3 tips to avoid BYOD breaches
March 19, 2014 in Medical Technology
Without question, BYOD, or “bring your own device,” offers benefits to both healthcare employees and employers. It also presents security issues.
The benefits of BYOD are luring. To name a few, users are familiar and comfortable with their own devices, which increases productivity. No training is required. And employees provide the latest devices, saving hospitals the expense.
Yet, despite these benefits, security issues keep many hospitals from allowing BYOD, and with valid reasons. BYOD raises numerous red flags on the security and HIPAA compliance fronts and the bottom line is: No matter who owns the device, hospitals are responsible for any data breaches that occur.
[See also: ‘Ethical hacker’ calls BYOD a nightmare.]
Devices brought into the hospital are least likely to have standard security controls such as encryption, and they are at higher risk for viruses from personal apps, social media, web browsing and e-mail, say CDW consultants in a new white paper. Such devices also lack enterprise manageability for inventory and patching, making it difficult to track their location and keep security controls updated.
So, how can you make the most of BYOD without ending up with another penalized — and publicized — breach incident?
CDW offers three pieces of advice:
1. Use a mobile device management solution. Numerous options are available, with many specifically geared to the needs of healthcare organizations. With MDM, IT administrators can:
- Control devices attached to their networks from a centralized location, no matter the operating system used, the type of device or the ownership status.
- Reduce support costs, protect data and manage HIPAA compliance with advanced capabilities to secure devices, enforce passcodes, provide encryption, and remotely lock and wipe devices that are lost or stolen.
- Monitor and control applications installed, access to content and transfer of information between mobile devices.
- Configure and monitor devices, including asset tracking and reporting, and geo-location.
2. Deploy defense-in-depth security. MDM is only one component of a multi-layered security and management strategy. Other elements include: