Change. It’s a word that has become a part of our everyday vocabulary this past year.
No matter what your business looked like before 2020, chances are it doesn’t look the same today. And no matter how much you wish to return to “normal,” those days aren’t coming back.
Remember when people came in for a full day of work? Remote working and virtual care were still more of an exception than the rule. Those days are gone. A new survey by Envoy suggests that:
61 percent of office workers
61 percent of employees in healthcare, medicine, and pharmaceuticals
52 percent of Gen Zers
48 percent of millennials
state they will never return to offices the way they were. They want remote work, or a hybrid between working at home and the office, and they aren’t afraid to find a new job to get it.
That changes everything, including production and security. Employees still have the same job to do. How will they ensure the data stays safe?
Establish a security culture
Every piece of your business is effective because you’ve built a strategy to ensure it works for you. If you leave something to chance, success rates drop exponentially.
If you don’t create a security culture, your employees won’t understand it, and won’t practice it. That leaves you vulnerable. Ask any security professional out there, and they will tell you that the weakest link in any security strategy is the user.
While every security culture is different, there are some obvious inclusions:
Education and training must be ongoing
Those at the top must set a good example for those below
Accountability must be at the root of the strategy
Manage devices and programs well
When you buy a new phone, what controls are in place? Do you understand all the nuances in a new software package? What features are best in a new platform that ensures your data is secure?
We buy new devices at a rapid pace these days. Yet every device with internet access comes with its own set of protocols. Do they match your security strategy? Do they keep you secure … or leave you vulnerable?
Programs often come with default settings. These can be configured to ensure your systems stay secure, but only if you know what’s important. And those periodic updates and patches you’re reminded of each day can open up new pathways that leave your data and EHR data vulnerable.
This is a tough subject to tackle in a few paragraphs. There are many nuances to keeping your systems, devices, and data safe every day. You’re the one responsible for it in the end. If you aren’t comfortable with how your team handles all the resources, it’s time to build a strategy that gives you peace of mind.
Create a plan for the unexpected
A flood. An earthquake. A breach. A pandemic.
We have evidence that each of these is a potential threat, all of which can happen at any time.
We might never have any of them impact our business, yet history shows eventually, we will.
What protocols are in place to ensure essential records and other vital assets are protected if one or more of these occur? There are two essential parts to this: maintaining backups and having a recovery plan.
Whatever backup plan you have in place, it must be stored safely so that it can’t be wiped out by the same event. It shouldn’t be stored on-site, and should be a viable option to be called upon as needed.
You should also have a plan that walks you through recovery in the event the worst happens. Who has access to this plan? Do more than one of your team members understand the protocols?
Control access
Every system in place, every platform you’re on, every device you release to an employee, every vendor you let into your location, they all are touchpoints that can put your data at risk.
If an employee quits, what’s the protocol? If a vendor gains access for required use, how do you monitor and remove that access when it’s no longer needed? If users have access, how is that monitored?
Time can be your biggest enemy when trying to keep your systems secure. Over the years, dozens, hundreds, even thousands of people may have access for various reasons. Without proper monitoring, backdoors can be accessed at any time, and allow people in.
Remember, users are always the weakest link. The more you focus on controlling access, the greater chance you have of disarming problems before they occur.
For IT Strategy, Cloud Conversion, or Help Desk Services reach out to us at Silver Linings Technology 360-450-4759.
