Do You Have Bad Security Habits?
Do You Have Bad Security Habits?
Did you know that one of the most significant risk factors for a data breach may come from inside your organization? It is estimated that 95% of security breaches are caused by human error. This blog discusses a few of the most common HIPAA-related employee habits that could lead to a data breach in your healthcare organization. Specialty clinics suffered the highest number of violations in 2021, with over 106 medical breaches, impacting 3 million records. Over the past two years, hacking has been the most common method of breaching healthcare organizations, making up roughly 41% of all breaches. Don’t let employees’ HIPAA security habits lead to poor security practices in your organization.
Having Weak Passwords
Having employees using weak passwords could create various entry points for hackers to access your healthcare organization. Employees need to have strong passwords and should refrain from using their passwords for other logins. A strong password should contain a mix of letters (upper and lower case), numbers, and symbols. According to the National Institute of Standards and Technology (NIST), password length is a primary factor in characterizing password strength. Creating 14 to 16-character random mix passwords is the best way to secure your online information. Your software and hardware often come with default passwords that need to be more secure. Remember to change any default passwords after installation is complete.
Hiding Passwords Around Workstations
You are not fooling anyone if your passwords are on a Post-It note under your keyboard or mouse pad. According to Cisco, it is estimated that 20% of employees keep their passwords in plain sight. It is also a mistake to store passwords in unsecured, easily accessible documentation storage platforms like Google Drive.
Sharing Passwords
According to Cisco, 18% of employees share passwords with their co-workers, one of the most common employee security bad habits. Each user should have a separate password. Restricting employee access to information irrelevant to their unique role is also essential.
Allowing Unlimited Login Attempts
It is important to lock out users after a designated number of login attempts. Cybercriminals usually try multiple passwords as they attempt to access a system. Devices should also be programmed to automatically timeout and lock the screen after a set time of inactivity.
Emailing Sensitive Information
Sending unencrypted emails is a common source of data breaches and another common employee security bad habit. It is best to avoid sending sensitive information via email whenever possible. If you must send an email containing sensitive information, such as protected health information (PHI), you must use email encryption.
Off-Site And Remote Work Habits
Working remotely has become popular, but it also comes with security risks and challenges. Managers and employees should not allow non-assigned staff members or people unrelated to access or use their work devices. All work devices should be locked when not in use. When working remotely in a public location, employees should avoid connecting to unsecured Wi-Fi networks.
Disregard Security Training
Employees with lousy security habits often disregard regular/annual security training because they don’t think it applies to them. All employees need to be familiar with their workplace policies and procedures. A well-trained employee can be a real asset to the organization by promoting security at the front lines.
Recent Posts
- MIPS 2025: A Guide for Eligible Clinicians and Providers
- The Financial and Operational Impact of Credentialing Errors
- Enhancing Revenue Through Effective Payer Contract Management
- How MIPS Compliance Relates To Value-Based Care
- Six Proactive Medical Billing Tips to Maximize Revenue
- Enhancing Patient Satisfaction through Efficient Accounts Receivable Management