Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Career Intelligence
    • Cyber Tactics
    • Cybersecurity Education & Training
    • Leadership & Management
    • Security Talk
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Interactive Spotlight
    • Photo Galleries
    • Podcasts
    • Polls
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity Enterprise ServicesSecurity Leadership and ManagementLogical SecuritySecurity & Business ResilienceSecurity Education & TrainingCybersecurity News

Cybercrime on the rise: Plotting a way forward

How cybersecurity professionals can push back against bad actors taking advantage of increased remote work and pandemic-related changes.

By Dan L. Dodson
February 5, 2021

The numbers tell the story—and it’s one we all wish we could put back on the shelf. Cybercriminals are using COVID-19 to their advantage, causing an 8% rise in reported healthcare-related breaches compared to the same period in 2019. Almost 75% of those breaches involved providers, making them the most compromised segment. The largest increase of reported breaches were business associates, with a 46% increase.

There are some unpleasant plot twists as well. Various government agencies, including the National Security Agency and the FBI, report that Russian- and Chinese-backed hackers have successfully attacked healthcare firms this year. A ransomware attack by Netwalker (rumored to have Russian ties) locked down servers at a California-based school of medicine in June; a similar breach occurred at one of the largest managed healthcare companies in April.

The worldwide shortage of cybersecurity professionals might be considered an interesting subplot. Industry analysts predict there will be 3.5 million vacant cybersecurity positions by 2021.

 

Focus on the end-user

Regardless of location or organization size, healthcare IT security executives face the same situation: attacks are up, personnel is down, and the need to innovate and integrate is a constant pull against the need to secure patient data.

The way forward is focusing on the right areas and getting additional help where it’s most needed.

Numbers can help here, too. Almost half (47%) of reported breaches so far in 2020 included email attacks. That’s up from 42% in 2019, a trend expected to continue. The fact is, most organizations need more robust end-user training and awareness. Here’s some food for thought:

  1. Human error causes 90% of data breaches.
  2. Regardless of whether they’re working from home, from a coffee shop, or inside hospital walls, every employee should have the basic knowledge necessary to spot and avoid cybersecurity threats.
  3. Employees need device guidelines about downloading apps and programs while being aware that their IT department may monitor their devices (including mobiles) for dangerous activity.
  4. Provide guidelines on updating antivirus and anti-malware programs on devices used for work, and explain that those programs won’t be as effective without the updates.
  5. Train employees to be wary of file attachments from unknown senders or senders outside the organization. Notify all employees of any common phishing scams circulating in your industry.
  6. Instruct employees not to download files from unknown sites and make sure they know how to identify secure URLs, update their browser, and avoid third-party browser plugins.
  7. Ensure employees know who to contact and what actions to take if they think their device is compromised, regardless of location.

Finally, keep in mind that full awareness and guideline adherence may require a culture shift in your organization—and that means getting buy-in from top executives.

Implement best practices for remote work

It was an all-hands-on-deck effort to get as many employees working from home as possible in the spring. Now it’s time to ensure all best practices are in place, keeping in mind that some workers are returning to the office, but many will continue to work remotely through 2020 and beyond.

  1. Phishing and spear-phishing are top methods for cybercriminals, and remote work relies heavily on email. Prioritize strong email encryption and train employees to spot phishing scams.
  2. Implement a secure remote access solution for employees and train them on network security best practices, such as setting up strong passwords.
  3. Perform an access review to ensure all personnel have the minimum access necessary to do their jobs. Removing excessive permissions or stale and stagnant accounts reduces the threat surface area of your organization.
  4. Maintain network access control such that when employees work from home, they maintain the same level of access as they would if in the office.
  5. Set up multi-factor authentication to avoid dependence on passwords and reduce the chance of password guessing.
  6. Use encrypted data for all IT-related communication, especially when employees are working remotely.
  7. Consider partnering with a Managed Security Services Provider (MSSP) if your IT and cybersecurity teams are stretched to the point where they cannot be effective.

Be vigilant about monitoring both internal and external

Monitoring is the best way to spot cyber threats before they access your network. If proper monitoring is in place, spend time assessing and reducing third-party vendor risk, paying particular attention to software for connected medical devices. Don’t forget to evaluate software implemented during the pandemic that slipped through your regular third-party risk-governance program.


Vulnerability threat management and penetration testing also should be mainstays of your cybersecurity program. That means scanning, testing, and patching your network consistently while partnering with experts when necessary to ensure those activities take place.

Finally, realize that the American workplace will look different than it did before the pandemic. The modern workplace will likely remain partially remote long term, so a robust remote cybersecurity program is now a critical element of your cybersecurity program, which may require a larger IT staff or assistance from a managed IT provider.

 

KEYWORDS: cyber security remote work risk management

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Dan L. Dodson is CEO of Fortified Health Security. He is the author of the “2021 Horizon Report” on the state of cybersecurity in healthcare. Through Dan’s leadership, Fortified Health Security partners with healthcare organizations to effectively develop the best path forward for their security program based on their unique needs and challenges.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Cyber tech background

    Security’s Top Cybersecurity Leaders 2026

    Security magazine’s Top Cybersecurity Leaders 2026 award...
    Security Leadership and Management
  • Iintegration and use of emerging tools

    Future Proof Your Security Career with AI Skills

    AI’s evolution demands security leaders master...
    Career Intelligence
    By: Jerry J. Brennan and Joanne R. Pollock
  • The 2025 Security Benchmark Report

    The 2025 Security Benchmark Report

    The 2025 Security Benchmark Report surveys enterprise...
    The Security Benchmark Report
    By: Rachelle Blair-Frasier
Manage My Account
  • Security Newsletter
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Popular Stories

Hand reaching up out of the ocean

What I Learned About Burnout the Hard Way (and How to Actually Fix it)

Broken wet floor sign

Why Response Time Is Becoming the Missing Metric in Workplace Safety and Security

Paparazzi

When Private Events Become Public Infrastructure: What Celebrity OSINT Teaches Security Leaders

Cyber Tactics

AIBOMs: Bringing AI Security Out of the Shadows, A Practical Guide for Security Professionals

Medical professional

Nearly 85% of Nurses Experienced Workplace Violence in the Last Year

Kaseware sponsored webinar
Schneider Electric sponsored webinar

Events

August 25, 2026

Critical Infrastructure Security Is National Security: Protecting Essential Operations in an Era of Escalating Risk

LIVE: August 25, 2026 at 2 PM EDT Learn why critical infrastructure security has become a national security imperative, and the strategies organizations can adopt to improve visibility, collaboration, and response across their security operations.

August 27, 2026

Leveraging AI & Mobility to Advance Your Security Domain

LIVE: August 27, 2026 at 2 PM EDT Explore how AI-driven cloud security solutions can elevate your security domain enhancing threat detection, streamlining operations, and delivering the resilience modern organizations demand.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products


Alertmedia sponsored webinar

Related Articles

  • Study: Business Fraud, Cybercrime On the Rise; C-Suite Unprepared

    See More
  • NCS4 virtual event for sports and professional event security

    National Sports Safety & Security Conference will focus on "The Way Forward"

    See More
  • Creating the GSOC: 4 Leading Examples of Successful Security Operations Centers

    The way forward with Risk Operations Centers

    See More

Related Products

See More Products
  • Physical Security and Safety: A Field Guide for the Practitioner

  • High-Rise Security and Fire Life Safety, 3rd edition

  • physical security.webp

    Physical Security Assessment Handbook An Insider’s Guide to Securing a Business

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • Newsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2026. All Rights Reserved BNP Media, Inc. and BNP Media II, LLC.

Design, CMS, Hosting & Web Development :: ePublishing