Paubox founder and CEO Hoala Greevy recently participated in the HIMSS Hawaii-Alaska Chapter‘s virtual Health IT Proclamation Day & Heroes Recognition Conference.
The conference brought together healthcare leadership of Hawaii and Alaska to collaboratively learn which technologies have been implemented this year as a response to the coronavirus pandemic.
Here are some high-level takeaways from Greevy’s panel: Tricks, Threats & Best Practices in the Middle of a Pandemic.
Transitioning to the cloud
The coronavirus pandemic has accelerated the healthcare digital transformation in many ways.
At our virtual healthcare cybersecurity conference in October, Paubox SECURE @ Home, we discussed how to transition from a legacy system to the cloud for better security. This topic came up during Greevy’s panel as well.
David Gold, senior director of sales engineer at SentinelOne, pointed out that organizations must incorporate scalable, user-friendly technologies so that they can easily investigate cybersecurity threats as they occur. The best tools will be deployable to the cloud without any performance impact on teams.
Wayne Johnson, CEO at Stellar Technologies, explained the value of working with a cloud access security broker (CASB), which monitors all activity and enforces security policies. A CASB can offer a variety of services, such as warning administrators about potentially hazardous actions, enforcing security policy compliance, and automatically preventing malware.
Johnson believes that CASBs have many benefits for healthcare providers, especially for implementing a zero trust security strategy that assumes everyone is a threat until proven otherwise.
Security while working from home
The transition to the cloud has made it much easier for people in the healthcare field to work from home, but it comes with risks.
Johnson brought up the importance of finding solutions that allow your team to work from home securely. He recommended virtual desktop computing as an economical method.
A virtual desktop allows users to access their desktops and applications from anywhere on any kind of endpoint device, while the IT department deploys and manages these desktops from a centrally located data center.
VPNs, or virtual private networks, have also seen an uptick during the pandemic, but Johnson sees the biggest change in Desktop as a Service (DaaS) products which deliver virtual applications and desktop services via a public or private cloud service.
In some ways, Johnson believes that organizations have a lot more control with cloud-based systems as compared to on-premises systems because IT administrators can control the data that employees can transmit or access.
The importance of data backups
Still, it’s best to be prepared for the worst-case scenario. A key component of this, as explained by David Finely, global director of information assurance and cybersecurity at Dell Technologies, is to have a reliable and secure backup of your system at all times.
After a successful breach, hackers may be able to move laterally through your system, which means if you don’t store your backup in an air-gapped cyber vault, they may be able to destroy it. The ideal solution is to have an electronic cyber vault disc that is scanned for malware.
With a clean backup on hand at all times, organizations will significantly reduce their downtime after a successful cyberattack.
The importance of email security
Email security is a key component of any cybersecurity strategy. In fact, 90% of cyberattacks come through email.
As Greevy explained, the Paubox team makes it our business to know what is going on in the email security world. We have been compiling public data from the OCR’s Breach Portal since 2017 and publishing monthly reports on the findings.
SEE ALSO: HIPAA Breach Report for November 2020
Paubox’s monthly reporting indicates that Microsoft 365 and Exchange are at least two times more likely than Google Workspace to be successfully hacked. Jeremiah Grossman, CEO of BitDiscovery, believes it is closer to three times.
Grossman was another keynote speaker at Paubox SECURE @ Home, covering how to prevent security vulnerabilities before hackers exploit them.
The point is, Greevy noted, that neither Microsoft nor Google does an adequate job of deterring email threats, which is why the additional layer of security is necessary.
Not only does Paubox Email Suite Plus enable healthcare providers to send seamless HIPAA compliant email by default with no extra steps, but it also adds an additional layer of inbound security on top of your existing email client, such as Microsoft 365 or Google Workspace.
It also comes with our ExecProtect feature, which is our “lights out solution” to display name spoofing emails, Greevy explained. Our patented technology blocks display name spoofing emails from ever hitting the inbox.
In a large organization, there is a certain percentage of employees that will simply click on anything in an email and respond to anything they receive. This is why the warning header that sometimes is placed on top of a suspicious email is just not enough, Greevy stressed.
The better approach, he said, is to not receive malicious emails in the first place.
Best practices to bolster email security
Greevy divided email security best practices into three bullet points:
- Enable two-factor authentication to put a roadblock in front of an attacker in the event of an email breach.
- Conduct an annual risk assessment for your healthcare organization—not only is this a HIPAA requirement, but it also helps you uncover issues you may have overlooked.
- Invest in an additional layer of email security, such as Paubox Email Suite Plus.