October is National Cybersecurity Awareness Month and the emphasis focuses on the mantras of Own IT, Secure IT, Protect IT. In last week's blog, I focused on "Own IT" as it relates for Remote Access Security. This week I will focus on "Secure IT". A key to securing it (and in this case, "it" refers to Protected Health Information) is realizing that there are tools for healthcare IT available to help us live and work in a mobile society.
I grew up hearing (and later believing) that two heads are better than one. The reasoning is that two people looking at a problem or challenge can come up with a better solution or see the problem quicker.
There are many lessons in life around two being better than one; look at redundancy in IT for example. Critical servers are replicated for improved uptime, backups are replicated in case one fails. And that’s the key – two eyes, two servers, two backups are all intended to reduce the chance of a failure.
So, one specific example of where two is better than one is using Multi-factor Authentication (MFA) for vendors or employees who are accessing your network remotely. Using the NICCS definition, MFA is a security process that requires more than one method of authentication from independent sources to verify the user’s identity.
You may see MFA referred to as two-factor authentication or strong authentication. Google, Microsoft and Apple adopted MFA several years ago to protect their customers personal data. If you’ve not enabled this tool, I urge you to do so.
MFA is based on three categories of credentials:
- Something you know, such as a password, passphrase or PIN number
- Something you have, such as a security token, an authentication app, verification text or email
- Something you are, such as your fingerprint, facial recognition or voice recognition
MFA is especially important when you have users (either vendors or employees) accessing your network remotely. We all know that threats from hackers are on the rise, specifically when it comes to third-party breaches.
One way to help stop third-party breaches is with MFA. A hacker may be able to capture a user name or password for a third-party system, but they will not be able to complete the final step of authentication provided through MFA.
Another example would be if an employee no longer works for an affiliated physician office, and you don't receive notification to terminate their access to your network. With MFA in place, they wouldn't be able to complete authentication, therefore stopping them from wrongly accessing Protected Health Information (PHI).
If you have questions about Multi Factor Authentication, remote access security, or cybersecurity in general, feel free to set a quick meeting with me, I would love to talk with you about your challenges.