You’ve launched your senior care facility’s social media initiative, and now you’re proudly marketing yourself on Facebook, Twitter, LinkedIn and/or other online media. But who’s minding those new doorways to your digital assets?
Every organization knows there’s a crucial balance between online marketing opportunities and data risk management. Knowing what your IT responsibilities are in the new online world can help mitigate risk when it comes to protecting your electronic data. Perhaps no one knows more about hackers and the protection of digital assets than Theresa Payton, founder of Fortalice, who spent 2006-2008 protecting one of the most-targeted IT systems in the country—The White House.
Today’s online and mobile world means there’s more data to protect, outside your own walls. The execs and IT staff need to have a conjoined plan to protect the company’s digital assets, a plan that will protect the “Big Three” assets without crippling the rest of your online marketing endeavor, Payton told attendees at the 2013 ALFA conference in Charlotte, N.C.
Some sort of check against identity theft would be an added plus, she adds, simply as a fact of the elder-care industry: The elderly are among the three highest targets nationally for identity theft, especially for healthcare billing fraud. “Cutting-edge technology can’t help you if you don’t have the IT processes and rules-based safeguards in place,” she says.
Your data is your primary asset: And it may be more important that any staffer or exec. So, what data do you need to “watch”? Resident records, medical records, financial records? All of these, Payton says. New malware pops up every day, and hackers have no rules, she warns: “Every 90 seconds, someone comes up with some way to get around the lock you’ve created. And for most victims, the first indication they get is a knock at the door.” Then remember the number 243: This is the national average of how many days a hacker has been inside a corporate security system before anyone is aware of it, she adds.
But any company’s internal data security efforts must still be balanced with the need of workers to do their work, she notes. Today’s “always available” mobile world can be a very lucrative one for companies, but also a risky one. The key, she says, is: Are all segments of your business on board for handling secure online initiatives without putting your company at risk? Can you handle the employee “bring your own” devices that are quickly becoming today’s de facto for getting the daily work done?
The data security to-do list
DATA BREACH PRACTICE
No digital assets security plan is meaningful unless it has “worst-case scenario” practice sessions in place. It’s simply a routine part of any company’s corporate risk plan, or it should be, she says. Good digital asset security includes an action plan if a digital breach occurs. “Digital disasters happen to really smart companies. But if you spend some time doing this as practice, you’ll be much better off,” Payton says. “You may think this is solely your CIO’s job, but it isn’t.”
Payton suggests holding an executive meeting solely to discuss digital assets and what should be done to protect them. “When we talk about new technology, and vendor access, and user IDs and passwords and access controls, let’s talk about these and nothing else. You have to get your ‘Big Three’ digital assets down, so you can decide how to protect them.” It’s no good waiting until a breach has already occurred, she adds: “We can always hope that [hackers] don’t realize what they stole. But hope isn’t a very good strategy.”
THE CEO/CIO STRUGGLES
People over age 65 are now among of the nation’s largest targets for fraud, so there’s no rest for the weary. “The [computer] criminals have an innovation cycle of half a day. But your execs may say, ‘when are we going to be done [with security]’? You’re not done. You’re never done.”
The long-term care industry has several data security lacunae, Payton says. “Companies have not sat down to name their top three digital assets to protect. Then, the company’s executives are saying, ‘Are we done yet?’ and they don’t have an understanding of the criminal-ware side.”