Coronavirus Disease 2019 (COVID-19) will force many healthcare organisations to consider remote workplace options for their employees (VPN), new ways to interact with their patients (telehealth) and third-party communication (video conferencing/file share).
Some options can be secure when implemented properly, though if implemented in a rush or not properly maintained, may pose a significant risk. Your devices and network at work and home must be secure as well.
Top 10 security tips
1. INSTALL SOFTWARE UPDATES
Stop attackers getting access to your network through known vulnerabilities, by regularly installing the latest software. Software updates often contain security fixes and useful functionality.
2. IMPLEMENT MULTI-FACTOR AUTHENTICATION (MFA)
Make sure anyone who logs in to your system has to provide something else on top of their username and password, to verify that they are who they say they are.
3. CHANGE DEFAULT PASSWORDS
Check for default passwords on any new hardware or software. If you find any default credentials, change it to strong passwords. Use a password manager if possible.
4. STAY ALERT ON SCAMS, PHISHING AND RANSOMWARE ATTACKS
Alert employees to an expected increase in phishing attempts. Use trusted websites and services for sources of information. If you need to pay a new supplier or to change bank details, double-check it manually — by phone or text — before you approve any payments. Do this for any unusual or unexpected requests too.
5. BACKUP YOUR DATA
Regularly backup your data. Set your backups to happen automatically and store them somewhere secure offline. You can then restore your data if it’s lost, leaked or stolen.
6. SECURE YOUR DEVICES
Enable security software, like antivirus, to prevent malicious software being downloaded to any device that accesses your business data or systems.
7. SECURE YOUR NETWORK
Configure network devices like firewalls and web proxies to secure and control connections in and out of your network. Use a VPN that uses MFA if you need to remotely access systems on your network.
8. SET-UP LOGS
Logs record all the actions people take on your application, website, server. Set up alerts to notify you if an unusual event occurs. Make sure someone checks the logs when an alert comes in.
9. CHOOSE THE RIGHT CLOUD SERVICES
Select a cloud services provider who will provide the right services for your business. Check their data and security policies. Ask if they’ll do backups and if they offer MFA.
10. CREATE AN INCIDENT RESPONSE PLAN
An incident response plan will help you get your business back up and running quickly if your business is targeted by a cyber attack. Talk to your staff about the plan ahead of time.
Patients First: Cybersecurity advisory for telehealth in response to COVID19