As Hospitals and Medical Facilities extend wireless access, it is essential to develop a robust BYOD defense plan. The public nature of hospitals and the large traffic of visitors, professionals and staff increases the risk of exposing data, violating patient privacy, and malicious attacks. The recent attacks at Target and Neiman Marcus expose the sophisticated attacks that could make any organization vulnerable.
An effective BYOD defense strategy will implement multiple lines of protection. [1]
1. Secure Devices – It is important to consider how you will secure devices within the organization. With the continuos number of people moving through the organization, the potential for theft is real. Some devices may be physically secured. There are a variety of devices that can be used to tether smartphones and tablets wirelessly, setting off an alarm as soon as the device is removed from a certain area or separated from a person.
2. Require Auto-Lock with Password Protect – This is such a simple requirement and yet so few executives or employees add an auto-lock password. This is like a first line of BYOD defense. If a laptop or tablet is stolen, auto-lock with password protect can ward off most breaches, plus it can give the organization time to wipe the phone.
3. Establish Data Protection Protocols – Review your current data protection protocols like the firewall, backup process and other data protection protocols. Make sure the organization is in compliance and up-to-date with the most effective protection procedures.
4. Provide Tiered Access to Network – It is becoming more and more common to offered tiered access to the network based on users (guests, employees with different responsibilities, physicians). A robust MDM (mobile device management) system can help you establish governance-driven tiers and track usage, threats, etc.
5. Perform Regular Audits – You should conduct regular audits and log reviews (monthly or quarterly) to get a sense of current and potential points of risk.
6. Rehearse Mistakes – As with all defense planning, it is important to rehearse potential problem areas on a regular basis, so you can think through steps for response. Basically this involves a process of applying common disaster recovery planning to your BYOD defense.
Vigilance is essential for organizations that provide wifi access in public areas. These steps can help you to begin moving toward a more robust BYOD defense. For infrastructure support and data security consultation, contact Integracon at 865-330-2323 or chat via Integracon.com.
[1] I adapted these tips from an article by Rob Humphrey. “‘Bring Your Own Device’ a Mixed Bag for Health Care.” HealthData Management, February 2012.
