Each week for the month of October, we will take a new perspective to the NCSAM topics and give insight into more improved options.
This is supposed to be Week 3: RETAKE ON NCSAM: “SECURING INTERNET CONNECTED DEVICES IN HEALTHCARE” : The challenges facing healthcare in staying cyber secure are partly due to old training techniques and a we need to take a new approach.
But this is not an article. This is a letter to you from me. Why? Because I ran out of time…
And that’s what made me realize this article was the most important of all. Not that it’s about cybersecurity in healthcare, it’s not. What’s important is understanding we all run out of time. The increasing demands of work, life, and — apparently sometimes — a pandemic can really stretch a schedule to its breaking point. The truth is, we all feel this from time to time. More often than not, there is not enough time for everything.
This is not just one of the biggest problems in healthcare. It is one of the biggest problems across industries. We run out of time, and proper cybersecurity takes time. For employees to do the added checks to not fall for phishing scams, it add minutes onto tasks each hour. Those minutes add up. Trusting things are as they seem or using unapproved apps and personal devices can make things go faster for the employee, but it also increases company exposure. The employee only sees that it saves time, so very often they overlook the risk.
“Almost three-quarters of VPs and C-suite IT leaders think that remote workforces present a higher security risk than on-site employees. They’re not wrong. More than 75 percent of remote employees don’t take any privacy measures when working in a public space, making them easy targets for hackers. Furthermore, nearly half of all remote workers say they transfer files between personal and work devices” This puts company data at risk. In the long run, what saves time will take more time and money to fix than doing it right the first time. There is a lot of irony in that.
Earlier this year, there was an article that discussed why healthcare is preforming poorly at cybersecurity. It centered on the idea that doctors measure risk differently. It turned out that it’s not about that. It’s about the same problem every company and industry has: “a limited amount of personnel and resources. And often the first area to get cut or bypassed can be IT.”
There is not enough time (or money) for everything, so what we prioritize matters. Cybersecurity is a priority, and if it isn’t it should be — it has to be. To show cybersecurity as a priority, upper management and executives have to demonstrate that it is important and a core part of the organization. There has to be an investment in time and training — but in training that actually does something, creates a skill, changes a behavior, empowers the employee.
All people gravitate toward what is easiest and most convenient. Keeping people skilled enough to find doing what is best for everyone’s security the easiest and most convenient thing seems a great solution for that. There’s a way to do that. Stronger has been working on new solutions to address this issue — and I look forward to sharing it with you later this year. It will be worth the wait.
Don’t miss next week’s conversation with a fresh perspective on week four’s theme: The Future of Connected Devices.