By Matt Murren
CEOs are continually sending me the latest news about ransomware, malware, and cyber attacks, wondering what they should do next. You may be surprised to learn that I usually tell them to disregard it.
That’s not to diminish the fact that these risks actually exist. Rather, I tell them they should instead focus their attention on the basics of healthcare IT security. Because if you’re focused on building a sustainable security program, you don’t really need to worry about the latest threat or attack.
Of course, none of us wants to have our data compromised. Nobody wants bad press or PR. But when I talk to overly-concerned CEOs and other business owners, I always remind them they should instead focus on the core tenets of security – what they call in IT security the ‘CIA triad’ – Confidentiality, Integrity, and Availability. And the best way to do that is by building a security program from the ground up.
The Key to Protecting Your Organization is a Strong Security Program
Your biggest security risk primarily centers around the individuals within your organization. Knowing this, the key to protecting yourself against threats is a strong security program. While it won’t happen overnight, you can build it step-by-step as long as you have the following pieces in place:
- Good policies and procedures
- Training and awareness programs
- The core fundamental security pieces
- A defined security program that you’re continuously building upon
Start by laying your foundation with policies and procedures, including how they relate to your healthcare IT administrative controls. You already have policies and procedures in place that protect you around HIPAA. So from there, build your program one layer at a time. Work with your in-house or outsourced IT teams to help you with critical tasks like monitoring, auditing and logging, creating solid DR plans, and ensuring your data is backed up.
Pay Attention to The Security Basics Instead of The Latest Threats
If you start building a core security program for your business, you don’t need to worry about the latest and greatest security measures. Of course, you need to have antivirus tools and backups of your data. But worrying about current newsworthy security threats on a regular basis isn’t going to get your security program – which is ultimately what helps you manage risk – one step further.
So before you forward that next news article or press release about ransomware attacks on other healthcare organizations, I would strongly encourage you to take a step back and assess your own risk management program instead. Examine where your security program is today. It just might be what’s really worrying you.
Matt Murren is a Cyber Security (CISSP) expert and is the CEO and co-founder of True North ITG, a leader in providing Healthcare IT and Cloud Services. Contact us to learn how we can help you reach your healthcare security and business goals.