First observed in 1988 when a nasty computer worm took down 10% of the computers connected to ARPANET (the predecessor to the Internet, developed by the US Department of Defense), the 30th of November is coined the International Computer Security Day (ICSD).
Millions of IT professionals across the world attend conventions together to share experiences and knowledge with the goal of raising awareness and promoting the best practices in Information Security… but why does it all matter and what is the real purpose of recognising an International Computer Security Day?
Information is an organisation’s most important asset and healthcare organisations are responsible for managing very personal and sensitive data about their clients and employees!
The nature of the data kept by healthcare organisations makes them a highly lucrative target for cyber-criminals.
The most common uses of stolen data include fraudulently filling prescriptions and billing for care.
A survey looking at the Australian healthcare sector found an average of 2% of the ‘technology’ budget allocated to computer security, which was significantly less than the average of 20% found in other industries.
The survey presented some other very interesting findings:
- Healthcare is the #1 most breached industry
- 72% of the harm caused is ransomware
- Ransomware is a type of harm caused where important information is locked and the victims must pay the attackers for a key to gain access back
- Email is the #1 way in which a cyber-criminal targets healthcare organisations
- Healthcare employees are 40% more likely to click suspicious/infected emails
- Healthcare is the #1 industry where employees are the predominant threat
Information security in healthcare
Healthcare workers have a very busy and important routine in the workplace; it is unreasonable to assume that everyone working in the sector has sufficient knowledge about securing sensitive data and higher-level computer security practices, after all, how will that information help poor Jean recover from a nasty fall?
When it comes to the nitty gritty software side of things, AutumnCare prioritizes security very highly.
We’ve put together some tips you as an individual can learn to strengthen the security of your organisation’s data.
Your account is your account, keep it that way!
It is very important to remember that everyone has his or her own account for a reason.
If you are leaving the workstation, take extra time to ensure you have logged out of any active software you are using.
If a colleague asks to borrow your account, be very clear about saying no, regardless of their request.
Do not share your password. Ever
We learned above email was the #1 way for a healthcare organisation to be targeted, sending a password over an email is a very easy way to expose your organisation.
A good rule of thumb is never write passwords down in plain text unless you dispose of it immediately after use or have a good way to secure it.
This also extends to verbal conversations in person or over the phone.
Use a passphrase, not a password
The National Institute of Science and Technology recommends that your password should actually be a passphrase!
Using a series of words with numbers is mathematically harder to guess than using a password consisting of random numbers/letters.
This has the added benefits of being easier to remember and easier to create different passwords for different uses.
Don’t be afraid to speak up
If a computer security incident occurs, do not be afraid to tell others something “weird” has happened (even if you cannot explain it properly!) – Your organisation should have a policy in place for this kind of event and you should familiarize yourself with the key contacts (whether that is a nominated person/people in the organisation or your IT team).
Feed your curiosity!
On the outside, computer security looks like a black box, but it is actually very easy to start learning about good computer security practices!
A good start would be to search some popular terms to find out what they actually mean (here are a few examples);
‘Malware’, ‘Computer Worm’, ‘Phishing email’, ‘Ransomware’.