How to improve your organization’s cybersecurity training

Today’s healthcare industry today is vastly different from what it was just five years ago. While changes in government regulations have had a major impact, the more stunning evolution has to do with the use and reliance on technology and big data.

Healthcare organizations of all types integrate leading-edge hardware and software solutions into everything that they do. It requires a massive investment, and is driven by two primary objectives:

• Improve quality of care. An array of new mobile devices enables providers to gather and analyze data of all kinds—from diagnostic details to treatment records—and they can apply this knowledge for treatment and service faster than ever before.
• Increase productivity of providers. State-of-the-art information management systems enable providers to capture a broader range of service and operating data in increasing depth in order to refine patient care and streamline business processes.

The motive behind these goals is clear—to create competitive advantage. By capitalizing on advanced technology, healthcare practices can see more patients in the same amount of time and deliver more satisfying outcomes for both parties.

While improving patient care and their own bottom line, increased reliance on technology and data also escalates risk. The more technology an organization implements, the more its patient community (i.e., personal data) and business operations are exposed to cyber threats, such as ransomware, fraud and identity theft. In fact, according to a recent Ponemon Institute survey, 89 percent of providers reported that they were a victim of a data breach within the past two years, and 45 percent said they experienced five or more data breaches over that two-year span.

See also: Survey: No slowdown in healthcare breaches

So how can healthcare organizations that want to remain competitive and improve patient care through the use of leading-edge technology improve cybersecurity? The answer is by providing comprehensive employee education, which:

• Targets the top threat to security, which is “insider negligence,” according to the Ponemon Institute.
• Addresses the top weakness of organizations—lack of training. A recent study by Shred-IT and Ipsos shows that 78 percent of U.S. small businesses and 51 percent of C-suite respondents conduct employee training on their information systems procedures once a year or less.
• Empowers employees to support both goals of tech investment identified above.

But simply providing education isn’t going to resolve the problem. There are secrets to successful cybersecurity training that organizations should follow:

• Involve everyone at all levels. No level of an organization should be exempt from cybersecurity training, especially the firm’s leadership. In fact, having buy-in from top management who participate in training programs clearly demonstrates the importance of the issue.
• Design interactive programs. Handing out manuals or distributing slideshows alone won’t make much impact or send the right message about the urgency of the issue. Engage staff by working with them one-on-one whenever possible and conducting a lot of Q&A.
• Require commitment, enforce accountability. Equip staff with tools and clear instructions, and then solicit formal commitment to use those measures moving forwards. To thwart complacency, there should be some form of concrete accountability if individual or organizational adherence to policy grows lax.
• Eliminate ambiguity. Identify specific actions that pose risks, such as using random flash drives, and provide precise instructions for avoiding those dangers. Communicate this information to the company on a regular basis. Cyber crooks work fast to develop new attacks; you should work fast to keep pace.
• Make training continual and vary techniques. Like any set of good habits, best practices in individual cybersecurity need repetition and reinforcement to take root. Stage training sessions more than once a year, and conduct other activities in the interim, such as newsletters, alerts, security checks and more.

Top 10 data security technologies It also makes sense to reach outside your organization for help, and to engage IT service providers and other vendors to support your training efforts. The complexity of management and scope of data is no longer contained inside your physical or virtual walls. The Ponemon Institute survey I cited illustrates this last point, finding that 61 percent of healthcare provider business associates reported a data breach during the last two years. Outside experts can provide insight on a diversity of technology devices and platforms needed to cope with this reality.

Healthcare organizations are making substantial investment in technology to improve quality care and increase productivity. To protect this investment, providing comprehensive and frequent cybersecurity training for their staff only makes sense.