If this were a typical year, we’d be gearing up for family Thanksgiving dinners and office holiday parties. But 2020 looks very different, and businesses that have pivoted to working remotely may be suffering from enough “pandemic fatigue” and personal distraction to let their guard down.
From telehealth appointments on secure platforms to department lunch meetings serving whatever is in your refrigerator, health care organizations and their business associates know the new landscape and may assume they’re savvy enough to spot hackers and bad actors. But as phishing scams grow more elaborate and nefarious hackers become more brazen, taking advantage of our new work environment, remote work may only heighten vulnerability to cybersecurity threats.
Building on our blog series, we have compiled more best practices to protect patients and clients, outsmart cybersecurity fraud and avoid identity theft. It’s easy to become complacent, but we must continue to be diligent.
- Don’t fall for phishing scams. Have you received an email that your password has expired, with a helpful link to reset it? Have you received video conferencing “notifications” that someone is in your waiting room? Have you received a “contact tracing” email from the “CDC” or a panicked request from a colleague requesting your help with an urgent matter? Think before you click: it may be a phishing email. Always verify any request that seems alarming or out of character; demands that you enter personal information; and invites you to click on an attachment. Your IT department will be able to verify legitimate requests and monitor false ones.
- Practice the “principle of least privilege”: Always secure documents containing sensitive information to only those who require access. Opening access beyond this scope invites an opportunity for users, or hackers, to obtain or change information in unauthorized or unwanted ways. Put another way, this principle limits potential damage and impact of ransomware; and places tighter parameters around any investigation or audit that may arise.
- Be mindful of voice recognition technology such as Alexa when you are dictating emails or speaking on the phone. By the same token, never leave sensitive information on voice mail.
- Secure your work files, records and devices as though you are in the office. Lock your devices when you step away, and always obtain permission before you take papers home.
Use encryption technology and other “send secure” best practices when you’re sending or replying to emails that contain personal or sensitive information – even if it adds an extra step or layer of deciphering, and even if you didn’t receive it encrypted. Health care organizations and business associates need to hold themselves to the highest, most unimpeachable standards.