While the Internet offers a host of benefits, it also presents its share of vulnerabilities. The uncertainties associated with Internet use are only rising, and more and more businesses are falling victim to cyberattacks due to loopholes in their security measures.
Cybersecurity is the practice of strengthening and defending Internet-based and computer operations from unauthorized access or criminal use. Below are the top 10 practices HHAeXchange recommends for providers and payers to protect themselves against cyberattacks.
#1. Install a reliable antivirus platform.
A robust, dependable antivirus application is a must-have for any cybersecurity system. Anti-malware software is also crucial, as it can recognize and eliminate malware and viruses, spyware, and adware. It operates by scanning through a device (while end users are aware) and filtering out conceivably malicious emails and downloads.
#2. Create strong passwords.
Virtually every web-based application and computer require a password for accessing them. When it comes to creating passwords or answering security questions, it is crucial to employ complex ones that would be challenging for hackers to decode. Inserting spaces before and/or following your passwords is also a good approach to stumping hackers. Using a combination of lower- and upper-case letters also helps, in addition to using symbols and alphanumeric characters.
Additionally, for security question responses, HHAeXchange recommends transcribing them into different languages using free online translation tools, if possible. This will make answers more difficult to decipher and less susceptible to social engineering.
#3. Protect your network with a firewall.
A firewall is essential as it enables and protects network traffic coming in or going out. It can prevent hackers from infiltrating a network by blocking particular websites. Firewalls can also be programmed so that broadcasting out proprietary data and classified emails from a company’s network are restricted.
#4. Install robust encryption software.
It’s important to have an encryption mechanism in place whenever you’re dealing with sensitive information. Encryption keeps data safe by remodeling data on equipment into undecipherable codes. That way, even if the data does get taken, it would be worthless to hackers as they would not have the keys to decrypt the data and decipher the information.
#5. Do not open suspicious emails.
Never open or reply to suspicious-looking emails, even if they seem to be from a recognized sender. If you open the email by mistake, avoid clicking on questionable links or downloading attachments. Doing so may expose you and your company to phishing scams or other attacks.
Phishing emails tend to come from reliable senders, such as a bank or even worse, a company’s CEO. In sending emails through these accounts, the hacker is attempting to obtain private and financial data like bank account details and credit card numbers; hackers may even try to trick the end-user into buying gift cards on their behalf.
For additional security, HHAeXchange recommends changing your email password every 60 to 90 days. Additionally, refrain from using the identical password for different accounts and never write your passwords down.
#6. Limit access to critical data.
It is crucial to keep the number of people with access to critical data to a minimum. To strengthen accountability, form a precise plan that specifies which associates have access to which information.
#7. Back up your data regularly.
At least once every week, backup your data to an external hard drive or secured backup cloud service, or schedule automated backups to guarantee that information is stored securely. That way, even if systems are jeopardized, your information will remain safe.
#8. Secure your Wi-Fi network.
Avoid using WEP (Wired Equivalent Privacy) on a wireless network. If it is in use, we recommend switching to WPA2 (Wi-Fi Protected Access version 2), as it is more secure. We also suggest changing the name (also called the Service Set Identifier – SSID) of the wireless router or access point to protect the Wi-Fi network against breaches by attackers. Be sure to use a complex pre-shared key (PSK) passphrase for enhanced protection.
#9. Protect laptops and smartphones with encryption and passwords.
Laptops and smartphones contain tons of precious data, and the fact that they’re portable puts them at greater risk of getting stolen or lost. HHAeXchange recommends guarding equipment by employing the encryption and password protection noted above, and by enabling ‘remote wiping’ options where possible.
#10. Communicate cybersecurity policies effectively to employees.
Having a written cybersecurity policy outlining the dos and don’ts of utilizing systems and the Internet is helpful, but not sufficient. Ensuring employees understand their role in protecting information through regular cybersecurity awareness and trainings is critical to keeping your data secure in 2020.
HHAeXchange’s Commitment to Cybersecurity
The gold standard for ensuring the appropriate information protection requirements are met when sensitive data is accessed or stored in a cloud environment is HITRUST CSF Certification. By including federal and state regulations, standards, and frameworks, and incorporating a risk-based approach, the HITRUST CSF helps organizations address cybersecurity challenges through a comprehensive and flexible framework of prescriptive and scalable security controls. Having earned HITRUST CSF status in 2018, HHAeXchange remains committed to maintaining the highest levels of compliance and security in all Internet and computer-based operations.
Adrian Salas is Chief Security Officer at HHAeXchange. He is responsible for ensuring the secure development and oversight of HHAeXchange’s information and technology infrastructure.