August 14, 2017

The Secret to Security? Build It into Company Culture

By Jeff Nadler

There are two approaches to completing any given task. There’s checking the box and getting it done. And then there is going above and beyond; giving it your all and ensuring that it’s been completed correctly, thoroughly, and with scrutiny to the finest detail. At Teladoc, we take the latter approach to security. It’s a serious commitment that we’ve engrained into the entire organization as part of our culture. Our clients put their trust in us, and it’s our inherent responsibility to safeguard their data, and the respective protected healthcare information (PHI) of their employees or their members.

In the spirit of going above and beyond, we voluntarily elected to go through the rigorous six-month certification process for the Health Information Trust (HITRUST) Alliance – think Ironman training for health care – to earn CSF Certified Status. With what I would estimate are less than 5% of all healthcare organizations – including vendors and providers – having the HITRUST certification, it’s our assurance to you that your data security and privacy needs are being met.

However, to fully thwart the bad guys, we are also staunch believers in instilling security best practices in all. The reality is that hackers and the bad guys don’t just target vendors. You’ve heard of phishing exercises and ransomware that can also lead to serious consequences for your business. So, while we go the extra mile, here are the top 5 measures you can take on your end to raise the security IQ of your employees:

  1. Conduct Regular Training. Repetition works. And information is power. On a regular basis, educate employees about scams, their role in avoiding them, and the consequences to the business that just one wrong click can have. This means reminding them of the basics, like never leaving passwords on yellow sticky notes around their computers. These little reminders, however well-intended, can create large and costly problems.

  2. Get Specific. Every department presents its own unique risks from using specialized software and tools, with varying needs to share information internally and externally. Delve into each department and align on best practices with managers. Along with our annual security testing requirement, training guides and exams are developed that focus on threats specific to ones’ role or department.

  3. Lead Positively. Instead of using fear as a motivator, promote the concept of security as a shared responsibility and benefit that needs to be part of each employee’s routine. Communicating to employees “what’s in it for them” is a simple way to ensure compliance.

  4. Self-evaluate. What are your malware defenses? Is your access control policy up to date? By regularly conducting self-audits, you can stay a step ahead and develop a culture where everyone understands their role in protecting and securing company assets and data.

  5. Consult with experts. Leverage outside security experts to assist with secure coding best practices, developing process controls, writing security policies and procedures, and implementing leading edge technologies to defend against malware, phishing, and other advanced threats looming out there.

Security is truly a team sport. We keep our promise to our clients that we will always go the extra mile. But with the perpetuation of security risks, building a culture around security will help assure that your organization, and your employees’ data, is safeguarded from the bad guys.