With a diverse cyber threat landscape that includes constantly evolving malware, it can be tough to figure out the best approach to securing sensitive information. However, the U.S. Veterans Affairs Department may be onto something with its security plan. According to a recent Government Health IT article, the organization has nearly eliminated electronic data breaches.The article cited comments from VA CIO Roger Baker, who said encryption has played a major role in the high level of data security. The department now requires all laptops to be encrypted, and that isn’t the only security measure it has in place. According to Baker, the organization uses application control and monitoring software, which allows IT security staff to see every piece of software running on desktop computers, laptops and servers across the entire department. Additionally, Baker established an IT team dedicated to analyzing both breaches and “near misses” in order to quickly close vulnerabilities.
“We look at near misses, and that’s why we have focused so much on encrypting those laptops” said Baker, who was quoted in the article. “We know that [when] traveling things are going to happen to them, and there is no way to make an absolute assertion that nothing has happened to the information unless they are encrypted.”
Protecting individual devices as well as the network may become more important as the popularity of electronic health records (EHR) grows. EHRs allow doctors to quickly share essential patient information. However, that data needs to be protected from malicious users, and the EHR trend is growing rapidly. According to a recent InformationWeek article, 74 percent of doctors reported using EHRs in a 2012 Medscape survey. The survey also found that healthcare professionals prefer simple EHR software over the complex solutions that many organizations purchase.
What security practices do you follow? Have you used data encryption to protect important information?