GATEKEEPER BLOG

Human error in cyber security.

How Mistakes, Forgetfulness, and Carelessness can Undo the Best IT Security

Some things just can’t be anticipated and protected against. Human foibles are at the top of the list. Human beings aren’t perfect, and their mistakes, carelessness and just plain bad luck can wreak unintentional havoc. Sometimes the simplest error can undo the most intricate IT security plans. All it takes is one person. It could be a weak password. Or even plain old theft. Case in point – the Little River Healthcare Records theft.

Little River Healthcare, a healthcare system in Waco, Texas, discovered that print and electronic medical records had been stolen. But, the records weren’t stolen from the hospital. The printed records were in a briefcase and the electronic records were on a laptop. A criminal stole the laptop from a clinician’s locked car. Luckily, the laptop was password-protected. (Basics!) It appears that the thieves wanted the computer to wipe it clean and resell it.

However, the doctor and the hospital were fortunate. But, this was a razor-thin near miss. Confidential patient information could have been sold on the Internet. It’s a case that clearly demonstrates how easily human error and carelessness can interfere with the most perfectly developed IT security plans.

IT Security Depends Upon the Most Basic Elements

When it comes to cyber security, we believe that simple things are the most essential. If employees don’t learn how to conduct online work safely, they are vulnerable. Even millions of dollars invested in cyber security for your hospital can be undone in a second. Preventing human mistakes is worth millions. If employees open strange emails, forward unknown documents, open zip files from unknown senders or don’t use appropriately formatted passwords, your organization is still wide open to ransomware that could shut it down in a heartbeat. All it takes is one weak password. It could be one employee carelessly sharing a password. A passerby could be ePHI on an unlocked kiosk computer.

Hackers never sleep and they go after outdated systems just as quickly as they try to infect new ones. Ransomware keeps coming. And the social engineering tactics are becoming more effective. Healthcare IT reported that the ransomware Locky was going after outdated Windows systems and operating platforms – the kind that many hospitals still use. According to Healthcare IT, “The latest round of Locky is still being distributed via email with two zip attachments that contain the virus in .exe format. It’s not unlike those in the past: the emails contain order confirmations, payment receipts and other business needs. The goal is to use social engineering to dupe its victims.” In conclusion, we need to take care of our cyber security fundamentals.

What are the simple elements of cyber security?

Educating employees to prevent human mistakes.

It’s essential that healthcare organizations make cyber security part of their culture. Educate employees on phishing risks to that everyone bears responsibility for protecting the organization’s cyber security. They should also use passwords that are alpha-numeric and include special symbols. Another lesson is to change default passwords, lest cyber hackers exploit this vulnerability.

Locking computers.

First, when employees are working through the day, they may forget to lock the computer and leave it open for any unauthorized person to view. They don’t log in and out every time they step away for a moment. That means that patient information is open for the viewing and the taking. New proximity authentication technology facilitates the automatic locking of public-facing computers with seamless 2FA. Unlocked and unattended computers are one of the worst human mistake offenses in cybersecurity. It’s like leaving your front door unlocked AND open!

Increasing security (and productivity) at the computer.

Let’s get smarter with our time. Even though it is necessary for IT security, repeatedly entering logins to use computers drains workplace efficiency. Repeated logins and logouts cost an estimated $5,000 and 100 hours in productivity each year. The average doctor must enter 50 to 60 logins and logouts every day as they work on EHR and other electronic records. Therefore, manually logging in is a waste of time. See how one healthcare institution saves time and thousands of dollars per year from preventing password problems and login latency. Save valuable dollars and time with the right technology. One of the best ways to increase productivity is to reduce human mistakes.

However, there is a better way – check out this case study for faster login for healthcare. Technology that offers automatic lock keycards carried by staff secures computers 100% of the time without entering passwords and logins manually. It provides user authentication that protects against healthcare privacy breaches. Also, the solution provides clean audit logs for analytics and due diligence built for CEOs, CIOs, and CISOs. In conclusion, unrestricted reliance on humans regarding cybersecurity is a mistake.

2FA case study.

Hackers won’t stop and ransomware isn’t going to go away. If anything, both are going to become increasingly sophisticated and insidious. Robots don’t run hospitals, people do. Healthcare relies on compassionate caring human beings; the very same human beings who make mistakes. Therefore, simple, secure elements are essential if you are to give employees the tools they need to help protect your organization. Read about more incidents with human error – the perpetual weak link in the cybersecurity posture. Enhance patient care while increasing security by reducing reliance on humans.

Capterra Best Value for Authentication Jun-20
Capterra Ease of Use for Authentication Jun-20

See GateKeeper Enterprise advanced MFA in action.

Take a self-guided tour of how you can evolve from passwords. Then you're really saving time with automation.