Aaron Collins: A lot of these attack vectors are going to target the remote workers that we have out in the field, it just seems like it would be the easiest way to get into another organization structure to go after these remote workers, because there are so many different things that they have access to, and different things that could be on their computer, whether it’s browsers or anything. So being able to have a really strong identity-centric security program, to work with these remote workers being able to identify them by username and the systems that they use and where they’re located as they’re logging in, onto your systems to get the information that they need to do their job. And training, lots of training.
Matthew Wallace: Something that we were, we’ve been working with our team members around, it’s really you know that your work laptop is your work laptop. And that, you know, which is tough because we have so many of our team members who are parents who have kids that are trying to do remote schooling, or you noticed even in the evenings having access to that device there. So again, trying to train folks that. And we’ve also done a lot of education about what does a HIPAA breach, for example, means for our organization, how those charges can quickly add up how those things put not only our organization at risk but the folks that they care for at risk. And so we would hate to not only have just a breach for the sake of a breach, but what if pertinent information about someone we support, who is our team absolutely cares the most about, and that person, you’ve built this trusted relationship, and you have to go to them and say because I was careless with my actions, this information came public or, or detrimental information came out about your case. So it’s kind of putting that onus back on the mission. And the work that we do seems to resonate with our team.
Jenn Pantle: Now were there type, you know, typical types of rollout that you did when you did the training and things like that, just like for all of your staff, as far as the security issues.
Aaron Collins: As far as security issues, you know, we manage all of our training through a third-party service, we actually can create all of our own training videos and training information and upload that onto our service. And then they log in and they complete their training, we try to make sure that the training is short, sweet to the point, something that, that they’re just going to be able to get through and retain, as opposed to something as long and drawn out that they’re not going to remember.
Matthew Wallace: As much as possible, we try to engage in competency-based training. So somewhere along the training course, where they’re going to be asked a couple of questions are going to be checked for knowledge, that sort of thing more than just, you know, we can put the video in the background and let it play. And then we say we’ve completed it. And something else that’s also been really helpful is that one of our team members kind of holds a virtual tech office hours, where he just kind of holds time on his calendar, people can jump in, and he can do a screen share, or use remote access to the computer to kind of show them some steps and such. And that’s been really fruitful, especially for some of our team members that have had challenges taking the newer technology there.
Jenn Pantle: Excellent. And how do you feel like the IT department can convince or force a remote workforce to protect themselves from these cyber-attacks at home, like Wi-Fi passwords, that kind of thing?
Aaron Collins: Well, basically, you know, if you’re, if you’re training your staff on the things that they need to look for, and letting them know that not only does this apply to the organization that they work for, but it really applies to them in their personal life, you know, their financial stuff, all of the records that they have on their own. This is training that carries over, you know, into different aspects of your life, being able to give them that training. It’s just, they go for it. You know, that’s, that’s where I’m at on it.
Jenn Pantle: And are you guys doing this training, like yearly quarterly? Or has it been more increased since the pandemic?
Aaron Collins: No, it’s monthly, you know, each, each month, they’re gonna go through 12 to 15 different areas that they’ve got to have in its company, but competency-based, you know, as Matt was talking about earlier, and that just revolves throughout the year.
Matthew Wallace: We do a lot of standardized training about all of our service delivery, and I’m thinking about how can we kind of weave in the IT portions of those into the training there. So if you’re doing something on HIPAA or if you’re doing something on, you know, informed consent or All those various things, something that if anything involves a touchpoint with it, how are we leaving in a security piece to that? One of our other areas that working from home as well, we had we did a long search of trying to do HIPAA compliant scanning, we use your phone. So how do you take a picture on your phone and then if it lays on your phone, and then it goes to, you know, goes into iCloud, well then do you have a BA with Apple that then that is now somehow or another not or hackable or those sorts of things. So we found some apps that we could use that had passwords that were didn’t ever upload with the to the server they are and then we can use our email client through paubox to encrypt something end to end or use our G Suite, etc. So just even things like that we had not initially thought about people were just used to taking pictures of stuff on their phones. We had to really work through it.
Watch every minute of this session here.
Learn more about Paubox Spring Summit, Secure Communication During a Pandemic.
Read a full recap of Paubox Spring Summit.
About Aaron Collins Aaron Collins is the systems administrator for the Developmental Center of the Ozarks. He is well versed in the building and maintenance of HIPAA compliant environments, firewall administration, FileMaker databases, Mitel phone controllers, and network administration.
About Matthew Wallace Matthew Wallace is the vice president of strategic initiatives and partnerships at Easterseals Louisiana. He’s passionate about the health of all people; he believes that when people are healthy, communities are healthy and thrive. In his current role, Wallace oversees government affairs, development, and communications.
Learn more about these panelists.