There's no question that COVID-19 has changed the game for healthcare organizations. The worldwide response has disrupted workflows and workspaces. This has greatly increased the attack surface against healthcare organizations and telehealth workers.
‘Telehealth' refers to an array of health-related services that are delivered via videoconferencing, streaming media, and other internet- and technology-enabled communications. This type of healthcare has increased exponentially due to the pandemic. Hospitals and clinics can screen patients remotely and offer assistance without bringing them into contact with other people. Emergency departments can isolate patients immediately, allowing a doctor to attend to the patient through video conferencing. A nurse in personal protective equipment (PPE) may visit the room to take vitals or draw blood.
Telehealth is considered an important factor in the strategy to keep local health systems from being overwhelmed during the pandemic. As a result, the U.S. Department of Health and Human Services has relaxed enforcement of HIPAA requirements, and the European Data Protection Board released a statement making it clear that the GDPR allows restricted data to be shared with “competent public health authorities and employers” during a pandemic. This is good news in terms of “flattening the curve,” but it puts healthcare organizations at greater risk of a data breach or other type of cyber attack.
What you can do
The increase in telehealth activity, relaxed regulations, and the dispersion of workers into their homes have given criminals a greater attack surface to explore. Here are five considerations for employees who have just been reassigned to a remote work location:
Enforce endpoint security. A good password is the first step in securing a system, but it's frequently ignored when not enforced by IT. Make sure that the passwords on remote systems are complex and unique, and use multi-factor authentication whenever possible. Require data encryption, prohibit the use of USB and other external storage devices, and maintain endpoint security protection. Make sure the device can be remotely wiped if it is lost or stolen. Enforce network access controls to block devices that are not in compliance.
Provide secure remote access that can support corporate BYOD policies and provide multiple connection scenarios if necessary. A secure VPN should allow employees to access their resources while maintaining a zero-trust network, and should not discriminate between corporate-owned laptops, personal computers, tablets, or smartphones.
Evaluate data protection strategies and communicate changes to employees. If your remote users are able to save data to local devices, they may accidentally complicate your data protection. Employees who aren't used to working remotely might not understand their role in making sure data is saved in the right place. Working teams are also using more collaborative software, such as SharePoint and Teams. Make sure all critical communications are included in data backups or email archives.
Deploy comprehensive email protection. Email is a primary communication tool and has become even more important as workers relocate to their homes. There are several layers of protection necessary to fully protect employees, including an email security gateway, anti-phishing protection, and security awareness training.
Maintain a safe computing environment. Protect your remote workforce from web-borne threats with a web security gateway that blocks malicious websites and files and can provide various levels of access based on user role.
Managing remote IT can be tough, but with the right strategy, your workforce can remain secure and productive.
Christine Barry is Senior Chief Blogger and Social Media Manager at Barracuda. In this role, she helps bring Barracuda stories to life and facilitate communication between the public and Barracuda internal teams. Prior to joining Barracuda, Christine was a field engineer and project manager for K12 and SMB clients for over 15 years. She holds several technology credentials, a Bachelor of Arts, and a Master of Business Administration. She is a graduate of the University of Michigan.
Connect with Christine on LinkedIn here.