The Paubox Zoom social mixer for June 2024 was a roundtable discussion between Paubox customers covering topics like phishing, training employees, AI cybersecurity threats, and ExecProtect tips.
What happened:
June's social mixer was an open-ended, free-flowing conversation amongst healthcare IT and cybersecurity peers. The discussion revolved around Paubox Forms, new cyberattack trends, and how everyone defends against attacks.
A highlight was an attendee saying, "With another platform it was complicated to get everything encrypted. The way Paubox is set up, it does it for you."
What made this month so fun was the varied discussion points, including sharing advice for new entrants into the industry, training ideas, and swapping stories of particularly inventive phishing attacks.
Related: How to comply with HIPAA email regulations
Our takeaways:
- Most healthcare organizations' legal teams won't allow employees to use AI due to privacy concerns.
- OpenWebUI was mentioned as a local, offline AI model.
- AI chatbots will pretend to be a real person and have conversations with employees. These can go on for weeks.
- Customers love Paubox Forms and had great feedback and feature requests. Lots of updates are coming soon.
- Attendees reported that ExecProtect continues to catch new phishing scams.
- ExecProtects is not just for C-level; any job or role that may get phished - accounting, HR, management - should be added to ExecProtect if they have the risk of getting spoofed.
- Phishing attacks are doubling.
- Geofencing is effective, too, but some vendors' IP addresses could be based in other locations, so they would need to be exempted.
- Customers want the option to block more file extensions.
- Encourage employees to own up to mistakes. Create a culture of reporting cyberattacks - it's safer in the long run.
- "Biggest part of the training is letting them know - it's okay. If something happens, just let us know so we can fix it."
- Texting scams are becoming more common, specifically spoofing Amazon, USPS, and company executives.
- Texting spoofing scams often happen with sales and clinical staff with an online and LinkedIn presence.
- Some carriers have decent anti-text scam tools, but they are based on the individual's carrier.
- Keep employee training short and sweet.
- GoPhish phishing training is very customizable.
- Encourage C-level people to send a message regularly telling employees they'll never do certain things (like ask staff to buy gift cards). This creates a positive security-focused culture.
The bottom line: Paubox customers use a broad range of tools and strategies to keep their email HIPAA compliant, protect their organizations, and find efficiencies.
See also: Our playbook for Zoom social mixers
See also: HIPAA Compliant Email: The Definitive Guide
Dean Levitt
