10 Tips for IT Security & Compliance

Rahul Valsan
April 2, 2018

With April Fools’ Day come and gone, there are likely quite a few people still chuckling about being on either the giving or receiving end of an online prank or two. While your April 1st internet hoaxes and jokes were (hopefully!) played in the spirit of fun and games, IT security is never a laughing matter. 2017 was a ghastly year for cybersecurity, with new reports of breaches, stemming from phishing scams, ransomware attacks, malware and the like, seemingly coming out almost weekly. The healthcare sector was a top target for malicious hackers last year, and there’s no reason to believe these attackers will relent in 2018.  Are you doing everything you can to keep attackers at bay? Here are 10 tips you should follow to protect your company and yourself.

  1. Train everyone. Your prime directive should be making sure every employee understands and implements security measures. Simple human error or negligence is one of the biggest threats to security across all industries and can produce particularly disastrous and expensive consequences for healthcare organizations. Security awareness training equips employees with the requisite knowledge to make smart decisions and use appropriate caution when handling sensitive patient data.

  2. Go beyond digital. The physical security of devices is just as important as their technical security. Never leave devices unattended. Avoid public charging stations and Wi-Fi access points, as these can be compromised by hackers who can then easily gain access to all your data. The best way to protect sensitive data (e.g., SSN's, credit card information, student records, health information, etc.) is to keep it off your workstation, laptop, and mobile devices.

  3. Use more than one. Still using one password to rule them all? If so, it just takes one compromised account to allow hackers and crackers to get to all your other accounts. Use a strong, unique password for every website. Yes, that means you’ll have to install and use a password manager, but it’s well worth the extra step considering the alternative.

  4. Stop snooping. Make it extremely difficult for snoopers to track you or take over your private data by using a VPN connection. VPNs work by making your signal completely illegible to any eavesdroppers, whether you’re on a corporate network or a public wired or Wi-Fi network. 

  5. Don’t get caught. Phishing scams are ubiquitous and must be avoided like the plague. Never click links in emails or texts that seem to come from bank, the IRS, or any other institution if they are directing you to perform some type of account verification. If you think the message might be valid, always and I mean always, log into your account directly, without using the supplied link.

  6. Patch the holes. What do Equifax, JP Morgan and Merck all have in common? They were all hacked because of one unpatched system. Keep all applications up-to-date with the latest patches and use more secure, less-targeted browsers such as Chrome or Firefox.

  7. Turn it on. Use 2-factor (or more) authentication. Period. This adds an extra layer of security utilizing a piece of information only the user should know or have immediate access to—such as a physical token or a software key.

  8. Use protection. It’s 2018. Are you ready to handle rootkits, spyware, adware, ransomware, data-stealing Trojans and Malware? Hackers are constantly coming up with new ways to steal data. These days it's all about making money through economic exploitation of both corporations (witness the surge in ransomware attacks) and the ordinary computer user. Install an antivirus solution from trusted vendors on every computer. Never run more than one antivirus tool on your PC or Mac at the same time. The competing programs could negatively affect system performance, cause file corruption, or even lead to a situation where each program identifies the other as a virus, rendering them both ineffective.

  9. Back it up. What happens if your organization loses its data? Data is arguably your organization’s most critical corporate asset, so loss of data can have significant financial consequences—including but not limited to unproductive employees, dissatisfied clients, lost sales, and additional costs. Back up. Now!

  10. ​​Check yourself. Are you putting yourself, your employees, your customers and your organization in danger? One way to find out is to conduct an annual risk assessment. These yearly checks are designed to uncover potential weaknesses in your security policies, processes and systems—before someone else does.

When it comes to security, Talix walks our talk. In addition to following these 10 tips (of course!), we also went through the rigorous process of getting our Coding InSight platform HITRUST certified. We are absolutely committed to ensuring we meet key healthcare regulations and to protecting the sensitive, private healthcare information we handle. Its added confidence for us and, most importantly, for the customers and partners with whom we work.

Rahul Valsan is the Chief Information Security Officer, CPO and Senior Program Manager at Talix
View all Blog Posts