Over a year ago, the Department of Health and Human Services (HHS) had commissioned a task force to look into cybersecurity—particularly how hospitals and healthcare were doing when it comes to security awareness and prevention.
HHS found that overall organizations are making strides in closing some serious security gaps. BUT one of the biggest gaps that still exist is related to your users.
Security awareness is one HUGE area that still falls behind all others when it comes to risking networks to cyberattacks.
Take a minute to think about that.
Can you think of one person in your organization that would click on a link?
Let’s say they receive an email from you, from someone on your team (actually spoofed to look like it came from your email) asking them to click on a link to a website. The link probably looks legitimate, but actually will take them to a website that will instantaneously install a computer virus that not only will lock up ALL the data on their machine, but lock down every single file on your network.
Could you think of one person at your hospital or office that may fall into this category?
I’m sure you have at least a half-dozen employees that will click on a link (we actually practice with our clients and find that nearly ALL employees will click on malicious links).
Why they click on links? It’s not because they are stupid. It’s not because they aren’t good workers. It’s because they are good people. They are asked to do something simple and comply with the request.
You are fighting human nature when you ask users to question whether they should open an email attachment or NOT comply with a request to click on a link in an email.
Plain and simple.
You might have spent gobs of money on the latest technology. You might have the best and top-of-the-line equipment in your network [Note: we often see this equipment misconfigured, so just the fact that you have it installed on network DOES NOT mean that it’s doing its job]. You might even have a huge budget for cybersecurity.
But the common denominator prevails—your users still are putting your network at risk of a cyberattack. Nearly 73% of cyberattacks today come directly from phishing attacks. And the majority of healthcare facilities that think they are safe are more likely today to get attacked simply because they think all of their bases are covered when one major vulnerability still lingers around.
You might say, “yeah but there’s nothing we can do about users risking our cybersecurity, right?”
There are actually some real ways to get your team to see, recognize and hold each other accountable for having good security hygiene.
Is cybersecurity awareness good enough?
It might start with cybersecurity awareness, but awareness in and of itself is NOT going to be a silver bullet to get your team to comply with security policies and to understand their part in your network security goals.
While having engaging security education and activities DOES make a difference when it comes to getting many folks on your team aware and willing to participate in cybersecurity, there normally are at least a handful of hold outs. These hold outs—even one single hold out—is enough to compromise your entire network.
The easiest way to get everyone on board is to integrate security into your culture.
We use a framework that encourages and rewards people for identifying, finding and recognizing threats in their environment. We make sure that our users are holding each other accountable to doing the right things when it comes to cybersecurity.
What happens when they click on a link? We actually test our user base to ensure that they are NOT clicking on links willy nilly. We are actually getting groups and teams of people to recognize phishing attacks or very least to reply to emails that weren’t expected to make sure they are doing the right thing by clicking on a link or opening an attachment.
Our security process with clients is to make sure they have integrated security into the fabric of their culture, are reinforcing continual learning and getting entire teams involved in coming up with ways to recognize attacks in their unique environment.
From 1 to 10, how would you rate your network’s cybersecurity? Contact us today for a free network vulnerability assessment to find out where to improve your technology AND behaviors to keep sensitive data secure and your network safe from criminal activity.
