Access our webinar!
To celebrate Cybersecurity Awareness Month, we shared 31 tips over 31 days to help keep your data secure. We finished the month with a webinar: “Don’t Be a Cybersecurity Horror Story: Expert Panel with Q&A!”. Fill in this form to access the webinar replay!
What was it about?
Four cybersecurity experts held a panel discussion about trends, current issues they see in the field, and how to safeguard against threats. They also answered audience-submitted questions in an interactive Q&A.
Who spoke?
A panel of industry experts from Total HIPAA, Egress, NaviSec, and OneDigital shared security threats and risk management strategies from their combined decades of experience in this field.
31 Cybersecurity Tips. Ready… Set… Go!
Update your password policy and require each employee, contractor, or individual who accesses company resources to have a unique username and password.
Transmitting sensitive information via traditional fax machine = cybersecurity incident waiting to happen.
Follow the 3-2-1 rule: keep three (3) copies of your data on two (2) storage platforms, one (1) of which is offsite.
Review antivirus and antimalware programs running on company devices to ensure that they are set to update automatically.
Gather your company’s compliance team together to hammer out a plan for restoring your systems and protecting your data in the face of an unexpected emergency, like a natural disaster, equipment failure, or breach.
Need help with your own cybersecurity framework?
Total HIPAA has your back.
We’ll walk you step-by-step through the process of becoming (and staying!) HIPAA compliant.
- 100% online HIPAA training for your staff
- Interactive Risk Assessment to help you identify gaps in your security program
- Customized HIPAA documentation, including Privacy and Security Policies and Procedures, Remote Access Policies, Network Security Policies, and more!
- Ongoing support to ensure your compliance!
Choose a VPN provider that offers SSL/TLS encryption and an anonymous IP address. A VPN will provide your systems with an extra layer of protection and allow you to secure your traffic and data. If you are transmitting PII (Personally Identifiable Information), make sure you have a Business Associate Agreement with the provider.
If your password is stolen or compromised, two-factor authentication acts as an extra security barrier. Use the Google Authenticator app, or other authentication applications, and force two-factor authentication on all your accounts.
Think of software patching as an ongoing process, done proactively to eliminate vulnerabilities before they harm your systems. IT should have a schedule for patching applications and systems as they are released. Be on the lookout for new software patches, especially zero-day threats that require immediate attention!
If one of your Business Associates has a Breach, you’re both liable. Audit your Business Associates’ HIPAA Compliance Programs to ensure they have the proper safeguards in place before you sign a BAA and give them access to your systems or facilities. Need a BAA? Our HIPAA Prime program includes a customized Business Associate Agreement with an attestation.
Workforce members should be assigned access levels which provide them with the minimum amount of access necessary to perform their job functions. Document your cybersecurity standards based on access level, and keep logs to document when access is granted or revoked.
All systems with access to Protected Data should have a warning banner at login. These serve to deter hackers by warning them that they may be subject to civil penalties or criminal prosecution for unauthorized access to systems.
Establish standards for how staff will connect to the company network when working remotely. These standards will minimize potential exposures, which could lead to the loss of sensitive information. Need help creating a Remote Access Policy? It’s one of the many customized policies included in our HIPAA Prime program.
Find a HIPAA compliant email encryption provider to keep your information safe while in transit. Or, you may have your IT department configure emails to automatically encrypt. End-to-end encryption configures the data so that only the sender and intended recipient can read the email’s content.
Review or implement your Risk Assessment, company encryption key length requirements, newly released upgrades, and vulnerability testing. Haven’t completed a Risk Assessment? HIPAA Prime includes access to an online and dynamic Risk Assessment to identify your company’s vulnerabilities.
If your company has a BYOD Agreement or policy that allows you to share sensitive information via mobile phone, a file-sharing app may come in handy. File-sharing will enable you to share files between personal and company devices safely and share them securely outside your organization.
This policy should forbid unauthorized software installation or updates on a computer system, workstation, or network server. These should only be performed by management or IT personnel. If you still need to document this or other security policies, our HIPAA Prime program is here to help.
This twin-firewall approach will allow you to secure network traffic and protect your computers and servers connected to the network.
Password managers like LastPass, 1Password, and Zoho provide you with more robust, encrypted passwords, faster access, and easy password resets. You’ll only have to remember one master password, which also reduces the likelihood of credential theft. Choose a difficult master password and update it regularly.
If employees use personal devices to access sensitive company data, like Personally Identifiable Information (PII), make sure you have a signed BYOD in place. These procedures should grant the company permission to install security programs on the device and wipe it remotely if it is ever lost or stolen. Total HIPAA provides a customized BYOD, among other required documents, to all HIPAA Prime clients. Contact us today if you have any questions about BYOD policies.
The Minimum Necessary Rule states that all individuals should have access to the minimum amount of sensitive data required to do their jobs. Regularly check your system and access levels to ensure that employees can only access the data they absolutely need to perform their duties.
It is critical that former employees no longer have access to company systems after leaving their jobs. Create an exit checklist to make sure the company has adequately disconnected former employees from company systems to prevent unauthorized access. Total HIPAA provides an exit checklist to all HIPAA Prime clients. Contact us today if you have any questions about this procedure.
Keep access logs that record employee logins whenever they access sensitive data. Access logs will be vital in the case of an audit or a Breach. Total HIPAA provides more than a dozen access logs to all HIPAA Prime clients.
Create a password policy that includes password length, inclusion of special characters, and how often passwords must be reset. Document this policy and share it with all employees.
Always leave a clean desk whenever you step away from your computer. Whether in the office or at home, make sure you do not leave an unlocked and unattended computer that is logged into your company system. You should never leave Personally Identifiable Information (PII) up on your screen when you are away from your computer.
Turn the auto-connect feature off in your device settings. Connecting to an unsecured network allows cybercriminals to access your device remotely.
If you receive an email that looks suspicious or comes from someone you do not know, do not click on any links or open any attachments in the message. The simple action of deleting the message and/or blocking the sender could prevent a phishing attack. If you’re unsure of its authenticity, you may forward it to IT for review.
If you need internet on the go, consider using your personal hotspot rather than a public network. This is much more secure, especially if you are connecting to systems that contain sensitive data.
For those working remotely, your home Wi-fi network is the point of entry for cybercriminals. Make sure to change the default username and password to make the network harder to hack.
All data on your devices needs to be encrypted using a minimum of 128-bit encryption.This includes network, email, and device encryption.
Hire an outside contractor to perform a penetration test to identify weak spots in your network and systems. This will likely provide you with a list of vulnerabilities that need to be addressed.
Conducting a new Risk Assessment every two years and reviewing it annually helps you stay on top of the inner workings of your company and its systems. The Risk Assessment can act as the blueprint to mitigating vulnerabilities in your company. Total HIPAA offers a comprehensive Risk Assessment that identifies potential vulnerabilities your company should address. We also create customized Policies and Procedures for all HIPAA Prime clients using their Risk Assessment.
Check back in!
We're releasing a new tip every day this month, so check back in throughout the month. We'll email you a summary each week leading up to the webinar.
WHAT IS TOTAL HIPAA?
HIPAA Compliance Made Easy
HIPAA Training
HIPAA requires annual training of your staff on both the law and your Policies & Procedures. Total HIPAA offers interactive online training to engage your employees on best practices for safely handling Protected Health Information.
Customized Plan
Our platform guides you through a thorough risk assessment, and our HIPAA experts use your risk assessment interview as a basis for building your customized documentation and training. All you have to do from there is implement.
