Just by having an app on your device, (a cybercriminal) can determine your call history, take your contact list info, if they choose to.”
That’s how vulnerable smartphones, tablets and their mobile ilk actually are, Jim Routh said, and it’s not just the devices that chief information security officers like him have to worry about.
Making things even more complicated is the fact that some 1,800 cloud services exist today — in healthcare alone. What’s more, social networks are the most popular use for mobile devices, and cloud providers are better at collecting data than protecting it.
“You’re forced to consider different options and models based on new and emerging technology,” Routh, who is Aetna’s CISO, said during the HIMSS Media and Healthcare IT News Privacy and Security Forum in Boston, Sept. 8-9.
Perhaps nowhere more so than in crafting Bring-Your-Own-Device and social media policies.
Fits and starts Two years ago Kaiser Permanente did not allow employees to bring their own devices to work.
“I got in trouble with our communications folks for saying that we have to look at BYOD because that’s the trend,” said Jason Zellmer, executive director of technology risk management at Kaiser.
Leap forward to today and things have changed, but only a bit.
“We are in pilot mode,” Zellmer explained. “The policy is still ‘no,' but it is something we’re piloting.”
Kaiser approached a BYOD policy methodically and practicably by trying to understand three things: What people want to use their own devices for, what risks are associated with doing so, and what exactly to permit employees to do with such hardware and applications.
Whereas Providence Health and Services does allow for BYOD, Chief Information Security Officer Michael Boyd described the Seattle-based health system's experience as being similar to Kaiser’s.
“We set the bar five years ago at applying security controls that were easy,” Boyd said. If the device and data can’t be encrypted, for instance, employees simply can't bring it.
That’s the kind of rule that Robert Thibadeau would likely call “a good policy.”
Governing for obedience As the chief scientist at enterprise security software vendor Wave Systems, Thibadeau said one of the most difficult problems in establishing BYOD policies is that IT will inevitably set parameters that employees disagree with, and in turn, those same users don’t exactly understand that IT shops are basically in the middle of finding their way through this.
“No jailbreaking — that’s a good policy. People will obey the good rules,” Thibadeau said. “You can’t govern without the consent of the governed.”
Other policies can be much trickier to enforce. Take the rule that employees can't send a text message with protected health information, for example.
It makes sense on paper, but Tom Walsh, president of his eponymous consulting company, described the real-life scenario in which a doctor tells a nurse to send lab results “not through e-mail, not a phone call,” but via text.
“One size doesn’t fit all,” Walsh said. “There is some risk; no business runs risk-free. We know that.”
John Halamka, MDSMAC Beth Israel Deaconness Medical Center's CIO and acting CISO John Halamka, MD, said BYOD guidelines should also relate to social media policies, and others for hardware peripherals, such as USB drives.
At the very least “every endpoint, whatever it is, must be controlled and encrypted,” Halamka said. “There’s a lot to be said for bumping up policies.”
Routh thinks in terms of SMAC: social, mobile, analytics and cloud.
Those four are intertwined because social networks comprise the most popular apps on mobile devices, the amount of user behavior data is exponentially greater there than anywhere else, and that ultimately drives companies to analyze it.
As is the case with broader information security, Routh said understanding risk profiles of apps and devices, as well as the ways that employees use them, is essential to understanding which services to support.
“I’m promoting the use of social networks but recommending the ones with the least risk,” Routh said. “I get to enforce the right behavior.”
Which is exactly what providers such as Kaiser and Providence are aiming to accomplish when precisely etching out rules and guidelines that enable employees to be more productive while also protecting the organization and patient data.
“Obviously,” Walsh said, “it all starts with policy.”
MarketWatch Why boomers' bosses are betting on 'employee wellness' MarketWatch As a result, the $6 billion corporate-wellness market is booming, with programs to help employees eat less, exercise more, and generally do a better job of managing...
Employer wellness programs have proliferated in recent years as bosses look for new ways to manage health-care costs. But employers are treading carefully when it comes to toughened wellness programs, lawyers and benefits executives say.
Walking may never become as trendy as CrossFit, as sexy as mud runs or as ego-boosting as Ironman races, but for fitness experts who stress daily movement over workouts and an active lifestyle over weekends of warrior games, walking is a superstar.
PsychCentral.com Fostering Health & Wellness in the Introverted Child: Part 1 PsychCentral.com Heather takes interest in topics related to parenting, children, families, personal development, health and wellness, mental health, happiness, and life...
Why do I have to sign up for a wellness program? Dallas Morning News Employers and insurers are promoting wellness benefits in hopes of improving employees' health and eventually reducing medical expenses.
Apple, Google Are Jumping Into Health Care. Is Amazon Next? Forbes Apple's iPhone 6 is just weeks from release and will kick off Apple's new health care strategy. Google's working on its own plan to chase the health care market too.
Sharing your scoops to your social media accounts is a must to distribute your curated content. Not only will it drive traffic and leads through your content, but it will help show your expertise with your followers.
How to integrate my topics' content to my website?
Integrating your curated content to your website or blog will allow you to increase your website visitors’ engagement, boost SEO and acquire new visitors. By redirecting your social media traffic to your website, Scoop.it will also help you generate more qualified traffic and leads from your curation work.
Distributing your curated content through a newsletter is a great way to nurture and engage your email subscribers will developing your traffic and visibility.
Creating engaging newsletters with your curated content is really easy.