With all the recent news about data breaches, employers are concerned as to whether they have taken appropriate steps to safeguard their data – particularly health care data. Here are a few tips.
Install proper controls. Your IT expert must make sure the company has a properly configured firewall. Anti-virus software and current patches need to be applied to all hardware and software and access to data and systems must be limited to individuals for whom access has been approved.
Provide training. To be safe, never overlook the basics like the dangers of visiting unsafe websites, learning to recognize phishing emails, adopting varied and complex passwords and blocking access to certain websites in the name of security. Those with access to personal health information must be trained in HIPAA privacy.
Include mobile devices. Smart phones and other mobile devices can hold plenty of valuable data. Employees should not be allowed to store or download any secure information to a portable device. Company phones with email access must be password protected and measures should be in place to remotely clean them of all data if they are lost or stolen.
While a breach at your organization may not make headlines like we saw with Target or Home Depot, small businesses face the same risks and hackers often assume, too often correctly, that their controls are not as strong.
In cooperation with NAEBA