Implement A Secure & Practical Work from Home Strategy For Day Hospital Staff
As day hospitals extend commitments to the flexibility of working from home, management needs to put in place a strategy that enables their remote staff to efficiently implement their workflows without compromising the security of the hospital’s sensitive data.
Below are practice steps for day hospitals to consider when allowing their staff to work from home.
Step 1: Have Your Policies In Place
The first step in any effective Work From Home (WFH) strategy is to outline your organisation’s expectations and requirements in terms of remote access by drafting suitable and clear policies.
The policies generally include a Bring Your Own Device (BYOD) policy which stipulates the minimum requirements needed for a staff member to use their own device.
At REND Tech, we also recommend that day hospitals implement a Remote Access policy (RA). This policy covers what we see as important remote access aspects such as only logging in via a secure network. Ensuring that the staff use Multi-Factor Authentication.
You can also consider using other policies that may be relevant to your hospital.
Step 2: Empower Your Staff By Being Cyber Vigilant
The second step we recommend is conducting high-level training for your team on the basics of Cyber Security. This training can be implemented via a webinar and also, incorporated as part of your hospital’s staff onboarding process.
Most high-level cybersecurity training covers the following areas:
- The hospital’s expectations in terms of data privacy and accessing sensitive information
- Basics of identifying if an email is real or not. If in doubt, don’t open the email attachment or click on the links
- Basics of what a breach is and what ransomware is
- The basics of ensuring the staff’s personal devices are compliant (protected by anti-virus, the hard drive is encrypted)
- Explaining the tools the hospital will use for secure remote access
Step 3: Enforce Your Hospital’s Remote Access IT Compliance Policy
The Remote Access (RA) compliance policy represents the rules which your staff must adhere to when remotely accessing the hospital’s digital resources. Those rules should be enforced and could include:
- All devices used for remote access cannot be shared with or used by anyone else except the hospital’s staff member
- All devices must have a screen saver enabled, hard drive encrypted, an active antivirus product, and an up to date operating system
- All personal devices must be checked and approved by the IT team before being used to remotely access the hospital’s infrastructure
- The staff cannot log into the hospital’s IT system from public or free Wi-Fi services
- The staff cannot download any hospital documents on their personal computers
The above can be a starting point to designing and enforcing your hospital’s RA policy.
Step 4: Limit What Can Be Accessed Remotely
This is one of the most critical steps to take, limit what is available for the staff to access remotely. Speak to your IT team and your operational staff about what should be available for the staff who are working from home and what should only be accessible from within the hospital.
A high number of breaches occur when the business enables remote users to access all of the business resources without any type of security or strategy. Limiting what is accessible adds an additional layer of protection to your hospital and the patient data.
Step 5: Implement Identity Management Tools
Identity Management Tools are products or technologies that help you identify who accessed what, when, where from and which device they used. Identity Management (IM) enables healthcare organisations to demonstrate the ability of having a deeper capability of auditing, limiting and controlling user access.
Some tools such as OS33 Workplace, Cloud for Health offer greater capability of Identity Management however, you can also use VPN with Multifactor Authentication (MFA) or other remote access solutions with MFA and user logs.
Identity Management is critical in ensuring that your hospital has a level of control and visibility on ensuring only authorised staff can access the IT infrastructure remotely.
If your hospital is looking to enhance it’s current cyber security & data privacy posture then please feel free to reach us via the contact form below.