Healthcare organizations are increasingly under attack from cybercriminals, who seek all opportunities to breach networks and systems in hopes of obtaining valuable information about patients, employees, and internal policies and procedures. Many of these organizations have turned to Wombat Security for help in addressing a critical area of vulnerability: end-user risk.
Our healthcare customers have applied our methodology with success, seeing up to an 86% reduction in phishing click rates in just a few months. Customers in many industries have seen measurable improvements in a variety of metrics, including fewer successful phishing attacks and malware infections from the wild; less employee downtime; more effective use of IT resources; and better identification (and reporting) of suspicious messages. Join them and make our unique, four-step Assess, Educate, Reinforce, Measure methodology the foundation of your security awareness training program.
We suggest using our Protected Health Info Predefined CyberStrength® assessment to kick off your cybersecurity education efforts. This exercise will not only give you a baseline measurement of your staff’s knowledge about a critical topic — safeguarding protected health information (PHI) — it will allow you to immediately begin to address areas of vulnerability. Using our unique and effective Auto-Enrollment feature, you can automatically assign follow-up education about PHI and the HIPAA mandate to any staff member who does not exhibit a desired level of familiarity with these principles. This stop-gap training measure is an excellent opportunity to jump-start risk reduction.
Our ThreatSim® phishing simulations should be used in concert with CyberStrength assessments. With our portfolio of customizable templates, you can evaluate users on multiple threat vectors — malicious attachments, embedded links, and requests for personal data — and track results at the campaign level and user level. Healthcare-specific templates allow you to test staff members’ reactions to messages that are targeted to your industry.
Staff members who fall for a simulated attack are automatically presented with a Teachable Moment, which is a customizable “just-in-time teaching” message that alerts users about the mock attack, explains the dangers associated with real phishing emails, and gives practical advice and tips they can use to avoid future traps.
As with CyberStrength, Auto-Enrollment makes it easy to initiate follow-up education. Any user who falls for a ThreatSim email can be automatically assigned an interactive training module of your choice.
Our interactive training modules will give your staff members a broader understanding of the different kinds of threats that are common in today’s workplace (and beyond). More importantly, they will learn best practices and how to apply them. Our modules are, on average, just 10 to 15 minutes in length, and the content is available on demand. This flexibility is ideal for markets like healthcare, where varied shifts and job functions make more structured training schedules a challenge (and a source of frustration).
To effectively implement the Wombat Healthcare Security Awareness and Training Program, we suggest licensing the following four modules at minimum. This mix of game-based and scenario-based interactive training — all of which allow for customizable content at the beginning and end of each module — will help to address some of the most pressing cybersecurity issues we are seeing in the healthcare space today:
- Protected Health Information – Explains PHI identifiers; mandates and components of PHI compliance; and best practices for using, disclosing, transmitting, and storing PHI. (Note: We worked with our healthcare customers to ensure this training meets the needs of healthcare organizations.)
- Email Security – Teaches users how to spot and avoid the traps commonly found in phishing emails and spear phishing attacks.
- Data Protection and Destruction – Highlights the importance of protecting data throughout its lifecycle.
- Physical Security – Introduces the key components of physical security and teaches staff members about their role in maintaining a safe and secure work environment.
To get the most out of your education plan, we recommend adding at least three of the following six modules to the initial set of four: Mobile Device Security, Password Security, Payment Card Information Data Security Standard (PCI DSS), Security Essentials, Social Engineering, and URL Training. The topics covered in these modules will further expand your staff’s understanding of key cybersecurity principles.
Because cybercriminals continue to become more sophisticated, it’s critical to keep reinforcing best practices to improve retention. We recommend healthcare organizations use our PhishAlarm® email reporting tool and our portfolio of Security Awareness Materials to make the most of their awareness and training efforts.
Our PhishAlarm email client add-in enables your employees to report a suspected phishing email with a single mouse click. Users who report a suspicious message are immediately rewarded with a "thank you" pop-up message or an email that encourages this behavior in the future. You can also add PhishAlarm Analyzer to triage reported messages and streamline response and remediation.
Our Security Awareness Materials are visible reminders of best practices learned. We offer a wide selection of posters, images, articles, and giveaways that complement our assessment and training products to deliver consistent, clear messaging and keep cyber security top-of-mind year round.
By continuing to emphasize best practices and encourage good behaviors, organizations can reduce their vulnerability to attack.
Measure and Analyze Results
Measurement is a key component of all our security awareness and training products because we feel tracking and analysis provide value on many levels, including identification of ROI.
We offer a range of detailed reports that give you broad and granular insights into the results of your assessments and training. Analysis tools help you determine which mock attack to send next and the areas in which your users are likely to benefit from additional education.
To learn more about the Healthcare Security Awareness Training Program, including our suggested program plan, which maps out a recommended schedule for assessments and training assignments, request a demo.