Guest post by Tim Cannon, vice president of product management and marketing, HealthITJobs.com.
A study, early this year, found that more IT employers are offering their employees flexible work options. But in the wake of security and data breach, is it worth the risk in health IT?
A report published by the Ponemon Institute in September 2014 revealed 43 percent of U.S. companies surveyed experienced a security breach in the past year, up from 33 percent in 2013. Healthcare organizations are a prime target for cyberattacks, according to a report from the Identity Theft Resource Center. Health and medical companies suffered the most breaches in 2014, accounting for 42.5 percent of reported cyberattacks.
Here are some of the biggest risks health organizations face with a virtual health IT workforce, and how to keep patient data safe:
Hillary Clinton recently came under fire for using a personal email address for government business during her time as secretary of state. Not only did her exclusive use of personal emails violate federal record-keeping laws and practices, but also put sensitive information at risk. Her actions remind us that employees are using their personal email accounts for work, whether their employers are aware or not.
Health IT professionals who work from different locations and from different devices could be sharing unencrypted data over their personal emails without password protection. They could be sending work emails from a personal account on their phones or home computers because it’s more convenient than connecting to their work accounts.
Set clear policies on email use and remind employees of the importance of password protection when sending sensitive information.
To accommodate the remote workforce, networks and cloud-based data storage systems can be accessed from any location. But more employees using the network and accessing data from different places makes it easier for hackers to access the information as well.
Remote workers usually operate out of their home offices. This means they are using their home network, which is usually much less secure than the office network. Sometimes, they also work out of Starbucks and other public spaces that have unsecure Wi-Fi networks. These places also do not have standard security protocols, which means all the data is unencrypted and easy for hackers to steal.
The underlying software of the network needs to be secure, no matter where employees are working from. Securing cloud-based systems is also extremely important. Making sure your servers are up to date with service packs and software updates is critical to close potential holes in your network. Having a strong virtual private network is critical to protect patient information and other sensitive data. Invest in highly protected providers, encrypt sensitive data, and diversify your passwords to avoid security breaches.
Multiple mobile devices means multiple risks
As more employers allow IT employees to work remotely, many have established “BYOD” policies, or policies allowing employees to bring and use their own personal devices for work. Employers have debated whether this practice is secure, but most still allow employees to use their own devices.
However, in a survey of office workers from the U.K. and Germany conducted in the summer of 2014 by Imation, nearly 40 percent of respondents said they or someone they know personally has lost or has had a device stolen in a public place. Among these lost devices, 75 percent contained work data including confidential emails, files, and customer information.
In addition, remote employees are transferring data between work and personal devices, further compromising security. The survey found that 75 percent of respondents have taken digital files with them outside the office, but 44 percent fail to encrypt the data before doing so. IT professionals were the most likely to take data from the workplace.
If employees use their own devices for work, set strong policies and procedures in place. Employees should sign waivers to allow the company to wipe their personal devices remotely if there is a security problem or when they leave the company. Educate employees about these policies and stress secure practices when onboarding new hires.
What other measures can help keep data safe with a remote IT workforce?