The healthcare sector runs into a lot of phishing attacks. Every week, healthcare organizations report a number of phishing attacks resulting in protected health information (PHI) exposure or theft. In most cases, the attacks are preventable by adhering to fundamental cybersecurity guidelines.
Cyberattacks are now more complex, though most of the attacks aren’t. They entail using the default and common passwords in brute force attacks or general phishing emails.
Brute force attacks could be prevented by implementing policies to use strong passwords. Users must not be allowed to create passwords using dictionary words or often used weak passwords like 12345678. Re-using passwords is likewise a common cause of breached accounts. According to Microsoft, 73% of users repeat the use of passwords for work and private accounts. In case a personal account is breached, the password may be utilized to access the user’s work account.
A lot of phishing emails bypass anti-spam defenses. A current report from Avanan infers that up to 25% of phishing emails are not stopped by Exchange Online Protection (EOP) – the default anti-phishing control for Microsoft Office 365. It is thus important for further controls to be applied to stop a data breach caused by the phishing messages.
All employees ought to be provided with routine security awareness training and must be instructed on how to recognize phishing emails. Legacy authentication must be blocked as well. Other security protections include the anti-malware solutions, spam filters, and web filters, but Microsoft said that multi-factor authentication is one alternative that blocks 99.9% of cyberattacks.
Multi-factor authentication refers to the use of not only one method of confirming user identity. Besides a password or passphrase that only the account holder is aware of, more factors are necessary as the use of a token or biometric verification. When an attempt is made to sign into an account from an anonymous device or place, the second verification factor is needed. That can be a text message delivered to the user’s cellular phone.
Although MFA is a good way of stopping unauthorized account access and stopping data breaches, a lot of healthcare organizations only enforce MFA when they have encountered a breach.
Microsoft clarifies in a blog posting that its cloud services get over 300 million fake sign-in attempts every day and the amount of attacks is rising. Even when the security of a username and password is compromised, multi-factor authentication will keep this information from being utilized to access an account.
Microsoft’s studies state that the compromise of an account is more than 99.9 percent less likely if you use MFA.
A lot of organizations are hesitant to use MFA because they think it is complex and will negatively impact workflows. But that is not actually the case. To minimize disruption, organizations can use MFA on the most crucial accounts or follow a role-based solution. MFA could then be expanded from there.
MFA is not perfect, but it is a very important measure to implement to stop cyberattacks and keep phishing emails and poor password choices from leading to a pricey data breach.