Cyber Threat to Home & Community-Based Organizations
Updated: Dec 18, 2021
Review of Risk Management Strategies of Group Home Organizations
The continuous forceful machinations of cybercriminals to steal and manipulate vulnerable individuals’ information in technology platforms to their dubious advantage has become more sophisticated, rampant and damaging in recent years.
“Cybersecurity is the body of technologies, processes, and practices designed to protect networks, computers, programs, and data from attack, damage, or unauthorized access” (Cdc.gov, 2016). The threat of cybercrimes to the system structures of group home organizations (GHO) as well as the information and safety of individuals supported increases daily because of the inevitable use of technology to manage their operations as well as data and privacy protection. In effect, establishing more vigorous cybersecurity constructions to protect GHOs’ systems and ensure the confidentiality, availability, integrity and privacy of individuals’ data has become a constant necessity.
Cyber Risk Management Strategies of Group Home Organizations.
GHOs are human service entities that support individuals with diverse disabilities live independent lives on their choice to maintain their self-esteem and respect as members of their communities. Though GHOs are not a typical health institution, they depend heavily on information technology to manage support (including health and safety) and data of the served population and therefore, equally falls vulnerable to cyber-attack. My career in the field for over eight years offers me deep insight to analyze identified risk management strategies in protecting individuals’ information record and offer recommendations for improvement.
Many GHOs use access and content modification controls respectively as two risk management strategies to prevent and minimize attack against the data security of individuals supported. Regarding access control, authorized users of electronic information record systems (EIRS) have username and password credentials to enter agency systems. Passwords are required to meet some strict standard criteria and changed every three months to enhance their strength against easy illegal copying by criminals. Besides, access to certain critical information within the agencies’ intranet such as bio data and billing are strictly restricted to authorized employees. Also, most employees have no access to some drives in information system with even work on computers outside the work environment without virtual private network (VPN) structure authorized by system administrators. Employees are encouraged to log off anytime they leave agency computers, or the computers automatically log off after 30 minutes of inactivity.
The second known cyber risk mitigation strategy is content modification control over the information systems. Employees have very limited access to delete any information that is submitted into the system. Any information identified as error following submission into the system requires team leaders to notify authorized system administrators who review the information before they delete them. Again, many websites are empowered with automated response tools that restrict employees from visiting certain other websites or downloading some online contents suspected or detected to be potential malicious paths for illegitimate access to cyber criminals. Again, system administrators routinely repair all hardware failures and maintain backups while all systems and computers stay on around the clock to maintain automatic system updates for their resilience against attacks.
In addition to the robust system defense structures, Considerable number of GHOs have mandatory annual online cybersecurity training for all staff to take to stay abreast with cyber threat issues like phishing to prevent potential attacks. System administrators also use dashboard alerts and reminders to caution employees about suspicious external emails.
Strength and Opportunities of GHOs Cyber Risk Management Strategies
GHO’s risk management strategies against cyber threats are robust considering the resilient defense they have provided to protect data privacy and quality support for the individuals supported. First, the restricted access constitutes “a set of rules and procedures to limit unauthorized access to sensitive information” (Cloudian.com, n.d.) to ensure data confidentiality. The control process also supports protecting individuals’ data integrity by preventing their modification to ensure their accuracy, consistency, and reliability. Thus, the industry agencies’ cyber security teams take steps to ensure the integrity of data at rest and in transit against attacks to maintain stakeholder confidence in reports and reputation. Also, system control mechanisms, routine repair of hardware failures and backups boost continuous data availability “to guarantee reliable access to data” (Cloudian.com, n.d.) as needed. The continual training of employees and security teams also sustains their alertness and readiness to identify vulnerabilities across the organization’s cyber environment to avoid data breach and misuse.
Risk Management Weaknesses and Threats
In spite of the strength and opportunities that GHOs’ cyber risk management strategies offer, there are inherent weaknesses that create vulnerabilities to threaten the overall security of data privacy and safety of individuals supported and employees as well. First, employees are able to access some agencies’ intranet and individuals’ information from private computers without a secondary authentication structure like sending access code to employees’ personal emails or phone for further verification. Indeed, employees are able to download information from the EIRS on their private computers which can result in individuals’’ data privacy and safety breaches.
The second vulnerability is the cybersecurity training done online by employees themselves without in-person instructors to demonstrate the meaning of cybersecurity technicalities. Information and cybersecurity technologies are highly technical fields that require subject-matter expert coaching and explanation for new learners to grasp the meaning and applicability of the numerous terminologies. Because security risks to data privacy and patient safety are quickly and constantly evolving, industry leaders should not “focus resources on [only] the crucial system components and protect against the biggest known threats, which necessitates leaving some less important system components undefended and some less dangerous risks unprotected. Such an approach is insufficient in the current environment” (Cdc.gov, 2016). Besides, some GHOs have not included cyber-attack response strategy in their emergency response preparedness plans for employees to know and understand what to do in the event of any surprise attack.
Considering the identified weaknesses and vulnerabilities in GHOs’ EIRS, the following recommendations will be helpful to improve the system structure to be stronger against cyber threats, First, systems must be updated with automatic tools that require at least two authentication mechanisms to verify the identity of authorized users who may have to log into their EIRS accounts from private computers. The information security team should also explore the possibility of strengthening the system with the capacity tool to scan and detect potential threats on private computers that employees may use to access the EIRS. A study by Verizon indicates that “phishing emails are opened by 31% of users, while 12% of total users actually end up clicking the link…[and] the average open/click rate of emails across all industries is 24% and 3%, respectively” (Cucu, 2017). This high propensity of employee vulnerability calls for firmer access controls on external agency device access.
Moreover, systems must be restricted to prevent employees from downloading sensitive information from the agency’s EIRS to protect the data of the individuals supported. In addition, management should discontinue online employees' cybersecurity training and rather commit resources to provide instructor-led training. This will help secure their understanding of cybersecurity necessity as well as identify the cyberattack tools like phishing utilized by criminals to illegally access sensitive data in information systems.
In conclusion, studies show that phishing attack costs $1.6millionagainst big organizations with 10,000 employees” (Cucu, 2017). In view of the effective weaponization of diverse ways like the crypto by ransomware criminals to demand huge monies in exchange for stolen data release, GHOs cannot compromise on closing the loopholes and weaknesses in their EIRS with two or more authentication tools, prevention of private computer access in downloading agency system content and providing proper instructor-led employee training as preventive strategies against cyberattack to protect and secure the privacy and safety of individuals supported.
Cdc.gov (2016). Healthcare Organization and Hospital Discussion Guide For Cybersecurity. Retrieved on November 20, 2021, from https://www.cdc.gov/cpr/readiness/healthcare/documents/healthcare-organization-and-hospital-cyber-discussion-guide.pdf
Cucu, P. (2017) How 4 Types of Cyber Threats Break Your Online Security [INFOGRAPHIC]. Retrieved on November 21, 2021, from https://heimdalsecurity.com/blog/cyber-security-threats-types/ Data
Cloudian.com (n.d.). Availability: Ensuring the Continued Functioning of Business Operations. Retrieved on November 21, 2021, from https://cloudian.com/guides/data-protection/data-availability/#:~:text=Data%20access%20is%20closely%20tied%20to%20data%20availability%2C,security%20strategy%20and%20comply%20with%20data%20protection%20regulations.
Hashtag your posts
Love to #hashtag? Good news!
You can add tags (#vacation #dream #summer) throughout your posts to reach more people. Why hashtag? People can use your hashtags to search through content on your blog and find the content that matters to them. So go ahead and #hashtag away!