Senior living cybersecurity is of growing importance in the industry. There are outside attacks; breaches due to poorly formulated policy; and data loss due to equipment failure, negligence, or insider threats. These and a wide variety of other factors have contributed to a new landscape of concern. As a result, cybersecurity is at the heart of a senior living facility’s success. Unfortunately, senior housing is woefully unprepared to address these cybersecurity threats. A strong security apparatus will require each employee to play a role. No longer just a function IT, cybersecurity is an important component of each employee’s job. What role do you play?
The Front Lines
People are the front lines when it comes to cybersecurity – not just the enterprise IT team. In one recent survey, 40 percent of executives said they don’t feel responsible for the repercussions of hackings. The truth is that anyone in an organization who turns on a computer, opens an email, or uses his or her mobile phone for work is part of the chain of cybersecurity. Many successful cyber attacks begin with a click on an innocent-seeming Web page or with the downloading of an apparently harmless attachment. When we talk about the “people” piece of cyber, the front-line employee is a critical consideration.
Business Process Owners
Between the IT people who build and operate the systems and the front-liners who use them, there are the business process owners. Without their engagement and full participation, cyber doesn’t work. It isn’t enough for the finance team to entrust encryption to the IT shop or for the operations manager to shrug off user authentications as being merely a problem for IT. In order to safeguard their own lines, business managers across the board must be fully engaged in the cyber endeavor. The clinical director doesn’t need to know how to configure a firewall, but he or she does need to understand something about the range of risks and the tools of remediation.
Moreover, each of these business-line leaders needs to have an open and engaged relationship with the cyber protectors, whether this is an in-house team or an outside consultancy. An indifferent business leader is vulnerable when it comes to cyber. Because the threats are both complex and pervasive, managers who expect their processes to be secure need to take an active interest in security.
Just as each business process owner needs to have a personal stake in cyber, each property manager needs to be personally engaged. Engrossed as they may be in daily operations, it is easy for the property managers to suppose that cyber is being handled “back at corporate” and thus that the safeguarding of their networks belongs entirely to the IT shop. It is up to senior management to ensure this kind of mindset does not take hold. This may come down to a matter of engagement. Property managers should sit in on the regular security calls and should be on the distribution list for cyber updates and alerts. If new systems are implemented at the property level, if new devices are coming onto the network, property managers should know that they bear a part of the responsibility to ensure the security of these systems. Overall, the “people” part of cyber largely comes down to relationships. Success isn’t a matter of who is in charge, but rather a question of if and to what degree the players are personally invested in the effort. Anyone responsible for a business line needs to engage in cyber as one element in fulfilling that responsibility.
Of course, there is ultimately one person whose name will rise to the top in terms of the cyber hierarchy: That is the CIO, IT director, lead consultant—whoever is heading up the technological nuts and bolts of network defense. Within this role, the technical leader will oversee the entire security apparatus. This leader will work with the rest of the team to develop a security roadmap as part of a greater IT plan that will address the processes and technology necessary to secure a senior living facility. Furthermore, the technical leader will work to keep executives aware of new threats and train staff on protecting the organization. While the entire team plays a large role in creating a secure environment, the success of the effort rests firm on the technical leader’s shoulders.
Are you prepared to play a role in protecting your senior living facility?