Train Staff to Be Alert to Phishing Attacks
From - G2 Compliance Advisor When asked why he robbed banks, the notorious outlaw Willie Sutton famously replied: "Because that's where they keep… . . . read more
When asked why he robbed banks, the notorious outlaw Willie Sutton famously replied: “Because that’s where they keep the money.”
The same logic explains why labs and other providers have become a favorite target of hackers seeking to steal private information about patients. According to software security firm Trend Micro, more than 9 in 10 of cyberattacks against labs and other health facilities use a scam known as phishing. Typically, the hacker sends lab employees a fake email asking them to click on a link that infects their computer with a malicious virus providing the hacker access to the lab’s electronic medical records.
The reason phishing is so effective is that it preys on the lab’s weakest security link, its employees. Accordingly, the key to protecting your lab and its precious patient records is to train your employees about:
- What phishing is, how it occurs, and why it is such a threat;
- Red flags indicating that an email is a phishing barb, including common characteristics such as duplicating the image or using the name of a real company or person, promoting gifts, or threatening the loss an account; and
- How to properly check social media invitations.
Do not confine your training to the classroom or a web-based course. Run a mock phishing attack against your employees and see how many of them take the bait. In addition to assessing your vulnerability, the exercise will enable you to identify which employees to target for additional training.
Subscribe to view Essential
Start a Free Trial for immediate access to this article