Color & Control:

Safeguarding your data

By Jim Anderson

With warmer temperatures approaching, spring cleaning is top-of-mind for businesses looking to get a fresh start this year.

While many businesses are gearing up for the year ahead, focusing on cleaning and disposing of your organization’s online data and physical documents should be included as part of your end-of-year activities.

According to the HIPAA Journal, over 2.5 million health care records were compromised in October alone. With human error reported as the most common cause of a data breach, businesses should re-evaluate their current data security practices to identify areas of improvement to protect their information and mitigate the risk of experiencing a data breach.

It is no secret organizations everywhere—especially those in the health care industry—have undergone tremendous strain this past year. The COVID-19 pandemic has introduced a slew of new data security risks, including an increase in scamming and fraud. There were startling reports in Canada about ways the pandemic was being used to scam unsuspecting and worried victims, using heightened global anxieties to target organizations and individuals in their most vulnerable moments. Unfortunately, data security measures have not kept pace with these rapidly evolving fraud tactics.

In fact, recent research indicates many Canadian organizations are not prioritizing client and company data protection the way they should. Despite most consumers considering data security a top priority when choosing who to work with, almost half (48 per cent) of organization leaders believe data breaches are overstated. This disconnect could be a contributing factor to why health care data breaches are cited as the costliest to resolve as the average cost of a health care data breach is USD 7.13 million globally (approx. CAD 9.1 million).

Should you be concerned?

These numbers are especially problematic for the health care sector. As an industry that deals with sensitive and personal client information on a regular basis, health and social care workers must make patient information security a priority. Proper measures to enforce data security training and best practices are essential due to the serious consequences a breach can cause, especially for those occurring as a result of employee error.

Health care leaders need to shoulder more of this responsibility. Given the potential consequences, it is astonishing that up to 34 per cent of health care organizations still do not train employees on how to identify common tactics like phishing, ransomware or other malicious software. Their methods of protecting physical data are not much better as 29 per cent do not have a known or understood policy for storing and disposing of confidential information on end-of-life electronic devices (like laptops and USB drives). These are serious security gaps that organizations need to address before it is too late.

In addition, the increase in employees working from home has brought on additional risks for both individuals and organizations. Even the majority of organization leaders agree that the risk of a data breach is higher when their employees work off-site. While remote work has risen steadily over the past decade, working from home became the new reality for most employees in 2020,
blurring the line between work and personal property and making individuals inadvertently more susceptible to data fraud.

Time to take action

A big part of why many organizations and individuals struggle to manage their data security is because they do not know where to start. In fairness, with an ever-evolving series of threats, it can be overwhelming to understand what measures need to be put in place to properly protect yourself or your company.

Step 1: Make it a priority

The first step in preventing fraud is to make information security a priority. It is better to be proactive than reactive when it comes to a data breach, and it does not have to be an immense undertaking.

Step 2: Set an example

Be the leader in your company, with your colleagues, your friends, and your family by incorporating data security best practices into your daily behaviours and staying alert for anything suspicious. By adjusting your security habits and making them routine, it becomes a natural part of your day-today and greatly reduces your risk of a breach occurring, even in stressful circumstances.

Step 3: Protection 101

In order to protect your personal data, make sure to implement data security best practices daily, such as encrypting files, never leaving your device unattended, and only using secure networks and applications.

Step 4: Clean up

When it comes to data or documents with sensitive information, ensure they are completely disposed of and irretrievable when no longer needed, preferably with a professional shredding service (you can even use a drop-off service for small batches). Only share personal information with companies and people you know and trust and do not be afraid to ask them how your information will be protected. You have a right to know!

Step 5: Be vigilant

For health care leaders, it is now more important than ever to be vigilant and take precautions. Organizations should be embracing risk planning, implementing employee training, and ensuring compliance from staff and letting clients and customers know about this. By being transparent, you can develop better trust which is crucial should a data breach occur.

Simply good business

Not investing the proper time and resources toward better policies, practices, and habits for safely storing and disposing of confidential information can put your organization, and yourself, at risk. Begin prioritizing data protection and implementing information security practices in your day-today to protect yourself and your company’s bottom line.

Jim Anderson is Vice President of Product Management & Innovation at Stericycle, provider of Shred-it information security solutions.

Related Articles

Recent Articles

Complimentary Issue

If you would like to receive a free digital copy of this magazine enter your email.