. In addition, we work with experts from relevant industries such as finance, retail, manufacturing, distribution and logistics so we can help healthcare organizations achieve their security goals.
This article is part of HealthTech’s MonITor blog series.