A global thought leader, Dr. Hasib has led technology and cybersecurity strategy for almost 30 years in healthcare, education, biotechnology, and energy. He served for 12 years as a Chief Information Officer and has a Doctorate of Science in Cybersecurity. Redbooth is proud to announce that he will be the featured speaker at the upcoming webinar The Role of Collaboration in Healthcare Cybersecurity.
What is cybersecurity? In March of 2014, after discovering a lack of consensus among cybersecurity professionals as well as members of the public on what cybersecurity is, I offered the following definition of cybersecurity:
Cybersecurity is the strategic (mission focused and risk optimized) management of systems and information which maximizes confidentiality, integrity, and availability using a balanced mix of technology, policy, and people, while perennially improving over time.
The inclusion of “people” in that definition is crucial, as people are an essential element in cybersecurity.
I believe that people are central to any cybersecurity strategy. The importance of people to cybersecurity was formally recognized as early as 2001 by researchers in the field (Maconachy, Schou, Ragsdale, and Welch, 2001).
Starting at the top levels of any organization, people must collaboratively focus on the mission of the organization, choose a balanced risk management strategy (which includes both negative and positive risks) and develop a governance and decision-making framework for the organization.
In addition, since cybersecurity requires continuous improvement over time, an environment to foster innovation is essential. These foundational elements make people the most important aspect of this cybersecurity model, not technology.
NIST Publication 800-66 provides cybersecurity guidance for the healthcare sector. However, over the course of my research I found that simply following everything in this document will not make an organization secure.
Like many other security-related documents, this document ignores people management and is not grounded on any academic cybersecurity model. I addressed this gap in my doctoral research and in subsequent research, and I’ve discussed people management as an integral aspect of cybersecurity.
However, people management must be carried out in a positive way by creating a culture of cybersecurity — and not in a negative way by controlling every action of our people. Culture governs the behavior of people, and a people-focused strategy is cheaper than a technology focused strategy. In addition, such a strategy becomes stronger over time.
Improved Healthcare and Reduced Costs
Information technology is the life blood of any healthcare organization today. With the implementation of electronic health records, health insurance exchanges, and health information exchanges, healthcare without information technology is unimaginable. Therefore, implementation of an innovative cybersecurity culture has become essential for healthcare organizations.
We cannot go backwards because proper use of information technology is the only way to improve healthcare. We must improve diagnoses through complete information, reduce errors to save lives, and of course make incredible reductions in the cost of healthcare. We must also use technology to increase the access to healthcare.
That said, simply investing in more technology is not the answer. Investment in technology only pays off when it is used effectively. Training people in the use of technology increases security and improves productivity and innovation.
People who are doing a particular job every day are most likely to notice flaws in the process and most likely to develop innovative ways of improving the process. This includes the security aspects of the process. In addition, they must be able to train new members as well as help each other improve. An information assurance culture will facilitate this. This must be encouraged.
Collaboration Is Critical in the Development and Sustenance of Culture
Collaboration is essential for the development of a cybersecurity culture. Lack of collaboration and engagement is one of the main causes for lost productivity and innovation in organizations. As social beings, people innovate best through inspiration and as a result of positive stimulus.
This is why a team of ordinary people can achieve extraordinary results. Positive team and collaboration environments are therefore crucially important for organizational success.
Too much control will stifle productivity and innovation and will create a chasm between the IT department and the people. This is what creates an IT department of “No” and the organizational mission will suffer.
On the other hand, empowering people and teaching them effective use of technology increases their productivity and innovation. This is the happy byproduct of an effective cybersecurity strategy. The best way to improve cybersecurity over time is through micro-innovations by people closest to the data and systems – people who use it every day.
Such a strategy is important because the days of controlling everything is over. We live in an environment today when the concept of a workplace is disappearing – many people today do not “go to work.” They can work from wherever they are.
Globalization of companies has required the development of teaming and collaboration environments that are global in nature. We frequently hear stories of people collaboratively working on projects even though they are in multiple countries. Technology is changing the very nature of the human social experience.
In addition, democratization of technology has given everyone access to powerful technology (both hardware and software) at their fingertips. Powerful cloud-based productivity tools are available to companies and organizations. People need these technologies in both their personal and work lives. Let us engage and empower our people through collaboration and enjoy the amazing results that will follow!
Reserve your space for the webinar The Role of Collaboration in Healthcare Cybersecurity on September 3, 2015, 2PM ET/11AM PT.