EXECUTIVE SUMMARY:
The healthcare industry, by definition, revolves around life and death situations. Downtime due to a cyberattack can not only hamper productivity, it can alter lives. As technology has evolved, that danger has escalated critically. Cyberattackers have become more brazen, using the latest tools and approaches that often exceed the grade of security most organizations have in place. While keeping your security infrastructure up to date is key, it’s also vital to make sure employees are part of the security equation.
According to a Harvard Business Review article written by three security experts from market research firm Forrester, “In just the first two months of 2018, 24 health care provider organizations reported data breaches affecting over 1,000 patients each, a 60% increase over the same time period last year.” This is probably the tip of the iceberg as it’s likely that many breaches go unreported.
A Forrester Global Business Technographics survey indicates that just 30% of global information workers at healthcare providers say they’ve received training on how to protect workplace data; only 38% are even aware of their company’s security policies.By creating an environment where employees are aware of and involved in organizational cybersecurity, the likelihood of cyber threats getting through diminishes.
But to change cybersecurity awareness among employees, the culture needs to change. As Forrester writes, “Just as no one has to tell a surgeon to scrub before surgery, good security hygiene has to become ingrained in employee culture.”
Primary Tactics to Effect Change
Forrester offers four questions to guide your approach to engaging employees in cybersecurity.
- What problems are we targeting? Take the time to fully understand your security risks and how staff members relate to those risks.
- What behaviors are we hoping for? Once you know your cyber risks, identify specific actions and policies to guide your employees to make smart decisions and take positive steps to help keep the organization secure. Make the process as easy as possible.
- What staff members are we targeting? Tailor your security-related messages to the appropriate audiences to ensure you don’t lose attention to what matters.
- What tone will work with the staff? Know what your team members respond to in terms of frequency and style. And, gain a sense of what motivates them.
Get the full story at Harvard Business Review.