The Internet of Medical Things (IoMT) is constantly growing and the health IT environment is becoming more complex every year. Now, with the bring your own device (BYOD) trend growing, cyber criminals are coordinating more sophisticated attacks to acquire, expose and sell information.
Healthcare organizations have always been extremely attractive targets to cyber criminals, so the increasing use of personal or third party mobile devices highlights a need for the implementation of more robust healthcare BYOD policies and information security technology.
See Related: “Healthcare CISO Explores A Recent Outbreak Of Breaches”
Rules & regulations like the Health Insurance Portability and Accountability Act (HIPAA), for example, are in place to protect and prevent against attacks and other information security vulnerabilities. However, even with updated security regulations, it’s almost impossible to anticipate all of the changes within the cyber landscape.
Here are four main BYOD rules that can work to protect and prevent vulnerabilities across your organization:
1. Establish An Acceptable Use Policy
This may seem like an obvious starting point, but you would be surprised at how many organizations fail to outline a short list of simple rules. It’s incredibly important for your employees to understand what devices they can and cannot bring into the office. Older devices might not have the most updated operating systems and can pose a serious security risk. A simple list of smartphone and tablet brands, models, and version is a great starting point.
Some other policies can include a list of blocked websites and applications, a list of company resources that employees can access from their devices, or a zero-tolerance policy for texting/emailing while driving. If your employees are accessing your networks, then you definitely have the right to implement security requirements. One could password protect the devices, require devices to lock automatically, and even restrict some employees’ access to company files/data. Lay out some disclaimers and do as much as possible to protect your organization’s data.
2. Maintain An Accurate Network Inventory
The process of discovering and mapping out network devices and links is called Topology Discovery. With virtualization and mobile computing becoming more popular, automatic topology discovery is essential for monitoring and identifying failures and bottlenecks. Keeping an up-to-date inventory by using automatic mapping & monitoring technology will ensure your network keeps running efficiently.
Some of the different network discovery protocols and tools include:
Simple Network Management Protocol (SNMP), Active discovery probes, Route Analytics, Ping, Address Resolution Protocol (ARP), Link Layer Discovery protocol (LLDP), and more.
3. Over-the-Air (OTA) Configuration
Also known as Over-the-Air programming, is the method of distributing new software, encryption keys, and configuration settings to devices wirelessly. Devices such as phones, laptops, set-top boxes, and various voice communication equipment (encrypted 2-way radios, etc.) need to be updated regularly with new settings and the latest cyber security software to ensure that they are safe. Updates can be sent immediately across a wide array of devices and is a fantastic way of making sure every device is secure.
4. Unified Endpoint Management (UEM)
With time, endpoints will continue to advance and employees will come and go. This means that healthcare security leaders will need to manage a large number of operating systems and platforms. The only efficient method of managing and securing these users, content, apps, and their data is to implement a Unified Endpoint Management solution. UEM can change and adapt with new technology and new, sophisticated cyber attacks. UEM makes it easier to manage and secure various smartphones, tablets, laptops, desktops, wearable devices/monitors, and the rest of the IoT. Many Organizations are now starting to implement AI platforms to enable endpoints & end users as well as control the flow of content and medical data.
The increasing use of personal and third party mobile devices in healthcare highlights a need for the implementation of more specific BYOD policies and information security technology.
The 2019 Cyber Security for Healthcare Exchange, taking place from May 19-21, will cover topics such as this as well as many others. To learn more, please request an invite for the opportunity to join other CISOs, CIOs, VPs, and Heads of Cyber Security in Dallas, TX at this exclusive event.