With so much data being created, sometimes it’s hard to tell what’s sensitive data and what isn’t, what’s a risk to it and what’s not. This can be especially true if you don’t work in IT or Compliance. But if you’re an employee who uses a computer, sends and receives email, texts, uploads or downloads information, you may be touching PHI or other sensitive data every day and not realizing it.
And why would you? Most employees aren’t clear on what is and isn’t sensitive data, because it often hasn’t been classified by an employer. If your CEO, Compliance Officer or CTO hasn’t held a privacy and security training lately, or explained what ransomware is, how to spot a phishing email or outlined cybersecurity best practices, you’re probably going to be out of the loop. Let’s change that.
How to Create Your Own Cybersecurity Best Practices
Speak up and ask for definitions – or put Google to work. Do you hear a lot of acronyms and jargon that you don’t know the meaning of? Spearfishing, whaling, screen scraper, BYOD - go ahead and ask, you need to know!
Learn what constitutes sensitive data and what doesn’t. Plus, how your job relates to working with it. You don’t need to be in IT or part of the compliance team to care about cybersecurity. Everyone is affected when there’s a data breach.
Take the offered privacy and security training. Every time it’s offered. You may think once is enough – it’s not as entertaining as a summer blockbuster – but threats change rapidly. Just being aware of what’s out there can change how you approach your role.
Use personal devices for personal email, apps, chat, social media. (A side note on social media: only post information you don’t mind everyone in the world seeing.)
Lock your screen. Did you know that if you leave your computer screen unlocked, you’re responsible for anything done under your login? That means anyone strolling by, yes, but it could also mean someone waiting remotely for an unguarded login.
Count before you click. Sounds silly but it could totally work – before you click on that link, count to 10. Then think again. That hilarious cat video may be malware in disguise.
Get creative about your work password. Use it only at work, too. Malware regularly steals login info from shopping sites. What’s good for Amazon isn’t good for work.
Turn on automatic updates. It’s not just about software but security updates that can really bar the door to ransomware.
Follow company policy on social media, privacy and security. If you’re not familiar with the company policy, ask HR for a copy to review. You may be surprised.
So, although you may not be an IT employee, you can be a cybersecurity champion! Yes, it sounds a little corny. But senior management have their hands full, and aren’t always as on top of what’s happening on the front lines with healthcare and other sensitive data as the people who touch it every day. A company’s employees can be its weakest link or strongest defense. Why not be a champ?
Not sure where to start?
The NIST Guide can help. We can also provide you with a free copy of Ostendio’s password policy, as an example. Just contact us at firstname.lastname@example.org.
Avoiding the Hidden Pitfalls of Security Audits
In this webinar, see the 5 most common pitfalls of security audits and learn how you can avoid them with the power of MyVCM CrossWalk Assessments.