Serving the home health, home care and hospice industry since 1999.
by Darcey Trescone, RN, BSN
Remote working can create cybersecurity problems for employers and employees. To accommodate the need for social distancing related to COVID, many of us have moved from a secure office environment to working where home-level security used to be "good enough." The change to remote work has been sudden and, without appropriate security protocols in place, poses many risks.
"There are always new scams to be aware of, and with our current environment, many of us are just trying to keep our businesses alive," Tahnee Puckett, Director of Security for Digital Monitoring Products, told us. "Security may not have been our top priority with remote workers, and this is what these cyber crooks are anticipating. Experts predict that 2020 will be a record high for cyber-attacks globally."
Awareness and preparedness are both vital, according to the EU Agency for Cybersecurity's Executive Director, Juhan Lepassaar, in a news article titled, "Top Tips for Cybersecurity When Working Remotely." Lepassaar recommends staying up to date on the latest threats and to check the following basics for every remote worker:
In addition, Lepassaar recommends employers should:
There are always new scams to be aware of, and having a solid security plan in today's environment is key to protecting your organization. Performing a security risk assessment across your organization can help quickly identify potential holes in your security infrastructure that need to be addressed. Puckett added, "If you do not have this talent in-house, these resources are available for hire. When hiring a security company, it is essential to screen for their experience with risk assessments, ask for references, and read company reviews to ensure they will be a good fit for what you need."
Merely handing out laptops to accommodate a work-from-home strategy is risky. "A good security policy helps to mitigate risks through protocols and education," Puckett continued, adding, "Ensure your current remote-work policy includes the following:"
Communication and education with employees about phishing and malware campaigns is essential. Phishing scams are the most prevalent, and the hardest to physically block with security tools. They are as simple as a spoofed email, document, or link that an employee clicks. These scams are built to deceive, and when a user clicks on the document or link, malware gets installed on the machine. Phishing attacks rely on gullibility and carelessness and can only be stopped with enhanced awareness, not with firewalls or anti-virus software.
"COVID-19," "Back to School," "New vaccine," "Work-from-home," are all popular topics for phishing attempts today. Cyber crooks are hoping the user will click before they think, counting on emotion or curiosity defeating what they have been trained to do. Puckett continues, "Executives and even regulatory bodies are targets. Cyber crooks will spoof their identities and send fake emails to employees that appear to be from the boss but are not."
She added, "Communication and collaboration channels must be secured, and vigilant IT support is a must. To ensure regulatory compliance with remote-work, security policies organizations must:
There are many helpful websites that provide information about Cybersecurity threats, including what they are, how to mitigate risk, and what to do if your organization is attacked. Here is a short list to get you started:
Cybersecurity and Infrastructure Security Agency
National Institute for Standards and Technology (NIST)
Darcey Trescone is a Healthcare IS and Business Development Consultant in the Post-Acute Healthcare Market with a strong background working with both providers and vendors specific to Home Care and Hospice. She has worked as a home health nurse and held senior operational, product management and business development positions with various post-acute software firms, where her responsibilities included new and existing market penetration, customer retention and oversight of teams across the U.S., Canada and Australia. She can be reached at email@example.com.
©2020 by Rowan Consulting Associates, Inc., Colorado Springs, CO. All rights reserved. This article originally appeared in Home Care Technology: The Rowan Report. homecaretechreport.com One copy may be printed for personal use; further reproduction by permission only. firstname.lastname@example.org