Cyber-security can improve by adopting best practices

  • March 02, 2017

Patients and their families expect healthcare professionals to know and apply best practices. They can also expect that eHealth’s cyber-security aspires to the same standards. A white paper from Osterman Research, and sponsored by KnowBe4, a cyber-security and training firm, sets these out for combating phishing and ransomware cyber-attacks.  They offer a good start for Africa’s eHealth. Core themes include:

  1. Phishing and ransomware are increasing at the rate of several hundred percent a quarter
  2. Most organisations have been victimised
  3. Phishing and ransomware are in  security decision makers’ four main concerns
  4. Security spending will increase significantly in 2017
  5. Most organisations don’t seeing improvements in their security
  6. Security awareness training is vital to combat phishing and ransomware
  7. Organisations with well-trained employees are less likely to be infected

In this increasing challenging cyber-crime world, organisations can adopt many best cyber-security practices to deal with phishing and ransomware. They include:

  1. Cyber-security awareness training to create a human firewall
  2. Test staff periodically to see if cyber-security awareness training’s effective
  3. Rigorous password management
  4. Deploy systems that detect and eliminate phishing and ransomware attacks
  5. Search for and remedy cyber-security risks and vulnerabilities
  6. Maintaining good, isolated backups
  7. Using reliable threat intelligence
  8. Establish communication backchannels for key staff members
  9. Keep reminding employees of the risks of oversharing content on social media
  10. Ensure every employee maintains robust anti-malware defences on their managed platforms
  11. Keep software and operating systems up-to-date.

These are sensible and pragmatic practices that Africa’s health systems can adopt. Making theme effective needs a cyber-security leader, who must be an executive.