Working remotely has become commonplace for healthcare organizations during the COVID pandemic; bringing new challenges as organization’s work to balance functionality with security. When working remotely, your organization and your staff must access the same internal services, applications, and information as if you were physically at the office; which introduces new vulnerabilities, necessitating the implementation of security precautions to prevent threat actors from taking advantage.
Understanding The Threats of Remote Work
Remote work will increase the likelihood of compromises to your clinic’s sensitive information. Threat actors will use numerous methods to target remote workers:
Physical access: If an employee leaves their device(s) unattended in public, threat actors can tamper with or steal them.
Phishing: A threat actor emails, texts, or calls potential victims, posing as a legitimate organization requesting sensitive information (e.g. passwords, credit card numbers).
Social engineering: Threat actors gather information about your clinic, or an employee, or patient, online (e.g. corporate website, social media accounts) to craft a targeted phishing message.
Ransomware: A threat actor uses malware to access a device and the data on it and then denies access until a sum of money is paid.
Wireless hijacking: A threat actor spoofs a Wi-Fi network by creating a network that uses the same name as a legitimate one (e.g. a coffee shop’s public Wi-Fi network).
Eavesdropping: Threat actors listening to Wi-Fi traffic records online activities and account passwords.
Traffic manipulation: If a mobile device is infected with malicious code, a threat actor will insert their own traffic, influencing data and obtaining access to your organization’s network.
Managing Mobile Devices
When working remotely, whenever possible, your employees should use clinic owned devices. Remind employees to follow your clinic’s policies and use devices for work purposes only. If employees are using personal devices for work, please keep the following risks in mind:
Lack of security updates: Personal devices may not be updated or patched regularly, leaving vulnerabilities unaddressed.
Weak password practices: Personal devices may not be protected with a PIN or password, and even if they are, easily guessed PINS or passwords are often used.
Loss of control over information: If used for work purposes, personal devices may hold sensitive clinic or patient information that you cannot manage appropriately.
Remind employees to follow security policies (e.g. storing clinic or patient information in clinic’s repositories) when using personal devices, and communicate best practices for securing devices, such as enabling multi-factor authentication, to never leave devices unattended in public, and use anti-virus software.
How BlueBird Can Help You?
Two ways we will help protect your clinics digital assets and computer infrastructure from malicious attacks:
Non-Technical
You may be surprised; most hackers rely on non-technical or low-tech methods to gain access to your network. Often using social engineering tricks, they will try to get you to click on a link, open an email, visit a website, divulge a password, or other personal information. To help you anticipate such tricks, we regularly publish security articles in our newsletters and on our website. We encourage you to read in detail those newsletter articles or visit our website News Section to learn more about action you can take to protect your network, while working from home.
Technical
Normally for computers not on a monthly support plan, any efforts to protect external devices you and your team use to work remotely will be on a best effort basis; however, we can offer you an added level of protection by adding these devices to our Remote Devices Security Plan. Providing you peace of mind your malware and antivirus software will be monitored by BlueBird; as well, all manufacturer security updates and patches*.
Please contact our team at 888.930.9933 option 1 for more information, we look forward to hearing from you!
*Remote devices must meet certain operating system requirements to be supported under this plan.