The Desire to Help and Security

As human beings, we are programmed with a desire to help others in need, but this is one of the reasons that hackers are so successful in infiltrating our networks.

This week the Black Hat Conference takes place, followed by DefCon (in its 25th year); both cover the security landscape and feature plenty of insights into cyberattacks and ways of preventing them. The keynote at DefCon this year is focused on “Making Security Work for Everyone” and features Alex Stamos the chief security officer for Facebook. Last year I was lucky to be in the room during the Social Engineering Capture the Flag (SECTF) competition at DefCon 24, when the winning participant was on stage.

Each year SECTF participants compete to extract information from a list of target companies over the phone simply by using clever subterfuge and social engineering skills. It was an eye-opening experience to witness the ease with which a complete stranger was able to create a trusting relationship with an employee in the target company and obtain a large amount of information (you can read the details of the competition, targeted companies, and the information contestants were asked to gather online here). 

This approach, leveraging social engineering, is not the end game for cyberattacks, but it is increasing in use and even being automated. The use of artificial (or augmented) intelligence (AI) is being explored in many fields, and hacking is no exception. Security companies are using AI to help automate protection, but there is no reason hackers won’t use the same approach to increase the number and sophistication of their attacks.

Security is Everyone’s Responsibility

The intent of the aforementioned competition is to expose risks and educate individuals and employees about them. Investing in education regarding company security fulfills a corporate goal but is a bit like offering health insurance to employees: it gives them value as well. Not only are they better-equipped to protect the corporate assets and information, but they are better positioned to protect their own personal assets and finances.

We don’t hear too much in the news regarding the “Nigerian 419 Scam” – but that’s not because it isn’t impacting people. As this chart shows, the scam resulted in the collection of $12.7 billion in 2013 alone.

Dr. Nick article 072517

We remain under constant attack, with variations of these approaches and other methods like phishing, vishing, and smishing (email-targeted attack, voice-targeted attack, and SMS-targeted attacks, respectively). Security needs to be everyone’s responsibility and has to come from the very top of the organization. It’s the same for any family. In my household, I invest a lot of time explaining these attack vectors and sharing stories of individual and corporate failures and losses that came as a result of poor security. I never miss an opportunity to use examples from all around me to illustrate why security matters and what you can do to achieve it.

The same should be true in any corporate environment: security needs to come from the board and CEO down. It can’t be an edict that applies just to employees while senior leadership is either ignoring or even bypassing the recommendations and training. Companies that have clear security guidelines and equip their employees to deal with potential attacks perform better and have lower risks of being breached. 

Incremental Improvements for Employees in Managing Security

The recent WannCry ransomware outbreak that was closely followed by the Petya outbreak that swept around the world and crippled many companies and services offered a window into future potential challenges and raised awareness regarding security. Here are my suggestions for incremental improvements:

  • Make security a top-down primary focus for your organization.
  • Offer training to your employees on security attacks and mitigation.
  • Train and encourage everyone to question information requests so they can make good decisions.
  • Make learning about security fun and practical.
  • Help everyone understand the value of information in the context of security.
  • Consider developing simple security protocols that are easy to learn and follow.
  • Test your security.

Do you have any other suggestions? What small change have you seen that makes a big difference when it comes to improving security in your organization, and in healthcare in general? What one thing could we do that would have a big impact in this area?

Please don’t hesitate to contact me with suggestions.

Print Friendly, PDF & Email
Facebook
Twitter
LinkedIn

Related Stories

Confusion Reigns over Application of G2211

Confusion Reigns over Application of G2211

Although the effective date for billing Office and Outpatient (O/O) Evaluation and Management (E&M ) Visit Complexity Add-on Code G2211 was Jan. 1, the Centers

Read More

Leave a Reply

Please log in to your account to comment on this article.

Featured Webcasts

Leveraging the CERT: A New Coding and Billing Risk Assessment Plan

Leveraging the CERT: A New Coding and Billing Risk Assessment Plan

Frank Cohen shows you how to leverage the Comprehensive Error Rate Testing Program (CERT) to create your own internal coding and billing risk assessment plan, including granular identification of risk areas and prioritizing audit tasks and functions resulting in decreased claim submission errors, reduced risk of audit-related damages, and a smoother, more efficient reimbursement process from Medicare.

April 9, 2024
2024 Observation Services Billing: How to Get It Right

2024 Observation Services Billing: How to Get It Right

Dr. Ronald Hirsch presents an essential “A to Z” review of Observation, including proper use for Medicare, Medicare Advantage, and commercial payers. He addresses the correct use of Observation in medical patients and surgical patients, and how to deal with the billing of unnecessary Observation services, professional fee billing, and more.

March 21, 2024
Top-10 Compliance Risk Areas for Hospitals & Physicians in 2024: Get Ahead of Federal Audit Targets

Top-10 Compliance Risk Areas for Hospitals & Physicians in 2024: Get Ahead of Federal Audit Targets

Explore the top-10 federal audit targets for 2024 in our webcast, “Top-10 Compliance Risk Areas for Hospitals & Physicians in 2024: Get Ahead of Federal Audit Targets,” featuring Certified Compliance Officer Michael G. Calahan, PA, MBA. Gain insights and best practices to proactively address risks, enhance compliance, and ensure financial well-being for your healthcare facility or practice. Join us for a comprehensive guide to successfully navigating the federal audit landscape.

February 22, 2024
Mastering Healthcare Refunds: Navigating Compliance with Confidence

Mastering Healthcare Refunds: Navigating Compliance with Confidence

Join healthcare attorney David Glaser, as he debunks refund myths, clarifies compliance essentials, and empowers healthcare professionals to safeguard facility finances. Uncover the secrets behind when to refund and why it matters. Don’t miss this crucial insight into strategic refund management.

February 29, 2024
2024 ICD-10-CM/PCS Coding Clinic Update Webcast Series

2024 ICD-10-CM/PCS Coding Clinic Update Webcast Series

HIM coding expert, Kay Piper, RHIA, CDIP, CCS, reviews the guidance and updates coders and CDIs on important information in each of the AHA’s 2024 ICD-10-CM/PCS Quarterly Coding Clinics in easy-to-access on-demand webcasts, available shortly after each official publication.

April 15, 2024

Trending News

SPRING INTO SAVINGS! Get 21% OFF during our exclusive two-day sale starting 3/21/2024. Use SPRING24 at checkout to claim this offer. Click here to learn more →