Trick-or-treating is a popular Halloween tradition in western countries. Most of us associate "treats" with some form of candy, and "tricks" as possible pranks or other forms of mischief if a treat is not given by the homeowner. Halloween is also about dressing up as ghosts, ghouls, and other spooky creatures.
Did you know October is also National Cybersecurity Awareness Month in the United States? Every October, the federal government and its industry partners celebrate National Cybersecurity Awareness Month. This year, U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) recommends going "back to basics" and strengthening your cybersecurity for ePHI.
Protecting PHI can seem as scary as Halloween ghosts and ghouls but it doesn't have to be.
Back to Basics Tips
To prevent spooky mischief from haunting your ePHI follow these back to basics tips:
Have a Strong Password
Ensure you use a strong password (i.e. usually 10characters or more and includes uppercase and lowercase letters, numbers, and special characters like #$&*). Recent research suggests users could also consider using "passphrases," which are sentences that may be easier to remember than a very complex password.
Training
Training staff should be trained regularly on important cyber security issues, such as how to spot phishing e-mails and when/who to report possible cyber incidents to in your business.
Multi-factor Authentication
A username and password may not be adequate to protect sensitive information, privileged accounts, or information accessed remotely. As part of its risk analysis, an entity should determine what authentication schemes to use to protect its systems and sensitive information (e.g. e-PHI). Multi-factor authentication typically includes a password and additional security measures, such as a thumbprint or key card.
Updates and Patching
You should update and patch your systems and applications regularly, because updates and patches often fix critical security vulnerabilities.
Lock Devices.
Limit physical access to devices and lock devices when not in use.
Portable Devices
Be cautious when plugging a phone, USB, or other portable device into a secure computer or network. Portable storage devices may not be as secure and may contain malicious software that could corrupt your secure network. If the device is needed, be sure to follow your organization's policies on the use of such devices, which could include prohibitions on the use of personal devices or having IT personnel review such devices to ensure they do not contain malicious software.
Do Not Wait
Do not wait to report possible cybersecurity threats to the right people in your organization. Time is often critical during a cyber-incident, so if you suspect a cyber-threat, report it right away.
Remember
While October is National Security Awareness Month, we all need to be watchful and proactive to avoid tricks to our ePHI every day of the year because cybersecurity threats are downright spooky. Happy Halloween!
If you have any questions about these basic cybersecurity tips or would like additional support preventing system "tricks" (e.g., mischief, threats, etc.), contact us today by email: support@hcp.md or by phone: 855-427-0427.