Back to Blog

Developing Excellence in Cybersecurity Management

Posted by Henry Svendblad on December 11, 2019 at 11:19 AM

Cybersecurity in the Public Sector

In workers' compensation, cybersecurity protocols are very inadequate, mostly due to the complex systems and outdated online knowledge about online security. Ideally, at minimum, every organization in the industry that has access to individually identifiable information or health information should follow some of the basic outlines of HIPAA and high tech technical safeguards. For example, it is vital to ensure that data is encrypted both in transit, as well as at rest, and that the systems that you use provide audit trail capabilities to see who has access to that protected information.


Why has there been such an increase in cyber-attacks? 

Unfortunately, cybercrime has become an established industry that functions ultimately to use techniques like ransomware to freeze and hold large amounts of information and data rather than just receiving and using credit cards from the local person down the street. One very common cyberattack method is spear phishing. This method utilizes targeted email attacks that mimic a request from a CEO or individual within the company, with the perpetrator usually asking for payroll information or the credentials to the computer that the employee may be using.


Practical Steps to Improve Security 

The most critical step is changing mindsets regarding what cybersecurity is and the reality of how detrimental the lack thereof can be to your entity. If one isn't already in place, your entity should establish a formal cybersecurity risk management program that is approved by the leadership team. The next step should be to have cybersecurity discussions with your staff and employees. This will bring attention to details concerning topics like spear phishing and tactics used to flag certain email attacks. 


Make it a priority to implement a form of endpoint protection and ensure that all employees have multifactor authentication and single sign-on setup. In this case, the hacker has to address a second line of defense to impersonate an employee, even if the employee clicks on a phishing email that gives the hacker access to their credentials.