October is National Cybersecurity Awareness Month and the emphasis focuses on the mantras of Own IT, Secure IT, Protect IT. This is the first in a series of weekly blogs this month where we will be diving into these topics, specifically in how they relate to Healthcare IT. Today, I will be expanding on the “Own It” mantra as it relates to securing remote access to your network with remote vendors and employees.
I enjoy being mobile in my work and personal life. The freedom and convenience is valuable to my workday. Likewise, allowing your employees and vendors to access your network remotely allows you to keep your organization running. Part of "Owning It" is recognizing the fact that we live and work in a mobile society, and along with that comes some responsibility.
That responsibility is understanding what can be done to protect the data you own while maintaining that mobility in the workplace for you, your vendors, and your employees.
- Make sure the devices accessing your network are strong and healthy with an encrypted hard drive; automatic OS updates enabled, and those updates applied; virus/malware protection software installed; and enable the device firewall.
- Provide a VPN for remote access. Most of us know the value of a VPN as it provides a secure wrapper around the remote connection, thus protecting data.
- Use two-factor authentication. This is becoming the norm in mobile connectivity. Google, Apple and Microsoft use two-factor authentication and you should too for any access to your data. Two-factor authentication has that extra level of user verification before access approval.
- Make sure the remote device maintains scheduled backups.
- Use a MDM (mobile device management) tool that allows you to wipe clean the remote device if ever lost or stolen.
- Enforce policies for brief inactivity periods on laptops that lock the device.
- Finally, enforce the use of strong passwords with your employees.
All of these items are applicable to you both as a professional working from a remote location, allowing access to third-party vendors, and personally as you travel and remain connected.
Today, mobile connectivity is an accepted way of life; however, mobile users must always be diligent and careful with work data and personal data when connected, especially in healthcare when Protected Health Information may be involved.
Whether it is work data or personal data, you own it, so always protect it!
For more information about securing your vendors or employees remote access, you can watch this quick video. Contact me if you want to talk about your specific challenges.