Formalize Cybersecurity Awareness Training for Employees
Medical practices have to go beyond making cybersecurity awareness a checklist item, Centrify's George says. At a certain level, all the cyber hygiene items need to get covered, such as teaching people to create strong passwords, backing up personal data, and running virus and security scans on their work machines. Organizations also should run simulations in which the staff consistently gets tested on their ability to notice phishing emails, he says. If an employee gets caught clicking on a test simulation, the IT team would then have that person review its security training. And if the employee finds an email that's actually a real attack, the security operations team can follow up.
"Companies have to consistently do simulations to keep people on their toes," George says. "People will never learn unless the company does follow-up."
Image Source: Adobe Stock: putilov_denis