The need to protect data and secure your mobile device ecosystem
All Australian organisations are aware of the need to secure critical sensitive information. As seen from the recent Optus customer data breach, the impact on a business’s reputation and bottom line is real. Data leaks cost businesses in a number of ways. Not only the cost of paying fines and compensation to those individuals affected, but also loss in consumer confidence due to an organisation’s inability to protect sensitive information.
While organisations today take steps to prepare IT infrastructure against cyber-attacks, less attention is given to another area of organisational IT vulnerability – its mobile device ecosystem. The rapid growth of mobile technologies and the rise of the Internet of Things (IoT) across a range of industries has brought numerous risks and challenges.
Billions of new devices and endpoints are constantly in use, containing a diverse range of features, connections, standards and protocols. Some of these devices may be simple, such as a smart thermometer in a healthcare setting where the security risks are low.
However, for some devices like a mobile computer in a retail environment that carries sensitive customer data, organisations need to take steps to ensure they have the necessary security protocols and systems in place. After all, if these devices are improperly managed and left unsecure, that leaves multiple open endpoints that can be exploited by a cyber-attack.
Protect sensitive patient data in healthcare settings
Adopting mobile technologies that enable workers to create efficiencies and support enhanced levels of patient care provide tangible benefits in the healthcare sector. However, the growth in the number of devices handling private patient information also presents data security risks.
There are more lifesaving tools and technologies available today than at any other point in history, but the instance of lost, stolen or unprotected devices in healthcare settings can expose the private information of many Australians.
For 12 consecutive years, healthcare paid more for data breaches than any other industry. This is a result of the sheer volume of devices and endpoints in healthcare environments which present more opportunities for hackers to steal patient data, which can be up to 40 times more valuable on the black market than credit card data (one simple reason is that credit cards can be cancelled, whereas patient records cannot). As such, only 11% of patients trust organisations with their data.
Medical devices – including mobile and stationary printers that are used for patient wristband and medication dispensing – are acutely vulnerable to security breaches. This is because 53% of connected/IoT medical devices have a known critical vulnerability, with the top device being IV pumps (73% have a vulnerability, which can impact patient safety or data security).
Medical devices can also feature poor password protection – and although devices might be upgraded overtime, the same weak passwords continue to be used. This is shown by the fact that 21% of connected devices in healthcare organisations are secured by weak or default credentials.
To meet the device security challenge many healthcare organisations are taking a two-phased approach to tackling these threats. The first phase is education via security awareness training. Such as identifying potentially harmful emails and safe surfing behaviours while following compliance procedures.
According to research, 73% of organisations provide data security training to all staff handling patient data. The second phase in addressing device security concerns is through resource allocation. 73% of IT healthcare professionals said their organisation increased its annual technology spend since 2020.
Today, healthcare organisations must adopt a business-critical mobility solution that integrates all healthcare digital platforms and devices to ensure that the entire system is running reliably and secure.
With the ability to be managed remotely, advanced mobility solutions can lockdown missing or compromised devices and can create user personas with different levels of security access. This means that the same device can be used by different employees, on different shifts, giving them access to the specific level of information they need for their role, without creating any unnecessary security risks.
One healthcare organisation in Australia that is committed to protecting patient data and securing its mobile device ecosystem is the Royal Women’s Hospital that works with SOTI to manage its fleet of mobile devices.
“The Royal Women’s Hospital utilises clinical devices to support critical patient-care tasks while collecting and updating patient data for the purposes of ongoing care. The SOTI solution is vital in reducing operational expenses and securing our data. SOTI’s advanced remote control, application management and secure Kiosk Mode are just a few of the key features we use,” said Neil Cook, Network Team Lead, The Royal Women's Hospital.
Security measures every organisation should have in place
To prevent or minimise most mobile security threats, all organisations (including healthcare providers) must take steps to protect each area of the mobile device ecosystem. Firstly, CIOs should ensure that they have a corporate mobility policy in place, such as who has access to what technologies, if workers can add apps to devices and how sensitive data should be handled.
Once CIOs have a corporate mobility policy in place, they should deploy an Enterprise Mobility Management (EMM) solution. An EMM solution controls device security, manages software and content allocation and fixes device problems remotely. For instance, a secure EMM browser can block untrusted sites and minimise man-in-the-middle (MitM) and phishing/social engineering attacks.
EMM solutions allow managers to enforce complex passwords, encryption and separation of personal and work data to prevent data leakage of sensitive or confidential content within corporate apps.
In addition to these processes, CIOs need to ensure they are enforcing multi-factor authentication for device enrolment, certificate-based authentication for access to corporate Wi-Fi and are mandating VPNs to prevent hackers from gaining access to corporate resources. Manufacturers should also use real-time location services (RTLS), such as geofences and location tracking, to minimise the impact and improve the chances of recovery of lost or stolen devices.
Experience the benefits of a mobility solution without the security risks
Because of their scale, and non-stationary operations across a range of industries, unsecured IoT endpoints and mobile devices are an attractive target for cyber criminals. Whether it's intentional or accidental, data loss can be damaging to a business’s brand and its balance sheet. However, by considering security risks and deploying an advanced EMM solution which follows best practice device security, organisations can experience the significant operational benefits of a mobility solution while also minimising any security risks.