Professional Documents
Culture Documents
Host Security
9/10/2020
The first step to decreasing the amount of successful phishing scams is to deploy training
on how to avoid falling for scams to employees. One way to determine who is most in need of
training is to send a test or fake phishing email to employees and see who falls for it. If someone
were to fall for it and fail this test, then it is known that they must be put through security
awareness training. An important thing to consider when training employees is to make sure that
their training is relevant to them and their field This is to ensure that each employee actually
engages in training and pays attention more-so than they would if the training seemed irrelevant
Another thing that can be done is email/spam filtering. This will block incoming emails
from suspicious senders, therefore eliminating the human error of opening a spam email and
clicking a bad link. Along with this, utilizing website filtering could reduce the number of
successful attacks as well. Website filtering is a useful backup to email/spam filtering because if
a suspicious email were to get through to an employee and the employee clicks a harmful link,
then the website filtering can kick in. If the link is to a suspicious website, or one that is already
blocked then it will deny the employee access to it and prevent any damage that could be done.
Protecting HIPPA Data:
An important and somewhat obvious thing that can be done to help protect HIPPA data
and other confidential information is through encryption. It is vital to encrypt this type of data so
that employees that do not have authorization cannot read the information or spread it. In
addition, if attackers were to get access to HIPPA information, it is not just sitting there available
for them to read and do as they please with it. One form of encryption that may be suitable is the
Advanced Encryption Standard (AES). This form of encryption is a symmetric block cipher and
is utilized by the U.S. government. It is known to only really be vulnerable to brute force attacks
(National Institute of Standards and Technology, 2001). Other than encryption, managing data
access must be done as well. This is necessary so all employees do not have access to any data
they would like. This is useful to prevent the spread of information and to keep confidential data
safe. Simple things can be done to manage data access such as two-factor (or more depending on
how sensitive the data is) authentication (University of Delaware, 2018). This makes it so more
than just a password is needed to access information, such as receiving a text with an
authorization code, or something similar. Along with managing data access, making sure data is
utilized properly is just as vital. This means only allowing access to confidential data under the
right circumstances and only as needed (University of Delaware, 2018). This ensures that data is
only being accessed when needed and prevents employees from unnecessary access to the data.
If an employee can access confidential data whenever they please or whenever they see fit, it
To ensure the security of vital healthcare systems, utilizing the layered security
defense strategy could be most beneficial. The first tool to utilize are firewalls and Unified
Threat Management (UTM). Firewalls act as a barrier between your system/network and things
trying to get into or out of your network/system. Firewalls can be used to prevent attackers from
intruding into your network and system. More sophisticated firewalls can be set-up for intrusion
detection and do things like website filtering as previously talked about. Some may also include
anti-virus, anti-spyware, anti-spam, and others that if utilized properly can help prevent and
mitigate attacks. Other things that can be done to healthcare systems to make them more secure
is OS hardening. This includes getting rid of unnecessary programs and data to minimize your
attack surface. Things that you can get rid of are preinstalled programs like games and other
things that will not be utilized in the healthcare system. Another important thing is to patch and
hot-fix systems. This is important to keep up to date on known vulnerabilities and to prevent
them from being exploited. Another thing that can be done is to utilize blacklisting. This will
deny the executing of certain known harmful or easy to exploit programs. It can also block
access to certain websites or block emails from certain senders if they are blacklisted. Other
things that have been pointed out earlier can be done to increase the security of healthcare
References
Greenlee, M. (2019, November 12). How to Protect Your Organization From Evolving Phishing
to-protect-your-organization-from-evolving-phishing-attacks/
National Institute of Standards and Technology. (2001). Announcing the ADVANCED
Technology Publications.
University of Delaware. (2018). Managing data confidentiality. Retrieved September 11, 2020,
from https://www1.udel.edu/security/data/confidentiality.html