Cybersecurity is only as strong as its weakest link. Establishing a comprehensive security awareness program is probably the single most important tactic you can implement in the current moment – so that staff are never in the position of being that weak link.
For organizations handling protected health information (PHI), security must be a priority each and every day of the year. As such, at Radicle Health, the safety and security of data is central to everything we do. We are constantly on guard for cyberthreats and work diligently to proactively protect our systems.
It’s important to keep in mind though, that security is not solely in the hands of tech teams such as those you’ll find at Foothold Technology, KCare, and Link2Feed; rather it’s up to each and every one of us as individuals to protect our organizations and their assets.
What then, you may then be wondering, should you be doing when the threat of an imminent cyberattack is looming large in the headlines? The good news is that if you already have a strong security program in place at your organization, you should be in good shape.
However, this is the perfect time to review and reinforce your security work. And if you don’t have a good security program in place, use the current threat as the jump start you need to get one going.
First up, at the organization level, take the time to review any and all of your existing security policies and procedures. Cross check them against the recent cybersecurity protection fact sheet from the White House. In that fact sheet, you’ll find a concise list of the most critical actions you can take to ensure the safety of your data and cyber assets. Work to close any gaps you identify from this list as quickly and completely as possible.
At the same time, work to shore up protections at the individual level. Remind staff on a regular basis that cybersecurity is only as strong as its weakest link, and educate them so that they are never in the position of being that weak link. Having a comprehensive security awareness program is likely the single most important tactic to implement in the current moment.
And remember – one of the most common threat vectors any organization faces is phishing, so phishing avoidance must be central to any awareness and education initiatives that you roll out. To help set you on your way, here are some helpful phishing avoidance tips from our security partner, GreyCastle:
- Verify the sender’s email address before opening the email – look for anything that may be slightly off with the email address (such as spelling or email domain).
- If you weren’t expecting the email, never open attachments or click on links without doing further examination of the email.
- You can hover your mouse cursor over a link to show the actual website address.
- If you are unsure about the authenticity of the email, reach out to the sender through a means other than email (call or text).
- If you receive a potential phishing email at work, let your IT department or security leads know so they can look into it.
- While examining the email look for poor spelling or grammar.
- Phishing emails will often create a sense of urgency to entice the user into clicking on a link or opening an attachment (eg. “Your account has been locked”). They may also appear to come from a person with authority in your organization (the CEO or an executive.)
- If the email appears to be from a service you have an account with (eg. Netflix, Amazon) go directly to the website through your web browser rather than clicking on a link in the email.
- Secure your email account with a long and strong password and consider using multi factor authentication.
As these tips demonstrate, whether you’re line staff or an executive or somewhere in between, your continued diligence on the security front and even the smallest of actions can make a big difference. Stay safe out there!