Security Technology Executive

MAY-JUN 2016

Issue link: https://securitytechnologyexecutive.epubxp.com/i/690996

Contents of this Issue

Navigation

Page 13 of 91

14 SECURITY TECHNOLOGY EXECUTIVE • May/June 2016 www.SecurityInfoWatch.com could be available. Is the secu- rity systems integrator techni- cally qualified to troubleshoot the problem? This preparator y work will enable a higher-level manager or executive to take up your cause and advocate on your behalf. Establish a Strategic Relationship O ne reas on that S e cur it y departments get blindsided by this type of situation is that they don't have ongoing high- level communication with IT. It is common to have most of the Security/IT be project-based and technology-focused. Once the project for a new security deployment or a significant upgrade is done, Security per- sonnel go on about their nor- mal business, and the IT folks get back to their normal IT roles and responsibilities. There are many points on which Security and IT should be collaborating. See my article titled, The State of Converged Security Operations . That will provide you and your advo- cate a good perspective to have a short discussion with IT around future collabora- tion. High-level discussions are important. Does IT have a technolog y roadmap that Security should be aligning with? What are IT plans for the future around Identity Man- agement? Cyber security for an electronic physical security sys- tem is another future discus- sion topic. Also, see my column about Physical Security for IT. A g ood s trate g ic relation- ship will keep Security casually informed about what's going with IT, and also keep Security from being in the dark about IT situations that could impact Security. ■ (continued from page 8) Dealing with an Over-Tasked IT Department Cyber Vulnerabilities Galore (continued from page 10) While my own feeling is that the bad guys will simply find other devic- es for encrypted storage and commu- nication should the iPhone's security features be lessened (while those of us who continue to own these devices will suffer the consequences), it was pretty clear there are differing views within the government and by ex- government officials on this matter. Shane Harris, in his compelling book, @War, describes actions by the NSA which selectively share and withhold information from the private sector. These may either warn and help miti- gate certain threats, or may keep an enterprise at risk for the sake of pre- serving tools and secrecy for broader national security. Cyber security needs higher corporate priority. According to recent Gartner statistics shared at RSA, security was only the seventh-ranked priority of corporate CIOs, behind areas such as business analytics and digital market- ing. It is likely that many of these CIOs are not aware that their networks may have been compromised or, perhaps, are relying on cyber insurance policies to keep them feeling protected. As you may have guessed, I did not leave this event with warm and fuzzy feelings. I am astounded at the tech- nical capabilities of those who are seeking to steal money and corporate secrets or whose objective is to reap havoc. Those of us who specialize in elec- tronic and physical security need to work to lessen the disconnect between our world and the cyber community. I believe that adopting and implement- ing cyber standards for security prod- ucts is a good place to start. A d d i t i o n a l l y, g e t t i n g i nvo l ve d with your customers on good cyber hygiene, incorporating cyber require- ments into project specifications, and further educating ourselves and our customers on cyber matters are important actions to take. It is time to erase this disconnect, because we have a common denomina- tor — it is called "security." ■ Tips for Protecting Patient Documents in Call Centers (continued from page 12) of encrypting and protecting each individ- ual document even if it resides on a secure network. This also ensures that informa- tion sent via email between a call center agent and a patient cannot be compro- mised if intercepted or sent to the wrong recipient. It also protects the document 1) against unauthorized access from some- one inside the network; 2) if a call center agent doesn't have sufficient rights to view patient information; 3) if a compromised employee or a hacker is using stolen, but valid credentials. Tip 4: Help patients secure their documents Make it a policy never to send or store unprotected documents containing confi- dential information. An emailed or down- loaded document gets saved automatically on certain devices and if unprotected, is vulnerable if the device is hacked. Assist patients with safeguarding their informa- tion even when it resides on their own computer by distributing only encrypted and protected files and train call center staff to let patients know the importance of this protection. Tip 5: Enforce a strong password policy In order to secure patient documents from all vulnerabilities, a strong password approach is essential. This applies to the password an agent uses to access inter- nal systems, the one a patient uses to log onto a self-service portal, or even the password used to open an individual doc- ument. If the password is weak, all other security is bypassed. Educate both agents and patients on the value of using only strong passwords and the risks of using easily cracked passwords such as '123456', 'abc123' or 'password'. The demand for anytime, anywhere access may be patient driven, but digital transformation is highly beneficial for a healthcare call center seeking to boost efficiency, improve communication and enhance the patient experience. By taking advantage of these simple security tips, a call center will not only be able to deliver a strong customer service experience, but also provide the technologies needed to safeguard their information. ■

Articles in this issue

Links on this page

Archives of this issue

view archives of Security Technology Executive - MAY-JUN 2016