Information Security
Institution Affiliation
Date
Cybersecurity Policies
Any business has the responsibility to implement and maintain excellent cybersecurity policies and procedures to ensure the safety of information and sensitive data. Companies are faced with the risk of losing data to malicious attacks due to the advancement of technology. Cybercriminals possess the skills to manipulate and access any computer system as long there are visible vulnerabilities presented. Cyber attackers can access business information using the internet to penetrate the computer systems or physically accessing the computer on a business premise (Nieles et al., 2017). Organization cybersecurity leaders should be able to create scalable strategies, processes, and standards that enhance the cybersecurity policies that address the use of computers within a particular organization. Policies are essential as they standardize employees’ activities, ensuring computers are used for the purpose intended.
As a cybersecurity leader in a small dental facility, I am responsible for laying down security policies to ensure the organization’s data is secure and ensure the employees’ activities do not risk the data’s security. The dental facility consists of four employees, including the dentist, two dental hygienists, and an administrative officer. There are three desktop computers; one is used to collect credit card payments, collect insurance payments, and schedule appointments with the patients. The other two computers are used to take X-rays and to record patients’ health details. The facility uses the tab32 software system to manage operations. Without a proper security policy, the patient’s information can be lost or accessed by unauthorized users hence violating the ethical requirements of maintaining the patient’s confidentiality. Furthermore, a security compromise can lead to the loss of the organization’s financial data making it difficult for the company to track its financial records.
Secure use of the Dental Practice Management Software
It is the responsibility of every individual in the facility to ensure the dental practice management software is secure from all forms of risk. There is a set of policies that will control the accessibility to the software to avoid unauthorized personnel from gaining access. The employee will be required to create accounts that will be identifiable with usernames. For any employee to log in to the software system, they will be required to enter a common password. Access will be denied if the password and the username entered will not match the requirements. One must not share systems’ passwords with third parties to ensure malicious activities are not performed on the system (de la Torre, 2018). If the software is to be accessed from home, only devices approved by the organization should be used; therefore, the organization’s policy rules out accessing the software system from public computers. Printing patient data should only be carried out using the organization’s printing devices to avoid duplication of sensitive information in external devices. Each employee should ensure they log off from the system to ensure the patients’ data is secure.
Secure Use of Microsoft 365 for Email
Each employee should create an account for Microsoft 365 with a unique user name and strong password to secure its accessibility. The password should consist of a combination of numbers, letters, and symbols to ensure malicious individuals do not easily break it. Accessing emails using Microsoft 365 should only be done using devices authorized by the organization and cybersecurity personnel. Accessing from home should be avoided unless the organization manager gives directives. Each employee should avoid responding to any anonymous source emails and report to the cybersecurity personnel in real-time they detect it to put preventative measures. Every organization’s stakeholders should avoid opening email attachments and internet links from unknown sources. Most attackers infect computers with viruses and bugs using email attachments that target vulnerable computer users. Emails are usually the primary mode of transmitting sensitive information within an organization; therefore, employees are prohibited from forwarding emails to third parties and sharing patients data with external recipients. One should only share patients’ information via organizations’ email addresses.
Personal devices, including mobile phones, computers, and other devices, are easily compromised and infected with viruses. Hackers can also easily break into them; therefore, the organization’s policy restrains the accessibility of tab32 and Microsoft 365 from personal devices. Also, personal computers and mobiles are easily accessible by third parties such as family members and friends. Company data stored in these devices can be easily accessed and tampered with by the people mentioned above; this points out why the management should not keep company data in personal cloud-applications (Mylrea et al., 2017). Cybercriminals, especially hackers, highly threaten cloud computing. Information stored in these locations can be easily lost in case of a cybersecurity incidence.
Effectively Using Company Computers
The organization’s cybersecurity policy restricts employees from using company computers for personal use search as random web surfing. Employees might be tempted to surf into insecure websites that might risk the company’s data in case of spamming or viruses. The employees are urged to use the company’s computers for activities related to the organization. The use of the organization’s computers for illegal, dangerous, or inappropriate activities could lead to severe consequences, including legal actions. Any stakeholder should not use the companies computers for any malicious activity. The organization’s cybersecurity expert should only accept software updates for the devices after a specified period. Hackers can use software to update pop-ups to target uninformed users (Nieles et al., 2017). Every stakeholder must not disable the devices’ antivirus or any other security controls. Employees should not use external USBs on the organization’s computers since they might transfer computer viruses.
Maintaining Office Security
Maintaining office security is crucial in avoiding the accessibility of the organization’s resources and sensitive data. There are standard policies that the staff should follow to enhance office security. The personnel should lock all the office doors and windows after working hours are completed. Only one employee should be trusted with the keys and is restricted from sharing them with outsiders. Visitors who are not on official duty should be disallowed from accessing the premises. The front door should always be attended to to prevent unauthorized visitors from entering the facility. Employees should desist from discussing patient information in public since the information could get into the wrong hands causing irreversible consequences (Mylrea et al., 2017). The information passed to the public might be used to defame or stigmatize a patient
Conclusion
Every employee should attend periodic security training to enhance their knowledge in matters of information security and cybersecurity. Protected Health Information entails the privacy rule that protects patients’ personal health information (Nieles et al., 2017). One can only share patients’ data if all personal identifiers are stripped from the information. Employees are mandated to report any concerns that patient privacy or PHI security is violated. Employees should also report any issues detected on computers, emails, and the organization’s dental practice management software. The security policies outlined are essential for ensuring the best preventative and mitigation measures are in place in case of any unfavorable incidence. They help maintain an excellent organizational culture within the dental practice to ensure all operations are secure.
References
de la Torre, L. (2018). A guide to the California consumer privacy act of 2018. Available at SSRN 3275571.
Mylrea, M., Gourisetti, S. N. G., & Nicholls, A. (2017). An introduction to buildings cybersecurity framework. In 2017 IEEE symposium series on computational intelligence (SSCI) (pp. 1-7). IEEE.
Nieles, M., Dempsey, K., & Pillitteri, V. Y. (2017). An introduction to information security. NIST special publication, 800, 12.