Cybersecurity: Social Media
By Art Gross, President and CEO, HIPAA Secure Now!
Twitter: @HIPAASecureNow
Read other articles by this author
As we continue into National Cybersecurity Awareness Month, this week we focus on social media. Why does what you do in your personal life matter in your professional world? Aside from the possible personal implications, the risk to your cybersecurity also exists.
How Hackers Work
A cybercriminal knows how to gain access to your trust. When they have that, you’re more likely to give them information unknowingly. Small snippets add up, and they might seem unimportant to you, but to a hacker, they could be the final piece of the puzzle. While you may think to yourself, ‘go ahead, let them have access, I have nothing to hide!’ This may be true. But you do have a job in healthcare, and your account credentials can provide a huge victory when it comes to accessing patient data.
Social Engineering
So how do cybercriminals work to gain your trust? One way is by using social engineering. Online chats, social quizzes, and even phone calls to the office. We give up personal information to strangers too easily. Taking a fun online test to see “what city you should live in” is one way of collecting data such as favorite color, vacation preferences, whether you like dogs or cats, and so on. This can be collected and added to your online file. The file which might exist in the dark web, and where your various credentials are stored from other breaches and gathered information.
Phishing Attacks
While they don’t have to have information about you for phishing, knowing that you love to ski can add to the content that they create to dupe you. You receive a phishing email that indicates you’ve won a vacation on the slopes. All that you have to do is “click here” to access your prize! Or you receive an email from your boss asking for your login credentials because he or she is having trouble logging in. Phishing attacks are very sophisticated and not always this straightforward. However, each time you provide more details online, you provide a better opportunity for a hacker to be successful.
Online Impersonation
You provide enough information for a hacker to duplicate your profile online. They get your friends to accept their invitation to connect. A credible profile is built, and they then begin to act as if they are you, writing posts or providing commentary. These posts compromise patient or business confidentiality. You may find yourself violating HIPAA for something that they have done while impersonating you or your business profile.
Staying Secure
You can implement behaviors with training and by using security measures. This will help to mitigate the risk of being breached or compromised. Always use multi-factor authentication when it is available. An example of this is when you get a code texted to your mobile phone if a new device is activated using your credentials. Most platforms have options, and a simple inquiry can enable whatever method they offer. Train your team to recognize the tactics that hackers will use. Making sure that you do a Security Risk Assessment will identify the gaps that your security program has, and provide you with the opportunity to fix them – before they are found by the wrong people!
This article was originally published on HIPAA Secure Now! and is republished here with permission.