#1 Task for Healthcare Cybersecurity: Work on Culture

It’s people who form the heart of the healthcare industry. But it’s also people who can put your institution at risk and jeopardize the care and trust of your patients.

You can put together a great cybersecurity strategy and deploy the latest network security technology. But data reveals that it is employees who introduce risk into your system. Almost all phishing attacks that led to a breach brought with them malware, and 28 percent were targeted, according to the 2017 Data Breach Investigations Report from Verizon. That’s a lot of viruses attacking your healthcare network. But what if you could turn that around and make your employees your best defense?

Employees as a Defense

Management guru Peter Drucker noted, “Culture eats strategy for breakfast.” If you’re in a healthcare environment where the brass doesn’t have to listen to rules made for others, departments clash on cybersecurity goals and employees don’t own the cybersecurity process, that culture is going to eat all your security plans.

To change these counter-productive dynamics, start at the top where culture mandates are set. Get the C-Suite on your side. When it becomes known that one of the key business objectives is security, everyone will take notice. If your CEO can publicly model good cybersecurity hygiene, even better.

Once you have the C-Suite watching your back, take these steps to change the culture of your healthcare operation to one that embraces cybersecurity across the organization.

Steps to Creating a Strong Cybersecurity Culture

  1. Start first with assessing cybersecurity attitudes and ownership. How does your enterprise look at security? Is it someone else’s job? Is noting a security flaw something for which staff will be penalized? Are there rewards for good cyber hygiene and calling out when it is breached? Knowing where the problems will help you come up with tactics to fit your strategy.
  2. Put together a plan. What do you want your culture to be? This can depend on what is already in place.  You should create an atmosphere where employees report breaches quickly, make sure they know how and where to report problems – without retribution. Recruit helpers in each department who can help turn the culture your way.
  3. Communicate your plan effectively. Some of this goes back to the assessment you’ve made of your culture.  Don’t come in with doom-and-gloom headlines from national stories if you’re going to be laughed off; Don’t make light of the situation where a serious tone will suit.
  4. Train everyone. Once you have a plan in place that has been communicated well, teach everyone – the bosses, the healthcare professionals and the people making invoices all need to know the latest threats, the most recent tactics criminals have used successfully and consequences of not following good cyber-hygiene.
  5. Celebrate your successes. Know that turning a culture around includes making noise when it works – celebrate the successes you have with your own IT and with the broader healthcare system – make the entire enterprise part of your team.

Having a good security culture will help you sustain the clearly-defined cybersecurity strategy that is essential to fighting advanced cyber threats. With people and technology working together, you now have a team on your front line.

Tec-Refresh offers the expertise and best-of-breed cybersecurity technology you need to reinforce the efforts of your cyber-aware workforce. Contact Tec-Refresh to learn how we can help you achieve cybersecurity cultural change.