Do You Have Bad Security Habits?
Did you know that one of the largest risk factors for a data breach may come from inside your organization? It is estimated that 95% of security breaches are caused by human error. This blog discusses a few of the most common HIPAA related employee habits that could lead to a data breach in your healthcare organization. Specialty clinics suffered the highest number of breaches in 2021, with over 106 medical breaches, impacting 3 million records. Over the past two years, hacking has been the most common method of breaching healthcare organizations, making up roughly 41% of all breaches. Don’t let employee HIPAA security habits lead to poor security practices in your organization.
● Having Weak Passwords
Having employees using weak passwords could create various entry points for hackers to access your healthcare organization. Employees need to have strong passwords and should refrain from using their passwords for other logins. A strong password should contain a mix of letters (upper and lower case), numbers, and symbols. According to the National Institute of Standards and Technology (NIST), password length is a primary factor in characterizing password strength. Creating passwords that contain a random mix of 14 to 16 characters is the best way to ensure the security of your online information. It is also important to mention that your software and hardware often come with default passwords that need to be more secure. Remember to change any default passwords after installation is complete.
● Hiding Passwords Around Workstations
If your passwords are on a Post-It note under your keyboard or mouse pad, you are not fooling anyone. According to Cisco, it is estimated that 20% of employees keep their passwords in plain sight. It is also a mistake to store passwords in unsecured, easily accessible documentation storage platforms like Google Drive.
● Sharing Passwords
According to Cisco, 18% of employees share passwords with their co-workers which is one of the most common employee security bad habits. Each user should have a separate password. It is also important to restrict employee access to information irrelevant to their unique role.
● Allowing Unlimited Login Attempts
It is important to lock out users after a designated number of login attempts. Cybercriminals usually try multiple passwords as they attempt to access a system. Devices should also be programmed to automatically timeout and lock the screen after a set time of inactivity.
● Emailing Sensitive Information
Sending unencrypted emails is a common source of data breaches and also another common employee security bad habit. It is best to avoid sending sensitive information via email whenever possible. If you must send an email containing sensitive information, such as protected health information (PHI), you must use email encryption.
● Off-Site And Remote Work Habits
While working remotely has become increasingly popular over the past few years, it has also presented various security risks and challenges. Managers and employees should not allow non-assigned staff members or people un-related to access or use their work devices. All work devices should be locked when not in use. If working remotely in a public location, employees need to be aware of their surroundings and ensure they are not connecting to an unsecured Wi-Fi network.
● Disregard Security Training
Employees with bad security habits often turn their backs on regular/annual security training because they don’t think it applies to them. All employees need to be familiar with their workplace policies and procedures. A well-trained employee can be a real asset to the organization by promoting security at the front lines.